Timar 15

o o tk it Social en
a c ec ss R i ng S
ginee
r
m o te p
g Re e c M a l wa re P ay l o a d Pa c k e t a m
h in b Lu lz S s niffer
P Spe
is ig c b om
se V iru s Vu lner ab ility W ha lin
hi s hin a
Lo hor g W h g R
h
g n i
r-ph
ja te e
fer P
gg in b Tro sh K e y s t ro k e l o g L o g i c G
Volume 39 • Issue 1 • MArch 2015 • theinstitute.ieee.org
g g i n ra mo
a b y
is
om ktivis t H o m b Lul h
e b c z atH
e lo
te a
m ng H a c k d o o r B l a c k h a t B o t B o t n Sec
cB a et B M
k
ca ki
c
e rute- alw
o
cess
n t i
ystr
idd mb Tro Hacktivist Hash Keystroke logging Lo Gray ha i
ack
sA
re T
o u forc
e at
ing
m
e
Root
y
tH
are ne phish
a
on ta
K
yw
Hac
h
Pay
p
kit Sc
s
ck
re A
S
vist Ha
ktivis
l
Clo
o ad
g
wa
f n
d
i
P
A
rip
o
acket
haling
t Hash
o
gic
Sp
i n g Co d e
g
sniffer Phi
S PEC IA L RE P ORT
it y W
n
CYBERSECURITY
i
Keystroke logging Logic bo ear-phi

s h
C
i
l
o
h
i
m p i l e r Co o k i e C
b
p
a
-
shing Remote acce

r
r
e
a
Thwarting
n
e
l
p
u
S
V
m
iV ru s
attacks
a
r
p
a c
S
k i
e
g
n
s
n
gD
r
i
s
o
r
s
e
h
e
R
n
e
i
n
o
i
pa m S
n
l
a
o
-
c
m
i
of
j
t
t
Ha
g
k
i
-se
o
b
n
it
at
l
r
p
S
L
v
h
c
ic
ex
u
l
ea
y
p
r
a
ip
r ttac lzSe
ai
G
o
c
y
l l
b
a
a kD
i r ew
i
d
die
e
c
im istrib
e
o
F
M
ing Soci
i
r
T uted d
e
x
a
re D o
Z
enial-of-service a ttack
s
al
w
are a k
h
t
engin w
a
y t
i
p p
h
n
P e g S ri
g
a er fi n c
et
poo y in oo S
i
g
S
load Spam Spear-phishing Sp tk it Wh

fing Packe o o g
t
n
ab
R li
s
t sniffer Ph e s s a
eK y
Spyw a cc h
i
ishing Remot e li ity W ty W
li
sh ar ra b e Tim h
Ha e bomb Troj rse Virus Vuln e alin
i st an ho gW
h i te
ktiv
03.Cover.LO [P].indd 1
h 2/2/15 9:30 AM
Calendar & Briefings
IEEE Events
March April May
4 1962
1 1964
The first nuclear power John G. Kemeny and
plant in Antarctica Thomas E. Kurtz run
begins operation, in the first program in
McMurdo Sound. BASIC, the computer
language they created
6 as a teaching tool.
1957
Hundreds of people
take one last trip on
New York City’s trolley
cars [above] as they
make their final runs.
7–8
Region 10 meeting
in Dhaka, 10–12
Bangladesh. Region 3 meeting
in Fort
Lauderdale, Fla.
15 11
1915
Thomas J. Watson is 11 1924
Birth date of Antony
named president of the 1900 Hewish [above],
Computing-Tabulating- The U.S. Navy acquires corecipient of the 1974
Recording Co. (later its first submarine Nobel Prize in Physics
IBM), a position he propelled, once for his contribution to
would hold until 1956. submerged, by the discovery of pulsars,
electric motors. cosmic objects that emit
pulses of radio waves.
15–19
Region 5 meeting
in New Orleans.
22
1960
❂ Mildred Dresselhaus
IEEE Life Fellows Charles

