This week will find me at the Santa Fe Institute. Wednesday morning kicks off with the Adaptive and Resilient Computing Workshop, and if last year's workshop is any indicator, this one should be very interesting indeed. Meeting with colleagues who work outside the computer security space is extremely informative and helps us to prepare for the many new faces of computing. Although, that only makes sense if you know ahead of time where some technologies are likely to exist and only then can you begin to shape ideas on how you might protect the assets those technologies hold.
For example, let's say that within the next two years, all deep water canals in the state of Florida will be protected against alligator infestation by computerized swimming sharks that work together to form a sort of "canal IDS." We need to make sure the sharks stay up and running to keep those annoying alligators away! We'd probably start by developing some sort of threat model that looked at the canals and the 'gators, as well as the surrounding factors that are out of our control. We'd examine things like canal structure, to see how many computerized sharks each canal might need. This would depend, of course, on the likelihood of a 'gator even being around, which would have yet other dependencies. We'd probably look to see if there were any canals where alligators might already exist and figure out how that might affect the success of the computerized sharks: would they drive the 'gators out, or would they be caught inside the "protected waters?" Once we'd done all of our homework and begun to understand the canals (and had some idea how they would look in two year's time), the 'gators, and the sharks, we could then create a technology to protect the technology that is protecting the canal, in a meaningful way.
That's what going to something like the Santa Fe Institute is for me: a chance to look at the technological landscape of the future. I can look five years, ten years, or in some cases decades down the road, and explore ways of assessing assets (both real and virtual), risks, and threats (also both real and virtual). It's a chance to find out how to protect computer users from future virtual sharks.
I'll be talking about some of the sharks on this visit, actually (both virtual and real). My first talk is on hackers and their representation in film. The images we see and hear influence how we think and behave, so what we've been showing people probably plays a role in the overall situation. My second talk is actually a panel titled "Infectivity," and for me it is absolutely staggering to be in such company as Esther Dyson and W. Brian Arthur. I wonder how the film hackers compare with their real life counterparts? I guess we'll see.