"Grand Challenges" in Cyber Security Risks

The Computing Research Association recently invited 50 of the top scientists, educators, business people, and futurists in cyber security to an executive retreat in Virginia and locked them away for three days until they identified a set of "Grand Challenges" in information security research -- ideas that should "shape the research agenda in the field over the next few decades." The conference participants identified four: eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years; develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets; develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade; and give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future. They haven't written the final report yet (due in early 2004), but they've already told Congress about it. Sounds like they've got a lot of work to do.

Hogwash!

[damu]

The whole point of the future is that it is unknown, this is just wishful thinking, nothing else. This is like saying, we would like to eliminate, AIDS, world hunger, increase the life expentancy to 200 years, and to populate Uranus and we want this done in 10 years. The whole point of technology is that it is new, unknown, and quickly changing. What these guys should have concentrated on is things that can be solved now or in the very near future, something that is more feasible and where the variables are more controlled.

Just a rant!