The New Security Paradigms Workshop - boom or bust?

Abstract

The basic question this panel has been asked to ponder is: Have New Security Paradigms Workshops been worth it? The subtext enquires whether NSPW participants have been wasting time and money by traveling to rustic remote sites to attempt to create new paradigms for addressing information security issues. What has been the Return On Investment (ROI)? Has NSPW had an Impact on the profession or practice?Holly Hosmer told us she originally conceived of NSPW after thinking about Thomas S. Kuhn's monumental opus The Structure of Scientific Revolutions, the 200 pages of which were originally published in 1962. This book has become the most often cited work in literature related to the sciences. Ms Hosmer's motivation came from Kuhn's observations that scientific progress and revolution are largely a social process. In essence,Paradigms, Kuhn suggests, are the basis of all science. Indeed, what we mean by science are the activities of a group of people (practitioners) who share a paradigm . Before a shared paradigm exists, Kuhn points out, there is no agreement about what is important and how scientists should proceed. In the absence of a paradigm or some candidate for paradigm, all of the facts that could possibly pertain to the development of a given science are likely to seem equally relevant. As a result, early fact-gathering is a far more nearly random activity than the one that subsequent scientific development makes familiar.Scientific revolutions, then, are the culmination of a recurrent process in the history of science, according to Kuhn. Paradigms give rise to normal science. At some point normal science gives rise to anomalies, which in turn give rise to a period of extraordinary science. If the outcome of this process is that a new paradigm replaces the old one, a scientific revolution is said to have occurred.I believe that NSPW has been of high value to its participants and, by extension, to the information security community. I have found a number of presentations to have been particularly beneficial. To name a few: Holly Hosmer on applications of Fuzzy Mathematics;David Bell and Holly Hosmer on multipolicy systems;Dixie Baker on the importance of PCs to finding solutions;Bob Blakely on rethinking/redefining the problem;Don Welch, Nathan Buchheit and Anthony Ruocco on staging military attacks on cyberattackers;Susan Pancho questioning the validity of deliberately perturbing secure protocols and then claiming to have found publishable flaws in the perturbed models;Jeff Williams, Marvin Schaefer and Doug Landoll on the utility of Pretty Good Assurance; and O so many more. The papers selected above were not all well-received at the time of presentation. Some proved to be very controversial, in fact, and at least one was interrupted so frequently during presentation that only a small portion of the written paper, which all could read at leisure, was ever presented and discussed at NSPW. At least in the past, NSPW's criteria for selection of papers was much more like that of traditional workshops as opposed to that for conferences and symposia. This has been precisely because NSPW has solicited new ideas, ideas for which not all the details have been worked out (if even identified). Selection had largely been based on: Novelty and originality; Likelihood that the paper would provide discussion and inspection of underlying concepts and beliefs; The likelihood that the discussion would advance understanding; The potential to inspire others.