WEST LAFAYETTE, Ind. ‹ As the Y2K problems fade into the new year, computer analysts will face even more complex issues surrounding information security, Purdue University computer security expert Gene Spafford says.
He and security experts from government and industry will present an overview of these concerns and discuss steps being taken to address them Nov. 15-16 during a colloquium at Purdue.
The colloquium is sponsored by Purdue's Center for Education and Research in Information Assurance and Security, a multidisciplinary center that is the first in the world to take a comprehensive approach to network and computer security. More than 150 leaders from industry, government and academia are expected to attend the two-day event.
The center ‹ aptly called CERIAS, which is pronounced "serious" ‹ looks beyond computer security to address a much wider range of issues related to information security issues such as network and communications security, and protection against defective software.
"The public perception of information security is shaped by sensationalism such as computer virus scares and stories of teen-agers breaking into sensitive military systems," Spafford said. "But information security is much more complex than that. It can include aspects of economic and international espionage, sabotage, terrorist activities, vandalism and other forms of crime in addition to computer security."
The center includes researchers from sociology, psychology, criminology, political science, philosophy, management and economics to address such issues.
Spafford, a professor of computer sciences who is director of the center, said current efforts to secure information often rely upon computer security measures that focus only on protecting information within a single computer system.
"However, the major value to organizations is in the data processed on the computer and not the computer itself," he said. "Disclosure, loss or alteration of the data, as a result of accident or malicious activity, is the problem."
The Purdue center is developing ways to protect information that flows through computers in all its various forms ‹ whether on network cable, disks, faxes, phone lines or the Internet.
"Our increasing reliance on new and often fragile technologies for use in critical applications presents attractive targets to criminals, vandals and foreign adversaries," Spafford said.
Marvin Langston, deputy assistant secretary at the U.S. Department of Defense, agrees. "The fact that we store and process and move things electronically means that the information is now in a form that is easier to manipulate," he said.
Langston noted that as the world becomes more interlinked, businesses and organizations are more vulnerable to crimes.
"Though the Department of Defense has for years relied on computers to store information, the lack of public access to computers and computer networks provided a measure of security," he said. "Now everybody uses commercial computers and commercial computer networks, making it easier to exploit the vulnerabilities or cracks in the system and much more difficult to secure information."
During the colloquium at Purdue, Langston, along with Stephen Katz, chief information security officer for Citigroup, will address information security concerns in government and industry, and discuss new developments under way to address these issues.
In addition, a panel of experts from industry, government and academia will discuss how people in those three areas can work together to address security issues.
CERIAS was established last year at Purdue to address the need for increased training and research in information security topics. With 36 faculty members from 11 departments on campus, Purdue is the only university to offer formal training to address these issues in a multidisciplinary manner, Spafford said.
"Today's students will design the information technologies of the future, yet the majority of them receive no training in information security," he said. "There are few institutions ready to train people to deal with the multiple issues, and none that takes a broad view of the problems involved."
CERIAS is funded by Purdue and Lilly Endowment Inc., plus these corporate sponsors: Andersen Consulting, Trident Data Systems, TRW Inc., AT&T Labs, Cisco Systems Inc., General Electric Co. Corporate Research and Development, Hewlett-Packard Co., Intel Corp., Microsoft Corp., MITRE Corp., Schlumberger Ltd., Sun Microsystems Inc., Tripwire Security Systems Inc., Lockheed Martin Corp., Citigroup, AXENT Technologies Inc., and Enterprise Networking Systems Inc.
Related Web sites:
CERIAS Web site: http://www.cerias.purdue.edu/
CERIAS colloquium agenda: http://www.cerias.purdue.edu/colloquium/agenda.html