Nadya Bliss: Bound to fail.” Those are some pow­er­ful words. I have heard those words quite a few times in my life. Sometimes they take a slight­ly dif­fer­ent form. A pop­u­lar ver­sion is you can’t do that,” or you’re not sup­posed to do that.”

The first time I remem­ber hear­ing those words, I was five or six try­ing out for bal­let in the for­mer Soviet Union. They could tell that I was­n’t going to be par­tic­u­lar­ly tall. I did­n’t real­ly look like the bal­le­ri­na in the mak­ing. I did­n’t end up doing bal­let. But I also think that was the last time I let those words stop me.

When I was lit­tle, I want­ed to be a math­e­mati­cian. In the Soviet Union being a mathy girl was­n’t weird or dis­cour­aged. But I real­ized things were cul­tur­al­ly quite dif­fer­ent when my fam­i­ly moved to the United States when I was a teenag­er. Yes, a great time to love math and change coun­tries. As a high school­er I real­ized com­put­er sci­ence allowed you to lever­age much of the math­e­mat­i­cal rig­or in ways that often let you see the impact of your work in a tan­gi­ble and a beau­ti­ful way.

In my high school pro­gram­ming class, I was one of very few girls. When I majored in com­put­er sci­ence at Cornell, I was often one of four in a 200-person class. When I decid­ed to do my mas­ter’s and bach­e­lor’s in four years, many of my friends thought I was crazy. I prob­a­bly was a bit. I sur­vived and land­ed a dream job as a staff sci­en­tist at MIT Lincoln Laboratory, a nation­al lab­o­ra­to­ry devel­op­ing tech­nol­o­gy to address nation­al secu­ri­ty chal­lenges.

There, I end­ed up being the youngest group leader in the more than six­ty year his­to­ry of the lab. I found­ed the Computing and Analytics Group and led large-scale research ini­tia­tives to address com­pu­ta­tion­al chal­lenges for the Department of Defense and the intel­li­gence com­mu­ni­ty.

When I came to ASU, I decid­ed it was impor­tant to write up my close to a decade worth of research in graph the­o­ry as a dis­ser­ta­tion. And so I com­plet­ed a PhD in about a year and a half while work­ing full-time first as an assis­tant vice pres­i­dent in knowl­edge enter­prise devel­op­ment, and then as the direc­tor of the Global Security Initiative.

Many times along the way, there would always be many—often incred­i­bly well-meaning—who would often say that all of this is impos­si­ble. Or that it can’t be done. Or that no one has done it. Quite frankly, for me that sim­ply fuels the fire. Don’t get me wrong. I real­ize today that bal­let prob­a­bly would not have been for me. And focus­ing on math was a much bet­ter choice. But from then on, I have always made sure that the choice was made by me, and not for me. I haven’t had what one would con­sid­er a tra­di­tion­al aca­d­e­m­ic career. Yet I have always focused on tak­ing the most inno­v­a­tive research and apply­ing it to the most chal­leng­ing prob­lems in secu­ri­ty. Those com­po­nents togeth­er, inno­va­tion and impact, are what dri­ves me and quite frankly have dri­ven me for decades.

Today we face many high­ly com­plex chal­lenges both nation­al­ly and inter­na­tion­al­ly. From secu­ri­ty of our infor­ma­tion net­works, to plan­ning for and man­ag­ing nat­ur­al dis­as­ters, to emer­gence of new infec­tious dis­eases, to social and polit­i­cal con­flict through­out the world, these chal­lenges are messy, and high­ly inter­con­nect­ed. As an exam­ple, cyber secu­ri­ty touch­es on pret­ty much every­thing in today’s soci­ety. A rather sim­ple vul­ner­a­bil­i­ty like not check­ing the valid­i­ty of a web form input could poten­tial­ly allow a com­pro­mise of our elec­tion data­bas­es.

As anoth­er exam­ple, our ener­gy deliv­ery infra­struc­ture requires resilience to both cyber attacks and nat­ur­al dis­as­ters. At stake are often con­fi­den­tial infor­ma­tion, eco­nom­ic loss­es, dam­age of equip­ment, and pow­er out­ages lead­ing to greater socioe­co­nom­ic impact, just to name a few. Similarly it is impos­si­ble to talk about new epi­demics with­out con­sid­er­ing both envi­ron­men­tal fac­tors and trav­el pat­terns of our cit­i­zens.

