Cybersecurity improvements could strengthen systems
By Ben Steckler
Assistant Campus Editor

A report approved by a presidential advisory committee said the government is not spending enough to support cybersecurity.

The President's Information Technology Advisory Committee's report concludes that the computer infrastructure supporting the nationÕ financial, utility and telecommunications systems is vulnerable to terrorist and criminal threats.

Eugene Spafford, executive director of Purdue's Center for Education and Research in Information Assurance and Security, was on the committee that made recommendations to improve cybersecurity in key areas of the country.

"Parts of it are extremely vulnerable," Spafford said. "Many of the things we consider to be critical infrastructures have little or no security in place."

Spafford said the threats to the nation's computer systems are not just from terrorists or criminals.

"There are a number of concerns related to just general espionage, some of it is company against company and some of it is country against country."

"It's been a concern of many of us for literally decades. But there's been a growing awareness over the last couple of years," Spafford said.

Spafford said the threat from cyberterrorism was an issue, but not one of prime importance.

"Cyberterrorism by itself, at least in my estimation, is not a big threat," Spafford said.

The most dangerous aspect of an act of cyberterrorism, Spafford said, was the possibility of it coming into conjunction with a separate incident. The point of the cyberterrorism would then be slowing the emergency response, Spafford said.

The report also called for the government to better support research in cybersecurity. 

"There's been very little money to support research in that arena from the government or industry," Spafford said. He also attributed some of the lack of research to government policy.

"The government in general has discouraged some civilian research in that area."

Pascal Meunier, an assistant research scientist, said the political environment isn't facilitating research.

"It is difficult for an academic institution to do research on cyberterrorism, because academics need to publish and discuss ideas publicly, whereas results on cyberterrorism would tend to get classified," Meunier said.

"Even results from doing an ordinary risk assessment are usually kept confidential."

Despite the difficulties in funding and public discourse, Spafford said the current state of security needs to be improved to prevent criminal attacks, not just terrorism.

"My personal belief is that we have far more threat from criminal acts than we do terrorism," Spafford said. "We don't have to speculate on terrorists to have a real problem that needs addressing."
