DOCSLIB.ORG

How Secure Is Our Critical Infrastructure?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
How Secure Is Our Critical Infrastructure? S. Hrg. 107–205 HOW SECURE IS OUR CRITICAL INFRASTRUCTURE? HEARING BEFORE THE COMMITTEE ON GOVERNMENTAL AFFAIRS UNITED STATES SENATE ONE HUNDRED SEVENTH CONGRESS FIRST SESSION SEPTEMBER 12, 2001 Printed for the use of the Committee on Governmental Affairs ( U.S. GOVERNMENT PRINTING OFFICE 76–799 PDF WASHINGTON : 2002 For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512–1800; DC area (202) 512–1800 Fax: (202) 512–2250 Mail: Stop SSOP, Washington, DC 20402–0001 VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00001 Fmt 5011 Sfmt 5011 76799.TXT SAFFAIRS PsN: SAFFAIRS COMMITTEE ON GOVERNMENTAL AFFAIRS JOSEPH I. LIEBERMAN, Connecticut, Chairman CARL LEVIN, Michigan FRED THOMPSON, Tennessee DANIEL K. AKAKA, Hawaii TED STEVENS, Alaska RICHARD J. DURBIN, Illinois SUSAN M. COLLINS, Maine ROBERT G. TORRICELLI, New Jersey GEORGE V. VOINOVICH, Ohio MAX CLELAND, Georgia PETE V. DOMENICI, New Mexico THOMAS R. CARPER, Delaware THAD COCHRAN, Mississippi JEAN CARNAHAN, Missouri ROBERT F. BENNETT, Utah MARK DAYTON, Minnesota JIM BUNNING, Kentucky JOYCE A. RECHTSCHAFFEN, Staff Director and Counsel JINNETT RONA-FINLEY, Detailee, CIA KIERSTEN TODT COON, Congressional Fellow for Senator Lieberman HANNAH S. SISTARE, Minority Staff Director and Counsel ELLEN B. BROWN, Minority Senior Counsel ROBERT J. SHEA, Minority Counsel MORGAN P. MUCHNICK, Minority Professional Staff Member DARLA D. CASSELL, Chief Clerk (II) VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00002 Fmt 5904 Sfmt 5904 76799.TXT SAFFAIRS PsN: SAFFAIRS C O N T E N T S Opening statements: Page Senator Lieberman ........................................................................................... 1 Senator Thompson ............................................................................................ 3 Senator Levin .................................................................................................... 5 Senator Bennett ................................................................................................ 6 Senator Dayton ................................................................................................. 7 Senator Bunning ............................................................................................... 8 Senator Carper ................................................................................................. 26 WITNESSES WEDNESDAY, SEPTEMBER 12, 2001 Hon. Roberta L. Gross, Inspector General, National Aeronautics and Space Administration ..................................................................................................... 9 Joel C. Willemssen, Managing Director, Information Technology Issues, U.S. General Accounting Office ................................................................................... 11 ALPHABETICAL LIST OF WITNESSES Gross, Hon. Roberta L.: Testimony .......................................................................................................... 9 Prepared statement .......................................................................................... 33 Willemssen, Joel C.: Testimony .......................................................................................................... 11 Prepared statement .......................................................................................... 43 APPENDIX Christopher Darby, CEO, @stake, Inc., Peiter Zatko, Chief Scientist and VP of Research and Development, @stake, Inc., and Chris Wysopal, Director of Research and Development, @stake, Inc., prepared statement ................... 77 Chart: Critical Infrastructure Protection Organization, September 2000 (sub- mitted by Senator Bennett) ................................................................................. 78 ‘‘Critical Infrastructure Protection: Significant Challenges in Protecting Fed- eral Systems and Developing Analysis and Warning Capabilities, GAO Highlights, September 2001 ................................................................................ 87 (III) VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00003 Fmt 5904 Sfmt 5904 76799.TXT SAFFAIRS PsN: SAFFAIRS VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00004 Fmt 5904 Sfmt 5904 76799.TXT SAFFAIRS PsN: SAFFAIRS HOW SECURE IS OUR CRITICAL INFRASTRUCTURE? WEDNESDAY, SEPTEMBER 12, 2001 U.S. SENATE, COMMITTEE ON GOVERNMENTAL AFFAIRS, Washington, DC. The Committee met, pursuant to notice, at 11:06 a.m., in room SH–216, Hart Senate Office Building, Hon. Joseph I. Lieberman, Chairman of the Committee, presiding. Present: Senators Lieberman, Thompson, Levin, Bennett, Day- ton, Bunning, and Carper. OPENING STATEMENT OF CHAIRMAN LIEBERMAN Chairman LIEBERMAN. Good morning. This morning, the Senate Governmental Affairs Committee will proceed with its previously scheduled hearing—the first in what we expect to be a series of hearings and investigations on a problem that is today even more important to us than before—the security of our critical infrastruc- ture and the vulnerability of our homeland to unconventional enemy attack. The attacks yesterday struck