The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Barack Obama, National Security, and Me

Share:

[Update 7/17: Video of the Senator’s opening remarks and the panel session (2 parts) are now online at this site. I have also added a few links.]


This story (somewhat long) is about Senator Barack Obama’s summit session at Purdue University today (Wednesday, July 16). on security challenges for the 21st century. I managed to attend, took notes, and even got my name mentioned. Here’s the full story.

Prelude

Monday night, I received email from a colleague here at Purdue asking if I could get her a ticket to see Senator Obama on campus. I was more than a little puzzled — I knew of no visit from the Senator, and I especially didn’t know why she thought I might have a ticket (although there are people around here who frequently ask me for unusual things).

Another exchange of email resulted in the discovery that the Senator was coming to Purdue today (the 16th of July) with a panel to hold a summit meeting on security issues for the 21st century. Cyber security was going to be one of the topics. The press was told that Purdue was chosen because of the leading role our researchers have in various areas of public safety and national security — including the leading program in cyber security — although some ascribed political motives as the primary reason for the location.

I found it rather ironic that security would be given as the reason for being at Purdue, and yet those of us most involved with those security centers had not been told about the summit or given invitations. It appears that the organizers gave a small number of tickets to the university, and those were distributed to administrators rather than faculty and students working in the topic areas.

I found this all very ironic and interesting, and expressed as much in email to several friends and colleagues — including several who I knew had some (indirect) link to the Senator’s campaign. I had faint hope of getting a ticket, but was more interested in simply getting the word back that there was a misfire in the organization of the event.

Late last night (I was in the office until 6:30) I got a call from someone associated with the Obama campaign. He apologized for the lack of an invitation, and informed me that a ticket was awaiting me at the desk the next day.

The Event

I went over to the Purdue Union at 11:30; the official event was to start at 12. I encountered a number of Purdue administrators in the crowd. Security was apparent for the event, including metal detectors at the door run by uniformed officers, some of whom I believe were with the Secret Service uniformed division. The officers everywhere were polite and cheerful, but watchful. I found a seat in the back of the North Ballroom with about 500 other guests…and nearly as many members of the press, entourage, ushers, protection detail, and so on.

I won’t try to summarize everything said by the Senator and panel — you can find the full video here (in two parts). I will provide some impressions of specific things that were said.

The event started almost on time (noon) with Senator Evan Bayh introducing Senator Barack Obama. Sen. Obama then read from a prepared set of remarks. His comments really resonated with the crowd (I encourage you to follow the link to read them). His comment about how we have been “fighting the last war” is particularly appropriate.

He made some very nice comments about Senator Richard Lugar, the other Senator from Indiana. Senator Lugar is a national asset in foreign policy, and both Senators Obama and Bayh (and former Senator Nunn) had nothing but good things to say about him — and all have worked with him on disarmament and peace legislation. One of the lighter moments was when Senator Obama said that Senator Lugar was a great man in every way except that he was a Republican!

Early in his statement, he deviated from his script as reproduced in the paper, and dropped my name as he was talking about cyber security. I was very surprised. He referred to me as one of the nation’s leading experts in cyber security when he mentioned Purdue being in the lead in this area. Wow! I guess someone I sent my email to pushed the right button (although my colleagues and our students deserve the recognition, as much or more than I do).

His further comments on officially designating the cyber infrastructure as a strategic asset is important for policy & legal reasons, and his comments on education and research also seemed right on. It was a strong opening, and there was obviously a lot in his comments for a number of different audiences, including the press.

Panel Part I

The first 1/3 of the panel discussion was on nuclear weapons issues. The experts present to talk on the issue were (former) Senator Sam Nunn (who joked that in Indiana everyone thought his last name was actually Nunn-Lugar), Senator Bayh, and Dr. Graham Allison, the director of the Belfer Center at Harvard. There was considerable discussion about the proliferation of nuclear materials, the need for cooperation with other countries rather than ignoring them (viz. North Korea and Iran), and the control of fissionable material.

There were some statements that I found to be a bit of hyperbole: For instance, the statement that a single bomb could be made by terrorists to destroy a whole city. Not to minimize the potential damage, but without sophisticated nation-state assistance and machining, a crude fission weapon is about all that a terrorist group could manage, and it wouldn’t be that large or that easy to build. A few tens of kilotons of fission explosion could definitely ruin your day, but a detonation at ground level wouldn’t destroy a whole city of any size. (Lafayette, IN would be mostly destroyed by one, but that isn’t a major city.) Plutonium is too dangerous to handle, so over 100 pounds of U-235 (or U-233) would be needed, and machined appropriately, for such a weapon. Without accelerators and specially shaped charges & containers, getting fission fast enough and long enough is difficult and….well, there is a very serious threat, and the nuances may be lost on the average crowd, but the focus on terrorists building a significant bomb seemed wrong to me.

