WEBVTT 1 "UMBC ITE325B" (2073633792) 00:00:00.000 --> 00:00:18.629 So, welcome everyone. It is my rather distinct pleasure. Introducing staff as a part of the. 2 "UMBC ITE325B" (2073633792) 00:00:18.629 --> 00:00:37.260 Our small technical ceremony to recognize that the UMBC Center for cybersecurity henceforth shall be the UMBC Cybersecurity Institute. Rick has already changed all the webpages. 3 "UMBC ITE325B" (2073633792) 00:00:37.260 --> 00:00:57.260 Yeah reflect that and as a part of that effort, we're beginning to hire a new faculty, two of those faculty are here today, one in computer science electrical engineering, and one in public policy, dr.. 4 "UMBC ITE325B" (2073633792) 00:00:57.260 --> 00:01:22.550 This year, there will be six faculty hires across the campus, two in this college, one, then there's one more faculty hired in the quantum security area and physics. This coming year there will be six hires, two in this college, two in arts humanities and social sciences, and two in natural and mathematical sciences. I think the department involves our computer science elections. 5 "UMBC ITE325B" (2073633792) 00:01:22.550 --> 00:01:48.210 People engineering, information systems, physics, mathematics, economics, and then one more department. So, we would like to thank the state of Maryland, which has supported this transformation. There will also be, for those of you who are students here, you would be interested to know that. 6 "UMBC ITE325B" (2073633792) 00:01:48.210 --> 00:02:08.210 Soon there will be an announcement going out to the faculty members in this center, inviting applications for graduate fellows. So after twelve graduate fellows will be selected and assigned to work with faculty members as a part of the state's investment, and then some things you've already seen the cyber range that. 7 "UMBC ITE325B" (2073633792) 00:02:08.210 --> 00:02:28.760 Dr. has helped build with Jack and the OT cyber range, so we're one of the few institutions that have both an IT and an OT system working together so you can sit on the computer and crash the electric grid and so on and so forth at least in simulations. So in the lab only. 8 "UMBC ITE325B" (2073633792) 00:02:28.760 --> 00:02:57.390 Please. BGGE crashes Our companies crashing that. So as part of this ceremony, we are simply delighted and privileged to have dr. Eugene Spafford nor the staff. Many of us staff probably needs NO introduction to those of you who are in the cybersecurity community. If you are new to the community or from outside. 9 "UMBC ITE325B" (2073633792) 00:02:57.390 --> 00:03:14.490 Spaff has been doing this for nearly 40 years, runs a center, a very large center at Purdue called serious, which used to be coast. I had the privilege, and this is now dating me, I had the privilege of. 10 "UMBC ITE325B" (2073633792) 00:03:14.490 --> 00:03:33.270 Hanging out with Spaff's 1st set of students in the cybersecurity area back then I was a computer vision 1st. So Spaf has been doing this for a very long time, has made foundational contributions, and today we'll reflect on sort of the past and the future. 11 "UMBC ITE325B" (2073633792) 00:03:33.270 --> 00:03:52.650 And the interdisciplinarity of cybersecurity. So without further ado, I am delighted to be here on this occasion. I think that's a wonderful pain to be able to elevate this to an institute level. We need more. 12 "UMBC ITE325B" (2073633792) 00:03:52.650 --> 00:04:12.650 Thinking across disciplines rather than narrowly within them. And as well, I've had a long association with many people here at UNBC, one notable one, one of your alarms was one of my phd students Jeff Avery did some great work and I believe Joseyah dextra. 13 "UMBC ITE325B" (2073633792) 00:04:12.650 --> 00:04:35.960 My recent book was our recent book was was a graduate here, a lot of connections, so I'm delighted to be here and what I'm going to do is give you some personal reflections. This should not be taken as definitive prognostication of the future, but what I have seen based on trends and talking. 14 "UMBC ITE325B" (2073633792) 00:04:35.960 --> 00:04:59.159 The people across many disciplines. And to give you some perspective on this, I wrote my 1st computer program 52 years ago. So, for some of you in the room, that was before your parents were born. It maybe before your grandparents I don't think so, but it's a long time ago, and I've been working in security in some form or another for about 40 years, as was mentioned. 15 "UMBC ITE325B" (2073633792) 00:04:59.159 --> 00:05:18.119 The last 37 at Purdue. So I'm not gonna give you solutions to anything. I'm going to actually try to be a little bit provocative and I want to set the stage a bit, and, and say the theme of this is. 16 "UMBC ITE325B" (2073633792) 00:05:18.119 --> 00:05:35.339 What is the role of technology, particularly, yeah, there are NO slides. This is when I use slides, people pay more attention to how badly I produce the slides. So thank you for the clarification. 17 "UMBC ITE325B" (2073633792) 00:05:35.339 --> 00:05:52.049 It's almost as bad as my scene. So, but, but my my goal here is to get you to think a little bit about the role of computing, security and related topics in human existence in in our in our lives. 18 "UMBC ITE325B" (2073633792) 00:05:52.049 --> 00:06:08.579 And our histories. And to set some of this stage, let me note that it is believed based on some observations that dozens of species of living thing on this planet are going extinct every week. 19 "UMBC ITE325B" (2073633792) 00:06:08.579 --> 00:06:28.579 Because of human encroachment and climate change and other kinds of things, habitat loss and so on. And against that background and the fact that we have had multiple cycles of, of life on the planet, there are some interesting questions asked about our own existence and our own. 20 "UMBC ITE325B" (2073633792) 00:06:28.579 --> 00:06:45.389 Owned being that may may help illustrate or or illuminate some of these things that I'm gonna talk about. So if I want to talk about humanity, an interesting question is, what are the, what are the things that. 21 "UMBC ITE325B" (2073633792) 00:06:45.389 --> 00:07:05.389 Define us as human. And this is not something that's at a computer science term. If we leave out the theologians and we look more at psychologists, sociologists, anthropologists, philosophers, others, this is an ongoing question about what is that makes this uniquely human. And there are a few character. 22 "UMBC ITE325B" (2073633792) 00:07:05.389 --> 00:07:24.569 Characteristics that seem to be all together part of the human existence. Each one is present in some other species, but not all four together. The ability to reason with abstract concepts and translate those into the real world is one. 23 "UMBC ITE325B" (2073633792) 00:07:24.569 --> 00:07:44.549 A sense of time, passage of time, anticipation of the future rememberance of the past, is a characteristic of the human condition. Communication with each other, not only direct person to person, but methods of communication at a distance and over time. 24 "UMBC ITE325B" (2073633792) 00:07:44.549 --> 00:07:59.759 And then 4th is the ability to find and make tools to solve problems. So each one of those, and I I won't go into examples, but each one of those has actually been demonstrated in some other species. 25 "UMBC ITE325B" (2073633792) 00:07:59.759 --> 00:08:15.839 But NO other species has all four of those characteristics that we are again discovered. So the question is, now where, where do we fit with computing in these things? And if you think about that. 26 "UMBC ITE325B" (2073633792) 00:08:15.839 --> 00:08:32.249 Communication is certainly part of that over distance of time representation. Solving abstract problems is certainly one of those aspects. Programming language, actually computing itself is, is a synthetic science, it's an abstraction of real world characteristics. 27 "UMBC ITE325B" (2073633792) 00:08:32.249 --> 00:08:49.169 Tool usage while we build those things, we build programs and tools and and other kinds of artifacts that we use. And, then the sense of time is inherent in a lot of what we do, if nothing else in a very granular level talking about. 28 "UMBC ITE325B" (2073633792) 00:08:49.169 --> 00:09:09.169 How many, how many millions or trillions of instructions per 2nd can we operate on? But now if we step back and and just kind of look at this broad suite of history, communication is in the tree. Physical origins for us as a species is only about a hundred thousand years ago as far as we can tell that. 29 "UMBC ITE325B" (2073633792) 00:09:09.169 --> 00:09:27.089 Actual changes in, physiology and behavior resulted in the ability to communicate in something similar to what we have now. The ability to reason and awareness of time probably occurred about the same time. So these were evolutionary changes. 30 "UMBC ITE325B" (2073633792) 00:09:27.089 --> 00:09:44.459 According to the best evidence that we've seen from the people who study this. Civilization, as we somewhat define it is 1st recorded is about 15000 years ago. That's a really very short time scale. 