many individual families and the broader American family. I pause for a moment here at the outset of this hearing to indicate that it also struck the family of the Sen- ate Governmental Affairs Committee. Barbara Olson, who was killed on one of the planes yesterday, had served as an assistant to Senator Nickles for some period of time in his work on this Com- mittee. On behalf of the entire Committee, I extend my condolences to her husband and her family and want them to know that they are in our prayers. Today, we do consider critical infrastructure to be a vast array of elements that form the backbone of America. The critical infra- structure is, in essence, our Nation’s skeleton, the framework underlying our well-being and our freedom. It includes tele- communications systems, air traffic control systems, electricity grids, emergency and law enforcement services, water supplies, fi- nancial networks, and energy pipelines. Today, our hearts and minds are naturally focused on yesterday’s tragedy, but it is important that the Senate continue with Amer- ica’s business, particularly as it affects America’s security. Thus, we are holding this hearing as originally planned, with the same focus that we had intended, which is to explore the extent to which our critical infrastructure is vulnerable, particularly to manipula- tions and attacks from cyberspace, the consequences of that vulner- ability and what the government is doing and must do to reduce (1) VerDate 11-MAY-2000 09:07 Aug 06, 2002 Jkt 000000 PO 00000 Frm 00005 Fmt 6633 Sfmt 6633 76799.TXT SAFFAIRS PsN: SAFFAIRS 2 that vulnerability. For as we saw tragically yesterday, our enemies will increasingly strike this mighty Nation at places where they be- lieve we are not only dependent but we are unguarded. And that is surely true of our cyberspace infrastructure today. More and more we find that everything in our lives is being oper- ated by a computer system, from Wall Street to Main Street. Where once our economy was dependent primarily on the move- ment of goods and services by road or rail, the products and serv- ices of our new economy are now just as likely to travel via the Internet as they are to move on an interstate. While it has never been easy to protect all of our critical infra- structure from conventional attacks—and, of course, they have hap- pened only rarely in our history here at home—it has become even more difficult now to safeguard our Nation from cyber attacks, which can be launched by any sophisticated computer user located anywhere in the world, let alone by a network of terrorist organiza- tions or a hostile power. Yesterday’s tragedies open a new era for our security infrastruc- ture and for our critical infrastructure here at home. Therefore, we must now have an expanded notion of precisely what is important to our national security, and that more expanded notion must en- compass much of our critical infrastructure. Thus, we must be pre- pared to defend ourselves against threats from foreign armies, but also to defend ourselves against threats from sophisticated oppo- nents who will use both conventional and cyber weapons to destroy or disrupt sectors critical to our Nation’s functioning. And, they will attack, as they did yesterday, here at home. Yesterday’s attacks demonstrate how an organized, coordinated effort can be devastating to our Nation. But make no mistake about it. Those attacks were aimed at destroying buildings, killing people, and breaking our confidence in the same way future attacks can and probably will be aimed at paralyzing our financial mar- kets, our utilities, our transportation systems, and other core as- pects of our critical infrastructure that are dependent on computer networks. Today, individuals or terrorists or nations with no chance of suc- cess against America on the battlefield can pose just as significant a threat to our society from the isolation of their homes or offices or terrorist camps. The nature of our critical infrastructure has changed that much in the information age. And while it has clearly enriched our lives, it has simultaneously left us much more dependent and more vul- nerable to attacks by insidious forces. So examining the vulnerability of our critical infrastructure is the focus of this hearing, but it is not an issue new to this Com- mittee. Two Congresses ago, we held
Load more

Recommended publications
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications
    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
    [Show full text]
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications
    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
    [Show full text]
  • Software Assurance