There were some excellent remarks made about opportunity cost. For instance, the one figure that stood out was that we could fully fund the Nunn-Lugar initiative and some other plans to secure loose nuclear materials by spending the equivalent of 1 month of what we now spend in Iraq over the next 4 years around the world; the war in Iraq is breeding terrorists and making US enemies, while securing loose nukes would help protect generations to come around the world. As both a taxpayer and a parent (as well as someone immersed in defense issues), I know where I would prefer to see the money spent!

One other number given is that currently less than 1/4 of 1% of the defense budget is spent on containing nuclear materials, despite it being a declared priority of President Bush. Professor Allison said that despite grade inflation at Harvard, the President still gets an “F” in this area.

Another interesting factoid stated was that about 10% of the lights in the US are powered by electricity generated from reprocessed fissile material taken from Russian nukes rendered safe under the Nunn-Lugar initiative. That sounds high to me given the amount of nuclear power generated in the US, but even if off by a factor of 10, darned impressive.

Panel Part II

The second part of the panel was on bio weapons. The panelists were Dr. Tara O’Toole of the Center for Biosecurity at Pitt, and Dr. David Relman of Stanford. Their discussion was largely what I expected, about how bio-weapons can be produced by rogue actors as well as rogue states. They made the usual references to plague (with a funny interchange about prairie dogs being carriers, and keeping the Senator’s campaign away from them), anthrax and Ebola.

Again, there was a bit of exaggeration coupled with the dialog. It was pointed out that there has still been no apprehension of the perpetrator of the 2001 anthrax attacks. It was then stated that the anthrax in the envelope sent to Senator Daschle was enough to kill a billion people. No mention was made about how impossible it would be to meter and deliver such dosages in the most appropriate manner to achieve that. In fact, no discussion was made about the difficulty in weaponizing most biological agents, limiting their use as a targeted weapon over a large area. And furthermore, no mention at all was made of chemical weapons.

The conclusion here was that investment in better research and international cooperation was key. The statement was made that better integration of electronic health records would be important, too, although some studies I recall indicate that their utility is probably not so great as some would hope. It was also concluded that benefits in faster medical response and better vaccine production would help in non-crisis times as well. I don’t think we can argue too much with that, although the whole issue of how we pay for medicine and health issues looms large.

Panel Part III

The last panel featured Alan Wade, former CIO of the CIA, and Paul Kurtz of Good Harbor Consulting, speaking on the cyber threat. I’ve known Paul for years, and he is a great person to talk on these issues.

The fact that cyber technology is universal and ubiquitous was highlighted. So was the asymmetry inherent in the area. Some mention was made about how nothing has been done by the current administration until very recently. Sadly, that is clearly the case. The National Strategy in 2002, the PITAC report in 2005, and the CSTB report in 2007 (to name 3 examples) all generated no response. As a member of the PITAC that helped write the 2005 report, I was shocked at the lack of Federal investment and the inaction we documented (I knew it was bad, but didn’t realize until then how bad it was); the reaction from the White House was to dissolve the committee rather than address the real problems highlighted in the report. As one of today’s panelists put it — the current administration’s response has been “…late, fragmented, and inadequate.” Amen.

I was disappointed that so much was said about terrorism and denial of service. Paul did join in near the end and point out that alteration of critical data was a big concern, but there was no mention of alteration of critical services, about theft of intellectual property, about threats to privacy, or other more prominent threats. Terrorism online is not the biggest threat we face, and we have a major crisis in progress that doesn’t involve denial of service. We need to ensure that our policymakers understand the scope of the threat.

On the plus side, Senator Obama reiterated how he sees cyber as a national resource and critical infrastructure. He wants to appoint a national coordinator to help move protection forward. (If he is elected I hope he doesn’t put the position in DHS!)

Paul pointed out the need for more funds for education and research. He also made a very kind remark, mentioning me by name, and saying how we were a world-class resource built with almost no funding. That’s not quite true, but sadly not far off. I have chafed for years at how much more we could do with even modest on-going support that wasn’t tied to specific research projects….

