The Center for Education and Research in Information Assurance and Security (CERIAS)
The Center for Education and Research inInformation Assurance and Security (CERIAS)
It is possible that hackers, terrorists, accidents or even sunspots could take down the Internet and cause areas to become cut off and unreachable, said Spafford, one of the foremost experts on computer security.
The ACSA SWSIS program offers a $10,000 scholarship to a woman for use in her junior or senior year of undergraduate studies, or first year of a graduate program (i.e., application may be made in the spring of her sophomore, junior, or senior year, or the spring before entering a graduate program if a bachelor’s degree has already been completed). The scholarship is administered by the Society of Women Engineers (SWE).
Information security threats - especially to critical infrastructures and from nation-states - are evolving. But security education curricula are struggling to keep pace, according to Eugene Spafford, renowned information security professor at Purdue University.
The threat that criminal hackers pose to corporate and government information systems has spiked in the past five years, according to the FBI, and shows no signs of abating. The worst part: Law enforcement is virtually powerless in cracking down on cybercrime. CIO.com investigates the challenges law enforcement officials face in investigating and prosecuting hackers.
Eugene Spafford, a professor at Purdue University and founder and executive director of the Center for Education and Research in Information Assurance and Security, said the real problem is the belief that flawed systems can be secured retroactively, either by add-ons or by compelling users to act in ways they are not used to.
Even if agencies have policies to provide training, they are often too specific or too ambiguous, he said. For example, take the “don’t open any suspicious e-mails” approach. What exactly constitutes a suspicious e-mail message? Many of the social engineering attacks occurring today are designed to not look suspicious, Spafford said.
“The approach that’s currently been taken is sort of the equivalent of telling employees, ‘when you come to work, don’t open any square blue boxes.’ But then someone sends in square red boxes, and they all get taken,” he said.
The federal government’s efforts to transition to cloud-based services and technologies could also mean more security problems, he suggested. Following trends or big pushes to save money often mean that security issues fall lower on the priority ladder.
“That’s partly why we have vulnerable systems today, because the idea was, ‘we’ll buy whatever is the cheapest thing on the market’ to save money rather than actually thinking through building a strong, secure infrastructure,” Spafford said.
Some of the security industry’s biggest minds will gather Nov. 7-9 at San Diego for a conference dripping with acronyms, computer jargon and geek-speak. The conference is the jamboree of APWG — Anti-Phishing Working Group to those not initiated into the mysteries of cybercrime terminology. A keynote address by Eugene H. Spafford, professor of computer sciences at Purdue University, will review new technologies and systems being used to protect Internet works and data resources.
Sandia National Labs Director to Speak on National Security Challenges
November 30th Free and Open to the Public 9am - 10:30am Krannert Auditorium Purdue University West Lafayette, IN
As director of VACCINE, a Department of Homeland Security Center of Excellence, David Ebert’s goal is to help our nation’s 2.3 million extended homeland security personnel, including first-responders, perform their jobs more effectively by turning mass amounts of data into manageable information.