31 "UMBC ITE325B" (2073633792) 00:09:44.459 --> 00:10:02.939 Lifetime of the planet than otherwise. It likely extends back further, but records and finding artifacts, we can we can definitively go back at least 15000 years. As far as communication and writing goes, 5000 years ago was about the oldest we found something. 32 "UMBC ITE325B" (2073633792) 00:10:02.939 --> 00:10:18.629 Although there are some representations, idea graphs, pictographs that places like and Turkey that maybe go back further, but we don't know. Movable type. 33 "UMBC ITE325B" (2073633792) 00:10:18.629 --> 00:10:35.129 To be able to have printed was invented in 1040 AD in China. That's not a very long time ago really in the span of things. Good Schoottenburgen in Europe was in 1450 or. 34 "UMBC ITE325B" (2073633792) 00:10:35.129 --> 00:10:52.289 The European version of the type. And despite that thousand or so years, literacy and the ability to read write in otherwise is still not universal globally. There are many places where people are not yet literate in. 35 "UMBC ITE325B" (2073633792) 00:10:52.289 --> 00:11:09.329 The written words, but we're not limited to that, right? So we we had other forms of communication with telephone, and the telegraph. The telegraph was 1833, much more recent. Telephone was 1875 Alexandria Grandbell. 36 "UMBC ITE325B" (2073633792) 00:11:09.329 --> 00:11:25.559 Although it's arguable if he was actually the 1st person to develop the telephone, but he was the one most credited with it. As of now, alright, so the written word, not completely penetrated the entire globe. As of now, there are more phones than people in the world. 37 "UMBC ITE325B" (2073633792) 00:11:25.559 --> 00:11:43.409 In fact, there are more mobile phones than there are people in the world. There are about 8 billion people, we don't have an exact count. That's a good casper grad students if we wanted to put a hundred work with that. But there are over 8.6 million registered cell phones. 38 "UMBC ITE325B" (2073633792) 00:11:43.409 --> 00:12:03.409 So that is definitely more, and about another billion landlines. So cellular telephony has really taken, taken the four over more traditional telephones. Photography for visual was developed in the 1820s, the really 1st early tin type. 39 "UMBC ITE325B" (2073633792) 00:12:03.409 --> 00:12:21.989 Kinds of photography was commercially available in 1839, so it was a short time span before they made that available. Digital photos were 1st developed in 1969. So now we're getting more into the modern era. We take it for granted about digital photos now because we're all carried a digital camera. 40 "UMBC ITE325B" (2073633792) 00:12:21.989 --> 00:12:38.369 With our phone and our address book and our cat pictures if that's makes that available. 1st commercial use of digital photography was in 1973 1st megapixel camera was in 1986 that we're really getting closer in. 41 "UMBC ITE325B" (2073633792) 00:12:38.369 --> 00:12:54.959 To your current day. The 1st posting on a line of digital photography was in 1992 by Kim Berners Lee. Although there was some use in on the network of photography in the 1980s on using it, but that wasn't. 42 "UMBC ITE325B" (2073633792) 00:12:54.959 --> 00:13:12.539 Really the the full use of digital photography. Television. Now we have moving pictures was a crude invention in the 1920s that was done with road of scoping and, I'm not gonna describe that, but it was there in the 1920s. It was refined in the 1950s. 43 "UMBC ITE325B" (2073633792) 00:13:12.539 --> 00:13:31.259 Currently there are about 2 billion televisions in the world for 8 billion people, but over half the population has access to video via their mobile phones and computers. So it's not the televisions anymore that are dominant, it's these other portable devices. 44 "UMBC ITE325B" (2073633792) 00:13:31.259 --> 00:13:48.569 And currently best estimates are that 52 % of the population that has access watches video on, at least a semi regular basis. So that's the level of penetration. The written word to streaming video, it then quite amazing. 45 "UMBC ITE325B" (2073633792) 00:13:48.569 --> 00:14:05.969 The idea of a computer, which is more specific to this area, is really an ancient idea, that goes back, depending on how you want to define computer, you can look at the advocates e.g. or you can look at allies on on. 46 "UMBC ITE325B" (2073633792) 00:14:05.969 --> 00:14:25.969 Pottery tablets. But the modern computer digital computer, as we know it was really the 1940s, and if you know your history, that was developed, for code breaking and for balistic calculations during World War two. Those were the two primary uses at the time. It was an outgrowth of. 47 "UMBC ITE325B" (2073633792) 00:14:25.969 --> 00:14:51.389 Analogy that had been developed in the 1930s for census tracking. The card was originally intended for what was then a massive data collection for sorting through census data and was then adopted for using computers. The 1st commercial computer was 1951, the Univac Univac one, again closer into the modern age. 48 "UMBC ITE325B" (2073633792) 00:14:51.389 --> 00:15:11.389 The 1st all transistor computer for sale was the general Electric 02:10. General Electric was a computer company, and it's actually one of the major computer companies back in the 50, sixties and seventies, as was Zerox and Honeywell and some other companies that you may or may not have heard of. 49 "UMBC ITE325B" (2073633792) 00:15:11.389 --> 00:15:26.969 The 1st, so that was the 1st one in the market. IBM announced the 1st one the 7070 in 1958 although they didn't get it to market until six months after the GE product. And at the time. 50 "UMBC ITE325B" (2073633792) 00:15:26.969 --> 00:15:43.739 They bet the company because the computers were effectively millions and millions of dollars per computer. Before that, all tube computers would have occupied several rooms that sized occupied a separate air conditioning plant. 51 "UMBC ITE325B" (2073633792) 00:15:43.739 --> 00:16:01.589 Transistorized computers promised to be more energy efficient, but also we're perhaps not as reliable and that was a concern. The 1st computer to computer communication was demonstrated in 1965. 52 "UMBC ITE325B" (2073633792) 00:16:01.589 --> 00:16:17.909 1st networking. 1969 was the arpenet, and 1993 was about the time that what we consider the modern internet really came to the 4th as, as something that the companies and. 53 "UMBC ITE325B" (2073633792) 00:16:17.909 --> 00:16:37.909 Organizations could join. Just as an injection here to give you a sense of the age of the field, the 1st CS degree program where it actually defined it as a discipline, was established at Purdue in October of 1962. So that is not a very. 54 "UMBC ITE325B" (2073633792) 00:16:37.909 --> 00:16:55.709 Old, compared to mathematics or physics or civil engineerings, some other field that's an early field. So today, computing, it's hard to quantify the reach and the spread of these tools that we have built to solve problems. 55 "UMBC ITE325B" (2073633792) 00:16:55.709 --> 00:17:14.249 And a cause of the modification, but there are by by best measures, tens of quintillions of transistors manufactured every year as part of integrated service, right? Quintillions. 56 "UMBC ITE325B" (2073633792) 00:17:14.249 --> 00:17:33.659 Is 16 zeros, give you a sense and a decade or so ago that surpassed all the number of grains of rice that were that were grown in the world for crops. It's a lot of transistors. There are out of that 8.6 billion people. 57 "UMBC ITE325B" (2073633792) 00:17:33.659 --> 00:17:52.619 5.3 billion have access to the internet coming online. And the growth in that population is under 600 % per year, which can't last forever, right? Because we've got an upper limit, but the the number of people who are gaining access is increasing. 58 "UMBC ITE325B" (2073633792) 00:17:52.619 --> 00:18:07.619 And if you map that against what I was saying about literacy, a very large percentage of those people have access to the internet and they can't read or write, they use graphics, they use video, they don't actually use written word. 59 "UMBC ITE325B" (2073633792) 00:18:07.619 --> 00:18:24.899 There are about 2.7 billion desktop user computers in use, so the majority of these people are online again I'm doing it through mobile devices. I wish there are about 15 billion. That's more than just cell phones because there are other kinds of access devices. 60 "UMBC ITE325B" (2073633792) 00:18:24.899 --> 00:18:41.279 It took us 27 years to go from zero to 1 billion users, seven years to 2 billion, and then it was about, four years and two years to get to the next level. Currently online, about. 61 "UMBC ITE325B" (2073633792) 00:18:41.279 --> 00:18:59.339 64 zebytes of data storage, that's 21 zeros, and network traffic is measured in natabytes, which is 24 zeros. So that's a lot of traffic and that's all in doubling approximately every two years. 