Conclusions

I was really quite impressed with the scope of the discussion, given the time and format, and the expertise of the panelists. Senator Obama was engaged, attentive, and several of his comments and questions displayed more than a superficial knowledge of the material in each area. Given our current President referring to “the Internets” and Senator McCain cheerfully admitting he doesn’t know how to use a computer, it was refreshing and hopeful that Senator Obama knows what terms such as “fission” and “phishing” mean. And he can correctly pronounce “nuclear”! grin His comments didn’t appear to be rehearsed — I think he really does “get it.”

(Before someone picks on me too much…. I believe Senator McCain is an honorable man, a dedicated public servant, and a genuine American hero. I am grateful to have people like him intent on serving the public. However, based on his comments to the press and online, I think he is a generation out of date on current technology and important related issues. That isn’t a comment related to his age, per se, but to his attitude. I’d welcome evidence that I am mistaken.)

Senator Obama is a great orator. I also noticed how his speed of presentation picks up for the press (his opening remarks) but became more conversational during the panel.

Senator Obama kept bringing the panel back to suggestions about what could be done to protect the nation. I appreciated that focus on the goal. He also kept returning to the idea that problems are better solved early, and that investments without imminent threat are a form of insurance — paying for clean-up is far greater than some prudent investment early on. He also repeatedly mentioned the need to be competitive in science and technology, and how important support for education is — and will be.

After the session was over, I didn’t get a chance to meet any of the campaign staff, or say hello to Paul. I did get about 90 seconds with Senator Bayh and invited him to visit. After my name had been mentioned about 3 times by panelists and Senator Obama, he sort of recognized it when I introduced myself. We’ll see if he follows up. I’ve visited his office and Senator Lugar’s, repeatedly, and neither have ever bothered to follow up to see what we’re doing or whether they could help.

Several people in the audience commented on my name being mentioned. I’m more than a little embarrassed that they didn’t refer to CERIAS and my colleagues, and in fact I was the only Purdue person mentioned by name during the entire 2 hours, and then it happened multiple times. I’m not sure if that’s good or not — we’ll see. However, as P.T. Barnum said, there’s no such thing as bad publicity … so long as they spell my name correctly. tongue rolleye None of the local or national press seem to have picked it up, however, so even spelling isn’t an issue.

The press, in fact, hasn’t seemed to focus on the substance of the summit at all. I’ve read about 15 accounts so far, and all have focused on his choice of VP or the status of the campaign. It is so discouraging! These are topics of great importance that are not well understood by the public, and the press simply ignores them. Good thing Angelina Jolie gave birth earlier in the week or the summit wouldn’t have even made the press. confused

I wish more of the population would take the time to listen to prolonged discussion like this. 15-second sound bites serve too often as the sole input for most voters. And even then, too many are insufficiently educated (or motivated) to understand even the most basic concepts. I wonder if more than 5 people will even bother to read this long a post — most people want blogs a single page in length.

As for my own political opinions and voting choices, well, I’m not going to use an official Purdue system to proselytize about items other than cyber security, education, research and Purdue. You can certainly ask me if you see me. Now, if only I had confidence in the electronic voting equipment that so many of us are going to be forced to use in November (hint: I’m chair of the USACM).

Last Tongue-in-Cheek Word

And no, I’m not particularly interested in the VP position.

Comments

Posted by Richard Bejtlich
on Thursday, July 17, 2008 at 05:27 AM

If not VP, how about cyber czar?

Posted by Nwokedi Idika
on Thursday, July 17, 2008 at 12:09 PM

Well, I’m at least 1 person that read this blog entry. 

When I was in Maryland in 2005, and I told CS people I was going to graduate school in CS at Purdue, just about everyone I told thought for a second, and then mentioned your name. 

It’s surprising that you’re surprised that you’re well known.  Having your own wikipedia page doesn’t hurt either (http://en.wikipedia.org/wiki/Gene_Spafford).

Posted by Gini Gold
on Thursday, July 17, 2008 at 12:36 PM

You are too modest!  I loved your summary of the discussion and your conclusion about the poor state of discourse by the media on these critical topics.  Here’s hoping we have something to celebrate come November.

Posted by Frances
on Thursday, July 17, 2008 at 01:06 PM

Thank goodness I had finished my coffee while ready the beginning of your blog…the Jolie twins mention would have made me spit my coffee ROTFLOL

However it is a sad but true representation of American society or should I say what the American Press THINKS we want to know instead of what we NEED to know

Posted by James Jay Horning
on Thursday, July 17, 2008 at 05:15 PM

Spaf,

Thanks for the thorough report, from at least one person who read it all the way through.  (Now I’m going to go back and read Sen. Obama’s prepared remarks.)

Jim H.

