The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity. A Google Images Search demonstrates the problem: locks, fingerprints, hands on laptops, scary looking hackers in black hoodies. Hewlett wanted to go beyond those tropes.
I really liked the idea, but find the results underwhelming. It’s a hard problem.
Hewlett press release.
Curious • October 20, 2020 8:45 AM
Some time ago, I had an idea for making movies, or rather, for making movie scrips. The general motivation for the following, is to try work with layering of ideas, so as to avoid endless re-evaluation of a single subject/result and risk staring at a problem for too long and being unsure about what to do, and maybe risk reworking an initial idea until it becomes unrecognizable
Imagine a tic-tac-toe pattern of nine squares. The left column of three square are ‘tools’, the right column of three squares are ‘goals’, and the center column of three squares are ‘most concrete’ (put in writing or illustration). ‘Tension’ (or) ‘suspense’ is imagined here to be an abstract notion of opposing ways for creating contrast (making it interesting in ways).
Heh, I never got around to actually try this out making a movie script, but I thougth it seemed like such a good idea, if you can focus and pinpoint what is important, and once you know that detail to be important, you can allow other variable to flesh out whatever you are creating artistically.
So the individual parts below is meant to work with separate ideas and then to layer them without ending up with some hard-to-interpret result that maybe ends up lacking the desired focus you wanted some poster to have.
TOOLS▼ (most concrete)▼ GOALS▼
plot ► (tension or suspense) ► story
event ► (tension or suspense) ► meaning
mood ► (tension or suspense) ► feel
I guess ‘plot’ could be some particular subject matter inside ‘security’, and then the bigger picture would be the ‘story’, making sure ‘story’ creates a coherent narrative.
Then I guess ‘event’ would be focusing on the very specifics of a situation, of how you describe your world, and then making sure that again ends up being cohesive for an audience that can understand the very basics of what is being shown.
And so finally ‘mood’ would be anything artistic to catch the interest of the viewer, and also making sure this in turn is perceived to have an emotional impact so to speak, as opposed to relying on gimmicks and cliches.
Curious • October 20, 2020 8:55 AM
Btw, for making comics (sequential art), and working with posters (maybe single image), one might do well to read the book “Understanding comics” by Scott McCloud.
Various aspects to the art of drawing comics is discuss in an interesting way (so not a text book), and the book deals with comics as an art form and start off by discussing various topics, for example like of how there is the illusion of time passing when reading a comic, and how drawings are more or less abstracted for when drawing life like illustrations to highly abstracted shapes like icons of somebody’s face.
Will Eisner also has a book on comic book making, and iirc discusses use of framing, and making sure the drama is not only shown but also being exaggerated to create clarity in a story.
Clive Robinson • October 20, 2020 9:30 AM
@ Bruce, ALL,
I really liked the idea, but find the results underwhelming. It’s a hard problem.
There is a reason it’s a hard problem.
Three words,
1, Safety.
2, Security.
3, Privacy.
They all mean the same but something different. In a way they form a chain or even a circle of very broadly overlapping links.
But the fun comes when you try to describe any one of them in words. It’s hard not to be either self referential or use one of the others as part of the description of another[1].
You end up realising that the concept each word is used as a label for is best described as,
“You will know it when you see it.”
The words are quite abstract and asking some one to define anyone of them of the top of their head is likely to produce much “arm waving”.
They are hard to visualize, and thus picture, what you can not describe in words…
[1] To see the issue, these are the Merriam-Webster definitions
[1a] Safety definition is – the condition of being safe from undergoing or causing hurt, injury, or loss.
[1b] Security definition is – the quality or state of being secure.
[1c] Privacy definition is – the quality or state of being apart from company or observation : seclusion. freedom from unauthorized intrusion.
Anders • October 20, 2020 9:53 AM
“just announced”
Really?
So why i see there last year timestamp:
October 24, 2019
And whole this challenge is so stupid because
they limited the countries that can participate.
I think now they should really be happy with those
winning images. Yes, whole world media starts using
them ASAP. Yep. No doubt.
lharris • October 20, 2020 10:49 AM
The old Washington Mutual used to send out their checks in a package that did not resemble traditional printed bank check boxes to reduce theft, saying that their packaging kept your checks “safe and warm”.
So perhaps a security image could be something implying warmth and serenity, like a swaddled baby or a sleeping cat.
xcv • October 20, 2020 10:56 AM
The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity. A Google Images Search demonstrates the problem: locks, fingerprints, hands on laptops, scary looking hackers in black hoodies. Hewlett wanted to go beyond those tropes.
