Discussing Internet Security with Eugene Spafford

C-SPAN recently aired a discussion with Eugene “Spaf” Spafford, a computer science professor at Purdue University (also know for his work in analyzing the Morris Worm of 1988).

The interview touches on many aspects of the computer industry, specifically with regards to security and privacy, and offers some interesting perspectives on a lot of the issues we deal with today. The question-and-answer session is very informative and should be generally easy to follow for people unfamiliar with computer security.

Topics discussed include everything from the capability of the Internet’s infrastructure to withstand a localized attack, to the controversial “pay-per email” theory of reducing spam.

One specific item of interest mentioned by Professor Spafford was the idea of endpoint security. When asked about the concept of developing a new infrastructure for the Internet as a means to address security and privacy concerns, Spafford stated that the current “open” platform is beneficial because it allows us to innovate. Also, there could be untapped potential in our current infrastructure that we might forgo if we decide to engineer a new Internet. He goes on to say that security problems are “really at the endpoints.” In other words, a significant cause of the security problems we face have a lot to do with poorly designed applications, lack of user education, the non-standard process of applying patches, law enforcement shortcomings, and other important issues unrelated (or only marginally related) to the current infrastructure itself.

I agree with Professor Spafford; even a newly designed Internet could suffer from these same problems. It would certainly be preferable to concentrate on fixing these “endpoint” issues first.

The interview is a half-hour long and very educational.