http://spectrum.buffalo.edu/article.php?id=26984 TOM HALLECK Staff Writer APRIL 7th, 2006 America has long been in the age of the computer, and with companies' increased reliance on computers and the Internet comes an alarming increase in the rate of crimes perpetrated via the Internet. Professor Eugene H. Spafford, Ph.D., a renowned speaker and leader in the field of computing security, cyber crime and policy, spoke yesterday on the escalating computer security crisis, as a part of the Department of Computer Science and Engineering's Distinguished Speakers Series. Spafford spoke to a packed room in 330 Student Union, discussing the most important issues in cyber security, focusing on the lack of attention paid to security by both the government as well as the private sector. He often used humor to show how unreasonable the situation is regarding computer security, like in the lack of law enforcement. "We have people committing (cyber crime) offenses again and again, but it's been calculated as less than five percent of these crimes are prosecuted," Spafford said. "Please do not take that as career advice." Victims of these crimes are often large companies who are not willing to admit that their security has been breached, Spafford said. Also, prosecution is rare because law enforcement and security in the field of computing and technology is vastly underdeveloped. "Law enforcement has limited personnel and limited resources in these fields," he said. For example, one of the U.S. Army's major command centers decided to throw out all of their computers, according to Spafford, because they were so infiltrated with security breaches that they couldn't be fixed. "They spent thirty million tax dollars to get new computers," Spafford said. "It allegedly took three weeks until they were all compromised again." Spafford said while serving on the President's Information Technology Advisory Committee (PITAC) from 2003 to 2005, as well as advising over a dozen other Federal agencies and major corporations, it became obvious that no one was doing enough to combat cyber crime. "More money is spent keeping people from bringing nail clippers on planes than is spent on cyber security," Spafford said. "This is something I'm pretty sure of." He said that although some of the financial data regarding airline security was unavailable, he has filed a request for the data under the Freedom of Information Act. Research and development in computer security, something Spafford has worked on for decades, is one of the most important issues in national computer security, he said, and yet it's also one of the most under-funded and overlooked. "What is Congress doing? They're stopping research and development spending. The amount the PITAC asked for was an estimated $100 million a year. The U.S. spends that much in three days in military operations in Iraq," he said. According to Spafford, the situation is dire "but not really hopeless." Ten years ago, there were about 10 academic researchers focused on the field of cyber security. Now, there are over 300. "(Federal agencies) are protecting the property rights of Sony and Disney rather than the cyber security of the entire country," Spafford said. Most importantly, he said, public awareness of cyber crime and its severity is something that is generally overlooked but is becoming an increasing part of the public eye. "We're developing a greater public awareness of seen problems," Spafford said. "If you get an e-mail saying 'Your account has been frozen, please give me all of your personal information,' then I'd think you wouldn't give that away, but a lot of people are actually doing it." Age and perspective often will allow someone to realize how dangerous life can be. "I'm not saying this as some old fart, telling you young people to 'straighten up,' " Spafford said. The information that many college-age people give out online is also very risky. He said that the information placed on the social networking site Facebook can be used for blackmail, stalking, and can even damage employment opportunities. "Your Facebook is potentially viewable by two billion people," Spafford said. Bharat Jayaraman, chair of the computer science and engineering department, said Spafford's lecture was one of the best in the series. "He's probably the best speaker I've heard in a while," Jayaraman said. "It wasn't technology talk, but I think he laid out the issues very well." Rich Giomundo, a second year computer science graduate student, said that most importantly, people must become aware of the situation. "Most people don't realize what is going on," Giomundo said. "It's more in the general community, but even people in computer science overlook what he's talking about." Giomundo also said that the No. 1 problem in software engineering today was that deadlines are looked at as more important than security. "People think that it needs to get done, and if it works, they don't care if it's being done the right was and the secure way," he said. "(Software) needs to be written properly, then the deadline should follow." Spafford co-wrote the first English-language technical book on computer viruses and malware in 1989, according to his Web site, and has been an advisor on cyber security to the Federal Bureau of Investigation, the Microsoft Corporation and two U.S. Presidents. The next lecture in the Computer Science and Engineering Department's Distinguished Speakers Series will feature John McCarthy from Stanford University, who will discuss "The Philosophy of AI and the AI of Philosophy," on April 21 at 2 p.m. in 330 Student Union. Content © 2006 - The Spectrum Student Periodical, Inc. All Rights Reserved. _________________________________ LayerOne 2006 : Pasadena Hilton : Pasadena, CA Infomation Security and Technology Conference http://layerone.info
This archive was generated by hypermail 2.1.3 : Mon Apr 10 2006 - 02:31:11 PDT