Nadya Bliss: Bound to fail.” Those are some pow­er­ful words. I have heard those words quite a few times in my life. Sometimes they take a slight­ly dif­fer­ent form. A pop­u­lar ver­sion is you can’t do that,” or you’re not sup­posed to do that.” 

The first time I remem­ber hear­ing those words, I was five or six try­ing out for bal­let in the for­mer Soviet Union. They could tell that I was­n’t going to be par­tic­u­lar­ly tall. I did­n’t real­ly look like the bal­le­ri­na in the mak­ing. I did­n’t end up doing bal­let. But I also think that was the last time I let those words stop me. 

When I was lit­tle, I want­ed to be a math­e­mati­cian. In the Soviet Union being a mathy girl was­n’t weird or dis­cour­aged. But I real­ized things were cul­tur­al­ly quite dif­fer­ent when my fam­i­ly moved to the United States when I was a teenag­er. Yes, a great time to love math and change coun­tries. As a high school­er I real­ized com­put­er sci­ence allowed you to lever­age much of the math­e­mat­i­cal rig­or in ways that often let you see the impact of your work in a tan­gi­ble and a beau­ti­ful way. 

In my high school pro­gram­ming class, I was one of very few girls. When I majored in com­put­er sci­ence at Cornell, I was often one of four in a 200-person class. When I decid­ed to do my mas­ter’s and bach­e­lor’s in four years, many of my friends thought I was crazy. I prob­a­bly was a bit. I sur­vived and land­ed a dream job as a staff sci­en­tist at MIT Lincoln Laboratory, a nation­al lab­o­ra­to­ry devel­op­ing tech­nol­o­gy to address nation­al secu­ri­ty challenges. 

There, I end­ed up being the youngest group leader in the more than six­ty year his­to­ry of the lab. I found­ed the Computing and Analytics Group and led large-scale research ini­tia­tives to address com­pu­ta­tion­al chal­lenges for the Department of Defense and the intel­li­gence community. 

When I came to ASU, I decid­ed it was impor­tant to write up my close to a decade worth of research in graph the­o­ry as a dis­ser­ta­tion. And so I com­plet­ed a PhD in about a year and a half while work­ing full-time first as an assis­tant vice pres­i­dent in knowl­edge enter­prise devel­op­ment, and then as the direc­tor of the Global Security Initiative. 

Many times along the way, there would always be many—often incred­i­bly well-meaning—who would often say that all of this is impos­si­ble. Or that it can’t be done. Or that no one has done it. Quite frankly, for me that sim­ply fuels the fire. Don’t get me wrong. I real­ize today that bal­let prob­a­bly would not have been for me. And focus­ing on math was a much bet­ter choice. But from then on, I have always made sure that the choice was made by me, and not for me. I haven’t had what one would con­sid­er a tra­di­tion­al aca­d­e­m­ic career. Yet I have always focused on tak­ing the most inno­v­a­tive research and apply­ing it to the most chal­leng­ing prob­lems in secu­ri­ty. Those com­po­nents togeth­er, inno­va­tion and impact, are what dri­ves me and quite frankly have dri­ven me for decades. 

Today we face many high­ly com­plex chal­lenges both nation­al­ly and inter­na­tion­al­ly. From secu­ri­ty of our infor­ma­tion net­works, to plan­ning for and man­ag­ing nat­ur­al dis­as­ters, to emer­gence of new infec­tious dis­eases, to social and polit­i­cal con­flict through­out the world, these chal­lenges are messy, and high­ly inter­con­nect­ed. As an exam­ple, cyber secu­ri­ty touch­es on pret­ty much every­thing in today’s soci­ety. A rather sim­ple vul­ner­a­bil­i­ty like not check­ing the valid­i­ty of a web form input could poten­tial­ly allow a com­pro­mise of our elec­tion databases. 

As anoth­er exam­ple, our ener­gy deliv­ery infra­struc­ture requires resilience to both cyber attacks and nat­ur­al dis­as­ters. At stake are often con­fi­den­tial infor­ma­tion, eco­nom­ic loss­es, dam­age of equip­ment, and pow­er out­ages lead­ing to greater socioe­co­nom­ic impact, just to name a few. Similarly it is impos­si­ble to talk about new epi­demics with­out con­sid­er­ing both envi­ron­men­tal fac­tors and trav­el pat­terns of our citizens. 

