Dorothy Denning honored for contributions to infosec

[David Farber <dave () farber net>]

------ Forwarded Message
From: kelley <kelley () rakfoundry com>
Date: Fri, 11 Mar 2005 12:28:06 -0500
To: <dave () farber net>
Subject: Dorothy Denning honored for contributions to infosec

Dave,

Denning was given that 2004 Harold F. Tipton Award for her "contributions
to the improvement of the information security profession."


Best,


Kelley

--


Ink Works: Security awareness and privacy training
http://www.inkworkswell.com
Phone:  +1 (727) 942-9255
E-mail: mailto:kelley () inkworkswell com


Computer security pioneer honored

By KEVIN HOWE
Herald Staff Writer

First came the automobile. Then came anti-lock brakes, seat belts and air
bags.

The evolution of the computer has followed a similar path, said a woman who
was a pioneer in the field of computer security: first the invention, then
the safety devices.

Dorothy Denning, professor in the Department of Defense Analysis at the
Naval Postgraduate School, literally wrote the book on computer security.
"Cryptography and Data Security," published by Addison-Wesley in 1982, is a
classic textbook in the field.

Denning previously taught at Georgetown University, where she was the
Callahan Family Professor of Computer Science and director of the
Georgetown Institute of Information Assurance, and at Purdue University.
She came to the Navy school in 2002 because "it seemed like an interesting
and challenging environment and because I have a lot of respect for what
the school is doing.

"It is definitely the leading edge in information security," she said.

In February, Denning was honored with the prestigious 2004 Harold F. Tipton
Award, which recognizes lifelong contributions to the improvement of the
information security profession.

One of two women|

Denning was one of two women in the field when she earned her doctorate.
The other was Anita Jones "who finished her Ph.D. thesis a couple of years
before I did."

She holds bachelor's and master's degrees in mathematics from the
University of Michigan and her doctorate in computer science from Purdue
University.

When she first became involved with computers in the 1960s, "there were no
mice, no PCs, no screens, no portable media like CDs and disks; you
couldn't even get remote access. You worked in a room with the machine."

When remote terminals did become available, Denning said, they were
hard-wired to the computer. Data spewed out on punched tape, punch cards
and magnetic tape.

"Security was room security, protection of physical access" to the
computer. Then came time-sharing.

The security problem in those early days "was vastly simpler," she said.
"There were no malicious codes, no viruses, no spam, no Internet fraud."

The professional literature in the field was written by a handful of
academics "and you could read all of them, be fully up on their thinking.
Now the field is so vast, there is a huge number of people in academia and
security professionals. You can't possibly read it all."

The Internet, once the exclusive domain of scientists, academics and the
military, was opened by the personal computer to people of all walks of
life, including advertisers and criminals.

Suddenly the world of cyberspace was vulnerable, and its inhabitants needed
locks and keys to protect themselves.

Fast-moving technology|

When personal computers came online, technology was moving so fast and the
job of building a really secure system was so hard that the computer
developers were continually outpacing the security developers.

"It was not a high enough priority among the buyers," she said.

Buyers just wanted to get a fast operating system up and running and didn't
want to spend money on security systems. "Now there's a lot more interest."

Users of the Internet, Denning said, should take the same attitude they
have when they go out on the street. You can be assaulted, mugged or
pickpocketed in either place.

"It's not possible to prevent every crime," she said. "You can't have
absolute security."

But, she said, she's never had any qualms about doing her shopping on the
Net or conducting business over it. Users just need to apply some virtual
street smarts.

"When in doubt," she said, "don't provide personal information. Sites that
ask for confidential information are mostly a scam."

Users shouldn't fear to use credit when dealing with established companies
like eBay or Amazon.com, she said. "I wouldn't advise you not to engage in
e-commerce."

Users should keep their computers "patched" with updates and download any
fixes from their service providers, she said.

And they should get one good virus protection system from a major provider,
such as Symantec.

You just need one, Denning said. "They all do pretty much the same thing."
Such antivirus programs should also be kept up to date. Precautions can
protect a user's privacy, credit and bank account.

Government and industry have vital interests in securing their data
systems, she said, to protect classified information and the systems that
run power and transportation grids, oil and water distribution systems. Her
work in the past has been developing ways of detecting hacker attacks on
such systems and the problem of a terrorist onslaught against the U.S.
Internet has been part of war games at the Navy school annually.

The usual scenario, she said, combines a cyber attack with a physical
attack against some vital installation.

Denning said computer systems "have a lot of redundancy and resilience,"
and an attack will likely be met with "a lot of cooperation" to fend it off.

Undoubtedly, she said, such cyber attacks have already been launched and
squelched since the 9/11 terrorist attacks.

Good place to teach|

Teaching at NPS, Denning said, is a pleasure.

"The students bring into the classroom very, very rich experiences" from
time spent at sea or in the field as well as from their studies.

"They're also extremely smart and dedicated. And they do their work on
time. I've never worked where you could count on students to be on time,
and they turn in superior work. I like reading their assignments."

In addition to her academic work, Denning has worked at SRI International
and Digital Equipment Corp.

She has published 120 articles and four books, her most recent being
"Information Warfare and Security," including "Is Cyber Terror Next?" in
the essay collection "Understanding September 11," published by The New
Press in 2002. Two other articles are awaiting publication: "Cyber Security
as an Emergent Infrastructure," to appear in "IT and Global Security,"
published by The New Press and "Information Technology and Security" to
appear in "Grave New World," Georgetown University Press.

In November 2001, she was named a Time magazine innovator. Her leadership
positions have included president of the International Association for
Cryptologic Research and chair of the National Research Council Forum on
Rights and Responsibilities of Participants in Network Communities.

http://www.montereyherald.com/mld/montereyherald/news/11109598.htm?template=
contentModules/printstory.jsp

------ End of Forwarded Message

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/