Cipher News Items

From the January 2005 E64 Issue

Cipher E64, January 17, 2004,
Special to Cipher, by Ross Patel

Former Presidential Cyber Security Advisor, Howard Schmidt, has joined a number of global leaders in the information security community to develop a trusted community for information exchange.

UK INFOSEC capabilities are set to be made publicly available shortly and will provide members with access to real-time data on emerging threats, security news, vulnerabilities, viruses and other cyber-crimes, facilitating a unique coherent picture of the current state of the Internet threat.

Commenting on the initiative UK INFOSEC founder, Ross Patel, described the focus of the study as the "enabling - in a community setting - of security specialists to stay ahead of threats and concerns specific to their information and infrastructures." Threat intelligence, and ways to protect against those threats make up the core of operational activity and members can submit vulnerability, virus and general notifications for distribution throughout the community.

Using this shared data the UK INFOSEC operations staff gathers, analyzes, and disseminates an integrated view of information system vulnerabilities, threats, and incidents. Additional information may be gathered from public and private sources, including semi-private organization like CERT or the publicly funded NIPC, or private organizations.

Further details may be found at or by contacting


Cipher E64, January 4, 2004,
Special to Cipher, by Gene Spafford

I am passing on information about a position where a person with the right qualifications can make a big difference in computing R&D, including issues of cybersecurity, data collection/fusion, HCI, communications, real-time operating systems, pattern recognition, reliable computing, and a host of other areas.

The Air Force Laboratory, Information Directorate, has an opening for its chief scientist. The URL for the official announcement is I am enclosing a portion of the job description and qualifications, below; see the official announcement for full details. The short form of the job description starts off "Serves as the Air Force principal scientific and primary authority for the technical content of the S&T portfolio related to information systems and science for the advancement and application of information systems science and technology...." (The position is limited to US citizens and nationals by its nature.)

I have been involved with the folks in AFRL/IF for several years now. They have some outstanding researchers and facilities, including a great new building and lab space, and they are working on really important (and difficult!) problems that have impacts on national defense, law enforcement, university research and the private sector. The main facility is located in Rome, NY. This is a beautiful area of the country (especially if you enjoy a few months of real winter with skiing, skating, and snowball fights :-) with affordable housing and relaxed surroundings. The position pays well, and is a senior appointment.

The job duties description includes the following: The Information Directorate conducts USAF research, exploratory and advanced development activities in knowledge based technologies, computer science and technology, collaborative environments, signal processing, information fusion and exploitation, command & control decision support, aerospace connectivity, networking, information management and cyber operations. The Chief Scientist provides scientific leadership, advice and guidance throughout the Laboratory on research plans and programs in core area and related technologies. The Chief Scientist serves to focus research and development efforts associated with the interrelated group of technologies and strengthen the in-house activities of the laboratory. Conceives, plans, and advocates major research and development activities; consults with the laboratory director, the laboratory chief scientist and the technology director and staff concerning the total research program and results; monitors and guides the quality of scientific and technical resources; and provides expert technical consultation to other AFRL directorates, DOD agencies, universities and industry. Position requires an internationally recognized authority in information systems science and technology with the ability to conceive and conduct advanced research and development. The incumbent must make significant contributions to the advancement of knowledge in the field as evidenced by numerous important scientific publications and by citation of the work by others.

Qualifications include the following: The candidate must have at least three years of specialized experience within the broad area of information systems science and technology as applied to areas such as; battlespace awareness, dynamic planning and execution, and global information enterprise with specific research experience in areas that support these broad topics such as information fusion and exploitation, predictive battlespace awareness, information assurance, cyber operations, communications & networks, effects based operations, collaborative enterprises, modeling and simulation, intelligent agents, machine reasoning, information management, or intelligent information systems. At least one year of this research experience must demonstrate that the candidate has leadership experience in planning and executing difficult research activities resulting in outstanding attainments in information systems science and technology; or planning and executing specialized programs of national significance in exploratory and advanced development of information systems science and technology.


Cipher E64, January 17, 2004,
Special to Cipher, by Gene Spafford

PITAC Approves Cyber Security Report

On January 12, the President's Information Technology Advisory Committee met in Washington DC (and via the WWW). Presentations were made by several; subcommittees of the PITAC, including one looking at the issue of Cyber Security research funding and support. The whole committee approved the draft report of the subcommittee. There were four major findings presented:

  • The Federal R&D budget provides inadequate funding for basic research in civilian cyber security.
  • The Nation's cyber security research community is too small to adequately support the cyber security research and education programs necessary to protect the United States.
  • The PITAC finds that current cyber security technology transfer efforts are not adequate to successfully transition Federal research investments into civilian sector best practices and products.
  • The Federal cyber security R&D effort is currently unfocused and inefficient because of inadequate coordination and oversight.

    A number of recommendations are made to address each of these findings.

    The report is undergoing some final editing and augmentation. It will then be printed and presented to the office of the President. Thereafter, it will be made available to the general public.

    Presentation materials from the meeting, including more detail on the background, findings, and recommendations are available here:

    The home page for the PITAC is here:


    Cipher E64, January 17, 2004,
    Special to Cipher, by Gene Spafford

    CERIAS is hosting two mailing lists

    1) infosec-faculty is for anyone teaching courses in cybersecurity, information security, information assurance and related at the undergrad or grad level. This is a low volume list for faculty to exchange information and ask questions related to pedagogy and curriculum.

    To join, send "subscribe" as a message to

    2) ias-opportunities is a list for people to receive announcements of calls for papers for conferences and journals, and for announcements of funding opportunities, all related to information assurance and security.

    To join, send "subscribe" as a message to Other information is available, including information on how to post to the list, at