[Update May 1: The CSHOF pages have been updated with bios on the 2019 inductees.{

The 2019 inductees into the CSHOF were announced last week.

The Hall of Fame was created as a way to honor and memorialize individuals who have had a particularly notable impact on cyber security as a field.

There are five criteria when considering potential honorees: Technology, Policy, Public Awareness, Education and Business. Nominated individuals can reside and work anywhere in the United States. A senior board reviews all submissions made to a public call for nominations after they have been compiled and ranked to select each year’s honorees.

This years’s honorees are:

• Brian Snow , a former technical director with the National Security Agency, known for his work in cryptography, and in seeking to bridge the gap between government and the commercial sector, helping to foster transparency and cooperation.
• Sheila Brand, the defining person behind the production of the Trusted Computer System Evaluation Criteria, known as the “Orange Book”, a standard set of requirements for assessing and effecting cybersecurity controls in a computer system.
• Corey Schou , a University Professor, Associate Dean, published author, and the director of the National Information Assurance Training and Education Center. He led the development of the college curricula which underpins the Centers of Academic Excellence in Information Systems Security (Cybersecurity) program
• Virgil Gligor , a professor at Carnegie Mellon University who has made fundamental contributions in applied cryptography, distributed systems, and cybersecurity. Other subjects that he has worked on include covert channel analysis, access control mechanisms, intrusion detection, and DoS Protection.
• Ken Minihan , a former United States Air Force officer known for his service as the Director of the NSA, and prior to that, the Director of the Defense Intelligence Agency under the Clinton administration. He operationalized NSA’s Information Systems Security mission promoting engagement with industry and academia and U.S. allies.
  

Inducted in memorium:

• Rebecca “Becky” Bace , who was the major force behind building the computer misuse and detection (CMAD) community, starting in the 1990s.She has been widely recognized for her many efforts in industry and government to increase participation by women and minorities in cyber security, and to bring useful technology to market. Becky is fondly remembered by many as the “Den mother of Cyber Security.”
• Howard Schmidt , who, among many other activities, was Vice Chair of the President's Critical Infrastructure Protection Board and the special adviser for cyberspace security for the Bush White House directly following 9/11. While in that position, he was a leader in developing the U.S. National Strategy to Secure CyberSpace. He later served in the Obama administration as the White House Cybersecurity Coordinator. He also served as the CISO and CSO of Microsoft, among other roles.

The formal induction will be held at an event on April 25, at the annual Hall of Fame Dinner at the Hotel at Arundel Preserve.

Congratulations to all the new inductees!

March is a month of changes. We see winter beginning to recede (we hope!) and spring begins to show. The vernal equinox is around March 20 and heralds a return to more light than dark.

March is the month I was born (or hatched, depending on your mythos). My wonderful sister was also born in March. So were several dear friends. March is a month of beginnings.

Unfortunately, March is also a month of endings. Two years ago, I blogged about the untimely passing of three security pioneers, all good friends of mine: Kevin Ziese, Howard Schmidt, and Becky Bace. As I noted, Becky’s passing was a particularly cruel shock, as her death unexpectedly occurred only a few days after spending time with her.

I was reminded of the three of them (and my friends Ken and Wyatt and Gene, to name a few more) as I attended this year’s RSA Conference. As I walked the exhibit floor, I had a sense that I might look up and see one of them, as I did nearly every year, walking between sessions or stopping at booths. We’d compare notes about what we thought was particularly good or particularly awful — our comparisons were usually fairly well in sync. We would have had a lot to compare this year!

I don’t mean to be maudlin; I long ago did my grieving. Plus, I still have too many things to do, including burning the rest of my sabbatical, and getting some papers finished. However, I am reminded that the friends and families of those dear friends set up memorials for them. Rather than having spent the money attending this year's RSAC, I wish I had put those funds into these worthwhile causes, to which I normally contribute each year.