    Information Assurance State-of-the-Art Report Technology Analysis Center (IATAC) SOAR (SOAR) July 31, 2007 Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance Distribution Statement A E X C E E C L I L V E R N E Approved for public release; C S E I N N I IO DoD Data & Analysis Center for Software NF OR MAT distribution is unlimited. Information Assurance Technology Analysis Center (IATAC) Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS Software Security Assurance State-of-the-Art Report (SOAR) July 31, 2007 IATAC Authors: Karen Mercedes Goertzel Theodore Winograd Holly Lynne McKinley Lyndon Oh Michael Colon DACS Authors: Thomas McGibbon Elaine Fedchak Robert Vienneau Coordinating Editor: Karen Mercedes Goertzel Copy Editors: Margo Goldman Linda Billard Carolyn Quinn Creative Directors: Christina P. McNemar K. Ahnie Jenkins Art Director, Cover, and Book Design: Don Rowe Production: Brad Whitford Illustrations: Dustin Hurt Brad Whitford About the Authors Karen Mercedes Goertzel Information Assurance Technology Analysis Center (IATAC) Karen Mercedes Goertzel is a subject matter expert in software security assurance and information assurance, particularly multilevel secure systems and cross-domain information sharing. She supports the Department of Homeland Security Software Assurance Program and the National Security Agency’s Center for Assured Software, and was lead technologist for 3 years on the Defense Information Systems Agency (DISA) Application Security Program. Ms. Goertzel is currently lead author of a report on the state-of-the-art in software security assurance, and has also led in the creation of state-of-the-art reports for the Department of Defense (DoD) on information assurance and computer network defense technologies and research.
    [Show full text]
  • Security Versus Security: Balancing Encryption, Privacy, and National Secuirty
    SECURITY VERSUS SECURITY: BALANCING ENCRYPTION, PRIVACY, AND NATIONAL SECUIRTY Jackson Stein (TC 660H or TC 359T) Plan II Honors Program The University of Texas at Austin 05/04/2017 __________________________________________ Robert Chesney Director of Robert Strauss Center Supervising Professor __________________________________________ Mark Sainsbury Department of Philosophy Second Reader ABSTRACT Author: Jackson Stein Title: Security vs. Security: Balancing Encryption, Data Privacy, and Security Supervising Professors: Robert Chesney, Mark Sainsbury This paper analyzes the current debate over encryption policy. Through careful evaluation of possible solutions to ‘going dark’ as well has weighting the costs and benefits of each solution, we found exceptional access to information more harmful than helpful. Today, there seems to be no singular leading answer to the going dark problem. Exceptional access to data and communications is a simple solution for a simple problem, however going dark is very complex, and requires a multifaceted and refined solutions. Widespread encryption forces those listening—whether it is the NSA, FBI, foreign governments, criminals or terrorist—to be much more targeted. As for the going dark metaphor, it seems as though we are not entirely “going dark”, and yet we are not completely bright either. There are dark and bright spots coming and going across the technological landscape battling in a perpetual technological arms race. The findings of this paper, ultimately determine there to be no policy that doesn’t come without some cost. That said, there are a number of ways in which law enforcement can track criminals and terrorist without weakening encryption, which we determine to be the best direction in any win lose situation.
    [Show full text]
  • Supreme Court of the United States
    No. 19-783 IN THE Supreme Court of the United States NATHAN VAN BUREN, Petitioner, v. UNITED STATES, Respondent. ON WRIT OF CERTIORARI TO THE UNITED STATES CouRT OF APPEALS FOR THE ELEVENTH CIRcuIT BRIEF OF AMICI CURIAE COMPUTER SECURITY RESEARCHERS, ELECTRONIC FRONTIER FOUNDATION, CENTER FOR DEMOCRACY & TECHNOLOGY, BUGCROWD, RAPID7, SCYTHE, AND TENABLE IN SUPPORT OF PETITIONER ANDREW CROCKER Counsel of Record NAOMI GILENS ELECTRONic FRONTIER FOUNDATION 815 Eddy Street San Francisco, California 94109 (415) 436-9333 [email protected] Counsel for Amici Curiae 296514 A (800) 274-3321 • (800) 359-6859 i TABLE OF CONTENTS Page TABLE OF CONTENTS..........................i TABLE OF CITED AUTHORITIES ..............iii INTEREST OF AMICI CURIAE ..................1 SUMMARY OF ARGUMENT .....................4 ARGUMENT....................................5 I. The Work of the Computer Security Research Community Is Vital to the Public Interest...................................5 A. Computer Security Benefits from the Involvement of Independent Researchers ...........................5 B. Security Researchers Have Made Important Contributions to the Public Interest by Identifying Security Threats in Essential Infrastructure, Voting Systems, Medical Devices, Vehicle Software, and More ...................10 II. The Broad Interpretation of the CFAA Adopted by the Eleventh Circuit Chills Valuable Security Research. ................16 ii Table of Contents Page A. The Eleventh Circuit’s Interpretation of the CFAA Would Extend to Violations of Website Terms of Service and Other Written Restrictions on Computer Use. .................................16 B. Standard Computer Security Research Methods Can Violate Written Access Restrictions...........................18 C. The Broad Interpretation of the CFAA Discourages Researchers from Pursuing and Disclosing Security Flaws ...............................22 D. Voluntary Disclosure Guidelines and Industry-Sponsored Bug Bounty Programs A re Not Sufficient to Mitigate the Chill .
