This course takes a look at the future of cybersecurity with respect to what is being done to lessen the potential for catastrophic destruction resulting from cyber attack on critical infrastructure. In this respect, we take a short survey of potential technological solutions and response options. We conclude this module by taking a look at unique aspects of the cyber profession and personal considerations for those who want to make cybersecurity a career.
L33 Conundrum
Loading...
來自 University of Colorado System 的課程
Homeland Security and Cybersecurity Future
33 個評分
從本節課中
Module 13: Assessing Risk & Future Options
There is no cure for cyber attack and there is no absolute security. Accordingly, all cybersecurity entails risk management. In this module we will take a closer look at risk management and begin looking at alternatives to the cybersecurity problem.
與講師見面
Richard WhiteAssistant Research Professor
Computer Science
Welcome lesson 33.
In the previous lesson, we asserted that there are at least four general options
for dealing with the cybersecurity problem.
You can ignore it, go around it, go over it, or go through it.
In that lesson, we ruled out options 1 and 2 and
said that current approaches may be likened to option 4.
This leaves us with option 3, go over.
Option 3 implies that we find an alternative solution that essentially
renders cybersecurity unnecessary.
What is needed is a revolutionary technological advance.
It's happened before.
The microchip was a revolutionary advance in computer evolution.
Before it's development, computers where constrained in capacity by the problem of
wiring together the increasing number of components.
The microchip over came this challenge by combining the fabrication of components
and wires into a single step leading to the incredible shrinking computer.
Despite its increasing power though,
the computer remains inherently vulnerable to cyberattack.
In lesson nine,
we attributed this problem to the fact that computers are basically stupid.
They are stupid because unlike humans, computers are incapable of making value
judgments regarding their actions, and will perform as directed regardless of
the outcome, even if the consequences are catastrophic.
A computer's blind adherence to instructions is related to
the three basic functions of its central processing unit.
1, fetch the next instruction,
2, execute the instruction, and 3, store the results.
This is the von Neumann architecture, so named for
John von Neumann, the famous polymath who first penned
the concept in his first draft report on the EDVAC in 1945.
To be fair, the concept had occurred to J Presper Eckert and John Mauchly while they
were building the ENIAC, the worlds first electronic digital computer.
Von Neumann drafted his report while observing construction of the ENIAC at
the University of Pennsylvania.
Be that as it may, von Neumann's report became the blueprint for
99% of today's computers.
And it's this simple formula that has created the devilish problem
of cybersecurity.
So the obvious answer is lets find a new architecture.
Perhaps the next biggest advance in computer architecture
is quantum computing.
Needless to say, it is completely different.
Computation in von Neumann machines is predicated
on the choreographed opening and closing of billions of microscopic circuits.
Computation in quantum computers is predicated on the quantum
fluctuations of only a few atomic particles packaged into qubits.
Ten years ago, the prospect of building a quantum computer seemed improbable.
Today, quantum computers are not only probable, they are commercially available.
The state of the art for quantum computers today
is comparable to the state of conventional computers in the 1940s.
It's still about getting the design and hardware right.
At any rate, do quantum computers hold the key to solving the cybersecurity problem?
Can they lead to computers that can't be hacked?
The answer is unlikely.
To date, there's nothing in their design that will inherently enforce
confidentiality, integrity, and availability.
Yes, I am aware of current work on quantum networks
that will make it easier to detect interception.
But consider that this may alternately be used as a means to prevent availability.
Also consider that quantum computers will make it easier to break cipher codes.
And even if they don't, quantum computers still can't overcome the insider attack.
So long as humans require access to a computer, conventional or otherwise,
there will always be opportunity for malicious action.
As of the moment, quantum computers offer no solution to the cybersecurity problem.
Is there something we can do then to make computers smarter, so
they won't blindly inflict catastrophe?
One answer might be artificial intelligence.
That is, incorporate a controlling intelligence, so
computers know not to commit actions that would result in catastrophe.
As humans, our bodies will process anything we ingest,
but we know not to eat poison.
While AI has made great advances,particularly in the realm
of human speech recognition, it still has a long way to go.
The essential problem is that human intelligence is predicated on what we call
common sense.
The problem with common sense is that it's anything but common.
Put another way, human intelligence has a great capacity for resolving ambiguity.
A classic example is a boy saw a bike in the store and wanted it.
The question is what is it?
Is it the bike or the store?
As humans, we assume it is the bike.
But that reasoning rests on hundreds of subtle understandings and assumptions that
have yet to be successfully grasped by artificial intelligence.
And even if these obstacles can be overcome,
do we want a computer that can countermand a human order based on its own reasoning?
There was an interesting experiment by the Department
of Defense where they trained a computer neural network to identify hidden tanks.
The program performed brilliantly in the lab, but failed utterly in the field.
The reason for the failure?
As it turned out, all the pictures used to train the AI program
were taken of tanks on a sunny day.
The AI program had learned to associate tanks with sunny days, but
was incapable of recognizing tanks on a cloudy day.
The point is we may be able to teach a computer, but
we won't necessarily know what it learned.
That may be acceptable for playing on Jeopardy, but not necessarily for
controlling the electric grid.
Given the current state of technological development,
there does not appear to be any technological solution on the current
horizon that will eliminate the cybersecurity problem.
Let us review the main points from this lesson.
Again, there are always four options to any problem.
Ignore it, go around it, go over, or go through it.
2, option three seeks a solution that will render cybersecurity unnecessary.
3, the cybersecurity problem is related to the Von Neumann
architecture that is the blueprint for 99% of today's computers.
4, quantum computers are based on a completely different architecture,
but do not offer any inherent advantages in confidentiality,
integrity, and availability.
5, so long as human access is required,
computers will be susceptible to insider attack.
6, the present state of artificial intelligence does not offer any solutions
for adding judgment to prevent computers from taking catastrophic actions.
And finally at 7, at present, there are no technological solutions on
the horizon that will eliminate the cybersecurity problem.
Please join me next time as we look into dealing with the inevitability of
a cyberattack, thank you.
