Demystifying the Cybersecurity Problem. Lecture 04
Vložit
- čas přidán 8. 12. 2023
- Demystifying the Cybersecurity Problem. Lecture 04
In our last video, we talked and defined what
we meant by cybersecurity. In this video, we want to
demystify the entire landscape. Specifically, we want
to talk about some of the challenges that
face individuals, or organizations,
and policymakers. Many of us are used
to these types of headlines that we find
on a regular basis. Things like, 77,000
cyber attacks or 7 billion records compromised in the first three quarters of 2017. These are all really scary
headlines for us to realize. We have to sometimes wonder, why do we even get out of bed? Why do we even bother? If things are so bad, and we feel that we're
about ready to suffer from a cataclysmic fire
of cyber attacks, why do we even bother? In order to get a handle
on this situation, we need to demystify
what we actually mean by a cybersecurity threat and the cybersecurity consequences
that come with it. What do we actually need
to be concerned about? This is a fundamental question. Is a fundamental question
for us as individuals, for corporate executives,
as well as policymakers. This is one of the central
questions we want to address in this
particular course. Well, a lot of it
really does depend on the position in which you stand. If you're an individual,
there's series of different questions
you may want to ask. What local, state, federal law should be written to protect me? How did cyber attacks
impact my privacy? What type of activity
does it actually cover? Well, those are fundamentally
different questions than if you're a corporation
or an organization. They may ask about, what types of liability do
they specifically have to protect in the event that your data is compromised
in their network? Can businesses
actually hack back? If they're compromised by
a particular threat actor, by a hacker, are they entitled to actually
hack back the hacker? That's a good question.
Should businesses be compelled to turn over source code of
products that they want to introduce into
a new foreign market? In some countries
around the world, if you want to do business, you actually have to turn
over your source code. Is that something that
you want to actually do? If you're a nation state, there are all sorts
of other types of questions you're going
to have to answer. Is one cyber attack from
another country against yours and act of war or is
it a matter of espionage? How you answer that question will affect the
response you have. There might be other
questions like, is there a difference in
the types of attacks? Are some attacks more
severe than others; are some more exploitive
versus disruptive? How do you know? How do you categorize?
How do you measure? These are fundamental questions
that need to be asked. Should common agreements
between nations be used to create what we call norms of behavior or normal behavior, and how should you enforce them? How should countries cooperate or not to assist in
criminal investigations? How do I manage threats to my own critical infrastructure? You'll notice that depending on whether you're talking
about an individual, or an organization,
or a nation state, there are different questions. This is fundamental,
because oftentimes when we talk about cybersecurity
in the popular culture, we tend to only focus around a handful of
specific questions. If you don't disentangle
your position on the issue, you're going to ask
different questions or you may miss other
questions entirely. It's important that we start
to define where we sit. From a policymaker's
point of view, the goal of the policymaker
is to take advantage of beneficial aspects of technology while minimizing security risks. What we talk about here, is that a policymaker
who wants to make sure that they're adopting all the technology and all the
wonderful benefits that it affords has to make sure that while they adopt that
particular set of technology, that they're minimizing
the risks that opposes to broader society. There's a whole set
of technologies that are being introduced
in our cities, in our critical infrastructure, things like our power systems, our water systems, surface
transport systems. The reason we're introducing all that technology is to
make it more efficient. We all like being able to hail
a ride from our Uber app. We all like make sure that we understand how much power we're
using on a regular basis. All of these things
require technology. But how do policymakers know that if they're putting in that.. - Zábava