    [Show full text]
  • Forecasting the Future
    VIRTUAL EVEN T FORECASTING #predict2019 THE FUTURE Tuesday, December 18, 2018 10:00 AM ET - 4 PM E T AGENDA All sessions are scheduled in Eastern Standard Time (EST) 10:00 - 10:30am - Keynote by Micro Hering: Looking towards 2019 – will we have AIOps take over DevOps 10:30 - 11:00am - Keynote by Chenxi Wang: Cloud Transformation Drives Security Roadmap 11:00 - 11:30pm - Panel: Making DevOps More Ops-friendly 11:30 - 12:00pm - How to Manage Open Source 11:30 - 12:00pm - Panel: The Business Risk within the DevOps Delivery Model Value of Value Stream Mapping 12:00 - 12:30pm - Panel: Ubiquitous Open 12:00 - 12:30pm - The Future of DevOps; Source Makes for Security Challenges Predictions from NS1 12:30 - 1:00pm - Charting the Course to AIOps 12:30 - 1:00pm - Seeing DevOps 2020 1:00 - 1:30pm - Visit the Exhibitors 1:30 - 2:00pm - Panel: Cloud Security in 2019 2:00 - 2:30pm - Panel: Continuous 2:00 - 2:30pm - Accelerate software delivery: Testing Equals Quality How to make 2019 your cloud-native year 2:30 - 3:00pm - Keynote by Rich Mogull: DevSecOps Predicts 2019 3:00 - 3:30pm - Keynote by John Willis 10am - 10:30am Keynote: Looking towards 2019 – will we have AIOps take over DevOps - Mirco Hering, Principal Director – APAC DevOps and Agile, Accenture 2018 has seen a huge uptake in DevOps across Enterprises. There were lots of good news but we also learned new failure patterns. In this keynote Mirco will look back at 2018 and what he learned over the year and then look to 2019 and what the new year will bring for DevOps.
    [Show full text]
  • The Hacker's Aegis
    Emory Law Journal Volume 60 Issue 5 2010 The Hacker's Aegis Derek E. Bambauer Oliver Day Follow this and additional works at: https://scholarlycommons.law.emory.edu/elj Recommended Citation Derek E. Bambauer & Oliver Day, The Hacker's Aegis, 60 Emory L. J. 1051 (2010). Available at: https://scholarlycommons.law.emory.edu/elj/vol60/iss5/1 This Article is brought to you for free and open access by the Journals at Emory Law Scholarly Commons. It has been accepted for inclusion in Emory Law Journal by an authorized editor of Emory Law Scholarly Commons. For more information, please contact [email protected]. BAMBAUER&DAY GALLEYSFINAL 6/6/2011 10:27 AM THE HACKER’S AEGIS Derek E. Bambauer* ∗∗ Oliver Day ABSTRACT Intellectual property (IP) law stifles critical research on software security vulnerabilities, placing computer users at risk. Researchers who discover flaws often face IP-based legal threats if they reveal findings to anyone other than the software vendor. This Article argues that the interplay between law and vulnerability data challenges existing scholarship on how intellectual property law should regulate information about improvements on protected works, and suggests weakening, not enhancing, IP protections where infringement is difficult to detect, lucrative, and creates significant negative externalities. It proposes a set of three reforms—“patches,” in software terms—to protect security research. Legal reform would create immunity from civil IP liability for researchers who follow “responsible disclosure” rules. Linguistic reform would seek to make the term hacker less threatening either by recapturing the term’s original meaning, or abandoning it.