The gentlemen of the district are cutting hair in a court of law, and they are looking for a “set-up” or “arrangement” to “frame” a “hacker” with something substantial to impress the jury into a conviction on all counts.
I’m sorry. This is Hewlett–Packard, from Camas, WA and Portland, OR, my hometown. They scoped me out as a potential employee while I was in high school, but then they not only refused to hire on political grounds, but took extreme measures to ensure that none of their competitors would ever hire me or do business with me, either.
robert • October 20, 2020 11:37 AM
@xcv: if you read the press release you would see this organization is a charitable foundation having no connection to Hewlett-Packard apart from having been started by one of the HP founders. Also, it’s illegal to base hiring on political grounds. I’m guessing it was based more on attitude.
Thunderbird • October 20, 2020 2:31 PM
Sigh. The “Page Milan” post is spam.
In re the subject of the original post, I get the impression this was more of a poster contest than a come-up-with-symbology-for-security-viewgraphs contest. At least that’s what it seems like based on the winners. There is nothing the matter with them (in fact I like the cuckoo egg one), but they don’t seem easily repurposable for a presentation about hacking IOT jockstraps at DEFCON.
xcv • October 20, 2020 3:24 PM
@robert
@xcv: if you read the press release you would see this organization is a charitable foundation having no connection to Hewlett-Packard apart from having been started by one of the HP founders. Also, it’s illegal to base hiring on political grounds. I’m guessing it was based more on attitude.
It could not have been attitude on my part because I did not even have a police contact record at the time, and they aggressively recruited me and then rejected me without explanation, until I discovered all their back-office labor-union jock-strap slander on my record decades later and much poorer.
Singular Nodals • October 20, 2020 10:49 PM
Shouldn’t visuals arise naturally from a scientific treatment of the problem ? Otherwise they become soft distractions and dilute the reader’s attention.
Comsider the visual design principles and elements Edward Tufte discusses.
SpaceLifeForm • October 21, 2020 1:29 AM
@ All
It seems like this is a problem that Tesla could solve.
https://www.schneier.com/blog/archives/2020/10/split-second-phantom-images-fool-autopilots.html
Singular Nodals • October 21, 2020 1:49 AM
Alternatively, something of interest might result if the problem were turned over to that caricaturist of compressing, distilling genius Weird Al Yankovic.
Marco • October 21, 2020 3:00 AM
In addition to finding an icon to communicate the Security, in my opinion there is a big problem of how to report the information from a graphic point of view
Some big names have tried their hand at it like Google and Microsoft itself, but so far
I haven’t seen anything new besides NICT with Dedalus (2012) (https://www.theverge.com/2012/6/19/3096820/japan-nict-clwit-daedalus-monitor)
If any of you have more info please share them
0Laf • October 21, 2020 3:59 AM
I agree they are underwhelming and that the problem is a difficult one.
There is an NSA FOI request for old posters on security and secrecy I would have to say they are as good as anything here and some of them date from the 60s
https://flashbak.com/135-vintage-nsa-security-posters-401741/
Phaete • October 21, 2020 12:03 PM
I really liked the idea, but find the results underwhelming. It’s a hard problem.
They started good by ‘crowdsolving’ the problem.
They got on a false track trying to make a Top listing as if it were some popularity pole.
Crowdsource it all, get as many as possible and then risk assesment it.
Offset chance of it happening vs cost of implemetation.
Throw some other mods in if really needed, then list all that are worthwile.
Where in Gehenna did they get the arbitrary number of 5 for a top 5.
Jesse Thompson • October 21, 2020 1:19 PM
@Clive Robinson
Off the top of my head:
There we go. No self-reference to speak of. Most of these descriptions hinge upon “Risk”: both exposure to and management of.
Do you feel these are a fair treatment of the concepts, Clive?
Clive Robinson • October 21, 2020 2:16 PM
@ Jesse Thompson,
Do you feel these are a fair treatment of the concepts, Clive?
They are more ICTsec than general, but I don’t think they are pithy enough for the average dictionary that wants a single at most mderate sentance for each meaning within a definition.
Normally people shrug their shoulders at definitions, but not Judges, who are known to be quite expansive on the meaning and scope of definitions as given in the Oxford English Dictionary (OED) in parts of the UK (oh grammar as well and one case turned on a “hanging comma). Not sure what the favoured dictionary is in the US these days but most people talk of Mirriam-Webster, which is what I quoted, so you could see the problem.
