OK. I made up the quote, but it is a fair assessment of Professor Eugene Spafford‘s message to Congress. On Wednesday April 11, Spaf (as he is widely known) gave the invited Frank Howard Distinguished Lecture at the George Washington University School of Engineering and Applied Science on the topic “Why Fixing Cybersecurity is so Difficult.” Prior Howard lecturers include Werner von Braun and Edward Teller and Spafford deserves to be in this company — to the extent there are “grand old men” in a field that is less than 40 years old, he qualifies.
The lecture was, by turns, droll and entertaining. Today’s remarkable factoid is that we make more transistors every year (the key component of silicon chips) than we harvest grains of rice in a year. More than 10 quintillion — or a 1 followed by 19 zeros.
When it comes to Congressional action in cyber space, Professor Spafford was highly critical of ongoing legislative efforts. As he said, Congress insists on trying to legislate about technology, when technology is ever-changing. His point (with which I fundamentally agree) is that our hierarchical decision making processes simply can’t keep pace with technological change. His solution — a much harder one to conceptualize — is to change behaviors. This is not advice Congress is likely to take — legislating about things is much easier than educating people — but it is advice worth noting as the cybersecurity debates continue.