Posted by Jason
on Friday, July 18, 2008 at 09:27 AM

No VP?  How about Director of National Data Security?

On McCain, I totally agree.  I heard him say once that he doesn’t “do” email, that his wife takes care of that for him.  I can’t comprehend how he could not use a simple tool like email and be able to know how to defend us electronically.

Posted by Rick Dean
on Friday, July 18, 2008 at 09:43 AM

I have had inquiries from classified sources in support of Deputy Under Secretary for Readiness Dr. Chu. They feel that Indiana would be a good location for a national Cyber Terrorism Lab. But, the desing went to the Air Force, and getting Govt. contracts in place is almost impossible with war requirements taking priority. So, we are missing the boat because we don’t have a partnering vehicle, and therefore can’t spead funding to all potential participants. But, that doesn’t mean that we can’t collaborate. The response I get from the Beaurocrats is no response. They already have their cush jobs, and don’t seem to care about working that hard. Kind of like your response from our Senators. It’s a shame, because we have some bright people, with a good mid western work ethic! You can’t teach that. Glad to see there are those who really do care!
Regards, Rick

Posted by A. G. Rud
on Friday, July 18, 2008 at 03:36 PM

Spaf,

This is a thorough and helpful summary of the event. I thought of you immediately when it was announced, and am surprised to find out that you were not initially invited. These are important issues.

Posted by Jennifer Kurtz
on Monday, July 21, 2008 at 05:31 AM

Along with an cyber advisor, it would be useful to reinstate the US Arms Control and Disarmament Agency—or at least appoint an advisor. After all, there are so many more arms to control today (disarming has not been our style) since I worked there in the 1970s!!!

Thank you for sharing!

Posted by Chuck
on Monday, July 21, 2008 at 07:15 AM

Good report Spaf. It’s not too late.

Posted by Dr Chris
on Tuesday, July 22, 2008 at 05:34 PM

Professor Spaf,

I am forwarding this outstanding field report to my colleagues at the RAND Corporation’s Athena Group and to the Californian Republican technology advisory committee.

Dr Robert H Morris’ Prophetic Paper in the Bell Systems Technical Journal found its realization by his kid in YOUR LAB!

  I, therefore, nominate you for CIO at CIA under the next administration; GS-15.

Dr Chris

Posted by David Nelson
on Monday, July 28, 2008 at 05:39 PM

Good summary, Gene. Better than wading through the whole meeting grin

I have also noticed that Obama seems conversant on technology matters.

For example, I recently saw a clip of his answer on net neutrality (perhaps on youtube) in which he showed that he actually understands the concept and can describe why he is in favor of it, including the specific actions needed to implement it.

Posted by Robert Morton
on Wednesday, August 20, 2008 at 11:42 PM

Big If Makes Us Curious

If the new administration were to make cyber security a national security priority, do you think the administration might turn to you to help lead the way.  And if so, would you accept a position as the new “Czar” for cyber security for the US (hopefully not the position would not be placed into DHS)?  Curious readers would like to know… grin

-Rob

Posted by beth
on Saturday, November 1, 2008 at 03:01 PM

Hi Gene!

Great post! Thanks for reporting on this, especially highlighting what was left out of the discussions and the sad reality regarding the press.

By the way, even I know your name, and I am not associated with academia, research, or government. So there.

wink

cheers,
beth

Posted by Nuno Rogeiro
on Sunday, December 14, 2008 at 07:45 AM

Dear Gene Spafford

I work in Political Science and Constitutional Law, and have been in the field of terrorism, cyberthreats and its connection to civil rights for two decades now.
I also have my own TV show on international matters, called “League of Nations”. It’s now in its 5th season (you can get it in http://www.sic.pt, and then look for “Sociedade das Nações”, and follow procedures).
I’m authoring a book about Barack Obama’s policies on National Defense,Security and Intelligence, including known topics as Terrorism, and less understood ones, as Information Protection/Security, Critical Infrastructure Awareness, etc.
Thank you for the clear report on one episode that could be revealing for the months and years to come.
Please signal me if you get a job in the National Security Team. Seriously.

Regards

Nuno Rogeiro

Posted by Freddie
on Friday, December 26, 2008 at 08:50 PM

Obama is now Prez elect what next? I wish the election was more about topics than popularity.

Posted by Dilson
on Monday, March 16, 2009 at 06:38 AM

yes, and I feel that Obama can do what he says, because I am always read news and watch television about him and He is very positive in his mind that He can do everything he can to improve the recent recession that US is facing. We’ll see.

Leave a comment

Commenting is not available in this section entry.