WEBVTT

1
00:00:00.040 --> 00:00:02.160
<v Speaker 1>Welcome back to the deep dive. Ready to dive into

2
00:00:02.200 --> 00:00:06.839
<v Speaker 1>some seriously fascinating stuff today. Always we're talking security engineering,

3
00:00:08.119 --> 00:00:11.599
<v Speaker 1>a world that's honestly more relevant now than ever before.

4
00:00:11.720 --> 00:00:12.560
<v Speaker 2>I can't agree more.

5
00:00:12.640 --> 00:00:16.000
<v Speaker 1>You know you are amazing. Listeners sent in some excerpts

6
00:00:16.000 --> 00:00:20.800
<v Speaker 1>from Security Engineering, A Guide to Building Dependable Distributed system Ah.

7
00:00:21.039 --> 00:00:22.640
<v Speaker 2>Yes, by Ross Anderson.

8
00:00:22.839 --> 00:00:26.839
<v Speaker 1>Exactly, And let me tell you, this book is dense.

9
00:00:27.399 --> 00:00:28.320
<v Speaker 2>It really is.

10
00:00:28.519 --> 00:00:31.679
<v Speaker 1>It's packed with so much. It's a foundational.

11
00:00:31.120 --> 00:00:34.200
<v Speaker 2>Text, absolutely foundational. So our mission, Yeah, what are we

12
00:00:34.240 --> 00:00:35.439
<v Speaker 2>trying to do today.

13
00:00:35.159 --> 00:00:37.479
<v Speaker 1>Well, we're going to extract the good stuff, you know,

14
00:00:37.560 --> 00:00:39.399
<v Speaker 1>those valuable nuggets that are going to make you.

15
00:00:39.359 --> 00:00:42.679
<v Speaker 2>Go aha, I love those moments.

16
00:00:42.399 --> 00:00:45.920
<v Speaker 1>Right, and connect it to your everyday life, because, believe

17
00:00:45.960 --> 00:00:48.320
<v Speaker 1>it or not, this stuff it's everywhere.

18
00:00:48.439 --> 00:00:50.679
<v Speaker 2>It really is. It impacts everyone, even if you don't

19
00:00:50.679 --> 00:00:52.439
<v Speaker 2>think you're a tech person one hundred percent.

20
00:00:52.520 --> 00:00:54.200
<v Speaker 1>Yeah, and that's what we're going to do. We're gonna

21
00:00:54.200 --> 00:00:56.280
<v Speaker 1>make it real for you. So, for example, the book

22
00:00:56.280 --> 00:01:01.200
<v Speaker 1>talks about how how anonymized data can be surprisingly revealing.

23
00:01:01.359 --> 00:01:03.960
<v Speaker 1>Like they even talk about how someone could potentially identify

24
00:01:04.000 --> 00:01:06.599
<v Speaker 1>Tony Blair, a former primit Yeah, from a simple medical

25
00:01:06.719 --> 00:01:07.280
<v Speaker 1>data Quarry.

26
00:01:07.519 --> 00:01:10.799
<v Speaker 2>Yeah, just basic details like his age and gender and

27
00:01:10.920 --> 00:01:13.319
<v Speaker 2>date of treatment could be enough to pinpoint him.

28
00:01:13.439 --> 00:01:16.519
<v Speaker 1>Right. It makes you think twice about how anonymous our

29
00:01:16.599 --> 00:01:17.480
<v Speaker 1>data truly is.

30
00:01:17.719 --> 00:01:19.319
<v Speaker 2>It's a good point to consider, for sure.

31
00:01:19.480 --> 00:01:23.519
<v Speaker 1>Definitely unsettling, but it's important to know. The book also

32
00:01:23.560 --> 00:01:27.000
<v Speaker 1>talks about home security systems and how vulnerable they can be.

33
00:01:27.239 --> 00:01:28.640
<v Speaker 2>Oh yeah, that's a big one.

34
00:01:28.719 --> 00:01:30.840
<v Speaker 1>It's not just about picking locks anymore.

35
00:01:30.920 --> 00:01:34.359
<v Speaker 2>Right, there's software vulnerabilities to think about, physical components that

36
00:01:34.400 --> 00:01:35.359
<v Speaker 2>can be manipulated.

37
00:01:35.680 --> 00:01:38.680
<v Speaker 1>And then there's the whole evolution of passwords. Remember when

38
00:01:38.719 --> 00:01:40.519
<v Speaker 1>we were told to change them every few weeks.

39
00:01:40.599 --> 00:01:43.239
<v Speaker 2>I do, And now it's all about long passphrases.

40
00:01:43.319 --> 00:01:44.879
<v Speaker 1>I know what changed? Well.

41
00:01:44.920 --> 00:01:48.040
<v Speaker 2>The book explains that those frequent changes often made people

42
00:01:48.120 --> 00:01:51.519
<v Speaker 2>choose weaker passwords or variations of old ones, which made

43
00:01:51.519 --> 00:01:52.480
<v Speaker 2>them easier to crrack.