So we often try to sim­pli­fy. We try to make these prob­lems some­what more tractable. I’m here to claim that it is pre­cise­ly this desire to remove com­plex­i­ty in fear of fail­ure that often pre­vents us from being ready to face these chal­lenges.

So let’s get back to those words. Bound to fail. Those actu­al­ly come from the first sen­tence of the abstract of a research paper from 1973 titled Dilemmas in a General Theory of Planning by Rittel and Webber. Why this paper? The con­text for those words is that the authors claim that you can not address these messy inter­con­nect­ed prob­lems with sci­ence and engi­neer­ing. In fact, they define these prob­lems as wicked.” Not in an evil sense, and not because I’m from Boston, but as com­pared to tame. As described in the paper, a few of the prop­er­ties of these prob­lems include lack of well-scoped def­i­n­i­tion, no abil­i­ty to test if the solu­tion is the right one, and the fact that test­ing the solu­tion has the poten­tial to change the prob­lem.

What does all this mean? Let’s con­sid­er some­thing like secur­ing the Internet. We can’t real­ly start from scratch. We can’t make a fully-secure proces­sor with­out remov­ing all func­tion­al­i­ty. And any solu­tion we do deploy has the poten­tial to set up a sequence of unin­tend­ed effects. An exam­ple of such an effect could be poten­tial loss of pri­va­cy as data col­lec­tion is increased to pro­vide bet­ter pre­dic­tive pow­er for a com­pro­mise of some­one’s iden­ti­ty. Or, an intro­duc­tion of a piece of soft­ware that tests valid­i­ty of a code that could poten­tial­ly slow down the appli­ca­tion and lead to very frus­trat­ed users.

How about anoth­er exam­ple? Emergence of social and polit­i­cal insta­bil­i­ty. Again, not some­thing that can be com­plete­ly elim­i­nat­ed and often root caus­es can be dif­fi­cult to iden­ti­fy. As both estab­lished and emerg­ing economies grow, they stress our food, ener­gy, and water sys­tems, caus­ing com­pe­ti­tion for resources and con­tribut­ing to resource inse­cu­ri­ty. How do we dis­en­tan­gle rad­i­cal­iza­tion, resource inse­cu­ri­ty, and eco­nom­ic pres­sures? How do we know that our devel­op­ment pro­grams pro­vide relief to areas in the world that are strug­gling?

Does that mean that all is hope­less? Are we bound to fail? I absolute­ly do not think so. You prob­a­bly knew I was going to say that. But how does an engi­neer­ing college-trained com­put­er sci­en­tist who spent over a decade engi­neer­ing tech­nol­o­gy for nation­al secu­ri­ty make progress on some­thing that has been declared unsolv­able by STEM (Science, Technology, Engineering, and Mathematics) tech­niques?

First, we have to try. It is imper­a­tive that we increase the engage­ment of engi­neers and sci­en­tists in these messy prob­lems. And not just engage but have the STEM dis­ci­plines work with pol­i­cy­mak­ers, social sci­en­tists, polit­i­cal sci­en­tists, along with many oth­ers. It is absolute­ly impos­si­ble to address any of these prob­lems with a sin­gle dis­ci­pline. Often peo­ple think that math­e­mati­cians and com­put­er sci­en­tists and engi­neers are nar­row in their think­ing and encour­age sim­pli­fi­ca­tion. But instead I’m stand­ing here telling you to embrace it. Not only that, I would actu­al­ly claim that com­put­er sci­en­tists specif­i­cal­ly are well-suited to this task. We’re taught to for­mal­ly appre­ci­ate com­plex­i­ty at a very ear­ly stage in our train­ing.

I also think that com­put­er sci­ence is inher­ent­ly col­lab­o­ra­tive and inter­dis­ci­pli­nary. If we want to build an algo­rithm to do some­thing of impact, we should­n’t do it alone. My per­son­al research is in analy­sis of graphs, or the math­e­mat­i­cal struc­tures that can encode rela­tion­ships or con­nec­tions between enti­ties and con­cepts. So from where I’m stand­ing, not only are the wicked prob­lems tame­able, we can lever­age what we know from graph the­o­ry to help us on that path. So a way to effec­tive­ly man­age com­plex­i­ty but not ignore it is to account for the inter­con­nect­ed­ness of these prob­lems. It is true that address­ing all of the messi­ness as once it’s impos­si­ble, but that should not pre­vent us from mak­ing progress.