So we often try to sim­pli­fy. We try to make these prob­lems some­what more tractable. I’m here to claim that it is pre­cise­ly this desire to remove com­plex­i­ty in fear of fail­ure that often pre­vents us from being ready to face these challenges. 

So let’s get back to those words. Bound to fail. Those actu­al­ly come from the first sen­tence of the abstract of a research paper from 1973 titled Dilemmas in a General Theory of Planning by Rittel and Webber. Why this paper? The con­text for those words is that the authors claim that you can not address these messy inter­con­nect­ed prob­lems with sci­ence and engi­neer­ing. In fact, they define these prob­lems as wicked.” Not in an evil sense, and not because I’m from Boston, but as com­pared to tame. As described in the paper, a few of the prop­er­ties of these prob­lems include lack of well-scoped def­i­n­i­tion, no abil­i­ty to test if the solu­tion is the right one, and the fact that test­ing the solu­tion has the poten­tial to change the problem. 

What does all this mean? Let’s con­sid­er some­thing like secur­ing the Internet. We can’t real­ly start from scratch. We can’t make a fully-secure proces­sor with­out remov­ing all func­tion­al­i­ty. And any solu­tion we do deploy has the poten­tial to set up a sequence of unin­tend­ed effects. An exam­ple of such an effect could be poten­tial loss of pri­va­cy as data col­lec­tion is increased to pro­vide bet­ter pre­dic­tive pow­er for a com­pro­mise of some­one’s iden­ti­ty. Or, an intro­duc­tion of a piece of soft­ware that tests valid­i­ty of a code that could poten­tial­ly slow down the appli­ca­tion and lead to very frus­trat­ed users.

How about anoth­er exam­ple? Emergence of social and polit­i­cal insta­bil­i­ty. Again, not some­thing that can be com­plete­ly elim­i­nat­ed and often root caus­es can be dif­fi­cult to iden­ti­fy. As both estab­lished and emerg­ing economies grow, they stress our food, ener­gy, and water sys­tems, caus­ing com­pe­ti­tion for resources and con­tribut­ing to resource inse­cu­ri­ty. How do we dis­en­tan­gle rad­i­cal­iza­tion, resource inse­cu­ri­ty, and eco­nom­ic pres­sures? How do we know that our devel­op­ment pro­grams pro­vide relief to areas in the world that are struggling? 

Does that mean that all is hope­less? Are we bound to fail? I absolute­ly do not think so. You prob­a­bly knew I was going to say that. But how does an engi­neer­ing college-trained com­put­er sci­en­tist who spent over a decade engi­neer­ing tech­nol­o­gy for nation­al secu­ri­ty make progress on some­thing that has been declared unsolv­able by STEM (Science, Technology, Engineering, and Mathematics) techniques? 

First, we have to try. It is imper­a­tive that we increase the engage­ment of engi­neers and sci­en­tists in these messy prob­lems. And not just engage but have the STEM dis­ci­plines work with pol­i­cy­mak­ers, social sci­en­tists, polit­i­cal sci­en­tists, along with many oth­ers. It is absolute­ly impos­si­ble to address any of these prob­lems with a sin­gle dis­ci­pline. Often peo­ple think that math­e­mati­cians and com­put­er sci­en­tists and engi­neers are nar­row in their think­ing and encour­age sim­pli­fi­ca­tion. But instead I’m stand­ing here telling you to embrace it. Not only that, I would actu­al­ly claim that com­put­er sci­en­tists specif­i­cal­ly are well-suited to this task. We’re taught to for­mal­ly appre­ci­ate com­plex­i­ty at a very ear­ly stage in our training. 

I also think that com­put­er sci­ence is inher­ent­ly col­lab­o­ra­tive and inter­dis­ci­pli­nary. If we want to build an algo­rithm to do some­thing of impact, we should­n’t do it alone. My per­son­al research is in analy­sis of graphs, or the math­e­mat­i­cal struc­tures that can encode rela­tion­ships or con­nec­tions between enti­ties and con­cepts. So from where I’m stand­ing, not only are the wicked prob­lems tame­able, we can lever­age what we know from graph the­o­ry to help us on that path. So a way to effec­tive­ly man­age com­plex­i­ty but not ignore it is to account for the inter­con­nect­ed­ness of these prob­lems. It is true that address­ing all of the messi­ness as once it’s impos­si­ble, but that should not pre­vent us from mak­ing progress. 

