McGraw discussed the hype and misconceptions of "cyber war" and the need to build programs properly to increase protection. McGraw said that much of society currently resides in a "glass house" that is highly susceptible to even the most primitive cyber attacks.
"People have crazy wrong ideas about cyber security due to incorrect hype surrounding it," McGraw said. "If somebody tells a hype story to you as a computer geek, you immediately discount everything they say, so the communication between policymakers and actual people who know what they're talking about when it comes to the Internet isn't very good."
Those addressing the issues of cyber security are often inexperienced bureaucrats rather than true experts, according to McGraw.
"When you think about the government, it's not like it's known for its massive innovation," McGraw said. "The fact that the government is looking at some other paradigms for computer security which have shown us that they don't really work very well like firewalls, antiviruses and so on shouldn't be too surprising, although it's a little disturbing."
McGraw said that the software security industry currently accounts for only 10 percent of the computer security market and is not typically used by the government. The government currently employs offensive strategies such as cyber attacks, according to McGraw.
He said that most developers do not even consider security when building software and that fixing problems once they have been found is costly.
"The solution is defense, which means building stuff right, making our houses out of bricks instead of straw," McGraw said. "We're working really hard on the fastest, most accurate stone-throwing ever, but we're sitting in a glass house like everyone else."
Problems such as the interconnected nature of the Internet, increasingly complicated technology and the growing length of program codes make society more vulnerable to cyber war, McGraw said.
"Most normals' who don't understand computer science don't care how stuff works," he said. "They just want to use their phone and surf the web. In order for us to make something for the normals' that is simple and easy to use, we need to make it unbelievably complicated, and the more complicated things are, the easier it is to attack them."
McGraw said it is shocking that the government and multinational conglomerates such as Siemens are still vulnerable to cyber attack strategies designed in 1997, whereas online computer games like World of Warcraft are not.
"We have to figure out how to build systems so they can't be trivially attacked," McGraw said. "The government is way behind, and Washington's focus is distorted."
McGraw said the American people have the duty to demand better protection in the realm of cyber security.
"We live in a democracy," he said. "If we're not asking for the right stuff, how can we complain? Let's address cyber war by building stuff right, and let's stop focusing on stone-throwing and start building our stuff out of bricks, even if the bricks turn out to be straw next week."
Alexandra Grant '12 said she enjoyed the lecture because it drew attention to the importance of teaching programmers how to write successful software. She said, however, that she thought the lecture was slightly biased.
"It was definitely sort of anti-government," Grant said. "I don't think taking the issue completely out of the government's hands is necessarily a good thing, and [McGraw] didn't address who he thought should handle the problem instead."
Grant said that she agrees cyber security needs to be better understood and further addressed.
"People take for granted the fact that their computers and their phones are safe and their privacy is protected," she said. "The problem with security is you're never sure whether or not something is secure, so how you address something that's very critical, but doesn't get a lot of attention, is interesting."
The lecture, titled "Cyber War, Cyber Peace, Stones and Glass Houses," was co-sponsored by the Institute for Security Technology Studies and the War and Peace Studies Program.
