STEVEN BELLOVIN is a professor of computer science at Columbia University, where he does research on networks, security, and especially why the two do not get along. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. While a graduate student, Bellovin helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). He is a member of the National Academy of Engineering (NAE) and is serving on the Department of Homeland Security’s Science and Technology Advisory Committee; he has also received the 2007 National Institute of Standards and Technology (NIST)/National Security Agency (NSA) National Computer Systems Security Award. Bellovin is the co-author of Firewalls and Internet Security: Repelling the Wily Hacker and holds a number patents on cryptographic and network protocols. He has served on many National Academies of Sciences, Engineering, and Medicine study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of a National Academies study group on science versus terrorism. He was a member of the Internet Architecture Board (IAB) from 1996 to 2002; he was co-director of the Security Area of the Internet Engineering Task Force (IETF) from 2002 through 2004. He received a B.A. from Columbia University, and an M.S. and Ph.D. in computer science from the University of North Carolina, Chapel Hill.
BOB BLAKLEY is global director of information security innovation at CitiGroup, Inc. He recently served as plenary chair of the National Strategy for Trusted Identities in Cyberspace Identity Ecosystem Steering Group and as research and development co-chair of the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security. He is currently a member of the Forum on Cyber Resilience—a National Academies’ Roundtable. Prior to joining CitiGroup, Inc., Blakley was distinguished analyst and agenda manager for identity and privacy at Gartner and Burton group. Before that, he was chief scientist for security and privacy at IBM. He is past general chair of the Institute of Electrical and Electronics Engineers (IEEE) Security and Privacy Symposium and the Applied Computer Security Associates New Security Paradigms workshop. He was awarded the Annual Computer Security Applications Conference’s Distinguished Security Practitioner award in 2002 and is a frequent speaker at information security and computer industry events. Blakley was general editor of the Ob-
ject Management Group CORBASecurity specification and the OASIS Security Assertion Markup Language specification, and is the author of CORBASecurity: An Introduction to Safe Computing with Objects. He was the first chair of the Open AuTHentication Joint Coordinating Committee. He also participated in the National Academies’ panels “Authentication Technologies and Their Privacy Implications” and “Whither Biometrics.” Blakley holds 20 patents in cryptography and information security, and he publishes regularly in the academic literature on information security and privacy. Blakley received the A.B. in classics from Princeton University, and the M.S. and Ph.D. in computer and communications science from the University of Michigan.
SARA “SCOUT” SINCLAIR BRODY is executive director of Simply Secure. Simply Secure functions as part consultancy, part research group, as it advises those using secure communication tools on how to make those tools easier to use. Brody has been establishing and managing the organization and works with user experience experts, software developers, and users in order to improve the usability of open-sourced secure-communications software. Previously, as an assistant product manager and later a product manager at Google, she worked on projects such as two-step verification, the Android operating system, and uProxy. She currently holds two patents in connection with her research. She earned her B.A. in computer science and French from Wellesley College and her Ph.D. in computer science from Dartmouth College.
RICHARD M. (DICKIE) GEORGE is the senior advisor for cybersecurity at the Johns Hopkins University (JHU) Applied Physics Lab (APL). At APL, he works on a number of projects sponsored by the U.S. government and provides oversight on additional efforts. Prior to joining APL, he worked at NSA as a mathematician from 1970 until his retirement in 2011. While at NSA, he wrote more than 125 peer-reviewed technical papers on crypto-mathematical subjects, ranging from new mathematical methods for attacking cryptographic algorithms, to security evaluations of complex systems. While at NSA, his work was recognized by the Cryptomath Institute as the most important mathematical contribution to the Agency’s mission in 1980, as well as by two Presidential Rank awards, a Superior Technical Award, and a Distinguished Senior Technical Achievement Award. He was elected to distinguished member status into both the Cryptanalytic Society (Kryptos) and the Cryptomath Society (CMI). He served as the technical director of the Information Assurance Directorate for 8 years until his retirement.
MATTHEW GREEN is assistant professor at the JHU Information Security Institute. He researches techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. He had worked previously as assistant
research professor and assistant research scientist at JHU before becoming an assistant professor. Prior to working for JHU, he was a former partner in Independent Security Evaluators, a custom security evaluation and design consultancy. He worked as a senior technical staff member at AT&T Labs/Research. Green runs the blog “A Few Thoughts on Cryptographic Engineering.” He earned his B.S. in computer science from Oberlin College, a B.M. in electronic music from Oberlin College, and his M.S. and Ph.D. in computer science from JHU.