The thing is as those in ICTsec the definitions we use are often not realy covered by dictionaries. They try to be general whilst as a “Knowledge domain” we tend to be highly specific and sometimes the words appear to have the opposit meaning to common parlance.
That is when your boss asks for “file a and file b” if you were database searching you would use OR not AND. Likewise “trusted” means almost the opposit as well.
It’s all “organic” which could in the ICTsec domain be a euphemism or synonym for “messy” or “confusing”…
And that is again part of the problem.
I don’t know if you’ve read “Alice through the looking glass” but the mathmatition and logician and amature photographer Charles Dodgson (pen name Lewis Carol) kind of highlighted a few of the linguistic problems that now haunt ICTsec,
Curious • October 21, 2020 4:08 PM
I guess it would be of importance, to differentiate between:
1) Feeling safe, secure and having privacy
2) Actually being safe, secure and having privacy.
3) And having an understanding of what ‘safe’, ‘secure’ and having ‘privacy’ would even mean in the first place.
I would think that ideally, all the three listed points here would have to be checked off as fulfilled, or something should be lacking when one of the three aspects is unobtained, or worse, unobtainable.
Clive Robinson • October 21, 2020 4:55 PM
@ Curious,
3) And having an understanding of what ‘safe’, ‘secure’ and having ‘privacy’ would even mean in the first place.
I would argue that, your point will be forever not just an open one but lagging behind the technology.
Take facial recognition, at the turn of the century it was still a bit of a joke. Because it was slow cumbersome and often required setups that were impractical in normal existance, such as full face head on centered at the tip of the nose in good lighting and without glasses and makeup etc.
Few back then could imagine what it would become, and then only realy in terms of performance. Who for instance would imagine it being used to recognize you when you look at an advert and send you more details via an SMS etc direct to your phone?
Or the Chinese “Social Credit” system to which it’s been linked?
What new wrinkle has happened today, and when we hear of it tommorow or sometime there after, how long will it take us to work out the implications on Privacy, Security or even Safety… Will we do it before the next wrinkle happens?
Personaly I doubt it, why because there are thousands of minds comming up with new wrinkles, and each of us has but one mind to consider those thousands of wrinkles, thus the odds are very much against us.
Curious • October 22, 2020 3:44 AM
@Clive Robinson
I think you misunderstand. Perhaps I shuold have phrased it differently.
My third point is about being self aware. I should have written:
3) And having an understanding of what ‘safe’, ‘secure’ and having ‘privacy’ would even mean to you in the first place.
Clive Robinson • October 22, 2020 9:00 AM
@ Curious,
I think you misunderstand. Perhaps I shuold have phrased it differently.
My third point is about being self aware.
Ahh, that’s kind of what I think as “The Right to be at Peace”.
rrd • October 23, 2020 6:53 AM
@ Curious
I appreciate your efforts,
but that ship has sailed.
We can no more make a man see
than we can make a horse drink
from the stream we led it to.
The emperor has no clothes
yet still twirls on the runway
for all but he to see his shame
though his ministers clap loudly.
For some, peace means not having
to face the truth of themself.
Ahh didums needs his nappy changing • October 23, 2020 5:05 PM
Oh look,
“For some, peace means not having to face the truth of themself.”
Some ones misplaced faith and godless behaviour is stoping them looking in the mirror.
Ahh didums needs his nappy changing • October 23, 2020 6:25 PM
“Yes, thank you. That is precisely my point.”
What that you push out so much scat that your nappy needs changing all the time.
The only way you will get enlightenment is to push a desk light up where your Rectal Refuse Descends…
rrd • October 23, 2020 9:19 PM
@ Ahh…
From Grenada’s 1980s Sherlock Holmes starring the incomparable Jeremy Brett, episode “The Abbey Grange”, in its denouement:
Crocker: What do you want?
Holmes: Justice.
Crocker: For whom?
Holmes: No, we are not partisan. We just want to see justice done. That is all.
Arshi Bhasin • October 31, 2020 5:41 PM
Found this on the web, HP actually spent some time creating a visual language – HP’s report called “Reimagining Cybersecurity Visuals”
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
me • October 20, 2020 8:25 AM
nice images, worth to take a look.
if i knew that there was such a thing i would have partecipated (with an idea, not a drawing, i’m bad at drawing).