[ISN] Computer security pioneer honored

InfoSec News isn at c4i.org
Mon Mar 14 04:44:16 EST 2005


http://www.montereyherald.com/mld/montereyherald/news/11109598.htm

By KEVIN HOWE
Herald Staff Writer
March. 11, 2005

First came the automobile. Then came anti-lock brakes, seat belts and
air bags.

The evolution of the computer has followed a similar path, said a
woman who was a pioneer in the field of computer security: first the
invention, then the safety devices.

Dorothy Denning, professor in the Department of Defense Analysis at
the Naval Postgraduate School, literally wrote the book on computer
security. "Cryptography and Data Security," published by
Addison-Wesley in 1982, is a classic textbook in the field.

Denning previously taught at Georgetown University, where she was the
Callahan Family Professor of Computer Science and director of the
Georgetown Institute of Information Assurance, and at Purdue
University. She came to the Navy school in 2002 because "it seemed
like an interesting and challenging environment and because I have a
lot of respect for what the school is doing.

"It is definitely the leading edge in information security," she said.

In February, Denning was honored with the prestigious 2004 Harold F.
Tipton Award, which recognizes lifelong contributions to the
improvement of the information security profession.

One of two women|

Denning was one of two women in the field when she earned her
doctorate. The other was Anita Jones "who finished her Ph.D. thesis a
couple of years before I did."

She holds bachelor's and master's degrees in mathematics from the
University of Michigan and her doctorate in computer science from
Purdue University.

When she first became involved with computers in the 1960s, "there
were no mice, no PCs, no screens, no portable media like CDs and
disks; you couldn't even get remote access. You worked in a room with
the machine."

When remote terminals did become available, Denning said, they were
hard-wired to the computer. Data spewed out on punched tape, punch
cards and magnetic tape.

"Security was room security, protection of physical access" to the
computer. Then came time-sharing.

The security problem in those early days "was vastly simpler," she
said. "There were no malicious codes, no viruses, no spam, no Internet
fraud."

The professional literature in the field was written by a handful of
academics "and you could read all of them, be fully up on their
thinking. Now the field is so vast, there is a huge number of people
in academia and security professionals. You can't possibly read it
all."

The Internet, once the exclusive domain of scientists, academics and
the military, was opened by the personal computer to people of all
walks of life, including advertisers and criminals.

Suddenly the world of cyberspace was vulnerable, and its inhabitants
needed locks and keys to protect themselves.

Fast-moving technology|

When personal computers came online, technology was moving so fast and
the job of building a really secure system was so hard that the
computer developers were continually outpacing the security
developers.

"It was not a high enough priority among the buyers," she said.

Buyers just wanted to get a fast operating system up and running and
didn't want to spend money on security systems. "Now there's a lot
more interest."

Users of the Internet, Denning said, should take the same attitude
they have when they go out on the street. You can be assaulted, mugged
or pickpocketed in either place.

"It's not possible to prevent every crime," she said. "You can't have
absolute security."

But, she said, she's never had any qualms about doing her shopping on
the Net or conducting business over it. Users just need to apply some
virtual street smarts.

"When in doubt," she said, "don't provide personal information. Sites
that ask for confidential information are mostly a scam."

Users shouldn't fear to use credit when dealing with established
companies like eBay or Amazon.com, she said. "I wouldn't advise you
not to engage in e-commerce."

Users should keep their computers "patched" with updates and download
any fixes from their service providers, she said.

And they should get one good virus protection system from a major
provider, such as Symantec.

You just need one, Denning said. "They all do pretty much the same
thing." Such antivirus programs should also be kept up to date.
Precautions can protect a user's privacy, credit and bank account.

Government and industry have vital interests in securing their data
systems, she said, to protect classified information and the systems
that run power and transportation grids, oil and water distribution
systems. Her work in the past has been developing ways of detecting
hacker attacks on such systems and the problem of a terrorist
onslaught against the U.S. Internet has been part of war games at the
Navy school annually.

The usual scenario, she said, combines a cyber attack with a physical
attack against some vital installation.

Denning said computer systems "have a lot of redundancy and
resilience," and an attack will likely be met with "a lot of
cooperation" to fend it off.

Undoubtedly, she said, such cyber attacks have already been launched
and squelched since the 9/11 terrorist attacks.

Good place to teach|

Teaching at NPS, Denning said, is a pleasure.

"The students bring into the classroom very, very rich experiences"
from time spent at sea or in the field as well as from their studies.

"They're also extremely smart and dedicated. And they do their work on
time. I've never worked where you could count on students to be on
time, and they turn in superior work. I like reading their
assignments."

In addition to her academic work, Denning has worked at SRI
International and Digital Equipment Corp.

She has published 120 articles and four books, her most recent being
"Information Warfare and Security," including "Is Cyber Terror Next?"
in the essay collection "Understanding September 11," published by The
New Press in 2002. Two other articles are awaiting publication: "Cyber
Security as an Emergent Infrastructure," to appear in "IT and Global
Security," published by The New Press and "Information Technology and
Security" to appear in "Grave New World," Georgetown University Press.

In November 2001, she was named a Time magazine innovator. Her
leadership positions have included president of the International
Association for Cryptologic Research and chair of the National
Research Council Forum on Rights and Responsibilities of Participants
in Network Communities.





More information about the ISN mailing list