Cybersecurity, Nicolas Cage and Peppa Pig
Cybersecurity is difficult! It is difficult to achieve, to reason about, to apply, to understand, to teach. Cybersecurity is difficult to explain.
So, what can cybersecurity researchers like me do to improve both “human learning” (explain cybersecurity notions to non-expert users) and “learning humans” (explain users to cybersecurity experts so that experts ember users in their analysis)?
A disruptive approach is called for.
“Show, don’t tell” has become the literary commandment for any writer. It applies to all forms of fiction, and to non-fiction, including scientific writing, where it lies at the heart of many scientific communication and storytelling approaches. In this talk, I will discuss how “show AND tell” is actually often the best approach when one wants to present, teach or explain complicated ideas such as those underlying notions and results in mathematics and science, and in particular in cybersecurity. I will discuss how different kinds of artworks can be used to explain cybersecurity and I illustrate how telling (i.e., explaining notions in a formal, technical way) can be paired with showing through visual storytelling or other forms of storytelling. This can be achieved by using existing artworks (such as popular films) or by developing new artworks for the purpose. I will discuss four categories of exiting artworks and the explanations they help provide, providing several concrete examples along the way.
This talk covers research that I have described in my three papers "Explaining Cybersecurity Using Films and the Arts”, "Don’t Tell Me The Cybersecurity Moon Is Shining (Cybersecurity Show and Tell)” and "Nicolas Cage is the Center of the Cybersecurity Universe”. I will also present some results that are still unpublished about experiments that we have carried out to understand the quantitative and qualitative impact of films and other popular artworks.
Finally, I will also present the research that I have been carrying out on formalising the human dimension of cybersecurity, discussing in particular a novel approach for the formal and automated analysis of security ceremonies, which are systems of protocols and humans that interact for a specific purpose.
- Paolo Carta, Director of Collegio Clesio
- Luca Viganò, King's College - London
Luca Viganò is Professor at the Department of Informatics of King's College London, UK, where he heads the Cybersecurity Group. His research focuses on formal methods and tools for the specification, verification and testing of cybersecurity and privacy. He is particularly interested in formal analysis of socio-technical systems, where security depends intrinsically on human users, and of cyber-physical systems, where one needs to explicitly consider the underlying physical processes. He also works on explainable cybersecurity, where, in addition to more formal approaches, he has been investigating how different kinds of artworks can be used to explain cybersecurity and how telling (i.e., explaining notions in a formal, technical way) can be paired with showing through visual storytelling or other forms of storytelling.
Luca is also a playwright and screenwriter. His works have been published and produced in Italy, the UK and Russia. www.lucavigano.com