H. Townes and Arthur
27 Medal of electrical engineering and physics
1933
L. Schawlow receive a in 1985.
patent for the optical and
First day of Chicago’s
Century of Progress Honor Goes to Dresselhaus has made pioneer-
Dresselhaus
infrared maser [pictured International Expo- ing contributions to the study of
with Townes, above]. sition [above]. New phonons, thermal transport in
technologies on i e e e L i f e F e ll o w Mildred nanostructures, and the structure of
display include air- Dresselhaus is the recipient of the carbon nanotubes.
23–26 conditioning, ultraviolet
lights, and a voice-
2015 IEEE Medal of Honor “for leader- She served in 2000 as director
Region 7 meeting ship and contributions across many of the U.S. Department of Energy
controlled model train.
in Montreal. fields of science and engineering.” She Office of Science, in Washington,
30 is the first woman to receive IEEE’s

highest award.
D.C. From 2003 to 2008, she was
chair of the governing board of
28–29 30 1987
Philips Co. introduces
Dresselhaus is a professor the American Institute of Physics.
Region 2 meeting 1916
the compact disc
emeritus at MIT, which she joined She was president of the American
in Columbus, Birth date of IEEE Fellow in 1960 as a researcher in its Lincoln Physical Society in 1984 and of
video (CD-V ), a format
Ohio, and Region 8 Claude E. Shannon, Laboratory Solid State Division, in the American Association for the
that could store both
meeting in Limassol, who became known Lexington, Mass. She studied the Advancement of Science in 1997
video and audio files.
Cyprus [above]. as the father of
properties of carbon there, and her and treasurer of the National Acad-
information technology.
pioneering research earned her emy of Sciences from 1988 to 1992.
the nickname “Queen of Carbon She was presented with the
Donna Coveney
Historical events are provided by the IEEE History Center. For photos and videos of these
Science.” She became a professor of 2014 U.S. Presidential Medal of
engineering milestones, visit http://theinstitute.ieee.org/briefings/calendar.
electrical engineering in 1967, joined Freedom, the country’s highest honor
Clockwise from top: Marty Lederhandler/AP Photo; Rex Features/AP Photo; Hedrich Blessing Collection/ the physics department in 1983, and for civilians, for “deepening our
Chicago History Museum/Getty Images; iStockphoto(2); AP Photo; iStockphoto; cover: bonnie nani
became an Institute Professor of understanding of condensed matter
2 the institute March 2015 theinstitute.ieee.org
3p.Briefings.LO [P] [P].indd 2 2/6/15 10:09 AM