62 "UMBC ITE325B" (2073633792) 00:18:59.339 --> 00:19:18.329 So this is why when you read about build out of storage at cloud providers and you start seeing how cheaply you can get thumb drives and others, that's where all that's coming from, it's doubling every two years of the amount of storage with people who are collecting and storing things simply because they can't. 63 "UMBC ITE325B" (2073633792) 00:19:18.329 --> 00:19:35.969 Now in our field, 40 years ago, this is back a long time I was starting in security, it's about a human generation, as, as people measure it. The PC and the were brand new products. They weren't sure if those were gonna succeed in the marketplace. 64 "UMBC ITE325B" (2073633792) 00:19:35.969 --> 00:19:53.399 Okay, but those were brand new at the time. Most computers at the time were mainframes or or many computers. There was one computer virus that had been found in the wild for the Apple two computer. That was it. Policy on times, I guess. 65 "UMBC ITE325B" (2073633792) 00:19:53.399 --> 00:20:09.119 Lands were considered to be new research, instruments and people were trying to decide how they could be used, developed out of work.feel on that at the University of Hawaii early Ethernet. 66 "UMBC ITE325B" (2073633792) 00:20:09.119 --> 00:20:25.169 The Maiden systems in use for deck VMS, AT and T Unix, and IBM mainframe operating systems. So Linux didn't exist. BSD Unix didn't exist. IOS didn't exist, Android. 67 "UMBC ITE325B" (2073633792) 00:20:25.169 --> 00:20:41.819 Etc. The power users of that time were in the tens of thousands at most. So it was a very small population 40 years ago. 20 years ago, we started to see commercial use of the network in significant ways. 68 "UMBC ITE325B" (2073633792) 00:20:41.819 --> 00:20:59.939 There were about 3.84 million registered hosts of all those computers that were about developed. Only 16 tb of traffic, only about 200 tb of storage unlocked. Interesting numbers if you look at them from about 2000 current day. 69 "UMBC ITE325B" (2073633792) 00:20:59.939 --> 00:21:17.909 That the internet of 20 years ago, this is constant moving forward. The internet of 20 years ago would all fit on commodity disks on your desktop now. That's the, the level of change in storage technology. It's been. 70 "UMBC ITE325B" (2073633792) 00:21:17.909 --> 00:21:37.909 Really quite amazing. We saw the 1st spam 20 years ago, a law firm camera and sequel, if you're studying these kind of things, it was basically spamming for their law services for people getting green cards. 1st banner I had showed up, there was NO google or Twitter at the time. Didn't exist yet. 71 "UMBC ITE325B" (2073633792) 00:21:37.909 --> 00:21:57.269 The 2nd most common use was the Worldwide Web. 1st most common use was a protocol known as gopher. Which is still out there. Yeah, there are still sites running Gopher servers and some of the browsers support Gopher as a protocol, so students you can go look. 72 "UMBC ITE325B" (2073633792) 00:21:57.269 --> 00:22:12.689 1991 saw the release and that was more than 20 years ago, but saw the release of the worldwide lab and PGP. Encryption was restricted as immunition. 73 "UMBC ITE325B" (2073633792) 00:22:12.689 --> 00:22:31.559 That was even talked about and the 1st digital wire tap by the secret service was established. So, yeah, this is not long ago, 20 years isn't that long. But where we're going, where we are now and where we're moving towards is more personally tailored services. 74 "UMBC ITE325B" (2073633792) 00:22:31.559 --> 00:22:48.569 That you have the ability to customize what you're getting, your feeds although it's critical to exclude the spam and other kinds of things, but what kinds of services you want to run, download apps, paper apps, content is being used more in education. 75 "UMBC ITE325B" (2073633792) 00:22:48.569 --> 00:23:04.499 In a lot of different ways, it's being used interestingly for preservation of documents. So publications of books is declining, newspapers are largely disappearing. Physical media. 76 "UMBC ITE325B" (2073633792) 00:23:04.499 --> 00:23:21.719 Is effectively going away and it's all being replaced with digital copies, and this has implications that I'll talk about shortly. We have these rich communication capabilities. We're, we're seeing the development of three D goggles and and other kinds of. 77 "UMBC ITE325B" (2073633792) 00:23:21.719 --> 00:23:38.489 Interactive experiences, immersive experiences, very expensive and they're trying to find the right niche but but there's work going along. Tactics development, which is the physical feedback and computing, is an area of active research as well. 78 "UMBC ITE325B" (2073633792) 00:23:38.489 --> 00:23:55.349 We're seeing people being involved in embedded personally and wearable computing, the idea that you can embed computing devices into your body. This is more than just the brain work like neural link. This is other kinds of of things including medical devices. 79 "UMBC ITE325B" (2073633792) 00:23:55.349 --> 00:24:11.489 Entertainment obviously, some of it intentional, some of it not, process control, lots of industries are replacing people by computing equipment because the computing equipment doesn't demand overtime. 80 "UMBC ITE325B" (2073633792) 00:24:11.489 --> 00:24:31.489 It works all, it doesn't have traffic jams, shift scheduling, other kinds of things and they can monitor at very fine granularity as gets back to the time aspect I was talking about. We're seeing more use with monitoring and cameras for purposes of fraud detection crime detection, cctvs popping up in lots of places. 81 "UMBC ITE325B" (2073633792) 00:24:31.489 --> 00:24:48.479 Some countries having a very widespread. UK has them for law enforcement throughout much of urban areas, People's public of China is using them for political suppression in western China of the legal population and others. 82 "UMBC ITE325B" (2073633792) 00:24:48.479 --> 00:25:04.919 But again, it's become more and more widespread. And we're beginning to enter this age of machine learning and AI, where we're not entirely sure yet what that port tends. That's an area that could research for an awful lot of people. 83 "UMBC ITE325B" (2073633792) 00:25:04.919 --> 00:25:24.919 It's probably I'm not gonna talk a lot about this, but a lot of what's being done with AI is probably overheading. I see it as the current blockchain. It's attracting a lot of investment, a lot of interest, but nobody's yet identified a really good use case for it. If you follow the news yesterday, this. 84 "UMBC ITE325B" (2073633792) 00:25:24.919 --> 00:25:46.199 That market to be very deep dive because of a significant sell off of nvidia stock and some other AI companies because they're not reporting anything that they're doing with AI that actually is making money. It's costing a lot, but they haven't yet identified where, where community spend money. 85 "UMBC ITE325B" (2073633792) 00:25:46.199 --> 00:26:03.719 Alright, so if you look at this trend over time, it used to be that the information we collected and processed was for historical purposes. It was that idea of education and keeping a record that we would have over time pass on to others. 86 "UMBC ITE325B" (2073633792) 00:26:03.719 --> 00:26:20.639 So it was communication and history. That's what we really used the collection of data for. Now, we're using it to make decisions in real time, often unseen by people. This is where the area, the era of big data has come from with things like automated trading. 87 "UMBC ITE325B" (2073633792) 00:26:20.639 --> 00:26:38.459 And process control at factories. We're not using data in that regard anymore. We're still storing it someplace in many cases, but we're not using it for control. It's not something that people are using anymore. But as we've increased that usage. 88 "UMBC ITE325B" (2073633792) 00:26:38.459 --> 00:26:54.719 The protection of that information has become more critical. Because if we collect the wrong data, if we can't collect the data, if the data is contaminated, we make the wrong decisions. Well actually we don't, the computers do. 89 "UMBC ITE325B" (2073633792) 00:26:54.719 --> 00:27:10.649 And then we are forced to deliver those consequences. Security has become all the more important therefore for protecting that data. Now, this is interesting because really I have? 90 "UMBC ITE325B" (2073633792) 00:27:10.649 --> 00:27:30.649 Yeah, I'll I'll come back to this in a minute. But in particular with embedded sensors and actuators, you can have very big disasters very quickly if those sensors get the wrong data or the actuators are given the wrong control information. There have been about a 10000. 91 "UMBC ITE325B" (2073633792) 00:27:30.649 --> 00:27:48.239 Hold increase in data points over the last five years in terms of places where these sensors and actuators are located. And most of those are being built on top of commodity operating systems like Windows or Android. 92 "UMBC ITE325B" (2073633792) 00:27:48.239 --> 00:28:03.449 And Linux, which were never really designed for real time and were not designed for this kind of sensitive application areas. Huge security challenges there. When we started looking at. 93 "UMBC ITE325B" (2073633792) 00:28:03.449 --> 00:28:18.989 Building stress, structure of stress where these centers are, health monitoring, utility and management, environmental monitoring energy efficiency, and we're, we're finding more now where they're embedded in in us as individuals. 