Second, we can observe that at the core of these chal­lenges is the notion of plan­ning. It is even in the title of the orig­i­nal paper: Dilemmas in the General Theory of Planning. Instead of respond­ing to a dis­as­ter regard­less of whether it is a cyber breach, a nat­ur­al dis­as­ter, or an epi­dem­ic, how do we plan for it? How do we become proactive instead of reac­tive in mak­ing our world more secure? This fram­ing allows us to make mea­sur­able progress, progress towards bet­ter ana­lyt­ic and deci­sion sys­tems that account for the messi­ness of the real world with­out over­sim­pli­fi­ca­tion.

As an exam­ple, we can devel­op antic­i­pa­to­ry mod­els of dis­ease spread that are cou­pled to chang­ing cli­mate pat­terns. That is a chal­leng­ing task. Data mod­els for dis­ease and cli­mate often come in inher­ent­ly incom­pat­i­ble scales and for­mats. But if you bring togeth­er hydrol­o­gists, cli­mate experts, dis­ease experts, and com­put­er sci­en­tists, you can start to not just antic­i­pate where the next epi­dem­ic may arise but plan for appro­pri­ate health­care infra­struc­ture to man­age it.

In anoth­er effort at Global Security Initiative, we’re work­ing on devel­op­ing tools to antic­i­pate insta­bil­i­ty through analy­sis of trade net­works. In 2011, a drought in China’s wheat grow­ing regions con­tributed to a rev­o­lu­tion in Egypt, part­ly because of trade inter­de­pen­den­cies. What we’re work­ing on is devel­op­ing an antic­i­pa­to­ry method­ol­o­gy to iden­ti­fy oth­er regions that could be sus­cep­ti­ble to sim­i­lar events. It turns out that pat­terns of trade pro­vide insight into region­al sta­bil­i­ty. As a mat­ter of fact, we can see pat­terns of trade for coun­tries that are con­sid­ered sta­ble, and those are dras­ti­cal­ly dif­fer­ent from the pat­terns for the coun­tries that are not. But what is even more sig­nif­i­cant is that the tools we’re devel­op­ing can be used by a plan­ner to poten­tial­ly enable proac­tive inter­ven­tion.

In cyber secu­ri­ty, a proac­tive approach is a must. New vul­ner­a­bil­i­ties are con­stant­ly being dis­cov­ered and built into brand new attacks that can break into sen­si­tive data­bas­es or take down servers. Attacks are often bought and sold for a large amount of mon­ey on Dark Web forms, online meet­ing places that can’t be reached with stan­dard web browsers. Researchers in our Center for Cybersecurity and Digital Forensics scrape data from the Dark Web forums where exploits are sold and ana­lyze them. Last year our research team found and never-before-seen attack before it was deployed in the wild. This gave a chance to the com­mu­ni­ty to real­ly plan the defens­es for it.

Finally, we have to accept that none of us can do this alone. I have always want­ed to do research pre­cise­ly because I want­ed to make a dif­fer­ence. It may seem like spec­tral graph the­o­ry is pret­ty eso­teric of a field. And yet in all of the exam­ples that I’ve talked about, under­stand­ing con­nec­tions between dif­fer­ent ele­ments of a prob­lem pro­vides a way to see how the puz­zle pieces fit togeth­er.

In addi­tion to under­stand­ing con­nec­tions, we see a few oth­er com­mon themes. Diversity of time scales to under­stand how his­tor­i­cal events have impact on antic­i­pat­ing and plan­ning for the future. Large, com­plex data sets com­ing from a vari­ety of sources, and they need to bring togeth­er dis­ci­plines that tra­di­tion­al­ly do not work togeth­er. These com­mon­al­i­ties allow us to apply what works in one area to oth­ers, thus mak­ing progress on what may seem unsolv­able. They also allow us to ful­ly embrace the com­plex­i­ty of the entire secu­ri­ty land­scape with­out com­pro­mis­ing our goal of impact. But if our goal is research with impact, fail­ure, espe­cial­ly of the kind where you learn some­thing and you get up and you keep going, is not a bad thing. It makes us tougher. It teach­es us how to be bet­ter humans. And it allows us to make progress towards a more secure world.

Oh and one more thing. My 5 year-old daugh­ter is cur­rent­ly doing bal­let. Thank you.


Help Support Open Transcripts

If you found this useful or interesting, please consider supporting the project monthly at Patreon or once via Square Cash, or even just sharing the link. Thanks.