RUSS HOUSLEY formed Vigil Security, LLC, in September 2002 with the goal of helping customers design and implement diligently watchful security solutions. Housley has worked in the computer and network security field since 1982. Before starting Vigil Security LLC, he worked at the Air Force Data Services Center, Xerox Special Information Systems, SPYRUS, and RSA Laboratories. His security research and standards interests include security protocols, certificate management, cryptographic key distribution, and high assurance design and development practices. He has been active in many security standards organizations; his recent focus has been on the IETF. Since March 2013, Housley began serving in the position of IAB chair, which is a voting member of the IAB, as well as a non-voting ex-officio member of the Internet Engineering Steering Group (IESG), a voting member of the IETF Administrative Oversight Committee (IAOC), and a trustee for the IETF Trust. This position gives Housley a voice in the main leadership and management groups within the IETF. From March 2007 to March 2013, he served in the position of IETF chair, making him the chair of the IESG, a voting member of the IAB, a voting member of the IAOC, and a trustee for the IETF Trust. From March 2003 to March 2007, Housley served in the position of IETF security area director, making him a member of the IESG. Prior to accepting the area director position, he chaired the IETF Secure/Multipurpose Internet Mail Extensions Working Group, and he has contributed to several cornerstone Internet public-key infrastructure standards (including RFC 5280). In November 2004, Housley was recognized by the IEEE 802.11 working group for his contributions to IEEE 802.11i-2004, which fixes the severe security shortcoming of the Wired Equivalent Privacy. Russ provided major contributions to several security protocols, including the Cryptographic Message Syntax, SDNS Security Protocol 4 (SP4), SDNS Message Security Protocol, IEEE 802.10b Secure Data Exchange Protocol, and IEEE 802.10c Key Management Protocol. Housley received his B.S. in computer science from Virginia Tech in 1982, and he received his M.S. in computer science from George Mason University in 1992.
PAUL KOCHER is president and chief scientist of Cryptography Research, a division of Rambus, Inc. Kocher has gained an international reputation for his research and innovative designs in cryptography. An active contributor to major conferences and leading security initiatives, he has designed numerous cryptographic applications and protocols which are successfully deployed in real-world systems. His accomplishments include discovering timing attacks and differential power analysis (including techniques for preventing against these vulnerabilities), helping author the widely used Secure Sockets Layer 3.0 standard, and leading the design of the record-breaking Data Encryption Standard Key Search machine. Kocher has recently focused on developing anti-piracy technologies for securing digital content. He was elected to the NAE in 2009. Kocher founded Cryptography Research, previously held positions at RSA Security, and was a founding member of Valicert, Inc. (now Tumbleweed). He holds a B.S. degree from Stanford University.
ADAM LANGLEY is a principal software engineer at Google, Inc., where he manages SSL/TLS across Google’s products.
JOHN MANFERDELLI is engineering director at Google, Inc. He currently serves as a member of the Information Science and Technology advisory group at the Defense Advanced Research Projects Agency and the Defense Science Board. Prior to joining Google, Manferdelli was a senior principal engineer at Intel Corporation and co-PI (with David Wagner) for the Intel Science and Technology Center for Secure Computing at the University of California, Berkeley. Before that, he was a distinguished engineer at Microsoft and was an affiliate faculty member in the computer science department at the University of Washington. During his time at the University of Washington, he was responsible for research regarding computer security, cryptography, systems, and quantum computing. He holds a B.S. in physics from Cooper Union for the Advancement of Science and Art and a Ph.D. in mathematics from the University of California, Berkeley.
DAVID McGREW is a Cisco fellow at Cisco Systems, Inc. He is in the Advanced Security Research Group at Cisco, where he works to improve security through applied research, standards, and product engineering. He has been with Cisco Systems, Inc., since 1998. He began his career at Cisco as a manager of software development engineering, where he managed the Crypto and Virtual Private Network Software Development team in the Internet Technologies Division and later formed and managed the Strategic Cryptographic Group within the Office of Chief Technology Officer. As a technical leader in foundational engineering, he developed Secure Real-time Transport Protocol (RTP) standard and reference implementation. He returned to Software Development Engineering as manager II and reformed and managed the Advanced Cryptographic Development Group, and con-
tinued to manage the group as technical leader II before becoming a Cisco fellow. Prior to his career at Cisco, McGrew was a cryptographic scientist at Trusted Information Systems, Inc. He has been instrumental in the development of several cryptographic algorithms and protocols, including industry standards such as the Galois/Counter Mode of operation for efficient and scalable authenticated encryption, and Secure RTP for encrypted voice and video. He is currently listed on 42 patents, has previously served as chair of the Internet Research Task Force (IRTF) Crypto Forum Research Group for years, and was active in the IETF. He earned his B.S. in physics from Ohio State University and his Ph.D. in theoretical nuclear physics from Michigan State University.
