New Center Takes Team Approach To Tackle Information Security

July 02, 1998

WEST LAFAYETTE, Ind. -- Purdue University computer expert Gene Spafford says information security is too important to leave solely to scientists and technicians.

"It takes more than an architect to construct a solid building, and it requires more than computer expertise to secure information," Spafford says.

He is following that philosophy as founder of a multidisciplinary center that is the first in the world to take a comprehensive approach to network and computer security. The center includes researchers from sociology, psychology, criminology, political science, ethics, management and economics.

The new center, named CERIAS (pronounced "serious"), will address issues related to information security from all those perspectives, Spafford says. CERIAS stands for Center for Education and Research in Information Assurance and Security.

"The public perception of information security is shaped by sensationalism such as computer virus scares and stories of teen-agers breaking into sensitive military systems," Spafford says. "But information and computing security is much more complex than that. It can include aspects of economic and international espionage, sabotage, terrorist activities, vandalism and other forms of crime."

Purdue, so far, is the only university to offer formal training to address these issues in a comprehensive manner.

Information assurance and security includes computer security, but it also addresses a much wider range of important issues, Spafford says.

"Issues such as network security, communications security, disaster recovery, investigation of computer crime, employee training and supervision, and protection against defective software also must be addressed," he says.

Current efforts to secure information generally rely upon computer security measures, which focus only on protecting information within a single computer system, Spafford says.

"However, the major value to organizations is in the data processed on the computer and not the computer itself," he says. "Disclosure, loss or alteration of the data, as a result of accident or malicious activity, is the problem."

The Purdue center will focus on finding ways to protect information that flows through computers in all its various forms -- whether on network cable, disks, faxes, or a phone call, Spafford says.

The center will work with researchers in industry, government and other academic institutions around the world, and it will provide training opportunities for both undergraduate and graduate students.

Recent reports, including testimony before Congress on the fragile state of the Internet, have served to underscore the need for increased training and research in information security topics, Spafford says.

"These needs are only going to expand in the coming years as we deploy more information resources and as the use of wide-area computer networks continues to spread," he says. "Our increasing reliance on new and often fragile technologies for use in critical applications presents attractive targets to criminals, vandals and foreign adversaries."

Spafford, who has helped track computer break-ins worldwide, is an expert on computer and network security and computer crime. He is the co-author or contributing editor of four books, including "Computer Crime: A Crime-Fighters Handbook" and "Web Security and Commerce," and he is a frequent speaker at academic, industrial and government conferences on information security and computer crime.

To create a more secure environment, educators must push beyond technical knowledge and provide a comprehensive view of computer use so that students and future users are familiar with the many ways in which computers can be used and abused, Spafford says.

"Today's students will design the information technologies of the future, yet the majority of them receive no training in information security," he says. "There are few institutions ready to train people to deal with the multiple issues, and none that takes a broad view of the problems involved."

Michael Stohl, dean of international programs and professor of political science at Purdue, is one of about 20 faculty members from eight Purdue departments already associated with the center. His expertise in terrorism and international relations will be tapped to help train others on the threat to security that is posed by political terrorists.

"I can bring a perspective involving threat assessment that is complementary to those who approach the subject from a purely technical side," he says. "Knowledge of potential enemies is important in making decisions as to how to protect something."

Alok Chaturvedi, a professor of management information systems in Purdue's Krannert Graduate School of Management, will use a computer-simulated "war game" that he, another Purdue professor and the Institute for Defense Analyses created to help students and senior government officials simulate the economic and management consequences of cyberterrorism.

Chaturvedi says the human interaction between the players of the game helps make the simulation unpredictable.

"Using this program, students can see the consequences of compromised systems unfold in front of their eyes in real time," Chaturvedi says. "For example, we can simulate scenarios that show what would happen if computer terrorists attacked the New York Stock Exchange, or if the air traffic control or telecommunications systems are compromised."

Chaturvedi and Spafford say a classroom exercise such as this will help better prepare students to cope with all the various issues involved in information security because it allows them to experience the consequences first-hand.

"As the world becomes more interlinked, security becomes a major issue, and businesses and organizations become more vulnerable to organized crimes," Chaturvedi says. "I can't think of a more hands-on way to let students or other participants experience the economic or political consequences of a compromised system without actually taking the risk."

CERIAS is an expansion of several widely recognized programs currently in place at Purdue, including the COAST laboratory, which was established by Spafford in 1992 to meet the growing need for research and education in the information security arena. Research tools and educational materials from COAST have been used by government agencies, businesses and academic institutions worldwide and have been hailed as models for their usefulness. The COAST laboratory will work as a partner with the new center.

The new center is funded by Purdue. More information on CERIAS is available at the center's Web site:

Sources: Eugene Spafford, (765) 494-7825; e-mail, ;

Michael S. Stohl, (765) 494-9399; e-mail,

Alok Chaturvedi (765) 494-9048; e-mail,

Writer: Susan Gaidos, (765) 494-2081; e-mail,

Purdue News Service: (765) 494-2096; e-mail,

Purdue University

Related Computer Security Articles from Brightsurf:

UCLA computer scientists set benchmarks to optimize quantum computer performance
Two UCLA computer scientists have shown that existing compilers, which tell quantum computers how to use their circuits to execute quantum programs, inhibit the computers' ability to achieve optimal performance.

Computer-based weather forecast: New algorithm outperforms mainframe computer systems
The exponential growth in computer processing power seen over the past 60 years may soon come to a halt.

Focus on food security and sustainability
The number of malnourished people is increasing worldwide. More than two billion people suffer from a lack of micronutrients.

Eliminating infamous security threats
Speculative memory side-channel attacks like Meltdown and Spectre are security vulnerabilities in computers.

UBC study: Publicizing a firm's security levels may strengthen security over time
New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one's security levels leads to improved defense levels against cybercrime.

Discovery casts dark shadow on computer security
Two international teams of security researchers have uncovered Foreshadow, a new variant of the hardware vulnerability Meltdown announced earlier in the year, that can be exploited to bypass Intel Processors' secure regions to access memory and data.

Shh! Proven security for your secrets
Researchers show the security of their cipher based on chaos theory.

A library for food security
Researchers are uncovering the genome of cowpeas, also known as black-eyed peas, in response to challenging growing conditions and the need for food security.

Bring your own (security) disaster
Bring your own device (BYOD) to work is common practice these days.

'Security fatigue' can cause computer users to feel hopeless and act recklessly
A new study from National Institute of Standards and Technology researchers found that a majority of the typical computer users they interviewed experienced security fatigue -- weariness or reluctance to deal with computer security -- that often leads users to risky computing behavior at work and in their personal lives.

Read More: Computer Security News and Computer Security Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to