94 "UMBC ITE325B" (2073633792) 00:28:18.989 --> 00:28:35.729 So if you have an eye watch, you have several sensors you're carrying around on a regular basis. If you have a phone that tracks the number of steps you take, that sensors that are built in, and so we are each becoming data points to be collected. 95 "UMBC ITE325B" (2073633792) 00:28:35.729 --> 00:28:52.199 And that collection, you may not know all the places where it's going, but decisions can be made on that. So my what my eyelotch, for instance, has the the sudden motion stop detection that. 96 "UMBC ITE325B" (2073633792) 00:28:52.199 --> 00:29:08.699 Assumes that I've fallen and can't get up for or been in the crash and every once in a while, particularly when I'm working in the yard, it'll start beeping and saying it appears you've fallen. You want to call for aid. No, I I like somebody else maybe to cut the brush, but. 97 "UMBC ITE325B" (2073633792) 00:29:08.699 --> 00:29:28.169 So, there are decisions that are being made, there are assumptions being made by these sensors, and some of them can be much more safety critical, like embedded pacemakers and insulin pumps. But as I said, these have been designed really without security in mind. 98 "UMBC ITE325B" (2073633792) 00:29:28.169 --> 00:29:45.689 The collection of data has just been increasing at a huge rate. Easy impossible to clean it. There is NO large database now, generally. I mean, I I can't say NO, absolute hundred percent, but. 99 "UMBC ITE325B" (2073633792) 00:29:45.689 --> 00:30:05.689 By and large, the majority of data sets that are in use for any of these things have never been vetted by a human to make sure that they are correct and clean. That is that there's NO anomalous data in them. And often some of some experiments that some of you may run with some of these data sets. 100 "UMBC ITE325B" (2073633792) 00:30:05.689 --> 00:30:08.849 You will discover anomalous data. 101 "UMBC ITE325B" (2073633792) 00:30:08.849 --> 00:30:25.949 That you didn't know was in there, but it contaminates whatever it is you're trying to do and we have to build around that. And it's becoming increasingly permanent. So I've talked to people at large corporations where they collect data on their customers and their users. And they've got data that's. 102 "UMBC ITE325B" (2073633792) 00:30:25.949 --> 00:30:45.929 15 years old, from customers, including addresses and credit card numbers and other kind of information. Every once in a while, it gets leaked because I'mma breaks in and you download the data set. And in conversation with them, say, you know, if you didn't keep all that data, that's still and you haven't used it in ten years. 103 "UMBC ITE325B" (2073633792) 00:30:45.929 --> 00:31:01.169 You wouldn't have to worry about it. The answer is, it's commingled with their other data. It would be more expensive to clean it than it would be to just buy more storage to handle it. So. 104 "UMBC ITE325B" (2073633792) 00:31:01.169 --> 00:31:21.169 We have this permanent growing data store of information that is stale, is incorrect, and in many cases is vulnerable. So all of this brings about security challenges, and there are others. So there's the apocribal really sutting quote that, you know, why you robbed banks, that's what money is. 105 "UMBC ITE325B" (2073633792) 00:31:21.169 --> 00:31:36.959 Because he never actually said that, but basically the intent. Now all the money's online. Stock trading is online. Your banking applications are online. All your banks are online. Payroll systems. 106 "UMBC ITE325B" (2073633792) 00:31:36.959 --> 00:31:52.319 Purchasing it's all online. So that's a place where the cyber, the cyber criminals are targeted. And they can target target, more than just the information. They can also target the. 107 "UMBC ITE325B" (2073633792) 00:31:52.319 --> 00:32:08.039 Underlying processes that are used, the programs, the sensors, the decision algorithms to have outcomes that they want. It's not just the themes, it's competitors in industry. 108 "UMBC ITE325B" (2073633792) 00:32:08.039 --> 00:32:24.929 And that may not be something that seems obvious, but it actually is happening on a global scale, particularly when there are national interests in some of those economic marketplaces such as mining, petrochemicals, aerospace. 109 "UMBC ITE325B" (2073633792) 00:32:24.929 --> 00:32:41.849 Of course there there isn't cyber war are areas of concern because if you Yes, these may want to get into A system, but you have potentially political or ideologic adversaries who are interested in getting into whole sectors of of the economy. 110 "UMBC ITE325B" (2073633792) 00:32:41.849 --> 00:32:57.839 You may not take down the electric grid as part of your experiments, but it could very well be a goal of the foreign power. General anarchis, are around who yesterday. 111 "UMBC ITE325B" (2073633792) 00:32:57.839 --> 00:33:13.859 I think it was yesterday at Columbia, some of the protesters over the conflict in Goza actually had as one of their printed objectives is to dismantle the current US government, which seems a little extreme, but nonetheless, there is that anacast underlying. 112 "UMBC ITE325B" (2073633792) 00:33:13.859 --> 00:33:30.719 Intent and Columbia has a very good computer science department, so it's entirely possible there's an intersection of some of those students, glockers, people who are just interested, they're noisy as to what's going on in other places, conspiracy theorists. 113 "UMBC ITE325B" (2073633792) 00:33:30.719 --> 00:33:48.509 We've had several instances of people breaking into government computers to try to find evidence of tracking in the vaccine or in the UFO bases or other kinds of things and I don't think the two are actually in the same conspiracy but. 114 "UMBC ITE325B" (2073633792) 00:33:48.509 --> 00:34:03.569 That the rate is going through good. What happens when we start, and we already have, but we start having AI systems autonomously probing for vulnerabilities and possibly taking advantage of it. 115 "UMBC ITE325B" (2073633792) 00:34:03.569 --> 00:34:20.969 Some of that is ongoing now, at the speed of computing. So for all of you who are working in cybersecurity, this is a really interesting problem, but it is one complicated by a fundamental issue. 116 "UMBC ITE325B" (2073633792) 00:34:20.969 --> 00:34:40.969 We do not have an agreed definition of what security is. Under some definitions, like, some that I've seen and and occasional news, all of what I'm describing to you is part of cybersecurity. The history, sociology, the psychology, because it goes to the appropriate use of the technology. 117 "UMBC ITE325B" (2073633792) 00:34:40.969 --> 00:35:01.159 Other places take a more narrow view that it actually has to be involved with air algorithms and hardware, but this is part of the problem. We do not have a good definition of security. Not intended as a plug, but if you take a look at the, at the book that we just wrote, the cybersecurity maths, one. 118 "UMBC ITE325B" (2073633792) 00:35:01.159 --> 00:35:23.219 The whole chapter is devoted to the fact, we do not have an agreed definition. You might think, well, NIST must have a definition. Yes. Well, NIST not only has a definition, they have three definitions. You get to pick which one you like, and if you don't like any of them, they'll probably be willing to come up with another. Because we don't have a good definition, we also don't have good metrics. 119 "UMBC ITE325B" (2073633792) 00:35:23.219 --> 00:35:39.839 To be able to measure and compare. And that's a problem. Part of the definition of security needs to be correctness. And this is something we all struggle with, whether we're in security or not. 120 "UMBC ITE325B" (2073633792) 00:35:39.839 --> 00:35:56.789 Software engineering is really sort of the original security. If a system doesn't behave correctly, then you can't make any predictions about its behavior under stress or attack. It just doesn't behave right normally. 121 "UMBC ITE325B" (2073633792) 00:35:56.789 --> 00:36:16.789 That's a problem. And it's not something exact. We do not understand some of the basic principles still in how to build reliable computers with known boundaries on risk and behavior. After all this time that we've been doing with computing, which isn't really surprising because it. 122 "UMBC ITE325B" (2073633792) 00:36:16.789 --> 00:36:36.569 It's not that long. We're only going, we're going back less than a hundred years for anything with digital computing. That's not a long time. We still have buildings fall down and bridges fall down and civil engineering has been around for a much longer times. This is part of the challenge that we have that's interesting. 123 "UMBC ITE325B" (2073633792) 00:36:36.569 --> 00:36:51.629 Is to understand what security is, what correctness is, what reliability and robustness is, resiliency, what are these properties, and how do we go about building them in? And how do we do it in an environment? 124 "UMBC ITE325B" (2073633792) 00:36:51.629 --> 00:37:07.109 Where economics play such a major role. We know how to do many things better than we do now, but people don't want to pay for it. People will pay a modest amount. 