systems and the atomic properties mation company in Mountain View, Mintzer has received more than
Inside
of carbon—which has contributed Calif. Her responsibilities include 25 patents and written more than 50
to major advances in electronics and creating programs for technical stan- technical papers. He was twice named
materials research.” dards development and software tool an IBM Research Master Inventor.
The Medal of Honor is sponsored interoperability, building relation- Mintzer was vice president of IEEE
by the IEEE Foundation. Dresselhaus ships with universities and research Technical Activities in 2012 and direc- Protecting Against
is to receive the award at the annual institutions worldwide, and engaging tor of Division IX in 2008 and 2009. He
Cyberattacks 6
IEEE Honors Ceremony, to be held customers with social media. She was 2009 chair of the IEEE Employee President’s Column:
20 June at the Waldorf Astoria Hotel joined Synopsys in 1995 as manager Benefits and Compensation Com- Planning for IEEE’s Future 11
in New York City. of its standards group and was direc- mittee and has been on several other
—Amanda Davis tor of quality from 2000 to 2002. committees, including the IEEE Greg Shannon:
She received the 2003 Marie Nominations and Appointments, Gov- Safeguarding Systems 14
R. Pistilli Women in Electronic ernance, and Investment committees.
Meet the 2016 Design Automation Achievement In 2009 he served as Region 1 liaison
Introducing the 2015
Class of IEEE Fellows 18
Candidates Award. Bartleson also authored a
book, The Ten Commandments for
to the IEEE Technical Activities Board.
He was president of the IEEE
T h e I EEE B o a r d of Directors has Effective Standards: Practical Insights Signal Processing Society in 2004 and
nominated Senior Member Karen
Bartleson and Life Fellow Frederick
“Fred” Mintzer as candidates for
for Creating Technical Standards,
published by Synopsys Press in 2010.
She was president of the IEEE
2005. As president, he helped launch
the society’s IEEE Transactions on
Information Forensics and Security.
Online
Available 6 March at
2016 IEEE president-elect. They are Standards Association in 2013 and —A.D.
theinstitute.ieee.org
set to face off in the annual election 2014. As president, she led the
later this year. The winner will serve
as IEEE president in 2017.
development of a new strategic
plan; furthered OpenStand, a set Proposed a history of hacking
The Institute explores more than
Bartleson is senior director of
corporate programs and initiatives at
of principles for developing global
standards; and finalized IEEE’s
Amendment a century of hacking incidents.
Synopsys, an electronic design auto- membership in the Global Standards to the IEEE membership statistics
Find out which IEEE groups
Collaboration, a volunteer organiza-
tion that promotes cooperation and Constitution showed the most growth in 2014.
collaboration in communications The I EEE Boa rd of Directors has in memoriam
standards development. proposed revisions to the IEEE Con- IEEE honors the lives of three
As a member of the IEEE Board of stitution designed to update the doc- members who recently died.
Directors in 2013 and 2014, Bartleson ument and accomplish the following:
chaired and led the development of
the strategic plan for the IEEE Internet n better define IEEE membership
Initiative Committee, which aims to n eliminate operational procedures roles of IEEE directors, as
boost IEEE’s influence in the areas of that are currently well defined detailed in the bylaws
Internet governance, cybersecurity, in, or more appropriate for, the n create a closer tie to IEEE’s
and policy development. She was also IEEE bylaws or other lower-level Certificate of Incorporation, the
a member of the IEEE Strategy Com- governing documents document that legally establishes
Clockwise from top left: Johnny Wilson Photography; Isabel Solano/Getty Images; Barbara Santagata
mittee, overseeing the development of n better define the roles of the the organization
IEEE’s role in global public policy. IEEE Assembly and its delegates, n change the voting requirement
Mintzer joined IBM in 1978 and which are separate from the for amending the constitution to
spent the early part of his career
there investigating signal and image
Karen Bartleson processing. He later managed projects
that developed image-based digital
library technologies and applied
them to joint projects with museums
and libraries, including the Egyptian
Museum, in Cairo; the Hermitage
Museum, in Saint Petersburg, Russia;
and the Vatican Library, in Vatican
City. From 2001 to 2005 he was senior
manager of IBM’s visual technolo-
gies department, which worked on
computer graphics, data visualization,
and digital imaging.
From 2005 to 2013 he was program
director for IBM’s Blue Gene Watson
supercomputer facility and associate
director of its Deep Computing Insti-
tute, both at the company’s T.J. Watson
Research Center, in Yorktown Heights,
Frederick “Fred” Mintzer N.Y. He retired on 1 January 2014.
theinstitute.ieee.org March 2015 the institute 3
3p.Briefings.LO [P] [P].indd 3 2/5/15 12:16 PM

at least two-thirds of those
voting in an annual election,
removing the current require-
Region News
ment of achieving a 10 per-
cent return rate of ballots
The Board of Directors 7

