Wednesday, December 12, 2018

Computer Security is the Wild West

Vertigo film poster
PHOTO: Wikipedia (Theatrical
poster for the film Vertigo)
Greetings from the Australian National University in Canberra, where I am attending a reading group on cyber security. One of the attendees from "a government agency" asked a senior academic why some of the research at international conferences is so poor: the answer was "Computer Security is the Wild West".

It has been an interesting morning. I attended a seminar  on "Vertigo: Fake news/real theory" by the ANU College of Law. Appropriately for the government established university, there was discussion of  David Foster Wallace's unfinished novel The Pale King. This relates the horrors of being a tax inspector. There was also discussion of the difficulties of countering fake news.

The ANU cyber reading group primarily reviews papers on fuzzing.  With this random data is presented to a program to test its security. Millions of random variations can be input to see if the program does something it is not supposed to. This technique is now in routine use to the point where one of our resident experts commented we had reached "peak fuzzing".

It occurs to me the same technique might be used to text how the political system copes with fake news. This would be done by generating social media posts which are in grammatically correct language but containing random words. The program would then look to see which posts were liked, passed on and positively rated. My worry is that there are perhaps for-profit, and state based actors already doing this to attract clicks, and spread confusion. 


Also, I suggest looking at the ethics and legal issues with detecting bugs. What systems should you test, and when you find a vulnerability what can (and should) you do with that information? With a quick search I found a recent paper on the Pentagon's Vulnerability Reward Program (Chatfield & Reddick, 2017).

Reference


Chatfield, A. T., & Reddick, C. G. (2017, June). Cybersecurity Innovation in Government: A Case Study of US Pentagon's Vulnerability Reward Program. In Proceedings of the 18th Annual International Conference on Digital Government Research (pp. 64-73). ACM. URL https://doi.org/10.1145/3085228.3085233


Reference

Chatfield, A. T., & Reddick, C. G. (2017, June). Cybersecurity Innovation in Government: A Case Study of US Pentagon's Vulnerability Reward Program. In Proceedings of the 18th Annual International Conference on Digital Government Research (pp. 64-73). ACM. URL https://doi.org/10.1145/3085228.3085233