http://www.montereyherald.com/mld/montereyherald/news/11109598.htm
By KEVIN HOWE Herald Staff Writer March. 11, 2005 First came the automobile. Then came anti-lock brakes, seat belts and air bags. The evolution of the computer has followed a similar path, said a woman who was a pioneer in the field of computer security: first the invention, then the safety devices. Dorothy Denning, professor in the Department of Defense Analysis at the Naval Postgraduate School, literally wrote the book on computer security. "Cryptography and Data Security," published by Addison-Wesley in 1982, is a classic textbook in the field. Denning previously taught at Georgetown University, where she was the Callahan Family Professor of Computer Science and director of the Georgetown Institute of Information Assurance, and at Purdue University. She came to the Navy school in 2002 because "it seemed like an interesting and challenging environment and because I have a lot of respect for what the school is doing. "It is definitely the leading edge in information security," she said. In February, Denning was honored with the prestigious 2004 Harold F. Tipton Award, which recognizes lifelong contributions to the improvement of the information security profession. One of two women| Denning was one of two women in the field when she earned her doctorate. The other was Anita Jones "who finished her Ph.D. thesis a couple of years before I did." She holds bachelor's and master's degrees in mathematics from the University of Michigan and her doctorate in computer science from Purdue University. When she first became involved with computers in the 1960s, "there were no mice, no PCs, no screens, no portable media like CDs and disks; you couldn't even get remote access. You worked in a room with the machine." When remote terminals did become available, Denning said, they were hard-wired to the computer. Data spewed out on punched tape, punch cards and magnetic tape. "Security was room security, protection of physical access" to the computer. Then came time-sharing. The security problem in those early days "was vastly simpler," she said. "There were no malicious codes, no viruses, no spam, no Internet fraud." The professional literature in the field was written by a handful of academics "and you could read all of them, be fully up on their thinking. Now the field is so vast, there is a huge number of people in academia and security professionals. You can't possibly read it all." The Internet, once the exclusive domain of scientists, academics and the military, was opened by the personal computer to people of all walks of life, including advertisers and criminals. Suddenly the world of cyberspace was vulnerable, and its inhabitants needed locks and keys to protect themselves. Fast-moving technology| When personal computers came online, technology was moving so fast and the job of building a really secure system was so hard that the computer developers were continually outpacing the security developers. "It was not a high enough priority among the buyers," she said. Buyers just wanted to get a fast operating system up and running and didn't want to spend money on security systems. "Now there's a lot more interest." Users of the Internet, Denning said, should take the same attitude they have when they go out on the street. You can be assaulted, mugged or pickpocketed in either place. "It's not possible to prevent every crime," she said. "You can't have absolute security." But, she said, she's never had any qualms about doing her shopping on the Net or conducting business over it. Users just need to apply some virtual street smarts. "When in doubt," she said, "don't provide personal information. Sites that ask for confidential information are mostly a scam." Users shouldn't fear to use credit when dealing with established companies like eBay or Amazon.com, she said. "I wouldn't advise you not to engage in e-commerce." Users should keep their computers "patched" with updates and download any fixes from their service providers, she said. And they should get one good virus protection system from a major provider, such as Symantec. You just need one, Denning said. "They all do pretty much the same thing." Such antivirus programs should also be kept up to date. Precautions can protect a user's privacy, credit and bank account. Government and industry have vital interests in securing their data systems, she said, to protect classified information and the systems that run power and transportation grids, oil and water distribution systems. Her work in the past has been developing ways of detecting hacker attacks on such systems and the problem of a terrorist onslaught against the U.S. Internet has been part of war games at the Navy school annually. The usual scenario, she said, combines a cyber attack with a physical attack against some vital installation. Denning said computer systems "have a lot of redundancy and resilience," and an attack will likely be met with "a lot of cooperation" to fend it off. Undoubtedly, she said, such cyber attacks have already been launched and squelched since the 9/11 terrorist attacks. Good place to teach| Teaching at NPS, Denning said, is a pleasure. "The students bring into the classroom very, very rich experiences" from time spent at sea or in the field as well as from their studies. "They're also extremely smart and dedicated. And they do their work on time. I've never worked where you could count on students to be on time, and they turn in superior work. I like reading their assignments." In addition to her academic work, Denning has worked at SRI International and Digital Equipment Corp. She has published 120 articles and four books, her most recent being "Information Warfare and Security," including "Is Cyber Terror Next?" in the essay collection "Understanding September 11," published by The New Press in 2002. Two other articles are awaiting publication: "Cyber Security as an Emergent Infrastructure," to appear in "IT and Global Security," published by The New Press and "Information Technology and Security" to appear in "Grave New World," Georgetown University Press. In November 2001, she was named a Time magazine innovator. Her leadership positions have included president of the International Association for Cryptologic Research and chair of the National Research Council Forum on Rights and Responsibilities of Participants in Network Communities. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005