Skip to main content


Find us on

facebook youtube flickr twitter itunes u logo



Upcoming Events

GenCyber Logo 

GenCyber 2016 - ISTS - High School Summer Program at Dartmouth College
June 27 - July 1, 2016 - 9am to 3pm

 ISTS logo

Securing the e-Campus 2016 - Pre-conference Workshops July 11th; Conference July 12-13, 2016

Recent Talks

Craig Smith




You Don't Own Your Car
Craig Smith
Tuesday May 10, 2016 
Carson L02 @4:15

David Safford


Hardware Based Security for GE's Industrial Control Systems
David Safford
GE Global Research
Tuesday May 17, 2016
Carson L02 @4:15



"It's Fine," They Said. "Just Ship It," They Said.
Dan Tentler
The Phobos Group
Tuesday April 12, 2016 
Carson L02 @4:15

Harold Thimbleby




The Best Way to Improve Healthcare is to Improve Computers
Harold Thimbleby
Swansea University
April 23, 2015

Craig Shue




Managing User-Level Compromises in Enterprise Network
Craig Shue
Worcester Polytechnic Institute
March 31, 2015



Oct news 2015


ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
HomeEvents >

Cyber War, Cyber Peace, Stones, and Glass Houses

Thursday April 26 at 4:30
Moore B03
Gary McGraw
Cigital, Inc.
Co-Sponsored by ISTS and the War & Peace Studies Program


Gary McGraw

Washington has become transfixed by cyber security and with good reason. Cyber threats cost Americans billions of dollars each year and put U.S. troops at risk. Yet, too much of the discussion about cyber security is ill informed, and even sophisticated policymakers struggle to sort hype from reality. As a result, Washington focuses on many of the wrong things. Offense overshadows defense. National security concerns dominate the discussion even though most costs of insecurity are borne by civilians. Meanwhile, effective but technical measures like security engineering and building secure software are overlooked.  In my view, cyber security policy must focus on solving the software security problem – fixing the broken stuff. We must refocus our energy on addressing the glass house problem instead of on building faster, more accurate stones to throw.

This talk is based on joint work with Nate Fick: "Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security" in AMERICA'S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II, Center for a New American Security (June 2011).


Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.  Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for SearchSecurity and Information Security Magazine, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient (acquired by Twitter), Fortify Software (acquired by HP), Invincea, and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics.  Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by SearchSecurity).

Video and Slides

Gary's slides


Last Updated: 5/7/12