Modern field guide to security and privacy
Casey Knerr (c.), a senior at Georgetown University, was part of the "Hoya Haxa" team that participated in the Passcode capture the flag contest last week in Washington.
Photo by Michael Bonfigli for The Christian Science Monitor | Caption

Opinion: It's time for us geeks to stand up and be heard

Too often computer scientists are left out of public debates about computer science.

Hacked emails. Compromised political organizations. Flawed and vulnerable apps and phones. I've felt a lot of déjà vu lately.

So, I decided to take a look at my course syllabus for Computer Science 513 from the spring of 2002 during my master's program at Cornell University.

Cyber wasn't the thing back then. Still, the topics from my class are incredibly relevant: bogus servers, bogus clients, voting systems security. It's worth pointing out that Prof. Fred Schneider – a computer security legend and someone who was talking about cyber way before it was cool – taught the class. He was certainly a visionary, but he didn't have a crystal ball. 

It's just that many of the problems we had 15 years ago are the same problems we have today. As a matter of fact, computer scientists have been aware of many of these issues for decades – and we often have good ideas for solving them.

But our society has prioritized gadgets and speed over our security and privacy. We want more connectivity, more networking, more options. We want fancier phones, automated cars, and Barbies connected to the internet. We want all our information faster and specialized to our needs.

So, does that mean the demand for shipping new products and software will always outpace cybersecurity? It doesn't have to.

But if we're going to really change cybersecurity, really make our gadgets safer, the geeks are going to have to get a lot louder. And if you're not a geek, start listening to us. We know stuff.

For many engineers and computer scientists, it may feel unnatural to be the loudest person in the room. We're trained to deliver facts in dispassionate ways. We've been taught to present algorithms, results, system architectures without ringing alarm bells. 

But we have to make our points heard. We need to make sure that developers, executives, and policymakers hear us. We can do this without being alarmist or having people think we all wear tinfoil hats. Let's arm people with useful knowledge that can protect them.

And we need to seek out the venues where people will listen. I often come across cybersecurity panels and committees without any computer scientists. We should be consistently represented. 

In August, for example, the Democratic National Committee formed a Cybersecurity Advisory Board after its recent breach. It was a wise move. But while it included experts in national security, internet and media policy, technology, and law and governance, there was a glaring omission: None of them had classical computer science cybersecurity training.

That's just one example. Computer scientists are all too often left out of the public debate about computer science.

Part of the reason we're in the current cybersecurity mess is because no one listened to computer experts in the first place. We were ignored and disregarded. This, of course, is not just a computer science issue – experts are often not included in public discourse. But as connectivity and automation are poised for a dizzying expansion, it is that much more important for computer science voices to be heard.

It's not too late to begin working together. So, this geek is speaking up. I hope you’ll listen. 

Nadya T. Bliss is the director of the Global Security Initiative at Arizona State University. Center for Cybersecurity and Digital Forensics is a unit of GSI. Follow her on Twitter @nadyabliss.