    [Show full text]
  • Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019 FDA White Oak Campus Silver Spring, MD
    FDA CENTER FOR DEVICES & RADIOLOGICAL HEALTH (CDRH) PRESENTS A PUBLIC WORKSHOP: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices January 29-30, 2019 FDA White Oak Campus Silver Spring, MD VerDate Sep<11>2014 17:28 Oct 17, 2018 Jkt 247001 PO 00000 Fmt 4703 Sfmt 4703 E:\FR\FM\18OCN1.SGM 18OCN1 2 WELCOME January 29, 2019 Dear Colleagues, On behalf of the FDA, it is with great enthusiasm that I welcome you to our 2-day public workshop, ‘Content of Premarket Submissions for Management of Cybersecurity in Medical Devices’. Advancing and safeguarding the nation’s public health warrants attentiveness to the total product life cycle (TPLC) of medical devices, from design to obsolescence. FDA has leveraged this holistic view in its approach to medical device cybersecurity. In 2014, we issued final premarket guidance describing factors that manufacturers should consider in the design and development of medical devices to assure cybersecurity, maintain functionality, and reduce potential risk to patients. To keep apace with the rapidly evolving nature of cyber threats, we’ve recently updated our guidance so that manufacturers can be in the best position to proactively address cybersecurity when they are designing and developing their devices – helping to protect against different types of cybersecurity risks, from ransomware to potential catastrophic attacks on health systems and/or on multiple patients. The updated guidance released as DRAFT in October 2018 includes new considerations for device design, labeling and documentation that the FDA recommends be included in premarket submissions for medical devices with cybersecurity risk. As we reflected on the current landscape during guidance drafting sessions, three cornerstone principles emerged that, in turn, have become the themes of this workshop – trustworthiness, transparency and resilience.
    [Show full text]
  • Software Vulnerabilities
    Software Vulnerabilities: Full-, Responsible-, and Non-Disclosure Andrew Cencini, Kevin Yu, Tony Chan {cencini, tigeru, tonychan} @ u.washington.edu December 7, 2005 Table of Contents ABSTRACT ....................................................................................................................................................1 1. INTRODUCTION ........................................................................................................................................1 1.1 Structure..............................................................................................................................................2 1.2 Motivations .........................................................................................................................................3 1.3 Terminology........................................................................................................................................4 1.4 Timelines.............................................................................................................................................5 2. LOSSES DUE TO EXPLOITATION .............................................................................................................7 3. TYPES OF VULNERABILITY DISCLOSURE...............................................................................................9 3.1 Non-Disclosure ...................................................................................................................................9 3.2 Full Disclosure
    [Show full text]
  • Hacker, Hoaxer, Whistleblower, Spy: the Story of Anonymous
    hacker, hoaxer, whistleblower, spy hacker, hoaxer, whistleblower, spy the many faces of anonymous Gabriella Coleman London • New York First published by Verso 2014 © Gabriella Coleman 2014 The partial or total reproduction of this publication, in electronic form or otherwise, is consented to for noncommercial purposes, provided that the original copyright notice and this notice are included and the publisher and the source are clearly acknowledged. Any reproduction or use of all or a portion of this publication in exchange for financial consideration of any kind is prohibited without permission in writing from the publisher. The moral rights of the author have been asserted 1 3 5 7 9 10 8 6 4 2 Verso UK: 6 Meard Street, London W1F 0EG US: 20 Jay Street, Suite 1010, Brooklyn, NY 11201 www.versobooks.com Verso is the imprint of New Left Books ISBN-13: 978-1-78168-583-9 eISBN-13: 978-1-78168-584-6 (US) eISBN-13: 978-1-78168-689-8 (UK) British Library Cataloguing in Publication Data A catalogue record for this book is available from the British library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the library of congress Typeset in Sabon by MJ & N Gavan, Truro, Cornwall Printed in the US by Maple Press Printed and bound in the UK by CPI Group Ltd, Croydon, CR0 4YY I dedicate this book to the legions behind Anonymous— those who have donned the mask in the past, those who still dare to take a stand today, and those who will surely rise again in the future.
