CERIAS Blog
US Travel Tips for New Faculty…and for Not-so-New
The academic year is beginning, and I have already been asked by new faculty about travel. I also recently heard about a problem from a more senior colleague. As I have traveled a lot for my work in the last 20 years, I have built up some experience as an academic “road-warrior.” My assistant, Marlene, has also helped out with some great ideas as she has observed my difficulties getting from point A to B and back again. Here are some general tips for lower-stress travel as you travel to conferences and speaking engagements around the U.S.
General
Familiarize yourself with your university’s travel rules. Most have specific rules about advance notice, forms to file, etc. Know the rules before you travel so you don’t do the wrong things.
When you meet people at conferences, or when speaking, or otherwise on business, write the date on the back of the card, along with info that will help you identify why/where you met the person. If you promise to send them a copy of your recent results, then write that on the card, too. I have over 3000 entries in my online address book and card collection, and I no longer remember who half of them are, where I met them, or why....a note would have helped me in trimming the collection some.
Note on your itinerary what the next and previous departures of the plane, train, etc might be. If your business finishes early or runs late you have some idea of alternatives. In many cases, for a small free, you can switch to a different departure time on the same day. You can usually get that fee reimbursed by the same source of funds that pays for your ticket.
Take paper copies of articles, theses, or other items you need to read or review. If you are stuck in an airport waiting area with a delayed flight, you can put your time to use without running down laptop batteries. Furthermore, you can read the papers when on the plane during times that no electronic devices can be used, and you can write comments in the margin when you have a small fold-down seat tray that isn’t large enough to hold an open laptop.
Keep business cards with you. At least once a year I find someone sitting on a long flight next to me to be worth a follow-up contact. Several times these have led to industry grants for my research or internships for my students. Be prepared for opportunities!
Always pack an extra day’s worth of critical items in the event your flight is cancelled or too badly delayed. Also, you are prepared when the airline asks for volunteers to be bumped to the next day in return for a free ticket—that means you can save money on your grants for the next conference, or else use the free ticket to have a spouse/SO accompany you on a trip.
If you are going someplace interesting, investigate staying an extra day or two to sight-see, or simply relax. Depending on timing, you may actually save money by flying on a weekend day instead of a weekday evening and staying the extra night in the hotel!
Consider joining frequent traveler programs for the airlines and hotels. You may not collect enough for a free trip any time soon—and if you do travel enough to do so, another trip is not likely your idea of a reward. However, most of those programs have some small perks for members—free Internet service or breakfast at the hotel, priority on better seats, etc.
Airline clubs can be valuable places to unwind between long flights or during delays. You can buy day passes or full-year memberships. Some cover multiple airlines. Consider the expense of Internet access and several cups of coffee each time you need to spend more than an hour at a major airport in a waiting area. At a certain point, the airline club fee comes out to be a win. Plus, their front desk staff can often fix a scheduling snafu on your ticket faster (and with more options) than the personnel out at the desks.
Try to always be cheerful with travel personnel, even if you’re having a bad day. Airline check-in people can give you a better seat or waive a change fee if you are nice, flight attendants will sometimes comp a drink or give you the last blanket, and hotel clerks can put you in a better room—all if you are nice. Be grumpy or curt, and TSA will make your life miserable, you’ll get checked into the non-reclining seat in the last row next to the lav, and at the hotel you’ll get the room next to the elevator.
I have a single sheet with all my flight itinerary, hotel address, confirmation numbers, important telephone numbers, and so on. This turns out to be incredibly useful for all sorts of reasons.
Take along a small bottle of hand sanitizer, and use it before every meal or break. If you are meeting people, shaking hands, and using doorknobs handled by thousands of others, it is not a contributor to good health. Frequent hand washing and use of a sanitizer can really help. I get small bottles in the “travel size” section at my neighborhood pharmacy.
Finances
Keep all of your receipts, boarding passes, etc. I have a poly-plastic envelope with an elastic cord into which I put all my receipts while traveling. At the end of the trip, the receipts get sorted into three piles: those that go to the university or sponsor for reimbursement purposes, those that go into my file for income taxes (all meal receipts, for example), and a pile I keep until I have been reimbursed and my frequent flier miles credited. This last pile is normally where stubs from boarding passes go, unless your sponsor/university requires them.
Never leave a hotel without a paper statement showing a zero balance! Some hotels will run a statement of all expenses and slip it under your room door the night before you leave. You then do an express checkout an don’t stop at the desk. However, without evidence you paid the bill (the zero balance part), some agencies won’t reimburse you! You can probably get a corrected copy from the hotel, but the process delays your reimbursement by weeks (or longer).
