This is an extended version of an article that appeared on the 22nd May 2017 in issue 130 of Beta – the student newspaper for the Computer Science & Engineering student society of UNSW.
To understand the importance of security in today’s world, you only need to compared it to the 1983 film “Wargames” – a film about nuclear missile control vulnerable to hacking. In 1983, if you wanted to make a film about the dangers of hacking, you needed to convince the audience that hacking computers could actually cause real-world damage. In 2017 nobody needs convincing – our news is filled with the latest attacks; from businesses to hospitals all the way to the failed North Korean Missile tests.
Security will be one of the defining issues for the next decade and our biggest problem is that we are inherently bad at it. The nature of the human condition combined with a lack of foresight in the past has allowed poor security to flourish with no easy solution.
In the days of the 1983 film ‘Wargames’, there was very little critical infrastructure connected to the internet – today our hospitals, power grids and financial networks are all connected and potentially vulnerable. Even as individuals we unwittingly make ourselves vulnerable to attack – are all your passwords unique? How many apps have access to your Google mail account? Do you isolate cheap electronics on your home network, or connect them without thinking?
The solution to the ‘security problem’ is not a purely technical one – but the development of a security mindset. At UNSW we have the philosophy that in order to be a good defender, you must understand the techniques of a good attacker. We ought to know – UNSW once again secured 1st place in CySCA (a federal sponsored hacking competition) – a feat we have managed every year since the competition’s inception. But this ‘hacking mentality’ is not just a UNSW idea; it is the prevailing thought of the entire security industry.
How can you get involved? You are at the best university in Australia for Security, so take advantage of it. Every computer scientists should graduate university with an understanding of how to write secure code as well as think like an attacker, so enrol in a security course before you graduate. I encourage you to do your own investigations in the security space as well. But most importantly, take advantage of the community we have here – Get involved in a Capture the Flag (CTF) competition where you can refine your hacking skills in a simulated environment, and join the security society to help you learn and get involved.
Security is not just about technical ability – it’s every bit as much about getting inside the minds of system designers and challenging their assumptions. The key to the best defence is a security mindset, and there has never been a greater need for it than right now.