CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

A Question of Security

Carlos Solari - Alcatel-Lucent

Feb 06, 2008

Abstract

The demands of business have long past moved from computing as a desk-bound activity to one that occurs wherever the business is – on the road, at client locations, and between global partners. It is increasingly wireless and increasingly unconstrained by media types bound to specific devices. The same can be said for government activities and for the infrastructures that all use information communications technology (ICT) to operate their systems and improve operational efficiencies. In a word having gained wide use in the past year, we can say that ICT is deperimeterized, no longer constrained to the enterprise LAN or the data center.

We ask the question – how well has security measured up to this change in the way that the business of business, the business of government and the management of national infrastructures is conducted? There is ample evidence is that it has not measured up well at all and general agreement that we can and must do better. It is less clear what we can do to correct this trend. The rises of Botnets, increasingly sophisticated social engineering schemes, the increased availability of cyber-criminal services have made the challenge greater.

This we know, there is no silver bullet solution and no easy answer to this problem; it is complex and it will take an approach better than the approach taken to date of reactive, after market security solutions. In this seminar, we explore two complementary lines of thinking that offer a better approach. First we will consider a security framework developed at Bell Laboratories and adopted as ITU/T X.805 as a way to design for security in a consistent way that hardens products and solutions. Second, the “positive model” of security controls. They are not, as said already, silver bullets to fix the problems. They are about getting more disciplined, about recognizing that concomitant to the increased dependency in ICT systems, we must have the appropriate levels of assurance that these critical systems can continue to serve their important functions even in the midst of a growing threat.

About the Speaker

Carlos Solari joined Alcatel-Lucent as Bell Labs Security Solutions Vice President in April 2006 recently transitioning to lead in the same capacity from the CTO Organization. In this role, Carlos leads a team defining and implementing the security strategy positioning Alcatel-Lucent as the vendor of choice for secure, reliable networks, services and applications.

Carlos brings extensive experience in the field of information systems security as applied in the areas of homeland security, law enforcement, public safety and defense; with over 25 years in various government and private industry positions, including 13 years as an officer in the U.S. Army and more than 6 years as a senior executive with the Federal Bureau of Investigation. From 2002 to 2005 he served as Chief Information Officer for the Executive Office of the President - the White House. He was responsible for the implementation of a complete computing modernization for the White House and its supporting offices with IT security a central part of the work.

He is a graduate of Washington and Lee University in Lexington, Virginia with a BS in Biology (1979), and the Naval Postgraduate School in Monterey, California; MS in Systems Technologies (1990).

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.