This document provides an overview of Robert M. Lee and summarizes his article "OMG Cyber: Thirteen Reasons Why Hype Makes for Bad Policy". It introduces Lee as an Air Force cyber warfare officer who also works as an academic. The article argues that cybersecurity hype creates problems like confusion, erodes talent, and undermines trust. It examines case studies involving militaries, intelligence agencies, Sony Pictures, and oil pipelines to show how hype has impacted policy and security practices. The document concludes by suggesting a need for more focus on practical security work and less self-promotion among government, vendors, media, and academia regarding cyber issues.

1. OMG Cyber!

2. About Me
• Robert M. Lee (@RobertMLee)
• AF Cyber Warfare Operations Officer
– My views/comments definitely only represent me
• Adjunct Lecturer at Utica College
• PhD Student at Kings College London
• SANS Course Author/Instructor (ICS/SCADA track)
• Author of:
– SCADA and Me: A Book for Children and Management
– Little Bobby

3. The Argument

4. “OMG Cyber:
Thirteen Reasons Why Hype
Makes for Bad Policy”
• Published in the RUSI Journal with Thomas Rid
• Draws from my background in IC and USAF
• Draws from his background in Academia
• Written in formal Buzzfeed/Gawker Style

5. The 13 Points
• Hype creates confusion
• Hype limits results
• Hype betrays purpose
• Hype erodes talent
• Hype creates friction
• Hype breeds cynicism
• Hype degrades quality
• Hype weakens products
• Hype clouds analysis
• Hype kills nuance
• Hype escalates conflict
• Hype creates hypocrisy
• Hype undermines trust

6. Case Studies

7. Militaries and
the Intelligence Community
• Strategic visions and grab bag scenarios
• The cult of popular opinion and internal biases
• The push for metrics over substance
• PowerPoints and “facts”
• Robert Hale: “‘we tried to capture it all, but I’d say there’s a
gray area here in what counts as cyber”
• General Welsh: “When you come to educate us, don't
come in using cyber talk”
• NATO: “to put pressure on smaller countries to spend more
money on their cyber-defence capabilities”

9. Sony –
Somewhere North of Wrong
• Sony Pictures Entertainment – security staff size
• Discussions around and likely investment in hack-back
• Victims shaming in real life vs. industry

11. Oil Pipelines and Russians
• Chief of Staff – avoid cyber talk

12. One Solution:
A Little More
and a Little Less
(Conclusion)

14. A Little More
Focus on Doing
• A lot of people talk about security – not many actually do it
• Tons of excuses – some pretty legitimate – but more focus
on security as a process, while supporting the mission, and
an emphasis on people over boxes will help
• Stop over hyping it – leadership will either not believe you
(analyst who cried wolf) or believe you (maybe worse)

15. A Little Less
Self Licking Ice Cream Cones
• Government – Wants that cyber-stuff
• Vendors – Sure can make some cyber-stuff
• Journalism – Needs that cyber-goodness scoop
• Academia – Loves to be quoted as a cyber-expert

16. Questions?