Explore popular quotes and sayings by an American public servant Dorothy Denning.
Last updated on December 18, 2024.
Dorothy Elizabeth Denning is a US-American information security researcher known for lattice-based access control (LBAC), intrusion detection systems (IDS), and other cyber security innovations. She published four books and over 200 articles. Inducted into the National Cyber Security Hall of Fame in 2012, she is now Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate School.
I think most organizations have an interest in key recovery, at least with respect to stored data.
However, leaving everything to the market is not necessarily good for society.
Generally I'm against regulation.
While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.
Everyone is a proponent of strong encryption.
I favor strategies that encourage industry to include some sort of key recovery capability in their systems which would also address user requirements for access.
Systems are complex, so controlling an attack and achieving a desired level of damage may be harder than using physical weapons.
The concern is over what will happen as strong encryption becomes commonplace with all digital communications and stored data. Right now the use of encryption isn't all that widespread, but that state of affairs is expected to change rapidly.
Further, the next generation of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal.
While the vast majority of hackers may be disinclined towards violence, it would only take a few to turn cyber terrorism into reality.
I don't have a particular recommendation other than that we base decisions on as much hard data as possible. We need to carefully look at all the options and all their ramifications in making our decisions.
Cyber terrorism could also become more attractive as the real and virtual worlds become more closely coupled, with automobiles, appliances, and other devices attached to the Internet.
With those people, I'm very far apart, because I believe that government access to communications and stored records is valuable when done under tightly controlled conditions which protect legitimate privacy interests.
If we take as given that critical infrastructures are vulnerable to a cyber terrorist attack, then the question becomes whether there are actors with the capability and motivation to carry out such an operation.
I prefer leaving things to the market as much as possible.
We have never really had absolute privacy with our records or our electronic communications - government agencies have always been able to gain access with appropriate court orders.