Second, we can observe that at the core of these chal­lenges is the notion of plan­ning. It is even in the title of the orig­i­nal paper: Dilemmas in the General Theory of Planning. Instead of respond­ing to a dis­as­ter regard­less of whether it is a cyber breach, a nat­ur­al dis­as­ter, or an epi­dem­ic, how do we plan for it? How do we become proactive instead of reac­tive in mak­ing our world more secure? This fram­ing allows us to make mea­sur­able progress, progress towards bet­ter ana­lyt­ic and deci­sion sys­tems that account for the messi­ness of the real world with­out oversimplification. 

As an exam­ple, we can devel­op antic­i­pa­to­ry mod­els of dis­ease spread that are cou­pled to chang­ing cli­mate pat­terns. That is a chal­leng­ing task. Data mod­els for dis­ease and cli­mate often come in inher­ent­ly incom­pat­i­ble scales and for­mats. But if you bring togeth­er hydrol­o­gists, cli­mate experts, dis­ease experts, and com­put­er sci­en­tists, you can start to not just antic­i­pate where the next epi­dem­ic may arise but plan for appro­pri­ate health­care infra­struc­ture to man­age it. 

In anoth­er effort at Global Security Initiative, we’re work­ing on devel­op­ing tools to antic­i­pate insta­bil­i­ty through analy­sis of trade net­works. In 2011, a drought in China’s wheat grow­ing regions con­tributed to a rev­o­lu­tion in Egypt, part­ly because of trade inter­de­pen­den­cies. What we’re work­ing on is devel­op­ing an antic­i­pa­to­ry method­ol­o­gy to iden­ti­fy oth­er regions that could be sus­cep­ti­ble to sim­i­lar events. It turns out that pat­terns of trade pro­vide insight into region­al sta­bil­i­ty. As a mat­ter of fact, we can see pat­terns of trade for coun­tries that are con­sid­ered sta­ble, and those are dras­ti­cal­ly dif­fer­ent from the pat­terns for the coun­tries that are not. But what is even more sig­nif­i­cant is that the tools we’re devel­op­ing can be used by a plan­ner to poten­tial­ly enable proac­tive intervention. 

In cyber secu­ri­ty, a proac­tive approach is a must. New vul­ner­a­bil­i­ties are con­stant­ly being dis­cov­ered and built into brand new attacks that can break into sen­si­tive data­bas­es or take down servers. Attacks are often bought and sold for a large amount of mon­ey on Dark Web forms, online meet­ing places that can’t be reached with stan­dard web browsers. Researchers in our Center for Cybersecurity and Digital Forensics scrape data from the Dark Web forums where exploits are sold and ana­lyze them. Last year our research team found and never-before-seen attack before it was deployed in the wild. This gave a chance to the com­mu­ni­ty to real­ly plan the defens­es for it. 

Finally, we have to accept that none of us can do this alone. I have always want­ed to do research pre­cise­ly because I want­ed to make a dif­fer­ence. It may seem like spec­tral graph the­o­ry is pret­ty eso­teric of a field. And yet in all of the exam­ples that I’ve talked about, under­stand­ing con­nec­tions between dif­fer­ent ele­ments of a prob­lem pro­vides a way to see how the puz­zle pieces fit together. 

In addi­tion to under­stand­ing con­nec­tions, we see a few oth­er com­mon themes. Diversity of time scales to under­stand how his­tor­i­cal events have impact on antic­i­pat­ing and plan­ning for the future. Large, com­plex data sets com­ing from a vari­ety of sources, and they need to bring togeth­er dis­ci­plines that tra­di­tion­al­ly do not work togeth­er. These com­mon­al­i­ties allow us to apply what works in one area to oth­ers, thus mak­ing progress on what may seem unsolv­able. They also allow us to ful­ly embrace the com­plex­i­ty of the entire secu­ri­ty land­scape with­out com­pro­mis­ing our goal of impact. But if our goal is research with impact, fail­ure, espe­cial­ly of the kind where you learn some­thing and you get up and you keep going, is not a bad thing. It makes us tougher. It teach­es us how to be bet­ter humans. And it allows us to make progress towards a more secure world. 

Oh and one more thing. My 5 year-old daugh­ter is cur­rent­ly doing bal­let. Thank you.