44
00:01:52.760 --> 00:01:53.519
<v Speaker 1>Oh it's interesting.

45
00:01:53.640 --> 00:01:56.920
<v Speaker 2>Yeah, longer unique passphrases are actually much harder to guess.

46
00:01:57.079 --> 00:01:58.439
<v Speaker 1>Okay, that makes a lot of sense.

47
00:01:58.480 --> 00:02:01.640
<v Speaker 2>Actually, it's all about understanding the psychology behind it as well.

48
00:02:01.799 --> 00:02:04.239
<v Speaker 1>It always feels like the bad guys are one step ahead,

49
00:02:04.799 --> 00:02:05.040
<v Speaker 1>you know.

50
00:02:05.560 --> 00:02:07.760
<v Speaker 2>It's a constant game of cat and mouse.

51
00:02:07.879 --> 00:02:10.319
<v Speaker 1>The book even talks about this with keyless entry systems

52
00:02:10.360 --> 00:02:10.800
<v Speaker 1>for cars.

53
00:02:10.800 --> 00:02:14.280
<v Speaker 2>Oh yeah, the back and forth between security researchers and

54
00:02:14.360 --> 00:02:18.759
<v Speaker 2>car manufacturers the wild. It really highlights how the landscape

55
00:02:18.759 --> 00:02:20.759
<v Speaker 2>of security threats is constantly evolving.

56
00:02:20.919 --> 00:02:23.800
<v Speaker 1>And that's actually a perfect segue into our first discussion

57
00:02:23.800 --> 00:02:27.319
<v Speaker 1>point today, the evolving landscape of security threats.

58
00:02:27.479 --> 00:02:28.159
<v Speaker 2>Let's dive in.

59
00:02:28.280 --> 00:02:30.800
<v Speaker 1>Yeah, let's do it. It seems like the days of

60
00:02:31.680 --> 00:02:34.439
<v Speaker 1>simple industrial espionage are long gone.

61
00:02:34.520 --> 00:02:36.599
<v Speaker 2>Oh. Absolutely, We've moved way past that.

62
00:02:36.960 --> 00:02:41.159
<v Speaker 1>Right now. We're dealing with sophisticated cyber attacks like meltdown inspector.

63
00:02:41.639 --> 00:02:43.120
<v Speaker 2>Those really shook the tech world.

64
00:02:43.520 --> 00:02:47.400
<v Speaker 1>I know. I mean vulnerabilities that target the very architecture

65
00:02:47.479 --> 00:02:48.759
<v Speaker 1>of computer processors.

66
00:02:48.879 --> 00:02:50.840
<v Speaker 2>It's pretty mind blowing when you think about it. The

67
00:02:50.840 --> 00:02:54.000
<v Speaker 2>way our CPUs execute instructions can be a security risk.

68
00:02:54.199 --> 00:02:56.960
<v Speaker 1>Yeah, it really is. Yeah, and it highlights how security

69
00:02:57.000 --> 00:03:00.879
<v Speaker 1>isn't just about protecting physical assets or arding against traditional

70
00:03:00.960 --> 00:03:01.879
<v Speaker 1>spies anymore.

71
00:03:02.080 --> 00:03:05.919
<v Speaker 2>Right, It's about recognizing that everything we do online, every

72
00:03:05.919 --> 00:03:09.080
<v Speaker 2>interaction with technology, is a potential security consideration.

73
00:03:09.439 --> 00:03:13.080
<v Speaker 1>Setting a password, connecting to public Wi Fi. It's all crucial.

74
00:03:13.199 --> 00:03:14.960
<v Speaker 2>Absolutely everything is connected.

75
00:03:15.080 --> 00:03:18.479
<v Speaker 1>It's not just high tech gadgets and complex algorithms. It's

76
00:03:18.520 --> 00:03:20.120
<v Speaker 1>our everyday digital habits too.

77
00:03:20.280 --> 00:03:23.599
<v Speaker 2>It's about awareness and being mindful of our actions.

78
00:03:23.840 --> 00:03:26.879
<v Speaker 1>In speaking of evolving threats, the book mentions how agencies

79
00:03:26.879 --> 00:03:30.639
<v Speaker 1>like GCCHQ and the UK have developed some pretty powerful tools.

80
00:03:30.879 --> 00:03:34.360
<v Speaker 2>Oh yes, they have capabilities that can redirect Internet traffic,

81
00:03:34.360 --> 00:03:38.080
<v Speaker 2>break cryptography, even change passwords on certain websites.

82
00:03:38.120 --> 00:03:41.039
<v Speaker 1>I know, I mean, it's for national security purposes, but

83
00:03:41.120 --> 00:03:44.120
<v Speaker 1>it really shows how vulnerable our online world can be.

84
00:03:44.400 --> 00:03:46.879
<v Speaker 2>It's a reminder that there are layers of complexity we

85
00:03:46.960 --> 00:03:48.080
<v Speaker 2>might not even be aware of.