Need to send in the original receipts for reimbursement? Make sure you have legible copies to keep on file in the event there is a mixup or loss of items.
Don’t forget to ask for mileage reimbursement to drive to/from the airport. The current IRS rate is commonly used.
If you work at a public university you can sometimes get the government rate at hotels. You need to ask about that when you reserve the room, and you show your faculty ID when arriving. Be sure you only do this when traveling on university business.
Be aware of your credit limit. If you are doing a lot of travel and charging it all to one credit card, you may hit your limit without knowing it. Hotels often put a hold charge on your card when you check in and do not remove it when you pay your bill, so your card takes double the hit. It can be very uncomfortable to arrive at your destination, 3 time zones away, only to be told that your card has been refused. American Express cards have no such pre-set limit, but you also have to pay them when the blll arrives, and this can be a stretch if your reimbursements aren’t timely.
Speaking of reimbursements, some companies that may ask you to come visit to speak at their expense can be extremely slow to pay reimbursements because their internal processes are so complex. My worst experiences have been with big companies, for some reason. Intel is one example—over a 3 year period with 5 trips they never paid an invoice in less than 6 months, one took 10 months to reimburse, and I had to file as a business supplier to even get into their system! In situations like this you either need to dip into savings then wait for the payment, or carry the charge on credit. Be prepared for this if you have no experience with a host offering to reimburse you.
Actually, this brings up a worst-case scenario: You are asked to visit an institution in a foreign country to speak, at their expense. You buy non-refundable tickets (that is all they will reimburse) and then they cancel the visit or you fall ill or..... Nothing like having $2000 in non-refundable tickets and the bill coming due! There are solutions here—demand to buy refundable tickets, have them buy the tickets for you, or consider having them authorize buying travel insurance through the airline or travel service where you get the tickets. Even reputable places may have scheduling problems.
Don’t fly sick! If you are really ill, don’t feel you have to travel because you bought non-refundable tickets, or because they are expecting you to talk at the other end. Flying while ill can make you worse (I’ve had a perforated ear drum from the pressure change on the plane, once, flying with a terrible cold), can spread germs, and you end up not making a very good presentation. Ask to reschedule if it is a presentation. Most airline tickets can be used, for a small change fee, up to a year after the date of purchase. If you are flying to a conference on grant money, check on university policy—most will cover the change fee or even the cost of the ticket so long as you commit to buying non-refundable tickets to keep costs low.
Check the interest rate on your credit cards. Yeah, maybe you collect frequent flier miles by using that card, but it also may have an 18%-25% effective annual rate. if you are delayed getting a reimbursement, or it crosses the due date of the bill, you may be paying a hefty penalty for those miles.
Many places will ask for your SSN# on a W-4 before they will reimburse you. If you are a compensated speaker, you can’t get your honorarium without this. This poses two problems: taxes and possible exposure of your SSN. The taxes part is easiest—keep the receipts and if your reimbursement gets included in a form 1099-MISC filed by your host, then you list the amounts as deductible business expenses (talk to a tax advisor for specifics—don’t depend on this blog!). As for protecting yourself against identity theft, come up with a “dba” name (doing business as) for consulting, then get an IRS EIN (employer identity number). Use that in place of your SSN. It is all perfectly legal (although you may need to educate the clerks at the other end), has the same number of digits as your SSN, but it compromised it won’t contribute to fraud committed with your identity.
I may do a follow-up post with some specific hints on international travel. If you have suggestions for academic travelers, please post them in the comments.
Privacy Survey
I am an advisor to ThePrivacyPlace. They do great work on privacy issues, and this annual survey is valuable—but only with a lot of responses. So, please respond and share the link with others.
The following is their survey announcement.
ThePrivacyPlace.Org Privacy Survey is Underway!
Researchers at ThePrivacyPlace.Org are conducting an online survey about privacy policies and user values. The survey is supported by an NSF ITR grant (National Science Foundation Information Technology Research) and was first offered in 2002. We are offering the survey again in 2008 to reveal how user values have changed over the intervening years. The survey results will help organizations ensure their website privacy practices are aligned with current consumer values.
The URL is: http://theprivacyplace.org/currentsurveyWe need to attract several thousand respondents, and would be most appreciative if you would consider helping us get the word out about the survey, which takes about 5 to 10 minutes to complete. The results will be made available via our project website (http://www.theprivacyplace.org/).
