Distinguished Lecture on Security Engineering
December 18, 2009
School of Engineering, Coimbatore
What is Engineering?
This question, although fairly basic, may not have a straight-forward answer in today’s increasingly digital world. Traditionally there were electrical engineers, mechanical engineers, civil engineers and chemical engineers; today one finds computer engineers, electronics engineers and even biotech engineers. So what really is engineering then?
Students and faculty from Amrita’s Schools of Engineering recently attended a distinguished lecture on this topic. Ross Anderson, Professor in Security Engineering at the University of Cambridge, was invited to speak at the Coimbatore campus. Participants from Amritapuri attended over the satellite-based e-learning network.
“Complex, global-scale, socio-technical systems are emerging as computers and communications become embedded everywhere,” Dr. Ross told the audience. “The main challenge faced by today’s world is how to understand, manage and improve these systems.”
Dr. Ross illustrated these challenges through various examples. “Software is a mix,” he said. “It depends on the worst effort of the least careful programmer, the best effort of the security architect and the sum of efforts of the testers.” “As a result, hire fewer better programmers, more testers and top architects,” he underlined.
Having authored several books that are today standard references in the area of Security Engineering, Dr. Ross is considered as an expert in that area. “In the case of security products, an average purchaser cannot easily distinguish between a good product and a bad product; such markets are called Lemon Markets,” he shared.
Another topic discussed was Open versus Closed Systems. “With Open Systems, it is easier for the attackers to find vulnerabilities, but also easier for the defenders to find and fix them,” Dr. Ross pointed out. He outlined parameters to help companies decide how much they should spend, on an average, on information security.
“Is it possible that good hackers be hired as security consultants?” a member of the audience asked Dr. Ross.
“There has been some discussion in the past regarding this,” Dr. Ross explained. “Until 2005, it was found that many online attacks were done by kids fooling around. They were computer science students wanting to impress others. Now, hacking is professionalized. The guys who write malware are well organized – they have got R&D departments and test departments. They are essentially well-trained people working in companies.”
Added Dean (Engg) of Amrita, Prof. Chandrasekharan who was also part of the audience, “Appointing hackers in companies would be like inviting terrorists to the army.”