86
00:03:48.280 --> 00:03:50.680
<v Speaker 1>It does make you wonder about the balance between security

87
00:03:50.719 --> 00:03:51.800
<v Speaker 1>and privacy, though.

88
00:03:51.599 --> 00:03:53.520
<v Speaker 2>That's a whole other discussion for sure.

89
00:03:53.280 --> 00:03:56.840
<v Speaker 1>Definitely, But for now, I think this example really emphasizes

90
00:03:57.000 --> 00:03:59.800
<v Speaker 1>just how complex the systems we're trying to secure are.

91
00:03:59.800 --> 00:04:04.039
<v Speaker 1>The these days, we've moved way beyond standalone computers, Oh absolutely,

92
00:04:04.159 --> 00:04:09.680
<v Speaker 1>it's massive interconnected networks, cloud services, distributed databases, each with its.

93
00:04:09.599 --> 00:04:12.439
<v Speaker 2>Own unique set of vulnerabilities and challenges.

94
00:04:12.080 --> 00:04:13.639
<v Speaker 1>A whole new world of complexity.

95
00:04:13.879 --> 00:04:17.639
<v Speaker 2>And that's where security engineering steps in trying to design,

96
00:04:17.720 --> 00:04:20.480
<v Speaker 2>build and operate these systems in a way that minimizes

97
00:04:20.600 --> 00:04:22.600
<v Speaker 2>risks and maximizes trust.

98
00:04:23.240 --> 00:04:25.800
<v Speaker 1>Okay, so we've talked about the evolving nature of threats

99
00:04:25.920 --> 00:04:28.560
<v Speaker 1>and the increasing complexity of the systems. We rely on

100
00:04:29.079 --> 00:04:29.720
<v Speaker 1>what's next.

101
00:04:30.040 --> 00:04:33.639
<v Speaker 2>Well, to really see how security engineering works in practice,

102
00:04:34.000 --> 00:04:36.879
<v Speaker 2>let's look at some real world examples. Yeah, both the

103
00:04:36.920 --> 00:04:38.480
<v Speaker 2>successes and the failures.

104
00:04:38.560 --> 00:04:41.199
<v Speaker 1>Ooh love a good story. Yeah, especially when it involves

105
00:04:41.240 --> 00:04:43.000
<v Speaker 1>high stakes and clever solutions.

106
00:04:43.240 --> 00:04:46.759
<v Speaker 2>You got it. Our next discussion point, real world examples

107
00:04:46.759 --> 00:04:48.759
<v Speaker 2>of security successes and failures.

108
00:04:48.759 --> 00:04:49.319
<v Speaker 1>Bring it on.

109
00:04:49.560 --> 00:04:51.680
<v Speaker 2>You know those old magnetic strip cards we used to

110
00:04:51.759 --> 00:04:55.040
<v Speaker 2>use at ATMs. Oh, yeah, they were so easy to skim.

111
00:04:54.720 --> 00:04:57.160
<v Speaker 1>I remember those. I felt like every other week there

112
00:04:57.199 --> 00:04:59.199
<v Speaker 1>was a story about a new skimming scam.

113
00:04:59.319 --> 00:05:01.720
<v Speaker 2>It was a huge problem. The book actually goes into

114
00:05:01.759 --> 00:05:06.240
<v Speaker 2>the evolution of ATM security. Really it's fascinating. The move

115
00:05:06.399 --> 00:05:09.560
<v Speaker 2>to those EMV chips, you know, those little gold chips. Yeah,

116
00:05:09.759 --> 00:05:12.759
<v Speaker 2>that was a major step forward, much stronger encryption.

117
00:05:13.000 --> 00:05:15.240
<v Speaker 1>So they're like little fortresses protecting our money.

118
00:05:15.399 --> 00:05:17.879
<v Speaker 2>You could say that. But the book also points out

119
00:05:17.879 --> 00:05:22.120
<v Speaker 2>that even EMV chips aren't foolproof, right. There can still

120
00:05:22.120 --> 00:05:26.120
<v Speaker 2>be vulnerabilities like weak random number generators.

121
00:05:25.600 --> 00:05:27.360
<v Speaker 1>Or insecure implementation.

122
00:05:26.959 --> 00:05:31.040
<v Speaker 2>Exactly, even if the technology itself is good, if it's

123
00:05:31.079 --> 00:05:34.399
<v Speaker 2>not implemented correctly, there can be weaknesses.

124
00:05:34.560 --> 00:05:38.319
<v Speaker 1>Okay, so what does that even mean in secure implementations.

125
00:05:38.639 --> 00:05:41.680
<v Speaker 2>It means that even if the technology itself is sound,

126
00:05:41.759 --> 00:05:44.800
<v Speaker 2>if it's not implemented correctly, there can still be weaknesses.

