Eugene Spafford is a professor with an appointment in computer science at Purdue University, where he has served on the faculty since 1987. He is generally recognized as one of the senior leaders in the field of computing. In 2013, he was inducted into the National Cybersecurity Hall of Fame. He was recognized, in part, for his co-development of the first free intrusion detection system distributed on the Internet and for originating the term “firewall.” Spafford is known for his writing, research and speaking on issues of security and ethics. He has brought that expertise to Washington, as a witness testifying before Congress and as a former member of the President’s Information Technology Advisory Committee. He also serves as executive director of Purdue’s Center for Education and Research in Information Assurance and Security.
To stitch existing security seams that are fraying at the edges, or to start over? That is the question.
And Gene Spafford, for one, thinks there is a clear answer. We have spent far too long trying to patch and mend existing systems that have fundamental flaws. We need to begin shifting our thinking and taking a proactive approach, which starts with investing in better design and deployment of secure and resilient systems. In Spafford’s own words:
“When we talk about all the spending that’s been done on security, over the years, the vast majority of that has been patching and building new layers on top of broken artifacts. So fundamental problems continue to be present in the way we design and use those systems. And because there isn’t really a good set of metrics, and there aren’t sufficient disincentives organizations are unwilling to spend the money and the effort to build more resistance systems to replace the existing infrastructure with this huge sunk cost that’s out there. … So the way we’ve approached securing systems, has generally been wrong.”
In this episode of Cybersecurity Unplugged, Spafford discusses:
- Who and what could be behind the pileup of attacks on security vendors;
- How our democracy and freedom of speech allows for exploitation by the adversary;
- Why our current solutions seem to create more problems than they solve;
- And the need for a bigger push to develop secure and resilient systems.