Earlier this month, Columbia University computer science professor Steven Bellovin was named the Federal Trade Commission’s (FTC) chief technologist, taking over for Princeton’s Ed Felten following the conclusion of his successful two-year term. In his first post on the Tech@FTC Blog, Bellovin wrote:
GT: Three years ago you said buggy code is the oldest unsolved problem in computer science, and that you expected it to remain that way. Is that still your viewpoint three years later? It seems that as our infrastructure becomes “smarter” we will become a much bigger target for the bad guys, with potentially much more dangerous consequences. One failed traffic light at a busy intersection, for example, can snarl vehicles for miles.
Bellovin: Yes, I still think that. Exactly what to do is still a research area; while I have some ideas, they’re not even to the half-baked stage yet. I think we need to build systems with different architectures, ones that are designed under the realization that there will be security failures. Authentication won’t do it — in most breaches, the bad guys go around the strong authentication, not through it.
My own working philosophy is that programs will have security bugs — then what? But that’s a research agenda, not guidance I can give to a programmer, let alone an end site. You cite the failed traffic light, and you’re absolutely right — what is the fallback position when a component fails?
Read the full interview here.
(Contributed by Erwin Gianchandani, CCC Director)