127
00:05:45.399 --> 00:05:47.759
<v Speaker 2>Like the book gives this example of a Scottish sailor

128
00:05:47.800 --> 00:05:52.040
<v Speaker 2>whose EMV card was used fraudulently because the ATM he

129
00:05:52.160 --> 00:05:56.160
<v Speaker 2>used had a predictable random number generator. What the attackers

130
00:05:56.240 --> 00:05:58.199
<v Speaker 2>figured out the pattern and exploited it.

131
00:05:58.319 --> 00:06:00.920
<v Speaker 1>Wow, So it's not just about the tech chnology itself,

132
00:06:01.040 --> 00:06:03.720
<v Speaker 1>it's about how it's used and implemented too, exactly.

133
00:06:04.120 --> 00:06:06.920
<v Speaker 2>That's why security engineering is so important, thinking through all

134
00:06:06.920 --> 00:06:09.439
<v Speaker 2>those potential weaknesses, not just the obvious one.

135
00:06:09.519 --> 00:06:11.040
<v Speaker 1>Right, So you got a thing like the bad guys,

136
00:06:11.199 --> 00:06:13.199
<v Speaker 1>you have to it's like a heist movie where they're

137
00:06:13.199 --> 00:06:14.439
<v Speaker 1>planning to break into a vault.

138
00:06:14.720 --> 00:06:15.839
<v Speaker 2>That's a great analogy.

139
00:06:15.959 --> 00:06:18.319
<v Speaker 1>They have to understand every layer of security and how

140
00:06:18.319 --> 00:06:19.839
<v Speaker 1>to get around it exactly.

141
00:06:20.000 --> 00:06:22.279
<v Speaker 2>And that brings us to another point. The book highlights

142
00:06:22.279 --> 00:06:24.519
<v Speaker 2>the importance of security economics.

143
00:06:24.560 --> 00:06:26.759
<v Speaker 1>Okay, hold on economics, how does it fit into all

144
00:06:26.800 --> 00:06:27.040
<v Speaker 1>of this?

145
00:06:27.560 --> 00:06:30.360
<v Speaker 2>Well, the book argues that economic factors play a much

146
00:06:30.439 --> 00:06:33.240
<v Speaker 2>bigger role in security decisions than we realize.

147
00:06:33.319 --> 00:06:33.639
<v Speaker 1>Okay.

148
00:06:33.879 --> 00:06:37.800
<v Speaker 2>For example, organizations have to balance the cost of security

149
00:06:37.800 --> 00:06:40.360
<v Speaker 2>measures against the potential cost of a breach.

150
00:06:40.720 --> 00:06:43.000
<v Speaker 1>Right, it's a risk reward calculation exactly.

151
00:06:43.240 --> 00:06:45.279
<v Speaker 2>Spend too much on security and you might hurt your

152
00:06:45.279 --> 00:06:46.160
<v Speaker 2>bottom line.

153
00:06:46.399 --> 00:06:49.839
<v Speaker 1>But if you scamp and there's a breach, the consequences

154
00:06:49.839 --> 00:06:50.199
<v Speaker 1>could be.

155
00:06:50.160 --> 00:06:53.519
<v Speaker 2>Disastrous, precisely. And the book even gets into things like

156
00:06:53.959 --> 00:06:56.680
<v Speaker 2>the market for lemons and the security chip industry.

157
00:06:56.879 --> 00:06:58.800
<v Speaker 1>Lemons like the fruit, it's.

158
00:06:58.680 --> 00:07:01.879
<v Speaker 2>An economics term. It basically means a market where the

159
00:07:01.959 --> 00:07:03.639
<v Speaker 2>quality of goods is uncertain.

160
00:07:03.920 --> 00:07:04.279
<v Speaker 1>Okay.

161
00:07:04.360 --> 00:07:06.360
<v Speaker 2>So in this case, it's talking about how there are

162
00:07:06.439 --> 00:07:09.800
<v Speaker 2>low quality insecure security chips out there, right, and those

163
00:07:09.839 --> 00:07:12.040
<v Speaker 2>can drive down the price for everyone, even the ones

164
00:07:12.040 --> 00:07:13.800
<v Speaker 2>making high quality secure chips.

165
00:07:13.879 --> 00:07:15.600
<v Speaker 1>So it's like a race to the bottom.

166
00:07:15.319 --> 00:07:17.680
<v Speaker 2>Yeah, kind of. If someone can make a cheaper chip,

167
00:07:17.959 --> 00:07:21.040
<v Speaker 2>even if it's less secure, they might undercut the competition.

168
00:07:21.360 --> 00:07:24.000
<v Speaker 2>That makes sense, and that's where regulations and standards.

169
00:07:23.680 --> 00:07:26.680
<v Speaker 1>Come in, right Exactly, Things like ISO twenty seven thousand

170
00:07:26.759 --> 00:07:30.360
<v Speaker 1>or A one and PCIDSS.

171
00:07:29.360 --> 00:07:32.160
<v Speaker 2>They set a baseline level of security.