Prizes include
$100 Amazon.com gift certificates sponsored by Intel Co.
and
IBM giftsOn behalf of the research staff at ThePrivacyPlace.Org, thank you!
PHPSecInfo talk at OSCON 2008
If you’re at OSCON, and you love security, you may or may not enjoy my talk on PHPSecInfo, a security auditing tool for the PHP environment. I’m actually going to try to show some new code, so if you’ve seen it before, you can see it again – for the first time.
The talk is at 1:45pm Thursday, 07/24/2008.
Barack Obama, National Security, and Me
[Update 7/17: Video of the Senator’s opening remarks and the panel session (2 parts) are now online at this site. I have also added a few links.]
This story (somewhat long) is about Senator Barack Obama’s summit session at Purdue University today (Wednesday, July 16). on security challenges for the 21st century. I managed to attend, took notes, and even got my name mentioned. Here’s the full story.
Prelude
Monday night, I received email from a colleague here at Purdue asking if I could get her a ticket to see Senator Obama on campus. I was more than a little puzzled — I knew of no visit from the Senator, and I especially didn’t know why she thought I might have a ticket (although there are people around here who frequently ask me for unusual things).
Another exchange of email resulted in the discovery that the Senator was coming to Purdue today (the 16th of July) with a panel to hold a summit meeting on security issues for the 21st century. Cyber security was going to be one of the topics. The press was told that Purdue was chosen because of the leading role our researchers have in various areas of public safety and national security — including the leading program in cyber security — although some ascribed political motives as the primary reason for the location.
I found it rather ironic that security would be given as the reason for being at Purdue, and yet those of us most involved with those security centers had not been told about the summit or given invitations. It appears that the organizers gave a small number of tickets to the university, and those were distributed to administrators rather than faculty and students working in the topic areas.
I found this all very ironic and interesting, and expressed as much in email to several friends and colleagues — including several who I knew had some (indirect) link to the Senator’s campaign. I had faint hope of getting a ticket, but was more interested in simply getting the word back that there was a misfire in the organization of the event.
Late last night (I was in the office until 6:30) I got a call from someone associated with the Obama campaign. He apologized for the lack of an invitation, and informed me that a ticket was awaiting me at the desk the next day.
The Event
I went over to the Purdue Union at 11:30; the official event was to start at 12. I encountered a number of Purdue administrators in the crowd. Security was apparent for the event, including metal detectors at the door run by uniformed officers, some of whom I believe were with the Secret Service uniformed division. The officers everywhere were polite and cheerful, but watchful. I found a seat in the back of the North Ballroom with about 500 other guests…and nearly as many members of the press, entourage, ushers, protection detail, and so on.
I won’t try to summarize everything said by the Senator and panel — you can find the full video here (in two parts). I will provide some impressions of specific things that were said.
The event started almost on time (noon) with Senator Evan Bayh introducing Senator Barack Obama. Sen. Obama then read from a prepared set of remarks. His comments really resonated with the crowd (I encourage you to follow the link to read them). His comment about how we have been “fighting the last war” is particularly appropriate.
He made some very nice comments about Senator Richard Lugar, the other Senator from Indiana. Senator Lugar is a national asset in foreign policy, and both Senators Obama and Bayh (and former Senator Nunn) had nothing but good things to say about him — and all have worked with him on disarmament and peace legislation. One of the lighter moments was when Senator Obama said that Senator Lugar was a great man in every way except that he was a Republican!
Early in his statement, he deviated from his script as reproduced in the paper, and dropped my name as he was talking about cyber security. I was very surprised. He referred to me as one of the nation’s leading experts in cyber security when he mentioned Purdue being in the lead in this area. Wow! I guess someone I sent my email to pushed the right button (although my colleagues and our students deserve the recognition, as much or more than I do).
His further comments on officially designating the cyber infrastructure as a strategic asset is important for policy & legal reasons, and his comments on education and research also seemed right on. It was a strong opening, and there was obviously a lot in his comments for a number of different audiences, including the press.
Panel Part I
The first 1/3 of the panel discussion was on nuclear weapons issues. The experts present to talk on the issue were (former) Senator Sam Nunn (who joked that in Indiana everyone thought his last name was actually Nunn-Lugar), Senator Bayh, and Dr. Graham Allison, the director of the Belfer Center at Harvard. There was considerable discussion about the proliferation of nuclear materials, the need for cooperation with other countries rather than ignoring them (viz. North Korea and Iran), and the control of fissionable material.
