Skip to main content

Frederick Chang: Developing a National Science of Cybersecurity

By Erika Johnson


Information sharing and digital transactions are commonplace in a world permeated by social media, online bill paying and e-commerce. Yet, as the digital universe continues to expand at an exponential rate, the ability to keep up with cyber-crime has become increasingly challenging. According to Frederick Chang, UC San Diego Social Sciences alumnus and cybersecurity expert, the solution is to develop an interdisciplinary “science of cybersecurity” – a method to predict and quickly act upon network invasions – drawing upon the skills of social scientists and technologists alike.

“Technology by itself cannot solve the problem because we are dealing with a human adversary and a human victim behind a computer” said Chang. “We must approach the issue from an interdisciplinary perspective – one that includes specialists from computer science, cognitive science, economics, mathematics, political science, business and more.”

Chang is director of the Darwin Deason Institute for Cyber Security, holder of the Bobby B. Lyle Endowed Centennial Distinguished Chair in Cyber Security and a professor in the Department of Computer Science and Engineering at Southern Methodist University (SMU) in Dallas, Texas. An expert in information assurance, his cybersecurity career has spanned leadership roles in the private sector, academia and the federal government, including director of research for the National Security Agency. He has been awarded the National Security Agency Director’s Distinguished Service Medal and was the 2014 Information Security Magazine “Security 7” award winner for Education.

Frederick Chang '77

A 1977 graduate of Muir College, Chang earned a bachelor’s degree in experimental psychology and maintained an interest in the cognitive and computer sciences during his undergraduate studies. “I got a heavy dose of critical thinking at UC San Diego,” he said. “I learned to ask questions about what I believe and why, what evidence I have and how to prove my ideas. The evidence-based analysis and computer science foundation have served me well in life.”

Evidence-based analysis plays an important role in the initiative to develop a science of cybersecurity, Chang said. He posits that there are no current agreed-upon laws and principles that define cybersecurity in a way that is repeatable and widely applicable in any situation. Rather than relying upon short-term solutions that are reactive in nature, he believes that a proactive and shared body of knowledge can help to predict attacks, implement tested solutions and discover where future improvements can be made.

“Instead of taking action after something bad happens, we need to develop rules and principles to help guide the design of more secure systems,” said Chang. “If we can’t get ahead of the problem, we’ll just be going from one incident to the next.”

In the context of escalating nationwide hacks and large-scale digital break-ins – from looting the credit card information of Home Depot and Target shoppers to invading the accounts of JP Morgan Chase – the need for cybersecurity is more relevant than ever. Chang reminds us that it is not only the wile of the hacker or cyberterrorist, but also the negligence of the user, who may not protect their devices appropriately or take too lightly the perils that exist in some areas of the web.

“There is more danger than there used to be, than most people think,” said Chang. “Hackers are more clever and sophisticated now, and most people are too trusting. The social sciences can help us understand why people continually put their trust in the cyber world and develop better techniques to raise awareness and better assess risk.”

The issue has been elevated to national prominence. President Barack Obama discussed in his 2015 State of the Union Address the importance of preventing hackers from shutting down networks, getting a hold of intellectual property and protecting the privacy of American families, especially children.

“Cybersecurity is on everyone’s mind; businesses of all kinds have been compromised,” said Chang, who has served as a member of the Commission on Cybersecurity for the 44th Presidency and has recently served as an expert witness before U.S. House of Representative committees on the topic of cybersecurity. “There are too many hackers and not enough cybersecurity specialists to stem the tide.”

A major obstacle in progressing towards a safer digital age is the shortage of qualified professionals capable of taking on cyber attackers. According to some estimates, Chang offers that there is a need for more than 200,000 cybersecurity experts in the U.S. and an estimated one million worldwide – and that the skills gap is growing. And although the “center of gravity” is technical skills, he says you need more to be successful: namely, critical thinking skills, initiative and leadership ability.

Chang strives to relay the value of contributing to national security to the next generation of young students. “Studying cybersecurity can help students focus on contributing and being part of something larger than themselves. It is a great profession to enter today,” he said. “In addition to university students, I would like to reach out to the K-12 community as well to increase the number of students interested in the field at a young age; I believe all students should be exposed to the possibilities.”