172
00:07:31.920 --> 00:07:33.600
<v Speaker 1>Right, They help to level the playing field.

173
00:07:33.680 --> 00:07:37.120
<v Speaker 2>It's like setting safety standards for building a bridge exactly.

174
00:07:37.199 --> 00:07:40.720
<v Speaker 1>You can't just cut corners and use substandard materials, even

175
00:07:40.759 --> 00:07:41.600
<v Speaker 1>if it saves you money.

176
00:07:41.680 --> 00:07:45.959
<v Speaker 2>Right, safety first, And these standards also address the issue

177
00:07:46.000 --> 00:07:47.639
<v Speaker 2>of security externalities.

178
00:07:47.839 --> 00:07:49.800
<v Speaker 1>Yes, have you heard of that term before?

179
00:07:49.879 --> 00:07:52.240
<v Speaker 2>Security externalities? Not really.

180
00:07:52.720 --> 00:07:55.879
<v Speaker 1>Basically, it means that the consequences of a security failure

181
00:07:55.959 --> 00:07:58.199
<v Speaker 1>often extend beyond the immediate victim.

182
00:07:58.279 --> 00:07:59.000
<v Speaker 2>Okay, I see it.

183
00:07:59.040 --> 00:08:01.399
<v Speaker 1>Like, think about a big data breach at a company.

184
00:08:01.839 --> 00:08:05.480
<v Speaker 1>The company obviously suffers, but so do the customers whose

185
00:08:05.560 --> 00:08:07.399
<v Speaker 1>data was compromised.

186
00:08:06.800 --> 00:08:08.920
<v Speaker 2>And they might not even have a direct relationship with.

187
00:08:08.879 --> 00:08:12.000
<v Speaker 1>The company exactly, So it creates this ripple effect.

188
00:08:11.680 --> 00:08:14.879
<v Speaker 2>That impacts way more than just the initial target exactly.

189
00:08:15.439 --> 00:08:18.040
<v Speaker 1>And the book argues that these externalities can lead to

190
00:08:18.199 --> 00:08:21.800
<v Speaker 1>underinvestment in security because companies might not account for the

191
00:08:21.800 --> 00:08:24.879
<v Speaker 1>broader societal costs of a breach. That's a good point.

192
00:08:25.079 --> 00:08:27.759
<v Speaker 1>So regulations and standards are like guardrails.

193
00:08:27.920 --> 00:08:28.800
<v Speaker 2>You could say that.

194
00:08:29.120 --> 00:08:31.439
<v Speaker 1>They make sure everyone is at least taking some basic.

195
00:08:31.120 --> 00:08:34.720
<v Speaker 2>Precautions to prevent those ripple effects from getting out of control.

196
00:08:34.840 --> 00:08:37.480
<v Speaker 1>But even with regulations, breaches still happen. Right.

197
00:08:37.480 --> 00:08:43.000
<v Speaker 2>Absolutely, compliance doesn't equal perfect security. We need to constantly

198
00:08:43.039 --> 00:08:46.840
<v Speaker 2>be thinking about new threats, new ways to mitigate risk.

199
00:08:47.279 --> 00:08:51.559
<v Speaker 1>I'm starting to see how all of this connects, you know, technology, economics,

200
00:08:52.480 --> 00:08:55.759
<v Speaker 1>and even human behavior all interconnected. And that leads us

201
00:08:55.799 --> 00:08:58.320
<v Speaker 1>to our next point, which is where things get really interesting.

202
00:08:58.799 --> 00:09:01.960
<v Speaker 1>The convergence of physical and digital security.

203
00:09:02.080 --> 00:09:03.519
<v Speaker 2>This is a fascinating area.

204
00:09:03.720 --> 00:09:05.240
<v Speaker 1>Convergence. What do you mean by that?

205
00:09:05.360 --> 00:09:08.080
<v Speaker 2>It means the lines are blurring between the physical world

206
00:09:08.159 --> 00:09:09.240
<v Speaker 2>and the digital world.

207
00:09:09.320 --> 00:09:12.080
<v Speaker 1>Okay, so like our smart homes and all those devices.

208
00:09:11.720 --> 00:09:17.240
<v Speaker 2>Exactly, smart meters, vehicle monitoring systems, even biometric identification.

209
00:09:17.639 --> 00:09:20.240
<v Speaker 1>Right, It's like the real world and the digital world are.

210
00:09:20.200 --> 00:09:21.919
<v Speaker 2>Merging into this hybrid space.

211
00:09:22.519 --> 00:09:25.039
<v Speaker 1>Is exciting but also kind of scary. Yeah, how does

212
00:09:25.080 --> 00:09:26.120
<v Speaker 1>this impact security?

213
00:09:26.360 --> 00:09:29.600
<v Speaker 2>Well, it means that attax can come from unexpected directions.

214
00:09:30.159 --> 00:09:33.200
<v Speaker 2>The book gives an example of how master keying systems

215
00:09:33.240 --> 00:09:34.159
<v Speaker 2>can be exploited.

