Professor speaks to Congress
By Dave Stephens
Assistant
Campus Editor
Gene Spafford has spoken before Congress before,
but never has he received this much attention.
Spafford, speaking to the U.S. House of Representatives
Science Committee on Wednesday, discussed the issues needed to secure
computer information from threats of terrorism.
"I have been warning about the computer security
threat for years; at one of my other congressional visits four years
ago, I discussed the same thing," said Spafford, a professor of computer
science and the director of Purdue's Center for Education and Research
in Information Assurance and Security. "I said the same thing back then,
but nothing was done. It's unfortunate that we didn’t put the effort
in then; it would be a tragedy if they didn't put the effort in now."
Unlike his past congressional testimony, Spafford
thinks that during this trip to Capitol Hill his message was better
received.
"This time was particularly notable because of
the number of committee members who were present," said Spafford. "There
was something like 22 or 24 members of Congress who were present at
the meeting. That's usually a very rare occurrence, when I've spoke
before usually only a few members were present and the other congressmen
would send their staff members."
Spafford addressed the committee on behalf of the
Association for Computing Machinery's Committee on U.S. Public Policy,
for which he serves as co-chair.
"We cannot hope to protect our information infrastructure
without a sustained commitment to the conduct of research — both
basic and applied — and the development of new experts," Spafford
said to Congress. "The incredible growth of or society's deployment
of computing has too often been conducted with concerns for speed or
lowest cost rather than with concern for issues of safety, security
and reliability."
Spafford told the congressional committee the current
setup of the software industry gives little incentive to solve security
problems or develop security measures.
"Industry is concerned with getting products to
market as quickly as possible, at the lowest cost," said Spafford. "The
result is often software with extraneous, poorly designed and poorly
tested features."
Spafford said the recent terrorist attack emphasized
the need for security measures in all areas, including against the threat
of cyber terrorism.
"We are vulnerable to terrorism," said Spafford.
"Even if it doesn't occur it’s a huge problem and the industry
is not recognizing that."
Steve Hare, managing director of Purdue's Center
for Education and Research in Information Assurance and Security, said
another problem posing a threat to computer security is that programs
used by hackers to disrupt computer systems are becoming more sophisticated,
while at the same time becoming easier to access.
"There's now the ability for a 14 year-old to download
a program, and by not really knowing what he is doing, launch an attack
on other people using the Internet," said Hare.
Hare said it was important for Congress to understand
the danger poised by cyber terrorism and to help fund programs to develop
better security measures.
"More pure fundamental research needs to be done
in this area," said Hare. "Universities like ours need to have funding
available to fund long-term projects that look at how to really solve
these problems, not just offer short-term solutions."
Hare said that even with attention focused on the
computer security, work still needs to be done to solve the problem.
"Things will get worse before they get better,"
said Hare. "We need ways to protect out national infrastructure and
we need more investment in the research areas. It'll take some time
before we get things moving in the right direction."
|
