happen , without many checks to make sure that everyone is playing by the rules . Once I got to UC San Diego , we discovered a bunch of unsolicited network traffic arriving here on campus and found that it was caused by side effects of denial-of-service attacks all over the internet — we had accidentally stumbled on a way to measure global denial-of-service attacks . Looking at everything through the perspective of a potential adversary highlights a range of issues that don ’ t appear when you ’ re just focused on building systems to solve some problem .
What is different about the way you , your colleagues and students approach cybersecurity problems ? One area that I think we ’ ve helped develop is trying to place the technical components of cybersecurity within a broader economic and policy framework . Yes , it ’ s bad that an attacker can gain access to a website by manipulating some particular bits in a network packet . But more interesting is why they are doing it , how hard is it for them , how do they make money , how efficient is their business ? These are the questions that let you determine what kind of defense or intervention is going to be effective in stopping them .
What do you see as some of the biggest security threats facing consumers in the next five years ? I think the biggest challenge we face is that with the deconstruction of media platforms , we have lost the editorial controls that implicitly served as gatekeepers on abuse . The cost structures of current communications platforms ( social media , advertising , streaming video , etc .) allow our adversaries to manipulate what we know about the world and do so in a way that is very hard to identify , let alone defend against .
After this , I think there are obvious concerns about the systemic risks posed by introducing computing and communications into virtually every aspect of our daily lives . Today , we are being pervasively monitored and hand over our health and safety to systems that are designed to operate correctly , but if compromised , could cause significant harm .
What are some of the projects that you plan to tackle in the future ? We ’ re looking at a range of issues including empirical measures of cyber risk ( i . e ., what kinds of defenses or behaviors actually lower the chances that our
machines will be compromised and by how much ), exploring how various human factors play a role in people using ( and using correctly ) appropriate security measures . We also are doing some work on aviation security and ongoing efforts looking at the intersection of computer security and law enforcement that we think will yield some exciting results .
Looking forward , how much do you think cybersecurity will become a part of everyone ’ s life in the next five-10 years ? I think cybersecurity risks are going to stay with us for the foreseeable future . This in and of itself isn ’ t so problematic — there are lots of risks in life that we have learned to plan around and manage . However , we are not well suited to tolerating risks that are unknown or changing quickly , and that is precisely the challenge that cybersecurity is presenting us . Over the next decade , we will need to find a way to feel comfortable that cybersecurity is a manageable risk as opposed to a problem of unknown scope and impact .
Learn more about Savage ' s work , including the hacking vulnerabilities of vehicles , at tritonmag . com / savage
TRITONMAG . COM 17