216
00:09:34.399 --> 00:09:36.279
<v Speaker 1>Master keying systems, you mean, like the ones that can

217
00:09:36.320 --> 00:09:38.960
<v Speaker 1>open multiple locks in the building exactly, so someone could

218
00:09:39.000 --> 00:09:40.080
<v Speaker 1>figure out the master.

219
00:09:39.879 --> 00:09:43.840
<v Speaker 2>Key potentially, and with three D printing it becomes even

220
00:09:43.960 --> 00:09:46.039
<v Speaker 2>easier to create custom keys.

221
00:09:46.559 --> 00:09:48.200
<v Speaker 1>Okay, that's a little unsettling, and.

222
00:09:48.159 --> 00:09:52.159
<v Speaker 2>The implications for privacy are huge. The book talks about

223
00:09:52.200 --> 00:09:55.799
<v Speaker 2>how vehicle monitoring systems in the UK have raised concerns

224
00:09:55.799 --> 00:09:56.720
<v Speaker 2>about surveillance.

225
00:09:57.200 --> 00:09:59.759
<v Speaker 1>Yeah, it does make you think about those dystopian sci

226
00:09:59.799 --> 00:10:02.559
<v Speaker 1>fi movies where everyone's being tracked.

227
00:10:02.320 --> 00:10:04.799
<v Speaker 2>And these concerns are only going to grow with things

228
00:10:04.879 --> 00:10:08.080
<v Speaker 2>like autonomous vehicles and the Internet of Things.

229
00:10:07.759 --> 00:10:11.200
<v Speaker 1>Where everything is connected and communicating exact Okay, so convergence

230
00:10:11.240 --> 00:10:13.440
<v Speaker 1>creates a whole new set of challenges. Yeah, but what

231
00:10:13.480 --> 00:10:18.679
<v Speaker 1>about securing communications themselves, you know, emails, texts, phone calls.

232
00:10:18.960 --> 00:10:20.960
<v Speaker 2>That's a great question and it leads us to our

233
00:10:21.000 --> 00:10:24.240
<v Speaker 2>next point, the challenges of securing communications.

234
00:10:24.440 --> 00:10:26.159
<v Speaker 1>So let's talk about it, because it seems like we're

235
00:10:26.200 --> 00:10:29.480
<v Speaker 1>always hearing about data breaches and cyber attacks these days.

236
00:10:29.679 --> 00:10:32.639
<v Speaker 2>It's a constant concern. The book actually covers a wide

237
00:10:32.720 --> 00:10:36.399
<v Speaker 2>range of ways those communications can be compromised, from traditional

238
00:10:36.399 --> 00:10:42.200
<v Speaker 2>wiretapping and code breaking to things like BGP hijacking and malware.

239
00:10:41.919 --> 00:10:43.919
<v Speaker 1>BGP hijacking I've never even heard of that.

240
00:10:43.960 --> 00:10:46.960
<v Speaker 2>Think of it like redirecting traffic on the Internet. Someone

241
00:10:46.960 --> 00:10:49.679
<v Speaker 2>can manipulate the system that routes traffic between.

242
00:10:49.399 --> 00:10:51.799
<v Speaker 1>Networks so they could send my data somewhere else.

243
00:10:52.080 --> 00:10:55.159
<v Speaker 2>Potentially or spy on your communications.

244
00:10:55.360 --> 00:10:56.120
<v Speaker 1>That's scary.

245
00:10:56.639 --> 00:11:00.440
<v Speaker 2>The book also talks about the limitations of anonymity tools Tour.

246
00:11:00.519 --> 00:11:03.639
<v Speaker 1>Oh yeah, Tour. That's supposed to make you anonymous online, right.

247
00:11:03.720 --> 00:11:05.039
<v Speaker 2>Right, But it's not foolproof.

248
00:11:05.200 --> 00:11:05.519
<v Speaker 1>Okay.

249
00:11:05.600 --> 00:11:08.440
<v Speaker 2>If users aren't careful, their identity and location can still

250
00:11:08.480 --> 00:11:09.080
<v Speaker 2>be revealed.

251
00:11:09.320 --> 00:11:12.080
<v Speaker 1>So even with tor, you need to be vigilant always.

252
00:11:12.159 --> 00:11:14.440
<v Speaker 2>And then there's malware, which is a huge problem.

253
00:11:14.519 --> 00:11:16.159
<v Speaker 1>I know, I hear about that all the time. What

254
00:11:16.279 --> 00:11:17.200
<v Speaker 1>exactly is it?

255
00:11:17.200 --> 00:11:21.440
<v Speaker 2>It's malicious software that can infect your computer, steal your data,

256
00:11:21.519 --> 00:11:24.639
<v Speaker 2>spy on June you even take control of your system.

257
00:11:24.759 --> 00:11:25.960
<v Speaker 1>It's like a digital virus.