There were some statements that I found to be a bit of hyperbole: For instance, the statement that a single bomb could be made by terrorists to destroy a whole city. Not to minimize the potential damage, but without sophisticated nation-state assistance and machining, a crude fission weapon is about all that a terrorist group could manage, and it wouldn’t be that large or that easy to build. A few tens of kilotons of fission explosion could definitely ruin your day, but a detonation at ground level wouldn’t destroy a whole city of any size. (Lafayette, IN would be mostly destroyed by one, but that isn’t a major city.) Plutonium is too dangerous to handle, so over 100 pounds of U-235 (or U-233) would be needed, and machined appropriately, for such a weapon. Without accelerators and specially shaped charges & containers, getting fission fast enough and long enough is difficult and….well, there is a very serious threat, and the nuances may be lost on the average crowd, but the focus on terrorists building a significant bomb seemed wrong to me.
There were some excellent remarks made about opportunity cost. For instance, the one figure that stood out was that we could fully fund the Nunn-Lugar initiative and some other plans to secure loose nuclear materials by spending the equivalent of 1 month of what we now spend in Iraq over the next 4 years around the world; the war in Iraq is breeding terrorists and making US enemies, while securing loose nukes would help protect generations to come around the world. As both a taxpayer and a parent (as well as someone immersed in defense issues), I know where I would prefer to see the money spent!
One other number given is that currently less than 1/4 of 1% of the defense budget is spent on containing nuclear materials, despite it being a declared priority of President Bush. Professor Allison said that despite grade inflation at Harvard, the President still gets an “F” in this area.
Another interesting factoid stated was that about 10% of the lights in the US are powered by electricity generated from reprocessed fissile material taken from Russian nukes rendered safe under the Nunn-Lugar initiative. That sounds high to me given the amount of nuclear power generated in the US, but even if off by a factor of 10, darned impressive.
Panel Part II
The second part of the panel was on bio weapons. The panelists were Dr. Tara O’Toole of the Center for Biosecurity at Pitt, and Dr. David Relman of Stanford. Their discussion was largely what I expected, about how bio-weapons can be produced by rogue actors as well as rogue states. They made the usual references to plague (with a funny interchange about prairie dogs being carriers, and keeping the Senator’s campaign away from them), anthrax and Ebola.
Again, there was a bit of exaggeration coupled with the dialog. It was pointed out that there has still been no apprehension of the perpetrator of the 2001 anthrax attacks. It was then stated that the anthrax in the envelope sent to Senator Daschle was enough to kill a billion people. No mention was made about how impossible it would be to meter and deliver such dosages in the most appropriate manner to achieve that. In fact, no discussion was made about the difficulty in weaponizing most biological agents, limiting their use as a targeted weapon over a large area. And furthermore, no mention at all was made of chemical weapons.
The conclusion here was that investment in better research and international cooperation was key. The statement was made that better integration of electronic health records would be important, too, although some studies I recall indicate that their utility is probably not so great as some would hope. It was also concluded that benefits in faster medical response and better vaccine production would help in non-crisis times as well. I don’t think we can argue too much with that, although the whole issue of how we pay for medicine and health issues looms large.
Panel Part III
The last panel featured Alan Wade, former CIO of the CIA, and Paul Kurtz of Good Harbor Consulting, speaking on the cyber threat. I’ve known Paul for years, and he is a great person to talk on these issues.
The fact that cyber technology is universal and ubiquitous was highlighted. So was the asymmetry inherent in the area. Some mention was made about how nothing has been done by the current administration until very recently. Sadly, that is clearly the case. The National Strategy in 2002, the PITAC report in 2005, and the CSTB report in 2007 (to name 3 examples) all generated no response. As a member of the PITAC that helped write the 2005 report, I was shocked at the lack of Federal investment and the inaction we documented (I knew it was bad, but didn’t realize until then how bad it was); the reaction from the White House was to dissolve the committee rather than address the real problems highlighted in the report. As one of today’s panelists put it — the current administration’s response has been “…late, fragmented, and inadequate.” Amen.
I was disappointed that so much was said about terrorism and denial of service. Paul did join in near the end and point out that alteration of critical data was a big concern, but there was no mention of alteration of critical services, about theft of intellectual property, about threats to privacy, or other more prominent threats. Terrorism online is not the biggest threat we face, and we have a major crisis in progress that doesn’t involve denial of service. We need to ensure that our policymakers understand the scope of the threat.
