•In honor of her extensive contributions to the field, professor of cybersecurity policy Susan Landau will be one of five professionals inducted into the National Cyber Security Hall of Fame on Oct. 29.
Landau’s path to cybersecurity isn’t typical, but it extends decades. Originally trained as a theoretical computer scientist, she found some of her early work with algebraic algorithms applied to cybersecurity applications. In fact, some of her work with symbolic computations still influences today’s cryptography. Blending those theoretical applications with her other interests made cybersecurity a good fit.
“I have always been interested in public policy, constitutional issues, and privacy issues,” says Landau, whose extensive credentials can be seen on her website PrivacyInk.org. “Cryptography policy subjects have been interesting to me from when I was a grad student, on. Then I moved into it more fully in the ’90s.”
“Cryptography policy subjects have been interesting to me from when I was a grad student, on.” – Susan Landau
And while some view cybersecurity as simply a personal threat of their own information being compromised, Landau likes to see the interfaces behind cybersecurity. She looks at how the algebraic algorithms might interface with math and computer science in the industry. And then she likes to understand the implications of policy at the detail level and see what any advances in policy mean to society. More than two decades ago, she spoke out on how using the same technology for dual uses—for example, government surveillance and industry security—could be a security risk.
WPI students have a high interest in cybersecurity issues, and have the right technical training to succeed, but the ambiguous and nontechnical approaches are sometimes hard to grasp, says Landau. “The challenge for WPI students,” she says, “is that policy issues are neither black nor white. There’s lots of uncertainty, and they (students) like concrete.”
For her part, Landau is entirely comfortable with the uncertainty of policy issues and the gray areas, and likes to lead students through that less-defined approach.
Relishing talks about the crypto wars—long-ranging and long-term discussions about how cryptography issues have remained the same and have differed over the years—Landau has boundless energy and resources for discussions. She has testified before Congress about cybersecurity and surveillance issues, and was a 2012 Guggenheim fellow. She wroteSurveillance or Security? The Risks Posed by New Wiretapping Technologies and co-authored Privacy on the Line: The Politics of Wiretapping and Encryption with Whitfield Diffie. She is an active board member of many organizations, including the Computer Science and Telecommunications Board of the National Academies of Sciences, Engineering, and Medicine. She is a contributing editor for the Lawfareblog and associate editor in chief for IEEE Security and Privacy.
Landau likens the national approach to cybersecurity to something like pollution issues when people started to become environmentally aware.
“We didn’t consider the costs to society of pollution or of using fossil fuels,” she says. “We didn’t factor in the costs.” The same approach applies to cybersecurity, she says, but the risks have economic and security consequences.
In general, people aren’t considering the massive swath that comprises cybersecurity issues, but they can range from infrastructure to privacy to surveillance. As much as anything, Landau says, people might consider cybersecurity briefly when their system stops working. But we have a tremendous reliance on these systems and have no alternative when something goes wrong, she says.
Landau is pleased with her upcoming induction. According to the Cyber Security Hall of Fame press release, “The National Cyber Security Hall of Fame is composed of individuals who collectively invented the technologies, created awareness, promoted and delivered education, developed and influenced policy, and created businesses to begin addressing the cyber security problem.”
For all her involvement, Landau’s passion for cybersecurity issues remains unwavering. And she likes to extend that enthusiasm to other women in the field as the 2015 co-chair of the GREPSEC-II workshop, a conference devoted to women and underrepresented groups interested in cybersecurity.
With cybersecurity changing daily, Landau’s schedule remains full. “This would be very hard if one didn’t love it,” she says.