125 "UMBC ITE325B" (2073633792) 00:37:07.109 --> 00:37:23.849 To use Windows. If they know how, they'll download a version of Linux, which is effectively free. Neither of those are reliable good platforms. They work for some typical desktop users. 126 "UMBC ITE325B" (2073633792) 00:37:23.849 --> 00:37:43.849 But you don't want to use those in a critical environment. In fact, in most critical environments, they are definitely not the 1st choice. There are some 1st choice systems. There are some very, very high quality robust systems and you should be glad we have them because they're in use of clear power plants and aviation on board plans. 127 "UMBC ITE325B" (2073633792) 00:37:43.849 --> 00:38:01.589 Plans and others, but those costs $10000 a copy or a license because it costs money and time using the existing tools and knowledge to make that work. How many of you, for instance, in your careers coming up through a learning program. 128 "UMBC ITE325B" (2073633792) 00:38:01.589 --> 00:38:17.910 Have learned formal methods, right? That's more than most rooms when I'm in. That is a known method of getting better software, although it's cumbersome, it's low and it doesn't work for large systems, but nonetheless. 129 "UMBC ITE325B" (2073633792) 00:38:17.910 --> 00:38:36.660 It is an approach, but we don't teach it because most people want to program just want to sit down and beg out code. That's a problem. Yesterday, the head of the the group working to rewrite the kernel of Linux in brust from C, which would make it more robust. 130 "UMBC ITE325B" (2073633792) 00:38:36.660 --> 00:38:52.890 Quit because there's so much argument over it and so many technicalities, he doesn't want to prep with it anymore. So I put the whole thing in doubt. When I say about robustness and about correctness, some of you have an appropriate age. 131 "UMBC ITE325B" (2073633792) 00:38:52.890 --> 00:39:09.870 How much of your time has been spent staring at a blue screen? That, if you, if you turn that into an economic cost is huge, and yet, people don't internalize that this is a cost. 132 "UMBC ITE325B" (2073633792) 00:39:09.870 --> 00:39:25.140 That if they were to pay it up front for something that was better developed and better tested, they might not have to have to undergo that. Part of this is security itself and software engineering are both relatively new. 133 "UMBC ITE325B" (2073633792) 00:39:25.140 --> 00:39:41.370 One of the 1st projects that had security as a goal was funded by Darba in 1963 6380 years ago, NO 60 years ago. 134 "UMBC ITE325B" (2073633792) 00:39:41.370 --> 00:40:01.370 Yeah, that was more than an off by one, but 60 years ago at at MIT, project Mac, that resulted in Multix, but security was one of the design goals, and they did a very good job. They came up with a number of things that Multix had. They found a few flaws doing penetration. 135 "UMBC ITE325B" (2073633792) 00:40:01.370 --> 00:40:21.570 Testing and otherwise, but they were fixed and it operated for years and years as a high assurance system. We don't use many of the things they developed, like the page segment architecture because it's slower. Think about that as as an evaluation that has been made in the marketplace. 136 "UMBC ITE325B" (2073633792) 00:40:21.570 --> 00:40:38.160 We want it faster but potentially compromised and broken. That's the decision effectively that's been made. That would be like saying, I want the car that's faster and cheaper, even if occasionally the brakes don't work. 137 "UMBC ITE325B" (2073633792) 00:40:38.160 --> 00:40:53.250 Okay, that doesn't seem to me to be a good decision in part that goes back to not having metrics. The real, the 1st real good document on cybersecurity challenges in many respects. 138 "UMBC ITE325B" (2073633792) 00:40:53.250 --> 00:41:13.250 The wear report that was commissioned by the Air Force out of rand. Willis Wear was the primary author, which is why it's called the wear report, came out in 1970. And if you're working in security and you've never read the wear report, it's available online, I'd suggest you look at it. You will see lots of things that mirror the current environment. 139 "UMBC ITE325B" (2073633792) 00:41:13.250 --> 00:41:14.940 Okay. 140 "UMBC ITE325B" (2073633792) 00:41:14.940 --> 00:41:34.940 The 1st degree in cybersecurity was established in 2000 at Purdue. 2000, right? It's not even 25 years old. All of this shouldn't be surprising as to why we don't have better solutions than we do. Although it's complicated by the fact that we. 141 "UMBC ITE325B" (2073633792) 00:41:34.940 --> 00:41:55.290 We have these other kinds of problems with economic decisions lack of metrics, and simply the weight of legacy of what's already out there that's broken. People don't want to do away with Windows because they have too much depending on it, even though it's not very good, it's huge, it's slow, it has bugs. 142 "UMBC ITE325B" (2073633792) 00:41:55.290 --> 00:42:15.290 And if you look underneath the, the hood, current Windows eleven has compatibility with every prior version of Windows. Why? Including bug compatibility, by the way. Because there are many commercial customers who won't switch unless they can still run their old software. 143 "UMBC ITE325B" (2073633792) 00:42:15.290 --> 00:42:32.670 Much of our economic system is based on emulators of emulators of computers that are NO longer made because they support the Cobalt system, that the software is written in and they don't know how to rewrite it because the people who wrote it have all retired or died. 144 "UMBC ITE325B" (2073633792) 00:42:32.670 --> 00:42:49.380 So refactoring it as a problem. Research that we're involved in, there are problems there. If you look too much of the research is on patching the existing base, even darker. 145 "UMBC ITE325B" (2073633792) 00:42:49.380 --> 00:43:05.850 Now a lot of what they're doing is next generation systems to patch or penetrate existing computing systems. NSF similar. You submit a proposal for a new system, you may get negative reviews unless you talk about how it applies to windows or Linux. 146 "UMBC ITE325B" (2073633792) 00:43:05.850 --> 00:43:22.170 I I've heard from many people that's happened. And if it doesn't use the intel or ARM instruction set, again, maybe now the the Apple M instruction set, but generally, reviewers, people in the research community. 147 "UMBC ITE325B" (2073633792) 00:43:22.170 --> 00:43:37.410 Are not interested in innovation in, in a way that really let us break out of the cycle. We've, we've gone to a measure to publisher perish, which has been the joke for a while, but many universities departments otherwise. 148 "UMBC ITE325B" (2073633792) 00:43:37.410 --> 00:43:55.890 We now calculate somebody's impact by impact factor and number of articles published. Not on the quality of the advancement, it's the numbers, trying to get tenured a major university now without having 20 publications and brought in. 149 "UMBC ITE325B" (2073633792) 00:43:55.890 --> 00:44:11.700 A million or two and outside funding, those have nothing to do with quality or your ability really to contribute to the field, and yet those are the metrics that are being used. That's broken. Funding mechanisms like through NSF are too small and too slow. 150 "UMBC ITE325B" (2073633792) 00:44:11.700 --> 00:44:28.980 You can't do a big project. You can't undertake something longer term. I will say there's a very interesting project I'm advising right now at Sandia Labs that is a seven year project that they're involving outside as well as inside to address a very narrow part of this. 151 "UMBC ITE325B" (2073633792) 00:44:28.980 --> 00:44:45.030 Problem for real time systems in a small subset of applications. So, they're, they're trying to solve it for a small slice and they're putting over $50 million into it, which is a good start. 152 "UMBC ITE325B" (2073633792) 00:44:45.030 --> 00:45:01.260 But there are very few projects like that that are being conducted on a large scale. There's some paradoxical market forces, so we aren't going to see things from the commercial side. The marketplace favors early to market over better developed and tested. 153 "UMBC ITE325B" (2073633792) 00:45:01.260 --> 00:45:20.250 If you're not 1st to market so you can get the mind share, then you might as well not try. But that means you don't spend the extra time doing the testing, the quality assurance, and other care necessary to make sure that it'll work. Ethics and law are open, often just completely ignored. 154 "UMBC ITE325B" (2073633792) 00:45:20.250 --> 00:45:38.370 So as an example, what many of the AI firms now, are ignoring intellectual property rights and do not scrape instructions to suck in whatever data they can to get a better model for their for their product because that's how they're going to advance in the market. 155 "UMBC ITE325B" (2073633792) 00:45:38.370 --> 00:45:55.530 Ethics, forget about that, and the law, well, we'll just do it now and then a couple of years we'll see what the the lawyers say. That's not a good approach. If any of you are members of ACM, go back and read the code of professional ethics. 