Cyber security is a major concern, and has been for years. It has actually been an area of study for over 50 years, and billions of dollars are spent on it annually. It is a major focus of industry and government, and of increasing concern to the general public. So why don’t we have secure systems? Why is there daily news of new compromises, fraud, and major losses of data? In this talk, I will survey some of what has happened over the last 50 years in information security, with a focus on why some of the solutions have not been deployed. I will also talk about some of the structural issues that make it difficult to formulate any lasting solutions. I will include some observations on the nature of the field itself, and on the image we are building, as examples of some major problems we have yet to address in a meaningful way. I will discuss why the problems are only partly technical, and why we should not expect secure systems to be commonplace anytime soon.
Reception to follow in room 301 CSL.
Eugene H. Spafford is a professor of Computer Sciences at Purdue University. He is also the founder and Executive Director of the Center for Education and Research in Information Assurance and Security. He has been working in computing as a student, researcher, consultant and professor for over 30 years. Some of his work is at the foundation of current security practice, including intrusion detection, firewalls, and whitelisting. His most recent work has been in cyber security policy, forensics, and future threats.
Professor Spafford is a Fellow of the AAAS, ACM, IEEE, and (ISC)2, a Distinguished Fellow of the ISSA, and a member of the Cyber Security Hall of Fame. In 2012 he was named as one of Purdue’s inaugural Morrill Professors, the university’s highest award for the combination of scholarship, teaching, and service. Among many other activities he is currently the chair of the Public Policy Council of ACM (USACM), is a member of the EPIC Advisory Board, and is editor-in-chief of the journal Computers & Security.