region No r theastern
endorsed the proposed amend-
1
U n i ted States
ment at its August 2014 meeting
and asks the members to vote ■■Student branch formed at 1-6 8
Fairfield University, Connecticut.
yes on the proposed amend-
■■ Student branch at the University of
ment, which will be a part of the
2015 IEEE annual election ballot.
Maine, Orono, forms IEEE Power & Energy 10
Society chapter.
To adopt this amendment,
■■ Berkshire (Massachusetts) Section 9
an affirmative vote of at least forms IEEE Life Member affinity group.
two-thirds of all ballots cast is
■■ Green Mountain (Vermont) Section
required, provided the total forms IEEE Power & Energy Society chapter.
number of those voting is at least
10 percent of all IEEE’s members Eas tern United S tates
region
who are eligible to vote.
2
■■Student branch at the Univer- ■■ Student branch formed at the ■■ Chengdu (China) Section forms IEEE
More details on the sity of Delaware, Newark, forms University of Basilicata, Potenza, Italy. Power & Energy Society chapter.
revisions are available at IEEE Women in Engineering ■■ Student branch formed at Al-Hussein ■■ Student branch formed at the North
http://www.ieee.org/elections. (WIE) affinity group. Bin Talal University, Ma’an, Jordan. China University of Technology, Beijing.
To read the procedure on how ■■ Switzerland Section forms IEEE Educa- ■■ Student branch at Southeast University,
to oppose proposed revisions region So uthea stern United tion Society chapter. Nanjing, China, forms IEEE Instrumenta-
3
(IEEE Policies, Section 13.7), States ■■ Student branches in Tunisia at National tion and Measurement Society chapter.
visit http://www.ieee.org/ ■■ Student branch at Georgia Tech Engineering School of Gabès, National ■■ Shanghai Section forms IEEE Industry
about/corporate/governance/ forms IEEE Engineering in Medi- Engineering School of Monastir, and Applications Society chapter.
index.html. cine and Biology Society chapter. National Institute of Applied Science and ■■ Xian (China) Section forms IEEE Reli-
Technology form IEEE Industry Applica- ability Society chapter.
—Parviz Famouri, tions Society chapters.
IEEE Secretary region Centra l United S tates ■■ Student branch at the Hong Kong Univ
4
■■Student branch at Purdue ersity of Science and Technology, Clear
University, West Lafayette, Ind., region Latin A m erica Water Bay, forms IEEE Solid-State Circuits
9
forms IEEE Robotics and Auto- ■■Student branch at Pontifícia Society chapter.
mation Society chapter. Universidade Católica de Minas
■■ Student branches in India at ABES Engi-
Gerais, Belo Horizonte, Brazil,
neering College, Christu Jyothi Institute of
So uthwestern forms IEEE Robotics and Auto-
region Technology and Science, ITS Engineering
mation Society chapter.
5
U n i ted States College, and Kakatiya University College of
■■Student branch formed at the ■■ Chile Section forms IEEE Signal Pro- Engineering form IEEE WIE affinity groups.
University of Houston. cessing Society chapter.
■■ Student branch formed at Diponegoro
■■ Colombia Section forms IEEE YP University, Semarang, Indonesia.
W e s t e r n U n i t e d S tat e s affinity group.
region ■■ Kansai (Japan) Section forms IEEE WIE
6
■■Student branch at San José ■■ Student branch formed at Universidad affinity group.
State University, California, Surcolombiana, Neiva, Colombia.
■■ Student branch at INTI International
forms IEEE Signal Processing ■■ Student branches formed in Mexico at University, Nilai, Malaysia, forms IEEE
Society chapter. Universidad Politécnica de Puebla, San Computer and Communications Society
Pedro Cholula, and Instituto Tecnológico chapters.
Ca n a da de La Paz.
region ■■ Lahore (Pakistan) Section forms IEEE
7
■■Kingston (Ontario) Section ■■ Student branch at Universidad de Inge- Power & Energy Society chapter.
forms IEEE Power Electronics niería y Tecnología, Barranco, Peru, forms
■■ Philippines Section forms IEEE Solid-
Five Elected Society chapter.
IEEE Industry Applications Society chapter.
