Elliot's Twitter Feed

Subscribe to the RSS Feed:
Search
Compounding the Categories
13f aaron clauset after-tax return alan greenspan alchemy of finance alexander hamilton algo algorithmic trading allan mecham all-time highs alpha alvaro guzman de lazaro mateos amazon amsc anarchy antifragile antti ilmanen apple aqr capital architecture art of stock picking asset quality review asthma atlantic city austerity barry bonds baseball behavioral economics ben bernanke best buy bill maher biotech bitcoin black swan bobby orr bridgewater bruce bueno de mesquita bruce richards bubble buttonwood CAPE capital gains capitalism caravan cash cerberus cfa charles de vaulx charlie munger checklist checklist chicago booth china chord cutting cinecitta claude shannon Clayton Christensen clean energy commodities complex adaptive system compound interest constitution content cord cutting correlation cpi craft beer credit suisse cree cris moore crisis cybersecurity Dan Geer daniel kahneman darwin david doran david laibson david mccullough david wright debt ceiling defense department deficit deleveraging disruptive innovation diversification diversity dixie chicken don johnson economic machine economist edward thorp efficiency efficient market hypothesis elke weber eni enterprise eric sanderson eric schmidt euro european union eurozone Evgeni Malkin evolution facebook fat finger federalist 15 federalist papers ferdinand de lesseps flash crash flashboys forecasting fortune's formula fragility fred wilson gambling gene sequencing general electric genomics geoeye george soros global reserve currency gold gold standard google goose island gore-tex government budget grantham greece gregory berns grid parity guy spier hamiltonian path problem hans harvard business school henry blodgett henry kaufman hft hockey horizon kinetics housing howard marks hudson hudson river hussman iarpa ichiro iex imax implied growth incyte indexation indexing innovation innovator's dilemma internet investment commentary ipad ipo islanders italy j craig venter james gleick jets jim grant jim thome jjohn maynard keynes jk rowling jochen wermuth Joe Peta joel greenblatt john doyle john gilbert john malone john maynard keynes john rundle jonah lehrer juan enriquez justin fox kelly criterion kevin douglas kodak larry david legg mason lehman brothers linkedin liquidity little feat logical fallacies long term capital management louis ck malaria Manhattan manual of ideas marc andreesen marc lasry mark mahaney media mental model Michael Mauboussin millennials minsky mnst moat money mr. market multi-discipline murray stahl myth of the rational market nasdaq: aapl NASDAQ: GOOG nassim taleb natural gas net neutrality netflix new york NGA nicholas barberis Novus oaktree optimality optimization overfitting panama canal pat lafontaine performance personal philip tetlock Pittsburgh Penguins pixar preamble price earnings ratio price to book priceline profit margins prospect theory psychology punditry radioshack random walk ray dalio rebalancing reflexivity regeneron registered investment advisor reproduction value RGA Investment Advisors RGAIA risk risk aversion rob park robert shiller robotics robust ROE s&p 500 samsung santa fe institute satellite scarcity s-curve sectoral balance silk road silvio burlesconi solar space shuttle speculation steve bartman steve jobs stock market stock picking streaming subsidy synthetic genomics systems tax code ted talk the band the general theory the information tomas hertl Trading Bases tungsten twitter undefined van morrison vincent reinhart wall street walter isaacson warren buffet warren buffett william gorgas william poundstone woody johnson wprt yosemite valley youtube
Navigation

Entries in cybersecurity (1)

Monday
Oct132014

Dan Geer at SFI

"Optimality and Fragility on the Internet"

 

  • There are 3 professions that “beat practitioners into a state of humility—farming, weather, cyber security.”
  • Cybersecurity—there is a dual use inherent to all internet tools.
  • Offensive protection is where expensive innovation is happening today.
  • There is an outcome differential between good
  • “The most appealing ideas are not important, the most important ideas are not appealing.”
  • 10% of all internet traffic is unidentifiable by protocol, and more identification is simply not accurate.
  • Between security, convenience and freedom we can choose two, maybe, but not all three.
  • Some suggestions to help:
    • 1 Mandatory reporting—CDC has it with regard to disease appearances and they store data with skillful analysis. It would make sense to have mandatory reporting for cybersecurity problems. With real problems, hacks, require them to be reported. With attempted hacks/near misses we can build a reporting system like the FAA has for near misses. Let people report this anonymously and get voluntary entrants into the program. 
    • 2 Network neutrality—is Internet access an information or a communication service? So far we have not named it a communication service, but in reality, which is it? This has consequences for whether there will be common carrier protection or a duty to monitor. Right now, ISPs have it both ways. They should get one or the other, not both.
    • 3 Source code liability—“Security will be exactly as bad as it can be and still function.” There should be software liability regulation. “Intent or willfulness.” Build only liability for intent, not unintentional.
    • 4 Strike back—research the attacker, build cyber smartbombs to learn about them. The issue here is the shared infrastructure.
    • 5 Fall back on resilience. The code base on low-end routers today is 4-5 years old. Many networked components use old technology. Embedded systems should not be immortal.
    • 6 Vulnerability finding has been a good job for 8/9 years. We as a society should buy out (overpay) for finding vulnerabilities. This can expand the talent pool of vulnerability finding. Are “vulns” scarce or dense? “Exploitable areas are scarce enough.”
    • 7 Right to be forgotten. “We are all intelligence agents now…all our digital exhaust is identifiable.” Misrepresentation of identity online is getting harder and harder. The CIA wouldn’t have to fabricate an identity anymore, they can borrow one close to what they need. The new EU rule on this is appropriate, but doesn’t go far enough. “In public” means something very different today, than in the recent past.
    • 8 Internet voting. Most experts think it’s a bad idea.
    • 9 Abandonment. If a company abandons a code base (like Microsoft or Apple pulling support of an old OS), then it should become open source.
    • 10 Convergence. Are the physical and digital one world or 2? They are converging rapidly today. Need to ask “on whose terms will convergence occur?” The cause of risk today is dependence. We will be secure if there can be no unmitigable surprises.
  • Security breaches/viruses follow power law distribution. Target and Home Depot both fit on the curve.