Print this page

Cybersecurity Wishes 2015: Dr. Barbara Endicott-Popovsky

Dear Santa, My wish this Christmas is for increased research funding for interdisciplinary cybersecurity research -- most goes to technical innovation and that's important; however, humans are still the weakest link in any cybersecurity system.

Although we continue to redesign physical IT systems to make them more secure, we still haven't yet redesigned human beings! We need to study their behavior around security and understand why they continually click on links they shouldn't, disable security for ease of use, forget to upgrade software and hardware, ignore awareness training precautions or surf the Internet "unprotected!"

Einstein said the definition of insanity is continually applying solutions that don't work! In my view, that is what we've been doing in cybersecurity research. Technology improvements keep us in an arms race with the bad guys - as systems become more complex, we can never expect to design one that is 100% secure! We need to step out of the vicious cycle and consider cybersecurity solutions for the larger system that includes the people. I know it's a hard problem, but we shouldn't shy away from innovation and solutions in this space.

Over the last dozen years, I've taught 10s of 1000s of students through my online classes. One student stands out among them. He came from a small third world country, but asked a major league question: "Why do you people in the West continue to focus on technical issues when the attackers (and I'd like to know how he gets his information -- being of a skeptical mind!) always look for the human being they can exploit?" Good question and to the point -- I agree.

As an academic, I'm committed, through my research and educational programs, to do my part in the battle to keep cyberspace safe and secure. Santa, please help me help the cause by delivering more cybersecurity funding for cybersecurity research in collaboration with the soft sciences. Can you see what you can do?

Dr. Barbara Endicott-Popovsky
Executive Director, Center of Information Assurance and Cybersecurity
University of Washington