Some of you may know Gary McGraw, Chief Technology Officer of Cigital, Inc, a software security consultancy, and author of eight books on that subject. To some geeks — I guess I’m one of them — Gary is quite literally a familiar voice because he has been running Silver Bullet, a podcast series with security gurus, for more than six years. The show is outstanding, and includes half-hour-long conversations with figures that will be well-known to our readership such as Richard Clarke or Ralph Langner, who helped uncover Stuxnet. Gary also wrote a chapter in a much-noted CNAS volume, America’s Cyber Future. Or rather co-wrote, with Nathaniel Fick, who just last week left CNAS to become head of the still somewhat mysterious cyber security company, Endgame Systems Inc. McGraw will speak on Cyber War and Cyber Peace at KCL tomorrow:
Washington has become transfixed by cyber security and with good reason. Cyber threats cost Americans billions of dollars each year and put U.S. troops at risk. Yet, too much of the discussion about cyber security is ill informed, and even sophisticated policymakers struggle to sort hype from reality. As a result, Washington focuses on many of the wrong things. Offense overshadows defense. National security concerns dominate the discussion even though most costs of insecurity are borne by civilians. Meanwhile, effective but technical measures like security engineering and building secure software are overlooked. In my view, cyber security policy must focus on solving the software security problem – fixing the broken stuff. We must refocus our energy on addressing the glass house problem instead of on building faster, more accurate stones to throw.
I will moderate. The gig is tomorrow at 1800 in the Pyramid Room (K4U.04) 4th floor Strand Campus. Would you RSVP to Helen Bhandari at firstname.lastname@example.org?