Kaspersky Academy continues its project “Five minutes with…” that will see our partners and renowned university professors answering the Academy’s questions. The next interlocutor Dr. Enrique Mafla who is a professor of Computer Science at Escuela Politecnica Nacional, Quito. He received his MS and PhD from Purdue University. He has published in IEEE Computer, USENIX Journal on Computing Systems, Computer Networks and ISDN Systems and presented his work in several international conferences on Computer Science. Dr. Mafla has worked for the Food and Agricultural Organization of the United Nations and the University of Florida. In addition to teaching and research, he has been an external consultant on ICT and information security issues for major organizations in Ecuador
1. Some people involved in the academic sphere claim that ITsecurity is not a science that can or should be included in university curricula. How would you respond to them?
It would be very difficult to sustain that claim. Computer security (now IT security) has been taught and researched as a scientific field since the early ages of computer science. ACM has identified information assurance and security as one of the major knowledge areas in the bodies of knowledge for computer science, information technology, and information systems. Scientific research in IT security has produced algorithms, protocols, models, frameworks, and other forms of scientific knowledge.
2. Who is most interested in enhancing knowledge in areas such as IT security? All branches of government? Intelligence services? Business? Science? Members of the general public? Legal authorities?
Intelligence and surveillance services are, definitely, the most interested in IT security. Stuxnet and the U.S. Presidential Policy Directive 20 released by Edward Snowden are two examples of the huge strategic interests those services have in IT security. Of course, given the classified nature of the programs and projects conducted by intelligence services, it is not easy to see the real magnitude of their interest in IT security.
3. Is it true that he rules information, rules the world?
It is truer than ever. The magnitude of the programs carried out by governments and big companies to obtain and process information evidence that assertion. Military power without intelligence information would be useless. Web intelligence and big data are major priorities for business and government.
4. In the 18th century the doctrine “Back to nature!” was born, calling on mankind to rejecttechnological progress… Is life without computers, cell phones and Internet possible in the 21st century?
Forget about it. That is utopia, at its simplest. Granted, given the need, mankind can adapt to almost any environment and circumstances. However, it will not give up all the benefits brought by technology just for the sake of some romantic view of the world. All the contrary, what the majority of the people wants is more and more technology. It is true that those technologies are changing the establishment in significant ways, and its use (or misuse) can be disturbing; but we have to adapt and make a good and safe use of them.
5. Science fiction writers predicted planes, submarines, atomic bombs and videophones – but none of them predicted the appearance of the Internet. What is the reason for that?
Nobody, even the “fathers of the Internet”, like Vinton Cert, could have predicted, more or less precisely, the revolutionary path the Internet has followed over the years. However, in 1984, Orwell envisions some of the features and technologies of today’s Internet; in particular, those used by NSA and other similar agencies.
6. What do you think of predictions that soon the most effective – and therefore only -way to wage war will be to hack the enemy’s computer networks, while tanks, missiles and aircraft carriers will become museum exhibits?
Those predictions are quite plausible. The dependence of nations’ critical infrastructure on ICT is so strong that cyberwar is not science fiction, any more. This situation was clearly shown by Stuxnet. Because of this, governments have realized the need to harden their ICT infrastructure and, at the same time, develop methods to exploit the vulnerabilities of their potential enemies’ ICT infrastructure. These concerns have been made quite explicit in the now public U.S. Presidential Policy Directive 20. And certainly, conventional warfare technology will become obsolete.
7. If a Nobel Prize was also awarded for IT security, who would be the first winner?
There are many brilliant scientists in this field; therefore, choosing the first winner for the Nobel Prize in IT security would be a daunting task. In any case, my choice would be Ronald Rivest, for his significant contributions to cryptography.