    [Show full text]
  • April 2007 Volume 32 Number 2
    APRIL 2007 VOLUME 32 NUMBER 2 THE USENIX MAGAZINE OPINION Musings RIK FARROW SYSADMIN Autonomic Computing: Freedom or Threat? GLENN FINK AND DEB FRINCKE The Secret Lives of Computers Exposed CHAD VERBOWSKI Lessions Learned from Living with LDAP BRENDAN QUINN Introducing System Engineering to the System Admin JOHN LLOYD Promises, Promises: An Interview with Mark Burgess RIK FARROW Spam and Blogs. Part 1: Spam: A Balancing Act DANIEL L. APPELMAN All Quiet on the Western Front: A Discussion on the Necessity of Good Reporting THOMAS SLUYTER COLUMNS Practical Perl Tools: These Inodes Were Made for Walkin’ DAVID BLANK-EDELMAN VoIP in an Internet Service Provider Network ROBERT HASKINS Asterisk Appliance HEISON CHAK /dev/random ROBERT G. FERRELL BOOK REVIEWS Book Reviews ELIZABETH ZWICKY ET AL. STANDARDS Why Standardize? NICHOLAS M. STOUGHTON USENIX NOTES SAGE Update JANE-ELLEN LONG AND ALVA COUCH CONFERENCES LISA '06: 20th Large Installation System Administration Conference The Advanced Computing Systems Association Upcoming Events 11 TH WORKSHOP ON HOT TOPICS IN OPERATING 3RD WORKSHOP ON STEPS TO REDUCING SYSTEMS (H OT OS XI) UNWANTED TRAFFIC ON THE INTERNET Sponsored by USENIX in cooperation with the IEEE Technical Co-located with the 2007 USENIX Annual Technical Conference Committee on Operating Systems (TCOS) JUNE 18, 2007, SANTA CLARA , CA , USA MAY 7–9, 2007, SAN DIEGO , CA, USA http://www.usenix.org/sruti07 http://www.usenix.org/hotos07 Paper submissions due: April 17, 2007 5TH ACM/USENIX I NTERNATIONAL CONFERENCE INAUGURAL INTERNATIONAL
    [Show full text]
  • Gary E. Mcgraw, Jr
    Gary E. McGraw, Jr. Synopsys 21351 Ridgetop Circle, Suite 400 Dulles, VA 20166 (703) 404-9293 e-mail: [email protected] http://garymcgraw.com EMPLOYMENT HISTORY Winter 2016–present Synopsys, Software Integrity Group, Mountain View, CA Winter 2016–present Vice President Security Technology Fall 1995–Winter 2016 Cigital, Inc., Dulles, VA Summer 2001–Winter 2016 Chief Technology Officer Summer 1998–Summer 2001 Vice President, Corporate Technology Fall 1995–1998 Research Scientist / Senior Research Scientist Summer 1996–Winter 1999 Krasnow Institute Associate Krasnow Institute for Advanced Study, George Mason University, Fairfax, VA Summer 1990–Fall 1995 Researcher Center for ResearcH on Concepts and Cognition, Indiana University, Bloomington, IN Fall 1993–Fall 1994 Researcher Istituto per la Ricerca Scientifica e TecHnologica, Trento, Italia Fall term 1994 and Spring term 1993 Visiting Assistant Professor of Computing Science EarlHam College, RicHmond, IN Course: Programming Languages Fall 1988–Spring 1990 Associate Instructor Computer Science Department, Indiana University, Bloomington, IN TaugHt courses in ScHeme, Pascal, and Assembly Language 1985–1989 President M2 Computing, Inc., Kingsport, TN EDUCATION 1995 Ph.D., Computer Science and Cognitive Science Indiana University, Bloomington, IN Dissertation: Letter Spirit: Emergent HigH-Level Perception of Letters Using Fluid Concepts Advisor: Douglas R. Hofstadter 1990 M.S., Computer Science Indiana University, Bloomington, IN 1988 B.A., PHilosopHy (Minor: MatHematics and Scientific Computing) University of Virginia, Charlottesville, VA 1 BOARD MEMBERSHIPS CURRENT Ntrepid, Herndon, VA. Technical Advisory Board, CHairman, 2016—. Max Financial Corporation, New York, NY. TecHnical Advisory Board, 2013—. Raven White, Palo Alto, CA. Advisory Board, 2006—. School of Informatics Dean’s Advisory Council, Indiana University, Bloomington, IN, 2005—.
    [Show full text]