If you remember any of them, below are reminders of how you can do some good in their memories, and maybe help bring a little springlike cheer to others. And if you don’t remember them, maybe you should investigate a little — too many people working in cyber security have no grasp of the rich history of the field.

BTW, and on another topic entirely, I hope to see some of you at the 20th annual CERIAS Symposium in early April. It’s a great transition into spring, and a wonderful celebration of education and research. As the emeritus director, I don’t have anything to do this year other than mingle and enjoy the presentations. That’s some change after 20 years! Please consider mingling along with me, and enjoying the hospitality of the great group at CERIAS!

---

Kevin

If you want to make a donation in his memory, please send it to one or more of:

• Disabled American veterans

• Air Force Memorial Foundation

Howard

If you wish to make a donation in the memory of Howard Schmidt, send it to:

Becky

ACSA's top scholarship in the Scholarship for Women Studying Information Security (SWSIS.org) has been renamed as the Rebecca Gurley Bace Scholarship. Contributions to help support this scholarship are welcomed by sending a check (sorry, no online contributions) to:

Ken

Ken's family has indicated that memorial contributions may be given to the American Heart Association.

Gene

The ISSA Foundation has a scholarship fund in Gene's honor. Donate to:

All of the above are non-profit, charitable organizations, and your contributions will likely be tax-deductible, depending on your tax circumstances.

A recent visit and conversation with Steve Crocker prompted me to think about how little the current security landscape has really changed from the past. I started looking through some of my archives, and that was what prompted my recent post here: Things are not getting better.

I posted that and it generated a fair bit of comment over on LinkedIn, which then led to me making some comments about how the annual RSA conference doesn’t reflect some of the real problems I worry about, and wondering about attendance. That, in turn, led me to remember a presentation I started giving about 6 years ago (when I was still invited to give talks at various places). It needed one editorial correction, and it is still valid today. I think it outlines some of the current problematic aspects of security in the commercial space, and security research. Here it is: Rethinking Security. This is a set of presentation slides without speaker notes or an audio recording of me presenting them, but I think you’ll get the ideas from it.

Coincident to this, an essay I wrote in conjunction with Steven Furnell, of the University of Plymouth in the UK, appeared in the British Computing Society’s online list. It describes how some things we’ve known about for 30 years are still problems in deployed security. Here’s that column: The Morris worm at 30.

Steve and I are thinking about putting something together to provide an overview of our 80+ years combined experience with security and privacy observations. As I delve more into my archives, I may be reposting more here. You may also be interested in some videos of some of my past talks, that I wrote about in this blog last year.

In the meantime, continue to build connected home thermostats and light bulbs that spy on the residents, and network-connected shoes that fail in ways preventing owners from being able to wear them, among other abominations. I'll be here, living in the past, trying to warn you.

---

PS. The 20th CERIAS Symposium is approaching! Consider attending. More details are online.

I was reminded this morning that nearly 10 years ago testimony I gave before a US Senate committee about cybersecurity. Sadly, I think things are worse and we are continuing on the same self-destructive path.

Here is a copy of that testimony.

Anybody who thinks tools and patching are the solutions doesn't understand the problems.

Now that the government has decreed our national focus should be on quantum and artificial intelligence, things are likely to get worse even faster -- those technologies will introduce new vulnerabilities faster than they may fix any, especially as vendors seek to rush items to market.

CERIAS continues to be a bright spot, but there is so much more we (at CERIAS, and more globally) could do if we had the resources.

In early April is the 20th CERIAS Symposium. I invite you to attend to see what Purdue's continuing efforts are accomplishing, and especially to meet some of our bright and motivated students, and connect with some of our tremendously talented faculty and staff.

The Cyber Security Hall of Fame was on hiatus while stable funding was secured. That has happened, and nominations are open for the class of 2019. Nominations are only open until February 15.

Current honorees are listed at the Cybersecurity Hall of Fame site. .

Help by nominating qualified candidates! See the instruction site for details of nominations..

Help spread the word!.