Cybersecurity Requires a Multifaceted Approach

Eugene Spafford, a professor at Purdue University and founder and executive director of the Center for Education and Research in Information Assurance and Security, said the real problem is the belief that flawed systems can be secured retroactively, either by add-ons or by compelling users to act in ways they are not used to.

Even if agencies have policies to provide training, they are often too specific or too ambiguous, he said. For example, take the “don’t open any suspicious e-mails” approach. What exactly constitutes a suspicious e-mail message? Many of the social engineering attacks occurring today are designed to not look suspicious, Spafford said.

“The approach that’s currently been taken is sort of the equivalent of telling employees, ‘when you come to work, don’t open any square blue boxes.’ But then someone sends in square red boxes, and they all get taken,” he said.

The federal government’s efforts to transition to cloud-based services and technologies could also mean more security problems, he suggested. Following trends or big pushes to save money often mean that security issues fall lower on the priority ladder.

“That’s partly why we have vulnerable systems today, because the idea was, ‘we’ll buy whatever is the cheapest thing on the market’ to save money rather than actually thinking through building a strong, secure infrastructure,” Spafford said.

Spafford to Give Keynote Address at Anti-Phishing Conference

Some of the security industry’s biggest minds will gather Nov. 7-9 at San Diego for a conference dripping with acronyms, computer jargon and geek-speak. The conference is the jamboree of APWG — Anti-Phishing Working Group to those not initiated into the mysteries of cybercrime terminology. A keynote address by Eugene H. Spafford, professor of computer sciences at Purdue University, will review new technologies and systems being used to protect Internet works and data resources.

Security Research Engineer’s Guide Urges Facebook Users to be Cautious

Purdue Difference Maker: Professor David Ebert

As director of VACCINE, a Department of Homeland Security Center of Excellence, David Ebert’s goal is to help our nation’s 2.3 million extended homeland security personnel, including first-responders, perform their jobs more effectively by turning mass amounts of data into manageable information.

Obama Establishes Insider Threat Task Force

President Obama issued an executive order Friday that establishes an Insider Threat Task Force to prevent potentially damaging and embarrassing exposure of government secrets, such those made public by WikiLeaks.

Eugene Spafford, executive director of Purdue University’s Center for Education and Research in Information Assurance and Security, said the president’s action was long overdue. “Why haven’t they been doing this already?” asked Spafford, who has testified before Congress on IT security matters. “This is at least 10 years too late, if not 20.”

Purdue Forges Top Cyber Research Center

Internet Risks Will Drive Users Offline, Researcher Predicts

A focus on securing legacy IT architectures rather than on developing secure technology has created an untrustworthy environment that eventually will drive users offline, said Purdue University professor Eugene Spafford.

Watson Co-Authors Facebook Security Guide

Keith Watson, a Research Engineer with CERIAS, recently co-authored a new publication about Facebook security.

“A Guide to Facebook Security” (PDF) is a free, 20-page pamphlet geared primarily toward teens, their parents, and teachers. Co-written with fellow security expert Linda McCarthy and teacher/editor Denise Weldon-Siviy, it is available to view and download from Facebook.

Creating Ag Extension Agent for Cyber

Eugene Spafford thinks America needs the cybersecurity equivalent of an agriculture extension service to help educate citizens on IT security.

For Suspected Hackers, a Sense of Social Protest

Eugene H. Spafford, a computer security professor at Purdue University, was not convinced that the arrests last week would serve as a deterrent. Rather, he said, it could prompt others to be more careful in the future and even prompt retaliatory strikes. “A whole bunch of people were angry, they didn’t really think about whether it was legal or not. It never entered their minds,” Professor Spafford said. “This was kind of the equivalent of a spontaneous street protest, where they may have been throwing rocks through windows but never thought that was against the law or hurting anybody.”