156 "UMBC ITE325B" (2073633792) 00:45:55.530 --> 00:46:10.950 That doesn't fit. And then skewed public impact. You look at where the public, you ask the average person out on the street and you say, who's Elon Musk? 157 "UMBC ITE325B" (2073633792) 00:46:10.950 --> 00:46:30.540 And they'll say, oh, he's he's a billionaire technology genius half of that is correct. But he's done a number of things which are really quite questionable ethically, and this continues to do so. It's only and it's only Wednesday. And it's only. 158 "UMBC ITE325B" (2073633792) 00:46:30.540 --> 00:46:45.570 If you ask them, who are the cardiacian sisters? Most people will be able to answer that. If you ask them what they're known for it while they're known for being known. Ask how many, what do they know about Jonas Salt? 159 "UMBC ITE325B" (2073633792) 00:46:45.570 --> 00:47:02.070 Who is a true hero, saved millions of lives, millions of people from being crippled, and get it all donated, donated his patents to the in to the public domain so that his polyo vaccine could be used worldwide. 160 "UMBC ITE325B" (2073633792) 00:47:02.070 --> 00:47:19.560 I have a skewed perception of where value is and what accomplishment should be recognized. Taking this further back to some of my original thinking, we are not thinking about the impact on the world around us. 161 "UMBC ITE325B" (2073633792) 00:47:19.560 --> 00:47:39.560 We're not thinking about the environmental impact power, your stories been find where right now power companies are in a bind because the people running the big AI centers are competing with the people running the big, big coin mining centers and they're, they're. 162 "UMBC ITE325B" (2073633792) 00:47:39.560 --> 00:47:58.050 At odds about who gets the power, which is basically is in places where they're needing more power to run air conditioning because of climate change. So they're burning more fossil fuel, which puts the marketplace as well as increasing heat. The E waste and the waste from mining. 163 "UMBC ITE325B" (2073633792) 00:47:58.050 --> 00:48:18.050 From getting some of the rare earth elements, the raw materials. Those aren't factors in any of these costs. The pollution of the minds from the people getting all the spam and the misinformation, making poor decisions, in, in their own lives, in what they buy, and certainly we see it in the political arena with. 164 "UMBC ITE325B" (2073633792) 00:48:18.050 --> 00:48:44.300 The number of false information and operations that are going on. That's not calculated or taken into account. In the market, we want clicks, we want eyeballs. We don't care if it's totally distorting the social fabric. You look at that and we have weak attempts at legislation and and a lot of pushback from various parties about trying to have guardrails. 165 "UMBC ITE325B" (2073633792) 00:48:44.300 --> 00:49:03.090 On what is posted. In fact, even research, we have, a committee in congress, in the current Congress where they have through subpoenas and investigation shut down several research projects that have been attempting to find out how. 166 "UMBC ITE325B" (2073633792) 00:49:03.090 --> 00:49:18.750 Social influence and this information are affecting the public politic shutting down the internet observatory at Stanford is one example of this. So, so again, the marketplace, the idealogic aspects are pushing back against. 167 "UMBC ITE325B" (2073633792) 00:49:18.750 --> 00:49:34.260 Some of the very dangerous things that are going on. Business as it operates, as a model, has, has these stages. The 1st is functionality, putting at the damn thing to work at all. We're past that for AI now and get it to kind of work. 168 "UMBC ITE325B" (2073633792) 00:49:34.260 --> 00:49:51.870 Reliability, well the damn thing, please stop crashing. That's the next thing. 3rd, it's convenient, let's shrink it so I can take it where I'm going. Price, if it's commodity, give me the cheapest, doesn't matter about those other factors anymore, and then last of all fashion. 169 "UMBC ITE325B" (2073633792) 00:49:51.870 --> 00:50:10.320 Can I get it in to go or graffi? Maybe it folds up. None of those have to do with quality or reliability. Those are not stages in the business model that we have in the computing arena. Security is not a factor. It is not a market driving decision by anybody. 170 "UMBC ITE325B" (2073633792) 00:50:10.320 --> 00:50:26.670 It's not about making it safer. And there are security companies out there. There's a lot of them. You got RSA, it's daunting. But keep in mind, they are not interested in keeping you safe. 171 "UMBC ITE325B" (2073633792) 00:50:26.670 --> 00:50:45.900 They are interested in selling new products, preferably product on a recurring license. That is their purpose in existence, and yet too many people who make decisions about security think that, oh, well, you know, they're a market leader, they're gonna protect me. 172 "UMBC ITE325B" (2073633792) 00:50:45.900 --> 00:51:01.800 Alright, so this is the context that we're in, sort of where we came from. Let me just say a little bit about going forward. There are some technologies we're anticipating, some we can't anticipate. A lot of the developments I talked about for communication and storage and otherwise. 173 "UMBC ITE325B" (2073633792) 00:51:01.800 --> 00:51:18.180 We're actually changes in physics in material science that we then took advantage of free. Now smaller die sizes for instance, and now we're talking about going optical systems and so on. But quantum, quantum computing. 174 "UMBC ITE325B" (2073633792) 00:51:18.180 --> 00:51:35.250 Has some very interesting potential benefits, but it's uncertain when we're going to get to the point where we actually have practical time. We've got small numbers of bits now, but it's very expensive and very difficult and prone to error. And there are some physical constraints that may get in our way. 175 "UMBC ITE325B" (2073633792) 00:51:35.250 --> 00:51:53.610 Yeah, maybe ten years, maybe 20. Some people are questioning whether we'll ever reach the right point. But even if we do that, we're still going to need I/O, we're gonna need libraries, programming, control, error correction. It's not as simple as increasing the physical capacity of cubits. 176 "UMBC ITE325B" (2073633792) 00:51:53.610 --> 00:52:09.060 If it does come along, it's still not going to solve a lot of our problems. It's it's not going to solve security problems. In fact, it may make some worse. How do you verify that a quantum program is producing the right or the best results? 177 "UMBC ITE325B" (2073633792) 00:52:09.060 --> 00:52:28.500 By its very nature, it produces all the results. So some of them must be wrong. How do we know the right ones are the ones that are coming out the other end? That's an interesting question that not many people have looked at. I have yet to see any really good papers talking about security quantum systems. 178 "UMBC ITE325B" (2073633792) 00:52:28.500 --> 00:52:48.500 So Amy's looking for this topics, here's one. AIML, there is NO AI right now. It's all machine learning, it's all statistical models. And anybody who tells you otherwise is trying to sell you something. We don't actually know what intelligence is, but we're, we do know that what comes out of the machine. 179 "UMBC ITE325B" (2073633792) 00:52:48.500 --> 00:53:05.310 This isn't intelligence, and it's complicated by things like IP rights, intellectual property rights, correctness. The idea, it's called hallucination. It's not hallucination because there's NO thought behind it. It it's just bad statistical results. 180 "UMBC ITE325B" (2073633792) 00:53:05.310 --> 00:53:21.870 Human values, where are the ethics behind what some of this stuff puts forward? It's easy to prompt some of these these llmiss to generate incredibly racist, biggest massagenistic material with very little effort because that's part of the data that goes into it. 181 "UMBC ITE325B" (2073633792) 00:53:21.870 --> 00:53:37.740 Where is the ethical guidelines? Where is empathy? Have anybody working on artificial empathy? That's a human trait that we should have present in our systems. We're not doing that. And instead, we're producing systems. People are firing. 182 "UMBC ITE325B" (2073633792) 00:53:37.740 --> 00:53:57.060 A longtime employees to replace them with AI systems because they think it's cheaper and it's gonna produce better results. Those are companies to short their stock, by the way, if you don't see that happen. There there are there are all kinds of problems around this and how are we going to control it? 183 "UMBC ITE325B" (2073633792) 00:53:57.060 --> 00:54:13.590 And the correctness of these systems is declining because they're running out of data to train them on and they're now trying to train them with data that has been produced by the AI systems. And all that does is increase the noise and the nerve. 184 "UMBC ITE325B" (2073633792) 00:54:13.590 --> 00:54:29.910 So there are some real, we're hitting the wall pretty soon if we're not already at it, where this, the models aren't gonna get better because of of more data. And that's an interesting problem. That's why currently, as I said, there are a number of concerns about about AI going forward. 