This talk will summarize my views on the title of the talk, and then provide opportunities for extensive discussion of a wide range of issues relating to the technologies and policies underlying information security, the risks of not doing substantially better than where we are today, and what might be needed in the future. For those who attended the 1 October Cornerstones of Trust meeting, this might be a continuing discussion. For those who were not at the CoT meeting, the talk will nevertheless be at the same time relatively self-contained and open-ended.
Dr. Peter G. Nuemann, Senior Principal Scientist, SRI
Peter G. Neumann (Neumann@CSL.sri.com) has doctorates from Harvard and Darmstadt. Neumann has been a computer professional since July 1953. After 10 years at Bell Labs in Murray Hill, New Jersey, in the 1960s, during which he was heavily involved in the Multics development jointly with MIT and Honeywell, he has been in SRI's Computer Science Lab since September 1971 -- where he is a Senior Principal Scientist. He is concerned with computer systems and networks, trustworthiness/dependability, high assurance, security, reliability, survivability, safety, and many risks-related issues such as election- system integrity, crypto applications and policies, health care, social implications, and human needs -- especially those including privacy. He is currently PI on two DARPA projects: clean-slate trustworthy hosts for the CRASH program with new hardware and new software, and clean-slate networking for the Mission-oriented Resilient Clouds program. He moderates the ACM Risks Forum (http://www.risks.org), has been responsible for CACM's Inside Risks columns monthly from 1990 to 2007, tri-annually since then, chairs the ACM Committee on Computers and Public Policy. He created ACM SIGSOFT's Software Engineering Notes in 1976, was its editor for 19 years, and still contributes the RISKS section. He was on the editorial board of IEEE Security and Privacy until February 2014, and is taking a break from that, as just one volunteer obligation too many. He has participated in four studies for the National Academies of Science: Multilevel Data Management Security (1982), Computers at Risk (1991), Cryptography's Role in Securing the Information Society (1996), and Improving Cybersecurity for the 21st Century: Rationalizing the Agenda (2007). His 1995 book, Computer-Related Risks, is still timely. He is a Fellow of the ACM, IEEE, and AAAS, and is also an SRI Fellow. He received the National Computer System Security Award in 2002, the ACM SIGSAC Outstanding Contributions Award in 2005, and the Computing Research Association Distinguished Service Award in 2013. In 2012, he was elected to the newly created National Cybersecurity Hall of Fame as one of the first set of inductees. He is a member of the U.S. Government Accountability Office Executive Council on Information Management and Technology, and vestigially the California Office of Privacy Protection advisory council (although that group has been dormant due to the CA budget crunch). He co-founded People For Internet Responsibility (PFIR, http://www.PFIR.org). He has taught courses at Darmstadt, Stanford, U.C. Berkeley, and the University of Maryland. See his website (http://www.csl.sri.com/neumann) for testimonies for the U.S. Senate and House and California state Senate and Legislature, papers, bibliography, further background, etc.
Symantec
500 E Middlefield Rd,
Mountain View, CA 94043