When will we be secure? Nobody knows for sure – but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers’ stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today’s commercial security products and services. Brian discuss paths to better assurance in Operating Systems, Applications, and Hardware through better development environments, requirements definition, systems engineering, quality certification, and legal/regulatory constraints. He also gives some examples.
Mathematician/computer scientist, Brian taught mathematics and helped found the computer science department at Ohio University in the late 1960’s. He joined the National Security Agency in 1971 where he became a cryptologic designer and security systems engineer.
Brian spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. Computer Security and Network Security were major aspects for these systems. He created and managed NSA’s Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.
His later years at NSA were the model for what it means to be a senior Technical Director at NSA (similar to a Chief Scientist or Senior Technical Fellow in industry); he served in that capacity in three major mission components –
The Research Directorate (1994-1995),
The Information Assurance Directorate (1996-2002), and
The Directorate for Education and Training --NSA’s Corporate University (2003-2006)
He was the first Technical Director appointed at the “Key Component” level at NSA, and the only “techie” at NSA to serve in such a role across three different Directorates.
In all of his positions, he insisted that the actions NSA took to provide intelligence for our national and military leaders should not put U.S. persons or their rights at risk. He was a leading voice for always assessing the unintended consequences of both success and failure prior to taking action.
Brian retired in 2006 and is now an Independent Security Consultant and Ethics Advisor.
National Security Agency (NSA)