185 "UMBC ITE325B" (2073633792) 00:54:29.910 --> 00:54:49.910 Privacy, is a huge driver and is not being thought about it with any of these systems like AI or the big data collection. I've already touched on that, need to think about that. All of these things are concerning as future capabilities because they're not being, again, they're being thought. 186 "UMBC ITE325B" (2073633792) 00:54:49.910 --> 00:55:09.630 Kind of in terms of A, what can we build and B, how can we sell it? Rather than what are we doing to actually make the human condition better? Furthermore, the infrastructure is diminishing returns. It's getting more and more expensive to build new fabs for, for chips, and we're seeing that. 187 "UMBC ITE325B" (2073633792) 00:55:09.630 --> 00:55:24.870 Play out in real time. It's more and more expensive for the power and the power consumption in hosting the data sites. That's a problem. The sustainability of all of this is really questionable that we have to ask ourselves. 188 "UMBC ITE325B" (2073633792) 00:55:24.870 --> 00:55:43.500 Then we keep it up in this, in this way. And then there's conflict perhaps at machine speed. We have all these various actors who are involved and they're not interested in, a company dictating their national policies or what they can do. 189 "UMBC ITE325B" (2073633792) 00:55:43.500 --> 00:55:58.650 Or other countries who happen to be more advanced in manufacturing or development. So they're going stealing ideas and working to subvert other systems. We're seeing that play out, the great firewall of China, and by the way China's not the only country. 190 "UMBC ITE325B" (2073633792) 00:55:58.650 --> 00:56:14.040 Saudi Arabia is another countries that has this. One of my students did a phd thesis on internet sensorship and they did not find a single country that does not exercise some form of sensorship over internet traffic, not one. 191 "UMBC ITE325B" (2073633792) 00:56:14.040 --> 00:56:30.840 Including the US, we're looking towards laws on unsafe AI because they're very tentative because we don't have it defined. Think about the social order that we're seeing not only here in the US but other places, banning books, as an example. 192 "UMBC ITE325B" (2073633792) 00:56:30.840 --> 00:56:48.990 What happens when those books are online in their story to data center? What happens? How does that social affect? I think what we're going to see some more of it and this is political science is increasedation, that work. 193 "UMBC ITE325B" (2073633792) 00:56:48.990 --> 00:57:06.090 More walls, more partitioning, and more difficulty in sharing information across, across those orders. You can question whether that's good or bad or how we evaluate it, but it's coming. And if we aren't careful with AI and privacy. 194 "UMBC ITE325B" (2073633792) 00:57:06.090 --> 00:57:25.140 For those of you who are signing fiction fans, the butlary and is something that may not be out of the question, if we're not careful with what we do. I'll skip a little bit here on privacy. There's a lot there having to do with respecting. 195 "UMBC ITE325B" (2073633792) 00:57:25.140 --> 00:57:40.950 Informed consent, which most places don't do. If you sign on to social media, you're not informed, really, but you're expected to consent. And thereafter everything you do is is theirs. That's not a good ethical model. 196 "UMBC ITE325B" (2073633792) 00:57:40.950 --> 00:57:57.330 But it's the one we have for commercial marketplace. I suggest finding a poem by Robert Frost, the mending wall as something to look at and of course an inspiration there. But then, for the. 197 "UMBC ITE325B" (2073633792) 00:57:57.330 --> 00:58:13.170 The last bit and this has been a little longer than I thought, but there's also the case because correctness and resilience here are part of security, in some respects, there's the issue of disaster. Anytime we can have a disaster. 198 "UMBC ITE325B" (2073633792) 00:58:13.170 --> 00:58:29.700 We can have adversaries either cause the disaster or take advantage of it. So we shouldn't have disasters. What do I mean by disasters? Crowdstrike? That was not intentional, and yet, look at what it did. 199 "UMBC ITE325B" (2073633792) 00:58:29.700 --> 00:58:45.150 There are other kinds of things like that. If those can occur, if blue screens can occur, those are things that can be caused or taken advantage of. One of the things i've written about is the the Carryington event last occurred in 1859. 200 "UMBC ITE325B" (2073633792) 00:58:45.150 --> 00:59:01.260 Which is a major solar flare that caused induced currents and conductors around the world like telegraph lines, gas lines, kill people, melted down infrastructure. If we were to have something on that order now, we NO longer have printed books on things. 201 "UMBC ITE325B" (2073633792) 00:59:01.260 --> 00:59:19.080 If that took out our online storage, we'd have to start over. That's bad. But, it doesn't have to be a netflow plan. Low earth EM verse nuclear verse can cause a similar effect. 202 "UMBC ITE325B" (2073633792) 00:59:19.080 --> 00:59:35.370 That's been shown. I won't go into that, but that affects things like not only computers on the ground, every one of your automobiles runs with multiple computers. You get in and use current and burn those out, nothing's moving. Food delivery. 203 "UMBC ITE325B" (2073633792) 00:59:35.370 --> 00:59:51.090 Medicine delivery, other kinds of things. Space communications. Gone, we would not be able to recover because we aren't designing for that. All right, so I'm. 204 "UMBC ITE325B" (2073633792) 00:59:51.090 --> 01:00:10.020 I ran a little late here, but let me give you the conclusion, which is there's NO particular conclusion. We have some incredible possibilities for our future. The technologies you all are building, have the potential to really transform our lives in good ways. 205 "UMBC ITE325B" (2073633792) 01:00:10.020 --> 01:00:26.640 I think perhaps many of us who work in the field grew up watching star Trek and were thinking that's the world we wanna have, but the people who are trying to make money office are trying to build the blade runner future. 206 "UMBC ITE325B" (2073633792) 01:00:26.640 --> 01:00:45.030 We have to push back against that by saying it's more than the computing, it's more than making money off of it. It's what are we doing to improve the human condition? And that's not something that's normally taught in programming one on one or operating systems. 207 "UMBC ITE325B" (2073633792) 01:00:45.030 --> 01:01:03.420 But it has to be central to whatever we do next, which is why I'm so enthused at the idea of actually having an institute here to look at that because you've got the computer science and the other fields where you can think about this together. We need to design carefully and be better informed about the consequences. 208 "UMBC ITE325B" (2073633792) 01:01:03.420 --> 01:01:23.420 And I'll close with the thought here. How many of you know what the drake equation is? Three. Okay. Frank Drake was a physicist who came up with a mathematical equation for how to estimate how many other intelligent civilizations were in the universe based on type of sun and orbit. 209 "UMBC ITE325B" (2073633792) 01:01:23.420 --> 01:01:40.320 An age and so on. Number of inhabited plants. And he was discussing this at lunch at Los Angeles with some others and Enrico Firmy was there and said, ok, you, I worked the numbers and it's millions. Where are they? 210 "UMBC ITE325B" (2073633792) 01:01:40.320 --> 01:01:55.710 Where is everyone? We haven't discovered any yet. Maybe they're good at hiding from us, I don't know, but the question that some people said is the answer Tox is maybe at a certain point. 211 "UMBC ITE325B" (2073633792) 01:01:55.710 --> 01:02:14.070 Civilizations end up destroying themselves. We could be on that cusp. If we let AI take over, if we destroy our environment feeding Bitcoin mining, then we will not be around to see the next generation of computing. 212 "UMBC ITE325B" (2073633792) 01:02:14.070 --> 01:02:29.280 And so I would encourage you, think security in the large, security of humanity, betterment of the human condition. The technology is great. Let's make it better. Thank you. 213 "UMBC ITE325B" (2073633792) 01:02:29.280 --> 01:02:49.280 Yeah thank you very much back. I was exactly the right time talk to have for this diverse audience and thank you all for coming for staying a little bit longer. We probably have time for a quick question or two and then I apologize. 214 "UMBC ITE325B" (2073633792) 01:02:49.280 --> 01:03:09.300 Amazing talk. 1st off thanks for not using slides and I'm the guy on campus that. We'll remind you this focuses to us on the message that you've got over. What are your thoughts about trust? There's the digital trust side, but my worry is. 215 "UMBC ITE325B" (2073633792) 01:03:09.300 --> 01:03:25.860 What you don't have to destroy the system. You just have to destroy the system. Right elections coming up. Banking system, if the populars thinks that the banks are untrustworthy, the banks are gone, right? If people think that the election is rigged. 