Should CSI: Cyber thrive, we might see a new permutation of the CSI Effect, one pertaining to the computer security profession. The show gives viewers the impression that investigators have immediate access to every database in the world, creating unrealistic expectations for law enforcement. I am waiting for a jury to set a criminal free because CSI: Cyber gave jurors the expectation that, when you get an IP address, you automatically have the definitive location of a criminal — a concept that is blatantly wrong, yet constantly repeated throughout the series.
You know, thinking about CSI: Cyber gives me a headache, but I don’t usually publicly gripe about the show, except for making videos like this and to cracking jokes. Most people in the profession have reacted similarly. Maybe that’s why the organizers of the RSA Conference underestimated the contempt that the security profession has for the series. Until now, we’ve been content with making private jokes; now we have to make public statements.
But though I disdain the show for its distortions of our profession, my wrath is directed at the RSA Conference organizers, not the producer or actors of CSI: Cyber who will be on the RSA panel. The show is certainly silly, but the producer is not answerable to the security community for that. His responsibility is to CBS, which expects him to produce a successful TV series. And CSI: Cyber has been reasonably successful, so he’s done his job. As for the actors, they are responsible for portraying the characters they are paid to play, as they are written. I wish their success hadn’t come through the exploitation of our profession, but it’s not their fault. And had the program stayed within the realm of televised entertainment, where absurdities amount to a tradition, I could go on ignoring it. The RSA panel changes everything, though.
In response to the negative reaction, conference organizers issued a rare statement, titled “Expanding the reach of RSA Conference.” In it, they contend that the issue is that people are upset because the panelists know nothing about security. That is not the case, as we have previously welcomed many non-security speakers. The primary issue is that the series is exploitive and insulting to many people in the security community.
The organizers then state they will use the panel to explore whether CSI: Cyber is encouraging more people to enter the profession (I doubt it; the viewers are much more likely to be retired than in college), the response of the CSI: Cyber panelists to the sort of criticism that their appearance has inspired, and how they get ideas for their storylines. Interesting? Maybe. But more appropriate for Comic Con than the RSA Conference.
Sign up for CIO Asia eNewsletters.