Technical Tuesday – 19 July 2011 – Our Security Status is Grim (and the way ahead will be hard) by Brian Snow
Brian gives his view of why the current state of cyber security is so wretched, and draw parallels between the recent “Fiscal Debt Bubble” that led to our current recession and a current disturbing “Trust Bubble” in cyber security technologies.
He describes high level conceptual flaws in current cyber security architectures that many are not aware of, as well as detailed implementation flaws we frequently see.
He closes with specific recommendations on what practitioners can do that would actually help improve the situation.
Presented by: Brian Snow
Mathematician/computer scientist, Brian taught mathematics and helped lay the groundwork for a computer science department at Ohio University in the late 1960’s. He joined the National Security Agency in 1971 where he became a cryptologic designer and security systems architect.
Brian spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. Computer Security, Network Security and strong Assurance were major aspects for these systems. He created and managed NSA’s Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.
His later years at NSA were the model for what it means to be a senior Technical Director at NSA (similar to a Chief Scientist or Senior Technical Fellow in industry); he served in that capacity in three major mission components –
The Research Directorate (1994-1995),
The Information Assurance Directorate (1996-2002), and
The Directorate for Education and Training — NSA’s Corporate University (2003-2006)
He was the first Technical Director appointed at the “Key Component” level at NSA, and the only “techie” at NSA to serve in such a role across three different Directorates. Throughout those years, his Credo was:
“Managers are responsible for doing things right; Technical Directors are responsible for finding the right things to do.”
In all of his positions, he insisted that the actions NSA took to provide intelligence for our national and military leaders should not put U.S. persons or their rights at risk. He was a leading voice for always assessing the unintended consequences of both success and failure prior to taking action.
Brian retired in 2006 and is now a Security Consultant and Ethics Advisor.