This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."
Download it now to read this article plus other related content.
Q&A Catching Up with...
A professor and information security pioneer, Dorothy Denning won the 2006 Security 7 Award
in education. She continues to teach at the Naval Postgraduate School in Monterey, Calif., with a
focus on cyberterrorism and cyberwarfare.
ON THIS SUMMER'S DDoS ATTACKS ON GEORGIAN GOVERNMENT WEBSITES: I haven't seen any good evidence it came from the Russian government, but who knows. Clearly a lot of hacker activists were involved in that, much the same as with Estonia. You could see Web forums where Russians were advocating conducting these attacks and telling people how to do them.
ON THE POTENTIAL FOR CYBERWARFARE AND CYBERTERRORISM: I don't know; I don't like to speculate too much. There are plenty of people who are happy to do that, and tell you either there's nothing to worry about or we really should be very worried because they'll go after the electric grid and all that kind of stuff. I don't know what will happen. The history of it is that
| it seems to be something mostly that people
do on their own initiative, maybe in small groups. It looks more like hacker warfare to me. You
have conflicts taking place on a state level, but now what you have are these citizen warriors who
are joining in and doing their thing. It's kind of chaotic; I don't think the state has control
over it. Maybe some governments inspire it, and maybe they sort of condone it by not doing anything
ON HER CURRENT CLASSES: One is on Conflict in Cyberspace; we look at the cyberwarfare issues. We don't do too much in the way of security in that class, although in the class next week, we look at the broad homeland security issues. The other class I teach is called Trust Influence in Networks, but it's about social networks, so a lot of it is just on building trust, social influences and underground networks and how you might undermine terrorist networks. I do a lot on terrorist networks. It's more psychology and social science; it's nothing about information security.
ON HER RECOMMENDED READING: One of the best books I've read in the last year on security is Geekonomics by David Rice. He looks closely at all the problems that come from faulty software. You start thinking about should there be more liability put on the vendors, should there be more requirements put on the vendors to develop better software, how do we deal with that issue. It's a very thought-provoking book; I recommend it.
This was first published in October 2008