The Five Laws of Cybersecurity | Nick Espinosa | TEDxFondduLac


Translator: Linh Nguyen
Reviewer: Lisa Thompson I’d like you to consider for a moment that there are about 6,900 languages
spoken on our planet daily, and these thousands of languages
serve thousands of cultures, from the smallest community
to the largest continent. Now, even with this vast diversity
among our global population, we have some alternative languages
and methods for communication that are understood by everybody. For example, the world has mathematics. If I have one apple and somebody
gives me another apple, I have two apples. This is understood worldwide without fail. Now, as of today, the largest culture
by far is that of the Internet user. With 7.6 billion humans on Earth,
around 3.6 billion of us are online and communicating with each other
and institutions daily. Thus, another common language
we all share but most don’t realize is the networking protocols
that the Internet runs on and the social media platforms
that tie us together – and emojis; we can’t forget the emojis. (Laughter) But what our internet culture
tends to lack is a common understanding, to foster true, true understanding
about cybersecurity and threats online. Outside of hardcore cybersecurity
and IT people like myself, most people don’t understand
the language that is nerd. And so, it is my job to be the best
nerd-to-English translator I can be in order to help the world
stay safe online. So without further ado,
here are my five laws of cybersecurity that are designed to do just that. Law number 1: If there is a vulnerability,
it will be exploited. No exceptions. Consider for a moment that when the first bank
was conceived of and built, there was at least one person out there
who thought, “I want to rob that.” In the more modern era, since the first computer bug
was discovered, hackers good and bad
have been looking for ways to get around the laws and framework
that govern a computer system, a program, or even our society in general. Now, think about this for a second. There are those out there
who will literally try and hack absolutely everything
within their capability. Now, this could be the more basic exploit, like the person who figured out
how to cover their car’s license plate to go through an automatic
tollbooth for free, or this could be a more obscure, such as infecting
a complex computer network to derail an entire illegal
nuclear weapons program, which actually happened in the mid-2000s. Finding ways around everything
for both good and bad purposes is so ubiquitous today,
we even have a term for it: life hacking. And with this, we’ll move on
to the second law: Everything is vulnerable in some way. We cannot assume that anything is safe, nor is anything off the table
for hacking anymore. We’ve seen a series of massive
breaches by corporations that literally spend millions annually
on cyber defense strategies. From enormous retailers
to gigantic health insurance providers, these corporations
hold millions of records on virtually everyone in the United States and fall under multiple
government-compliance laws for data security – yet here we are. And we can go straight out of left field or even more obscure
for examples of this law. So, for decades we’ve just assumed our computer
processors are safe and harmless, just doing the job
that they were meant to do. In the beginning of 2018,
it was discovered that these technological workhorses are
carrying a serious mass of vulnerability that would allow a malicious hacker
to wreak havoc on all of us. From minor to major,
law number 2 is really inescapable. Before we go on to law number 3,
I’d like everybody in the audience, to look under your seat
for something that my team put there. If you can. All right. Did anybody find anything? No? All right. You guys can stop now.
You guys can stop now. (Laughter) I want to go on to law number 3: Humans trust even when they shouldn’t. (Laughter) And I’m sorry to make you all
part of this talk, but it really helps
to underscore my point here: trust, quite frankly, sucks. Now, we need trust in our lives. We can’t have a society without it. And we have positive expectations
of our technology and those people that help us with it. We expect the light switch is going
to flip on the light when we turn it on. We expect the mechanic
we pay to fix our car to actually fix it and not rip us off. But we have to question the technological infrastructure
and online people around us. This is our greatest vulnerability
in cybersecurity. Now, because of trust,
people fall for phishing scams. They believe the $20 anti-virus
they bought for their computer will turn it into Fort Knox; it will not. They also believe that the form
they’re filling out online is legitimate; it sometimes isn’t. And it sounds weird to say
that we have to combat trust, but we have to if we’re going to survive
the nonstop hacking that takes place. And with this, we can move on
to law number 4: With innovation comes
opportunity for exploitation. The world is full of brilliant people: Alexander Graham Bell
invented the telephone that made the world a whole lot smaller. Bill Gates created a global
computer operating system that got humanity
on the same technological page. Mark Zuckerberg created
a social media platform used by billions daily to share our lives. However, with these evolutions
in innovation and our technology come certain exploits. Now we live in the age of IoT,
or Internet of Things, and by virtue of this, our lives
have hopefully been made a little easier. New, unique, innovative products
are constantly being made to help us live in our homes
or drive our cars or even improve our health. However, one of the biggest examples
of innovation exploitation is IoT hacking. In 2016, a virus known as Mirai
infected millions of IoT devices worldwide and then weaponized them against targets, creating some of the largest bandwidth
attacks the Internet has ever seen. As the world continues to develop
and create amazing new technologies, we cannot forget the lesson
of law number 4. And finally, law number 5: When in doubt, see law number 1: If there is a vulnerability,
it will be exploited. No exceptions. Now, this one isn’t a cop out;
it’s really not. Every single issue with cybersecurity
and our technology stems from a vulnerability of some kind. If we ever forget this, we are doing
nothing but asking for trouble. Our ability to properly defend ourselves comes from understanding that human nature
itself makes these laws immutable. And when we start thinking like a hacker
is when we can actually stop them. So here’s to our new, common language that hopefully helps us
and the world stay safe online. Thank you. (Applause)




Comments
  1. Allan's laws of security
    1 On the whole bad guys can be expected to do what suits them; not what suits you.
    2 Once you have a reasonable security policy the amount of good it does is closely related to your willingness to follow it.
    3 Security is largely about the question "Who's in control".
    4 More restrictive isn't the same as more secure.
    5 People offering something that does the impossible are lying.

  2. Excellent presentation. Recognizing that "everything is vulnerable" is especially important; to some, this may seem paranoid, but it's best to be proactive in this field. Acknowledge the limitations of existing protective measures, assess them, then present new solutions.

  3. Bet I can make up some exploitable jargon. Why. Well better be public than be a problem

    Hacking could have ghost bits. Ie. A heap of zeros turn up at the CPU and some WiFi or backdoor or side-door built in software/hardware add ones where it sees fit to then exploit the program/software & link running. Scary hey. Took me two minutes to think that up. Imagine what's going on truly!!?

  4. Law 1: if there is a vulnerability, it will be exploited.
    Law 2: Everything is vulnerable in some way
    Law 3 :Humans can trust when they shouldn't.
    Law 4 : with innovation comes opportunity for exploitation.
    Law 5: when in doubt, see law 1

  5. I added this to my watch later playlist scrolling through because I thought you were Penn Jillette!!! I was not disappointed!!!

  6. Network guy for 35 + years. Penn Jolettes brother ? NOTHING IS FREE NOTHING! Free apps? You are the product. NOTHING IS SECURE! Keep your Bitcoin in a hardware wallet and the seed words on PAPER only. If it's digital it's already hacked you just don't know it. Windows jockeys sigh.

  7. I hope it was one from his family that woo'ed.
    – That, or the person has to be a -1 year old internet user in his/her 50's.

  8. Everyone is making fun of this guy for looking like a magician but in reality he's just an ordinary Penntester

  9. One can trust that one can not trust everyone or/and everything?

    As a citizen of the United States under God but not an extremist, this is sad. But it is so true from a discerning perception especially in this field and in this day and age (A terrorist era).

    REPLY

Leave a Reply

Your email address will not be published. Required fields are marked *