Killing the Computer to Save It
October 29, 2012
An Early Voice for Security
Dr. Neumann, who left Bell Labs and moved to California as a single father with three young children in 1970, has occupied the same office at SRI for four decades. Until the building was recently modified to make it earthquake-resistant, the office had attained notoriety for the towering stacks of computer science literature that filled every cranny. Legend has it that colleagues who visited the office after the 1989 earthquake were stunned to discover that while other offices were in disarray from the 7.1-magnitude quake, nothing in Dr. Neumann’s office appeared to have been disturbed.
A trim and agile man, with piercing eyes and a salt-and-pepper beard, Dr. Neumann has practiced tai chi for decades. But his passion, besides computer security, is music. He plays a variety of instruments, including bassoon, French horn, trombone and piano, and is active in a variety of musical groups. At computer security conferences it has become a tradition for Dr. Neumann to lead his colleagues in song, playing tunes from Gilbert and Sullivan and Tom Lehrer.
Until recently, security was a backwater in the world of computing. Today it is a multibillion-dollar industry, though one of dubious competence, and safeguarding the nation’s computerized critical infrastructure has taken on added urgency. President Obama cited it in the third debate of the presidential campaign, focusing on foreign policy, as something “we need to be thinking about” as part of the nation’s military strategy.
Dr. Neumann reasons that the only workable and complete solution to the computer security crisis is to study the past half century’s research, cherry-pick the best ideas and then build something new from the bottom up.
Richard A. Clarke, the nation’s former counterterrorism czar and an author of “Cyber War: The Next Threat to National Security and What to Do About It” (Ecco/HarperCollins, 2010), agrees that Dr. Neumann’s Clean Slate effort, as it is called, is essential.
“Fundamentally all of the stuff we’re doing to secure networks today is putting bandages on and putting our fingers in the dike, and the dike springs a leak somewhere else,” Mr. Clarke said.
“We have not fundamentally redesigned our networks for 45 years,” he said. “Sure, it would cost an enormous amount to rearchitect, but let’s start it and see if it works better and let the marketplace decide.”
Dr. Neumann is one of the most qualified people to lead such an effort to rethink security. He has been there for the entire trajectory of modern computing — even before its earliest days. He took his first computing job in the summer of 1953, when he was hired to work as a programmer employing an I.B.M. card-punched calculator.
Today the SRI-Cambridge collaboration is one of several dozen research projects financed by Darpa’s Information Innovation Office as part of a “cyber resilience” effort started in 2010.
Run by Dr. Howard Shrobe, an M.I.T. computer scientist who is now a Darpa program manager, the effort began with a premise: If the computer industry got a do-over, what should it do differently?
The program includes two separate but related efforts: Crash, for Clean-Slate Design of Resilient Adaptive Secure Hosts; and MRC, for Mission-Oriented Resilient Clouds. The idea is to reconsider computing entirely, from the silicon wafers on which circuits are etched to the application programs run by users, as well as services that are placing more private and personal data in remote data centers.
Clean Slate is financing research to explore how to design computer systems that are less vulnerable to computer intruders and recover more readily once security is breached.
Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.
“Nature abhors monocultures, and that’s exactly what we have in the computer world today,” said Dr. Shrobe. “Eighty percent are running the same operating system.”