258
00:11:26.360 --> 00:11:29.399
<v Speaker 2>That's a great analogy, and it's constantly evolving. The book

259
00:11:29.399 --> 00:11:32.799
<v Speaker 2>talks about how banking malware in particular, is a prime

260
00:11:32.840 --> 00:11:33.879
<v Speaker 2>example of this cat and.

261
00:11:33.840 --> 00:11:37.200
<v Speaker 1>Mask game between the good guys and the bad guys.

262
00:11:37.000 --> 00:11:39.200
<v Speaker 2>Exactly, always trying to stay one step ahead.

263
00:11:39.360 --> 00:11:42.480
<v Speaker 1>And it highlights another challenge attributing attacks.

264
00:11:42.679 --> 00:11:43.840
<v Speaker 2>Have you ever thought about that?

265
00:11:44.559 --> 00:11:46.879
<v Speaker 1>Attributing attacks? Not really.

266
00:11:47.320 --> 00:11:50.759
<v Speaker 2>It means figuring out who's behind the attack. Oh, in

267
00:11:50.759 --> 00:11:52.720
<v Speaker 2>the physical world, if someone robs a bank, you can

268
00:11:52.799 --> 00:11:55.639
<v Speaker 2>usually identify them, but in the digital world, it can

269
00:11:55.639 --> 00:11:58.720
<v Speaker 2>be really hard to trace the attack back to its source.

270
00:11:58.919 --> 00:11:59.960
<v Speaker 1>I could see how that would be a chain.

271
00:12:00.399 --> 00:12:03.080
<v Speaker 2>It creates all sorts of issues for law enforcement and

272
00:12:03.159 --> 00:12:04.320
<v Speaker 2>intelligence agencies.

273
00:12:04.399 --> 00:12:09.720
<v Speaker 1>Okay, so we've got evolving threats, complex systems, economic considerations,

274
00:12:10.240 --> 00:12:13.320
<v Speaker 1>the blurring of physical and digital, and the challenges of

275
00:12:13.360 --> 00:12:16.320
<v Speaker 1>securing communications. Where do we go from here?

276
00:12:16.440 --> 00:12:18.639
<v Speaker 2>Well, all of this leads us to a very important question,

277
00:12:19.000 --> 00:12:20.840
<v Speaker 2>the future of security engineering.

278
00:12:21.200 --> 00:12:25.039
<v Speaker 1>Okay, I'm ready for the future. What does it hold

279
00:12:25.080 --> 00:12:30.039
<v Speaker 1>for security in this crazy complex world? All right, we're

280
00:12:30.039 --> 00:12:31.919
<v Speaker 1>back for the final part of our deep dive into

281
00:12:31.960 --> 00:12:35.200
<v Speaker 1>security engineering, and I'm really curious to see what the

282
00:12:35.200 --> 00:12:36.639
<v Speaker 1>future holds for this field.

283
00:12:36.799 --> 00:12:39.279
<v Speaker 2>Well, the book actually paints a pretty fascinating picture of

284
00:12:39.320 --> 00:12:39.960
<v Speaker 2>what's to come.

285
00:12:40.600 --> 00:12:42.879
<v Speaker 1>Okay, lay it on me. Does it give us any

286
00:12:42.919 --> 00:12:45.679
<v Speaker 1>concrete solutions to all these complex challenges.

287
00:12:45.759 --> 00:12:50.039
<v Speaker 2>It doesn't offer a magic bullet. No, But it emphasizes adaptability.

288
00:12:50.360 --> 00:12:53.759
<v Speaker 1>That makes sense, especially in the tech world. Things change

289
00:12:53.799 --> 00:12:54.480
<v Speaker 1>so rapidly.

290
00:12:54.600 --> 00:12:56.879
<v Speaker 2>Continuous learning, collaboration, that's what we need.

291
00:12:56.919 --> 00:12:59.320
<v Speaker 1>So we can't just build a fortress and hope for

292
00:12:59.320 --> 00:13:01.399
<v Speaker 1>the best. We have to be more proactive.

293
00:13:01.600 --> 00:13:07.080
<v Speaker 2>Exactly. It's about constant adaptation, monitoring, responding quickly, and you know,

294
00:13:07.200 --> 00:13:08.440
<v Speaker 2>learning from our mistakes.

295
00:13:08.799 --> 00:13:11.879
<v Speaker 1>Learning from mistakes, that's crucial, And the book mentions learning

296
00:13:11.919 --> 00:13:12.919
<v Speaker 1>systems what are those?

297
00:13:13.039 --> 00:13:15.840
<v Speaker 2>Ah, Yes, that's one of the most promising avenues.

298
00:13:15.480 --> 00:13:17.759
<v Speaker 1>The book highlights. Okay, so is that like AI learning

299
00:13:17.799 --> 00:13:20.279
<v Speaker 1>from past breaches predicting future ones.

300
00:13:20.399 --> 00:13:24.679
<v Speaker 2>You're on the right track, analyzing tons of data, identifying patterns,

301
00:13:24.799 --> 00:13:27.159
<v Speaker 2>using that knowledge to prevent future impacts.

