Eugene Spafford, a computer-science professor at Purdue University and a member of the Naval Academy’s Cybersecurity Advisory Board, has been thinking about all the ways computers work (and fail) since 1979. “So many [technologies] are interconnected in ways we don’t see,” he says, “that a longer shutdown lasting weeks or months would be catastrophic.”
“This gets to the root of the issue,” said Purdue professor Gene Spafford, a cybersecurity expert who has also advised government agencies including the NSA, FBI and Air Force. “If the Chinese or the Iranian government under their legal system has all the legal requirements met to break the encryption or look at what is on a phone, they would have a same standing as the U.S. government does in this case to compel Apple to cooperate.”
Experts say investigations into cybercrime are complicated, and that police are probably making progress that isn’t readily apparent.
“So long as you don’t have someone very sophisticated doing it, they are likely to get caught,” said Professor Eugene H. Spafford, who studies cybersecurity at Purdue University.
Congratulations to CERIAS-affiliated professors Dongyan Xu and Xiangyu Zhang whose research “Toward vetted sensing and control system firmware and software” project is being supported by the U.S. Navy.
CipherCloud’s Dr. Chenxi Wang interviewed Dr. Eugene Spafford, the executive director of CERIAS center, Purdue University. Below is a summary of the interview conversation.
Eugene Spafford, the executive director of Purdue’s Center for Education and Research in Information Assurance and Security, says in the case of Anthem and others, the costs and dangers are hidden. “The personal information they listed can represent a problem for people for years to come,” he said. “That’s information that can be used for identity theft, extortion and to gain people’s trust. So, it really is a big problem, even if medical or credit card information is not given out. The company providing a year or two of credit monitoring won’t fix that.”
The study shows that when we think we have privacy when our data is collected, it’s really just an “illusion,” said Eugene Spafford, director of Purdue University’s Center for Education and Research in Information Assurance and Security. Spafford, who wasn’t part of the study, said it makes “one wonder what our expectation of privacy should be anymore.”
“If the government wanted to do something about this, I would suspect they would do something more targeted toward the leadership rather than just shutting down the network,” said Eugene Spafford, a professor of information security at Purdue University. “Teenagers with botnets regularly shut down networks.”
Targeting the financial assets of North Korean leaders (rather than the country’s Internet equipment) would be much more closely aligned with President Obama’s warning of a “proportional response” — and something the White House could accomplish that nameless hacktivists probably couldn’t on their own, Spafford added.