On the plus side, Senator Obama reiterated how he sees cyber as a national resource and critical infrastructure. He wants to appoint a national coordinator to help move protection forward. (If he is elected I hope he doesn’t put the position in DHS!)
Paul pointed out the need for more funds for education and research. He also made a very kind remark, mentioning me by name, and saying how we were a world-class resource built with almost no funding. That’s not quite true, but sadly not far off. I have chafed for years at how much more we could do with even modest on-going support that wasn’t tied to specific research projects….
Conclusions
I was really quite impressed with the scope of the discussion, given the time and format, and the expertise of the panelists. Senator Obama was engaged, attentive, and several of his comments and questions displayed more than a superficial knowledge of the material in each area. Given our current President referring to “the Internets” and Senator McCain cheerfully admitting he doesn’t know how to use a computer, it was refreshing and hopeful that Senator Obama knows what terms such as “fission” and “phishing” mean. And he can correctly pronounce “nuclear”! 
His comments didn’t appear to be rehearsed — I think he really does “get it.”
(Before someone picks on me too much…. I believe Senator McCain is an honorable man, a dedicated public servant, and a genuine American hero. I am grateful to have people like him intent on serving the public. However, based on his comments to the press and online, I think he is a generation out of date on current technology and important related issues. That isn’t a comment related to his age, per se, but to his attitude. I’d welcome evidence that I am mistaken.)
Senator Obama is a great orator. I also noticed how his speed of presentation picks up for the press (his opening remarks) but became more conversational during the panel.
Senator Obama kept bringing the panel back to suggestions about what could be done to protect the nation. I appreciated that focus on the goal. He also kept returning to the idea that problems are better solved early, and that investments without imminent threat are a form of insurance — paying for clean-up is far greater than some prudent investment early on. He also repeatedly mentioned the need to be competitive in science and technology, and how important support for education is — and will be.
After the session was over, I didn’t get a chance to meet any of the campaign staff, or say hello to Paul. I did get about 90 seconds with Senator Bayh and invited him to visit. After my name had been mentioned about 3 times by panelists and Senator Obama, he sort of recognized it when I introduced myself. We’ll see if he follows up. I’ve visited his office and Senator Lugar’s, repeatedly, and neither have ever bothered to follow up to see what we’re doing or whether they could help.
Several people in the audience commented on my name being mentioned. I’m more than a little embarrassed that they didn’t refer to CERIAS and my colleagues, and in fact I was the only Purdue person mentioned by name during the entire 2 hours, and then it happened multiple times. I’m not sure if that’s good or not — we’ll see. However, as P.T. Barnum said, there’s no such thing as bad publicity … so long as they spell my name correctly. 
None of the local or national press seem to have picked it up, however, so even spelling isn’t an issue.
The press, in fact, hasn’t seemed to focus on the substance of the summit at all. I’ve read about 15 accounts so far, and all have focused on his choice of VP or the status of the campaign. It is so discouraging! These are topics of great importance that are not well understood by the public, and the press simply ignores them. Good thing Angelina Jolie gave birth earlier in the week or the summit wouldn’t have even made the press. 
I wish more of the population would take the time to listen to prolonged discussion like this. 15-second sound bites serve too often as the sole input for most voters. And even then, too many are insufficiently educated (or motivated) to understand even the most basic concepts. I wonder if more than 5 people will even bother to read this long a post — most people want blogs a single page in length.
As for my own political opinions and voting choices, well, I’m not going to use an official Purdue system to proselytize about items other than cyber security, education, research and Purdue. You can certainly ask me if you see me. Now, if only I had confidence in the electronic voting equipment that so many of us are going to be forced to use in November (hint: I’m chair of the USACM).
Last Tongue-in-Cheek Word
And no, I’m not particularly interested in the VP position.
RuxSeed v. 1.0 Released: A Ruby Open Source XCCDF Loader
I am happy to announce that ruxseed v. 1.0 is now available on SourceForge. Ruxseed processes XCCDF documents used for SCAP (NIST Security Content Automation Protocol) checklists. It performs benchmark resolution, i.e., the 6 “Loading” steps. Given an XCCDF document, it returns a resolved benchmark in the form of an ReXML tree. The project also contains a number of tests that might be useful to someone developing an XCCDF product.
This release enables work on more complex XCCDF processing, such as tailoring and compliance checking. If you would be interested in that functionality, and are willing to test or contribute code or test cases, please contact me.
