CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Spafford Speaks on Cybersecurity Threats at the University of Delaware

Mon, December 18, 2006General

CERIAS  Executive Director Eugene Spafford  recently spoke at the University of Delaware as part of their Distinguished Lecture Series.

On December 6, CERIAS Executive Director Eugene Spafford spoke at the University of Delaware about the current state of cybersecurity and the shape of things to come if measures for better software and platform protection aren't developed and implemented.

“I'm going to talk about the crisis in cybersecurity,” Spafford said, “and if you're not aware of that crisis, perhaps this lecture will convince you that one exists. There are overwhelming vulnerabilities in most commonly used software applications, and well over 130,000 known viruses and worms.”

While there are no firm statistics on how much cybersecurity problems cost the economy, Spafford said a conservative estimate from 2004 indicated a global loss of more than $100 billion from cybercrime, and he added that this figure did not include passive losses, such as individual hardship incurred due to identity theft, or large-scale profit loss incurred through employee time wasted in weeding spam from valid e-mail.

Spafford touched on spyware, adware and malware, but said that a newer, bigger threat lies in botware (short for robotware), which can lodge in users' computers, run unbeknownst to them in the background, mutate regularly to skirt detection and eradication, and run all sorts of scripts that co-opt e-mail and use the host computer as a launching pad for outgoing scams.

“Detection is doomed,” Spafford said, “and the problem [of cybercrime] is getting worse, not better. Currently, two out of every 40 individuals is a victim of identity theft, and [only] one out of every 10 e-mail messages is valid. That's a tremendous cost to all of us.”

He also attributed the current state of vulnerability to antiquated security measures and likened the continued faith in these measures to a form of insanity.

“The definition of insanity is 'Doing the same thing over and over again and expecting different results,'” Spafford said, quoting the 17th-century playwright, John Dryden. “Firewalls are more than 10 years old and virus-protection software is more than 25 years old, and they're not working, and yet we expect them to work. That's insanity.”

Get Your Degree with CERIAS