302
00:13:27.440 --> 00:13:29.399
<v Speaker 1>Wow. So it's like AI that can help us stay

303
00:13:29.399 --> 00:13:32.120
<v Speaker 1>ahead of the curve, constantly learning and adapting.

304
00:13:32.240 --> 00:13:35.039
<v Speaker 2>Think of it as a super intelligent security guard. It's

305
00:13:35.080 --> 00:13:37.679
<v Speaker 2>evolving its strategies based on the latest threats.

306
00:13:38.639 --> 00:13:43.240
<v Speaker 1>But wouldn't those learning systems themselves be vulnerable? Couldn't hackers

307
00:13:43.240 --> 00:13:44.080
<v Speaker 1>manipulate them?

308
00:13:44.360 --> 00:13:46.720
<v Speaker 2>That's a great question, and it's a challenge. Researchers are

309
00:13:46.759 --> 00:13:50.600
<v Speaker 2>working on how to build systems that are robust, resistant

310
00:13:50.600 --> 00:13:51.360
<v Speaker 2>to manipulation.

311
00:13:51.519 --> 00:13:52.879
<v Speaker 1>It's a bit of a digital arms race.

312
00:13:52.919 --> 00:13:56.840
<v Speaker 2>Then, you could say that, but the human elements.

313
00:13:56.440 --> 00:13:59.960
<v Speaker 1>Still key, right, We've talked about economic factors human error exactly.

314
00:14:00.480 --> 00:14:05.039
<v Speaker 2>The book stresses a holistic approach technology, economics, and human

315
00:14:05.039 --> 00:14:06.720
<v Speaker 2>behavior all intertwined.

316
00:14:06.919 --> 00:14:09.480
<v Speaker 1>So we need a more well rounded understanding of how

317
00:14:09.519 --> 00:14:11.240
<v Speaker 1>security operates in the real.

318
00:14:11.120 --> 00:14:15.360
<v Speaker 2>World precisely and fostering a culture of security awareness. Everyone

319
00:14:15.519 --> 00:14:18.279
<v Speaker 2>from developers to everyday users needs to be involved.

320
00:14:18.320 --> 00:14:21.320
<v Speaker 1>It's not just about firewalls encode anymore. It's a shift

321
00:14:21.399 --> 00:14:22.960
<v Speaker 1>in how we think about security.

322
00:14:23.120 --> 00:14:30.240
<v Speaker 2>Fundamentally, you got it, and that requires collaboration. Engineers, psychologists, economists, policymakers.

323
00:14:30.759 --> 00:14:32.080
<v Speaker 2>Everyone has a role to play.

324
00:14:32.320 --> 00:14:35.519
<v Speaker 1>It sounds like the future security needs people from all

325
00:14:35.559 --> 00:14:37.120
<v Speaker 1>sorts of backgrounds.

326
00:14:36.679 --> 00:14:41.480
<v Speaker 2>Absolutely interdisciplinary, with a wide range of perspectives and expertise.

327
00:14:41.919 --> 00:14:44.080
<v Speaker 1>This has been an incredible deep dive. I feel like

328
00:14:44.159 --> 00:14:46.200
<v Speaker 1>I have a whole new understanding of this field.

329
00:14:46.320 --> 00:14:48.440
<v Speaker 2>It's been my pleasure. I hope our listeners have found

330
00:14:48.440 --> 00:14:49.279
<v Speaker 2>it insightful too.

331
00:14:49.639 --> 00:14:52.200
<v Speaker 1>To our listeners, what steps can you take to protect

332
00:14:52.200 --> 00:14:56.080
<v Speaker 1>yourselves in this interconnected world? Your data, your privacy?

333
00:14:56.320 --> 00:14:59.320
<v Speaker 2>It's important remember security is not just for the experts.

334
00:14:59.399 --> 00:15:00.960
<v Speaker 2>We all have a role to play.

335
00:15:01.399 --> 00:15:03.759
<v Speaker 1>So as we wrap up, one final thought from the book,

336
00:15:04.440 --> 00:15:07.639
<v Speaker 1>the future of security is about building systems that are

337
00:15:07.639 --> 00:15:12.120
<v Speaker 1>not only secure, but resilient, adaptable, and aligned with our values.

338
00:15:12.279 --> 00:15:16.080
<v Speaker 2>Great point as you navigate the digital world, stay informed,

339
00:15:16.200 --> 00:15:19.519
<v Speaker 2>ask questions, be an act of participant in shaping a

340
00:15:19.600 --> 00:15:20.639
<v Speaker 2>more secure future.

341
00:15:20.960 --> 00:15:22.879
<v Speaker 1>Thank you for joining us on this deep dive into

342
00:15:22.879 --> 00:15:25.320
<v Speaker 1>security engineering. We'll see you next time on the Deep

343
00:15:25.360 --> 00:15:25.600
<v Speaker 1>Dive