"Grand Challenges" in Cyber Security Risks

The Computing Research Association recently invited 50 of the top scientists, educators, business people, and futurists in cyber security to an executive retreat in Virginia and locked them away for three days until they identified a set of "Grand Challenges" in information security research -- ideas that should "shape the research agenda in the field over the next few decades." The conference participants identified four: eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years; develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets; develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade; and give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future. They haven't written the final report yet (due in early 2004), but they've already told Congress about it. Sounds like they've got a lot of work to do.

Mobile phones...?

[Fulkkari]

I hope they didn't exclude mobile phones from their final report. While most of the mobile phones still are plain old phones, there still is a great potential of insecurity among these "new generation" phones. As covered on Slashdot last week, it would be smart to understand the problems with integrating the phones into the Internet. I'm pretty sure that developers at Nokia hasn't yet seen the really big problems, and that's good - in a way.

How do you patch your mobile phone if someone finds a security bug in it anyway?