[ISN] To packed crowd, speaker discusses cyber security crisis
InfoSec News
isn at c4i.org
Mon Apr 10 05:26:20 EDT 2006
http://spectrum.buffalo.edu/article.php?id=26984
TOM HALLECK
Staff Writer
APRIL 7th, 2006
America has long been in the age of the computer, and with companies'
increased reliance on computers and the Internet comes an alarming
increase in the rate of crimes perpetrated via the Internet.
Professor Eugene H. Spafford, Ph.D., a renowned speaker and leader in
the field of computing security, cyber crime and policy, spoke
yesterday on the escalating computer security crisis, as a part of the
Department of Computer Science and Engineering's Distinguished
Speakers Series.
Spafford spoke to a packed room in 330 Student Union, discussing the
most important issues in cyber security, focusing on the lack of
attention paid to security by both the government as well as the
private sector.
He often used humor to show how unreasonable the situation is
regarding computer security, like in the lack of law enforcement.
"We have people committing (cyber crime) offenses again and again, but
it's been calculated as less than five percent of these crimes are
prosecuted," Spafford said. "Please do not take that as career
advice."
Victims of these crimes are often large companies who are not willing
to admit that their security has been breached, Spafford said. Also,
prosecution is rare because law enforcement and security in the field
of computing and technology is vastly underdeveloped.
"Law enforcement has limited personnel and limited resources in these
fields," he said.
For example, one of the U.S. Army's major command centers decided to
throw out all of their computers, according to Spafford, because they
were so infiltrated with security breaches that they couldn't be
fixed.
"They spent thirty million tax dollars to get new computers," Spafford
said. "It allegedly took three weeks until they were all compromised
again."
Spafford said while serving on the President's Information Technology
Advisory Committee (PITAC) from 2003 to 2005, as well as advising over
a dozen other Federal agencies and major corporations, it became
obvious that no one was doing enough to combat cyber crime.
"More money is spent keeping people from bringing nail clippers on
planes than is spent on cyber security," Spafford said. "This is
something I'm pretty sure of."
He said that although some of the financial data regarding airline
security was unavailable, he has filed a request for the data under
the Freedom of Information Act.
Research and development in computer security, something Spafford has
worked on for decades, is one of the most important issues in national
computer security, he said, and yet it's also one of the most
under-funded and overlooked.
"What is Congress doing? They're stopping research and development
spending. The amount the PITAC asked for was an estimated $100 million
a year. The U.S. spends that much in three days in military operations
in Iraq," he said.
According to Spafford, the situation is dire "but not really
hopeless." Ten years ago, there were about 10 academic researchers
focused on the field of cyber security. Now, there are over 300.
"(Federal agencies) are protecting the property rights of Sony and
Disney rather than the cyber security of the entire country," Spafford
said.
Most importantly, he said, public awareness of cyber crime and its
severity is something that is generally overlooked but is becoming an
increasing part of the public eye.
"We're developing a greater public awareness of seen problems,"
Spafford said. "If you get an e-mail saying 'Your account has been
frozen, please give me all of your personal information,' then I'd
think you wouldn't give that away, but a lot of people are actually
doing it."
Age and perspective often will allow someone to realize how dangerous
life can be.
"I'm not saying this as some old fart, telling you young people to
'straighten up,' " Spafford said.
The information that many college-age people give out online is also
very risky. He said that the information placed on the social
networking site Facebook can be used for blackmail, stalking, and can
even damage employment opportunities.
"Your Facebook is potentially viewable by two billion people,"
Spafford said.
Bharat Jayaraman, chair of the computer science and engineering
department, said Spafford's lecture was one of the best in the series.
"He's probably the best speaker I've heard in a while," Jayaraman
said. "It wasn't technology talk, but I think he laid out the issues
very well."
Rich Giomundo, a second year computer science graduate student, said
that most importantly, people must become aware of the situation.
"Most people don't realize what is going on," Giomundo said. "It's
more in the general community, but even people in computer science
overlook what he's talking about."
Giomundo also said that the No. 1 problem in software engineering
today was that deadlines are looked at as more important than
security.
"People think that it needs to get done, and if it works, they don't
care if it's being done the right was and the secure way," he said.
"(Software) needs to be written properly, then the deadline should
follow."
Spafford co-wrote the first English-language technical book on
computer viruses and malware in 1989, according to his Web site, and
has been an advisor on cyber security to the Federal Bureau of
Investigation, the Microsoft Corporation and two U.S. Presidents.
The next lecture in the Computer Science and Engineering Department's
Distinguished Speakers Series will feature John McCarthy from Stanford
University, who will discuss "The Philosophy of AI and the AI of
Philosophy," on April 21 at 2 p.m. in 330 Student Union.
Content © 2006 - The Spectrum Student Periodical, Inc. All Rights
Reserved.
More information about the ISN
mailing list