the key to good cyber security tomorrow is to teach our children more and better science,
technology, engineering and mathematics today. We have a common sense that we can STEM
the tidal waves of the cyber security crisis. We are of the belief that if children can only be
taught how to cut computer code then they will become good cyber citizens and cyber will be
made safe. We lament with incredulity the idiocy of an approach that might teach our children
how to use technology; how to behave in the cyber domain.
several that we particularly cherish. Another is that the controlling minds of the great institutions of our society and our
economy are not taking the cyber security crisis seriously enough and so they must face the prospect of punishment if
they persevere in their delinquency. Another is that users are somewhat stupid and even if they are not actually an active,
insider, threat; then they are reckless and irresponsible in their desire to pervert our systems to their own uses. Another is
that they; the users, the business, the children, must be educated out of their dangerous ignorance. Another is that there is
a lack of a code of conduct for cyber, that cyber lacks normative behavioural standards.
nurturing these commonplaces amongst ourselves; to ourselves. Countless hours exhorting our own community to
`beware' and to `think very seriously about difficult problems'. Countless hours scaring ourselves with the magnitude and
severity of the ever impending cyber apocalypse. Countless hours rehearsing slightly differing descriptions of the same
problems; to ourselves. Countless hours showing each other how smart we are by showing off how easy it is for us, the
experts, to break the systems we have designed. The systems we are responsible for securing.
with little or no regard to either the presence or the quality of available evidence. Our conferences have become episodes
where we experts gather to console ourselves. They have long ceased to be crucibles of creative, structured, productive
Socratic investigation. We must now subject our cherished commonplaces to the destructive and creative rigour that our
status as experts demands of us. We must now start communicating, meaningfully, with those who are not us.
interoperate in new and transformative ways. Whatever good cyber security looks like, it is not reducible to technology
and we cannot widget our way to human and societal safety in this new domain. As a community we will always default
to a reliance on science, technology, engineering and mathematics. We think that because computers are machines then
computing is simply a bigger machine. We are wrong. Computing is a human system. Computing is a social system.
Computing has become the property of society. It is far too important to be left in the hands of technocrats. It belongs
to them, not us. It's time to let the butterflies go.