Eugene H. Spafford, a computer security professor at Purdue University, was not convinced that the arrests last week would serve as a deterrent. Rather, he said, it could prompt others to be more careful in the future and even prompt retaliatory strikes.
“A whole bunch of people were angry, they didn’t really think about whether it was legal or not. It never entered their minds,” Professor Spafford said. “This was kind of the equivalent of a spontaneous street protest, where they may have been throwing rocks through windows but never thought that was against the law or hurting anybody.”
“The climate the press has created is that hackers are somehow supernatural and can’t be stopped; everybody falls victim,” says Gene Spafford, a Purdue University computer professor and executive director of its Center for Education and Research in Information Assurance and Security. “So long as the head of IT can say ‘It happens to everybody, even the government and security vendors,’ it will be difficult to blame them for not taking appropriate measures.”
According to a survey conducted by Purdue University and the Center for Education and Research in Information Assurance and Security (CERIAS) in association with McAfee, as much as $1 trillion of intellectual property is stolen by cybercriminals each year.
The repeated incidents should have warned Sony its online network was vulnerable, said Eugene Spafford, a computer science professor at Purdue University in West Lafayette, Indiana. The failure to enact safeguards such as appointing a single chief of security may show Sony misunderstands the risks inherent in Chairman and Chief Executive Officer Howard Stringer’s networked strategy, he said.
The sensor research is looking at ways to place sensors in a network “so you don’t slow it down, you don’t generate too many false alarms, and you don’t have to spend too much on sensors,” added Eugene Spafford, a computer science professor at Purdue.
Three problems face anyone trying to justify retaliation for a cyber attack: where did it come from, who did it and what response is appropriate, explained Eugene H. Spafford, a computer science professor at Purdue University in West Lafayette, IN, and director of the school’s Center for Education and Research in Information Assurance and Security.
WASHINGTON, June 1, 2011 (GLOBE NEWSWIRE) — Northrop Grumman Corporation (NYSE:NOC) and three of the nation’s leading cybersecurity research universities, Carnegie Mellon University, The Massachusetts Institute of Technology (MIT) and Purdue University, announced today the progress they have made in developing solutions for pressing cybersecurity threats during a briefing at the National Press Club.
Eugene Spafford, a security expert and professor at Purdue University, told a House subcommittee last week that computer security experts had been aware for months that the PlayStation’s Web servers were outdated and that the company’s network lacked sufficient security — which he said Sony must have also known.
But Professor Spafford does not see any new legislation in the near future that would force companies to take security more seriously.
“Over the last five years there have been several bills that have been introduced through committees but never made it all the way through Congress,” he said in an interview. “Companies tend to fight the bills, saying it would be too expensive or onerous to implement better security.”