On October 25, the Center for Long-Term Cybersecurity was honored to host Dr. Herb Lin, a senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University.
Dr. Lin’s research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy.
In his talk, “Complexity and Security: Managing the Tradeoffs,” Dr. Lin addressed some of trade-offs between security and efficiency of design. His research in this area is a “work in progress,” he explained, and he encouraged the attendees to engage him in dialogue. “What I have is a problem…and I have ideas that I’m pretty sure are related to it through various threads.”
At the heart of Lin’s “problem” is the trade-off between security and complexity. “Every security person will tell you that complexity is the enemy of security,” he said. “Our software systems are getting more complex because of more demands for functionality. The more you want a system to do, the more functional you want it to be, the more complex it has to be. So at some large level of complexity, a system isn’t entirely understood. Certainly not predictable. It’s a security risk. This is why complexity is the enemy of security. Here’s the problem: we continue to want systems that are more and more capable…and you want it to better than it is now. Which says that the next iteration is going to be more complex. So the problem fundamentally here is, how do you say ‘no’ to increased demands for functionality because that will result in excessive security vulnerabilities? That’s the problem, and we don’t have any way of making that trade off systematically.”
Watch the rest of the video above—or on YouTube.
About Herbert Lin
In addition to his positions at Stanford University, Dr. Lin is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University; and a member of the Science and Security Board of the Bulletin of Atomic Scientists. He recently served on President Obama’s Commission on Enhancing National Cybersecurity.
Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT. To read more about Herb Lin’s interests, please read “An Evolving Research Agenda in Cyber Policy and Security.”
Avocationally, Dr. Lin is a longtime folk and swing dancer and a poor magician. Apart from his work on cyberspace and cybersecurity, he is published in cognitive science, science education, biophysics, and arms control and defense policy. He also consults on K-12 math and science education.