KERRY McKAY is a computer scientist in the cryptographic technology group at NIST, where she develops cryptographic standards and performs research. Her projects include topics in Transport Layer Security, random bit generation, lightweight cryptography, and Secure Hash Algorithm-3.
FRED B. SCHNEIDER is the Samuel B. Eckert Professor of Computer Science at Cornell University and chair of the department. He joined Cornell’s faculty in Fall 1978, having completed a Ph.D. at Stony Brook University and a B.S. in engineering at Cornell in 1975. Schneider’s research has always concerned various aspects of trustworthy systems—systems that will perform as expected, despite failures and attacks. Most recently, his interests have focused on system security. His work characterizing what policies can be enforced with various classes of defenses is widely cited, and it is seen as advancing the nascent science base for security. He is also engaged in research concerning legal and economic measures for improving system trustworthiness. Schneider was elected a fellow of the American Association for the Advancement of Science (1992), the Association of Computing Machinery (1995), and the IEEE (2008). He was named a professor-at-large at the University of Tromso (Norway) in 1996 and was awarded a doctor of science (honoris causa) by the University of Newcastle-upon-Tyne in 2003 for his work in computer dependability and security. He received the 2012 IEEE Emanuel R. Piore Award for contributions to trustworthy computing through novel approaches to security, fault tolerance, and formal methods for concurrent and distributed systems. The NAE elected Schneider to membership in 2011, and the Norges Tekniske Vitenskapsakademi (Norwegian Academy of Technological Sciences) named him a foreign member in 2010. He is currently a member of the Naval Studies Board and the Computer Science and Telecommunications Board of the National Academies, and he is founding chair of the Forum on Cyber Resilience.
OTHER RECENT REPORTS OF THE COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
A 21st Century Cyber-Physical Systems Education (2016)
Continuing Innovation in Information Technology: Workshop Report (2016)
Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop (2016)
Exploring Encryption and Potential Mechanisms for Authorized Government Access to Plaintext: Proceedings of a Workshop (2016)
Future Directions for NSF Advanced Computing Infrastructure to Support U.S. Science and Engineering in 2017-2020 (2016)
Privacy Research and Best Practices: Summary of a Workshop for the Intelligence Community (2016)
Bulk Collection of Signals Intelligence: Technical Options (2015)
Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014
Raymond and Beverly Sackler U.S.-U.K. Scientific Forum (2015)
Interim Report on 21st Century Cyber-Physical Systems Education (2015)
A Review of the Next Generation Air Transportation System: Implications and Importance of System Architecture (2015)
Telecommunications Research and Engineering at the Communications Technology Laboratory of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
Telecommunications Research and Engineering at the Institute for Telecommunication Sciences of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues (2014)
Emerging and Readily Available Technologies and National Security: A Framework for Addressing Ethical, Legal, and Societal Issues (2014)
Future Directions for NSF Advanced Computing Infrastructure to Support U.S. Science and Engineering in 2017-2020: An Interim Report (2014)
Geotargeted Alerts and Warnings: Report of a Workshop on Current Knowledge and Research Gaps (2013)
Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Future Decision-Making (2013)
Public Response to Alerts and Warnings Using Social Media: Summary of a Workshop on Current Knowledge and Research Gaps (2013)
Continuing Innovation in Information Technology (2012)
Computing Research for Sustainability (2012)
The Safety Challenge and Promise of Automotive Electronics: Insights from Unintended Acceleration (2012, with the Board on Energy and Environmental Systems and the Transportation Research Board)
The Future of Computing Performance: Game Over or Next Level? (2011)
Public Response to Alerts and Warnings on Mobile Devices: Summary of a Workshop on Current Knowledge and Research Gaps (2011)
Report of a Workshop on the Pedagogical Aspects of Computational Thinking (2011)
Strategies and Priorities for Information Technology at the Centers for Medicare and Medicaid Services (2011)
Wireless Technology Prospects and Policy Options (2011)
Limited copies of CSTB reports are available free of charge from:
Computer Science and Telecommunications Board
Keck Center of the National Academies of Sciences, Engineering, and Medicine
500 Fifth Street, NW, Washington, DC 20001