216 "UMBC ITE325B" (2073633792) 01:03:25.860 --> 01:03:45.150 It's it's NO longer valid. All those kind of questions, so you don't actually have to destroy the systems unless you want to take down a power plant. But a lot of our civilization is based on some basic level of of trust. So I'm interested in your thoughts on that. There are other examples too like vaccines. Yeah. 217 "UMBC ITE325B" (2073633792) 01:03:45.150 --> 01:04:01.260 We've reached the point in technological sophistication where those to understand the safeguards, people need more education than they tell them they have. And. 218 "UMBC ITE325B" (2073633792) 01:04:01.260 --> 01:04:19.320 That creates a political divide, that it is a, a part of one political view that we don't trust the elite. We don't trust government. We don't trust education. We want to abolish university. 219 "UMBC ITE325B" (2073633792) 01:04:19.320 --> 01:04:36.510 And they respond to political messaging and other messaging in about 4th 5th grade level. It's very difficult to argue with people who don't have the beginning I mean there's a dunning Pruder kind of effect in play though. They think they understand it, but. 220 "UMBC ITE325B" (2073633792) 01:04:36.510 --> 01:04:56.340 All they've done has seen 3 h of youtube videos, and this is a real challenge for us is how do we get them to a point where they can get educated or or find people they trust to have the education to understand. And that's a social and educational challenge. 221 "UMBC ITE325B" (2073633792) 01:04:56.340 --> 01:05:11.820 That we are not meeting very well, and we don't understand some of those conspiracy theories and and this info the disinformation amplifies it. I have argued with flat earthers. 222 "UMBC ITE325B" (2073633792) 01:05:11.820 --> 01:05:28.410 It's it's. You're, you're exactly right that it that is at the heart of the number of these things as problems but the way you address that really it's going to be through education and through transparency. 223 "UMBC ITE325B" (2073633792) 01:05:28.410 --> 01:05:47.280 We are not very good with those things. We have a lot of things that are not transparent government agency than others, proprietary rights, and as a result, people don't have the information to be able to build up the trust. This is a big social issue that I think sociologists and psychologists could be more involved there. 224 "UMBC ITE325B" (2073633792) 01:05:47.280 --> 01:06:03.240 Okay, I'll take one question and then I think we have. Oh, ok. So it's Beth, 1st off, amazing talk and one thing that really interests me from some of the stuff you were bringing up was we made points about how. 225 "UMBC ITE325B" (2073633792) 01:06:03.240 --> 01:06:20.850 Microsoft now is building systems on systems to have these backwards capabilities, any of these systems, like 1st Microsoft ones that were developed and they use people don't really know how to, you know, work with anymore. Similarly, when we talk about things like Coval and stuff, there's a great point where. 226 "UMBC ITE325B" (2073633792) 01:06:20.850 --> 01:06:36.210 Within the next ten years, a lot of the OG cobalt engineers are gonna be dead. Are we approaching a greater risk especially now as programming education is while more accessible, getting more service level where people are using Python by default? 227 "UMBC ITE325B" (2073633792) 01:06:36.210 --> 01:06:53.010 Where at some point people aren't gonna know how to engineer or operate the systems that kind of build up the foundations of modern software systems and the internet. Oh, we passed that. When, when I think with some of some of the faculty here. 228 "UMBC ITE325B" (2073633792) 01:06:53.010 --> 01:07:09.540 We're in school. We, we learned everything from hardware to user interface, and if we had to go teach, we could teach the entire stack. There's NO personal live now who could do the entire stack. It's too complex. 229 "UMBC ITE325B" (2073633792) 01:07:09.540 --> 01:07:29.540 Many undergraduate programs NO longer even teach architecture as something that's that's part of the curriculum. Complexity is, I didn't mention, but complexity is part of the problem. We don't know how to deal with that. There there's some great work that originally some works by, oh, by the name of Charles. 230 "UMBC ITE325B" (2073633792) 01:07:29.540 --> 01:07:59.000 Ro who was on the faculty at Princeton normal accidents was his 1st book, but the coming catastrophe was the most recent one about the potential collapse of the internet because the complexity is beyond the point at which we know what's going to happen. Some people are saying AI is the answer to that. I I think that just adds another layer of complexity. Virtualization and so on just adds more layers. So yes, that is a problem and, we are not doing a good job of meeting that, going back and. 231 "UMBC ITE325B" (2073633792) 01:07:59.000 --> 01:08:19.370 It costs money to go back and simplify. And, if you look at, if you look at open source, polls of people working in open source, going back, only 3 % are interested in going back and auditing other people's software, everybody else wants to write their own new device drivers so that they can put it on their resume, which is why Linux has got like 50 different device. 232 "UMBC ITE325B" (2073633792) 01:08:19.370 --> 01:08:36.210 It's just it's it's not a sustainable path, but I don't know how we get off of it because I guess going off of that, we're really running this risk of that knowledge being lost. Oh yeah. Oh yeah. Well, some of it economic factors help, so there is. 233 "UMBC ITE325B" (2073633792) 01:08:36.210 --> 01:08:54.510 Actually, I'm not sure whether it's fortunate or unfortunate, but, the, the banking industry puts a lot of money into Testigi Institute. They teach cobalt. Their graduates go off and easily get jobs, six figure salaries. 234 "UMBC ITE325B" (2073633792) 01:08:54.510 --> 01:09:14.510 But it's not portable because that's what they've been trained in. So it's good for them, but it's perpetuating a problem in another way. And that's another example of what this institute can do sitting there is someone who works on software deck, you have an honest to goodness software engineer who works on the software debt. I think we have a final question. 235 "UMBC ITE325B" (2073633792) 01:09:14.510 --> 01:09:33.750 Just online and then we will need to get into the quick quick comment staff that says wonderful talk and as you were concluding those reminders of that great line from the chief engineers Scott need to the excels here, the more complicated the system, the easier it is to stop up the plumbing. Yep Yep question from online from Timothy. 236 "UMBC ITE325B" (2073633792) 01:09:33.750 --> 01:09:50.220 Unsafe programming languages are proven root cause about 70 % of vulnerabilities. What is the best way to incentivize organizations to transition away from legacy memory unsafe languages, i. E. C C++ assembly to memory safe languages like Java Python, rust etc. 237 "UMBC ITE325B" (2073633792) 01:09:50.220 --> 01:10:08.760 Two quick responses to that at the time. 1st NO single programming language is the best solution for problems. Different problem sets require different. 238 "UMBC ITE325B" (2073633792) 01:10:08.760 --> 01:10:25.320 They have different advantages. Same thing with architectures operating systems, databases. The 2nd thing is we need to to have a balance where we give credit. 239 "UMBC ITE325B" (2073633792) 01:10:25.320 --> 01:10:43.260 And investment to those organizations that do things we want them to do, but we also hold them responsible when they do things badly. Many of these companies will hire people whose entire technological background is picking up C++ for dummies and during it at home. 240 "UMBC ITE325B" (2073633792) 01:10:43.260 --> 01:10:58.710 And we don't hold them responsible, and they get into the supply chain. So there are some things like the CMMC and some others that are working to get through the supply chain and to hold to a minimum standard. But the minimum standard is pretty low. 241 "UMBC ITE325B" (2073633792) 01:10:58.710 --> 01:11:21.944 We need to balance out better so that they can't disclaim all liability or push it off into arbitration rather than actually have some public evaluation. And that requires some fundamental rethinking and some leadership at high levels to make that happen. Thank you very much Patrick. We really appreciate you coming to that. Thank you. 242 "Dd Budiharto" (1713542912) 01:11:21.944 --> 01:11:38.308 Can you turn around quickly? I'm gonna take a screenshot, everyone ready, smile. Oops, hang on hang on. I may have missed that. One more, 123. 243 "UMBC ITE325B" (2073633792) 01:11:38.308 --> 01:11:41.708 Got it. Add to the autobates. Good enough. 244 "Dd Budiharto" (1713542912) 01:11:41.708 --> 01:11:45.449 Thank you spaff. Thank you, everyone. Thank you. 245 "UMBC ITE325B" (2073633792) 01:11:45.449 --> 01:12:02.161 I expect to know that, like you said, do you have a colleague fire in pipes? Oh yeah. Myron was a person who probably from Germany for when I felt was six months still here. Oh, I wanted took over his composite center when he became. 246 "UMBC ITE325B" (2073633792) 01:12:02.161 --> 01:12:12.492 I don't see him very. I had the feelings you run into each other from time to time. Yes.