Speaker:
Sami Saydjari
Cyber Defense Agency, Inc.

Abstract:

Cyberattacks are increasing in frequency, severity, and sophistication. Target systems are becoming increasingly complex with a multitude of subtle dependencies. Designs and implementations continue to exhibit flaws that could be avoided with well-known computer-science and engineering techniques. Cybersecurity technology is advancing, but too slowly to keep pace with the threat. In short, cybersecurity is losing the escalation battle with cyberattack. The results include mounting damages in the hundreds of billions of dollars, erosion of trust in conducting business and collaboration in cyberspace, and risk of a series of catastrophic events that could cause crippling damage to companies and even entire countries. Cyberspace is unsafe and is becoming less safe every day. The cybersecurity discipline has created useful technology against aspects of the expansive space of possible cyberattacks. Through many real-life engagements between cyber-attackers and defenders, both sides have learned a great deal about how to design attacks and defenses. It is now time to begin abstracting and codifying this knowledge into principles of cybersecurity engineering. Such principles offer an opportunity to multiply the effectiveness of existing technology and mature the discipline so that new knowledge has a solid foundation on which to build. *

* Based on "Engineering Trustworthy Systems: A Principled Approach to Cybersecurity, CACM, June 2019.

About: Sami is a senior security architect with over three decades of experience in every stage of cybersecurity including software development,  deployments, operations, design, systems engineering, national policy, advanced research, and program management.  He has been a thought leader at institutions such as the Defense Advanced Research Projects Agency and the National Security Agency.  As a consultant, he guides a wide-variety of leadership in the national security community, federal government, and critical infrastructure providers in industry. He teaches Cybersecurity Engineering at Johns Hopkins University.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info