Full Program »
Invited Essayist Keynote
Thursday, 6 December 2012
08:45 - 10:00
Trust Engineering — Rejecting the Tyranny of the Weakest Link
Susan Alexander, Director, Safe and Secure Operations, Intelligence Community Advanced Research Projects Activity (IARPA)
About ten years ago, NSA's soon-to-be Director of Information Assurance asked me, the soon-to-be Director of Information Assurance Research what we could do to deal with software, which was making more-frequent surprise (and unwelcome) guest appearances in security-critical systems. Today, the loss of control that made software so hard to trust then applies to the rest of the supply chain as well. The discipline whose name we coined in the 2002 internal paper, Trust-engineering: An Assurance Strategy for Software-based Systems, no longer seems heretical today, even at NSA. Ten years later, we revisit the principles of trust engineering, compare the mechanisms available to us today with the practices of the past, and explore the construction of systems that are stronger than their weakest link.
Susan Alexander is the Director of the Safe and Secure Operations Office at IARPA, the Intelligence Community's advanced research arm. In pursuit of its goal to enable IC missions to maneuver freely and effectively in a networked and often hostile environment, SSO sponsors research in information assurance, quantum information sciences and advanced computing technologies and architectures.
After graduating from Yale, Susan trained as a cryptanalyst and worked extensively in foreign intelligence before turning to the harder problem of information assurance. In support of the latter mission she has also served as NSA's Associate Deputy Director for Information Assurance Strategy, Director of NSA's National Information Assurance Research Laboratory (NIARL), Chief Technology Officer for Cyber, Information and Identity Assurance in the Office of the Secretary of Defense, and senior advisor to the director of the Joint Interagency Cyber Task Force overseeing the Government's Comprehensive National Cyber Initiative (CNCI).