State Circuits Society chapter.
■■ Thailand Section forms IEEE Broadcast
to the Board Calgary, Alberta, forms joint chapter
of IEEE Industry Applications and IEEE
Piura, Peru, forms IEEE WIE affinity group.
Technology Society chapter.
T h e IEEE A s s e m b l y in Power & Energy societies. region Asia a nd Pacif ic
November elected five officers Send us your news The Institute
10
■■Student branch formed at
to the IEEE Board of Directors region Eu r ope, M idd l e E ast, the University of Technology, publishes announcements of new groups
for 2015.
8
an d Af rica Sydney. once they’ve been approved by IEEE
Four of the five, who began ■■Student branch formed at ■■ Western Australia Section forms IEEE Member and Geographic Activities.
serving one-year terms on Zewail City of Science and WIE affinity group. To send us local news, like student
1 January, are new officers: Technology, Giza, Egypt. ■■ Student branch formed at the branch events and competitions, WIE or
Parviz Famouri, secretary; Jerry L. ■■ Hungary Section forms IEEE Young Chittagong University of Engineering preuniversity outreach efforts, or other
Hudgins, treasurer; Wai-Choong Professionals (YP) affinity group. and Technology, Bangladesh. IEEE group activities, use our form on
“Lawrence” Wong, vice president, ■■ Iraq Section forms IEEE Computational ■■ Student branch formed at the Royal the Region News page at
Member and Geographic Activi- Intelligence Society chapter. University of Bhutan, Thimphu. http://theinstitute.ieee.org/region-news.
ties; and Sheila Hemami, vice
president, Publication Services
THE INSTITUTE (ISSN 1050-1797) is published quarterly by The Institute of Electrical and elected IEEE officers are labeled as such. They are reviewed by the individuals to whom they
and Products. Saurabh Sinha Electronics Engineers Inc., 3 Park Ave., 17th Floor, New York, NY 10016-5997; tel. +1 212 419 are attributed, unless they are a matter of record. The editorial staff is responsible for selection
istockphoto (2)
was elected to serve a second 7900. Periodicals postage paid at New York, NY, and at additional mailing offices. Canadian
GST# 125634188. Annual subscription rate: US $26.95. Eight additional monthly issues are
of subject matter and its placement within the issue. Copyright © 2015 by The Institute of
Electrical and Electronics Engineers Inc. THE INSTITUTE is a registered trademark owned by
year as vice president, Educa- available online. The editorial policies for IEEE’s major publications are determined by the The Institute of Electrical and Electronics Engineers Inc. POSTMASTER: Send address changes
IEEE Board of Directors. Unless otherwise specified, IEEE neither endorses nor sanctions any to THE INSTITUTE, IEEE Operations Center, Coding Department, 445 Hoes Lane, Piscataway,
tional Activities. positions or actions espoused in THE INSTITUTE. Major IEEE boards review items within their NJ 08854. IEEE prohibits discrimination, harassment, and bullying. For more information, visit
—A.D. purview prior to publication. When published in THE INSTITUTE, individual viewpoints of http://www.ieee.org/web/aboutus/whatis/policies/p9-26.html.

Get members-only
discounts* on everything from
computers to car rentals.
Technology Insurance
Computers Auto/Home
Student Software Health
And More Dental
Life
Death & Dismemberment
Disability
Moving & Storage Short-Term Health Insurance
Shipping Services Long Term Care
Auto Buying Medicare Supplement
Language Learning Software Professional Liability
Small Employer Group Plans
Travel
Vacations
Car Rentals
Travel Insurance
And More
14-MDI-015 4/14
Visit www.ieee.org/discounts
*Discount availability varies by country.

Special Report:
Cybersecurity
Protecting
Against
Cyberattacks
IEEE is working to help engineers
fortify systems B Y K A T H Y P R E T Z
In light of recent highly publicized
I
n t h e f a c e of growing CERT Division at the
data breaches, denial-of-service attacks, computer security breaches, it Carnegie Mellon Uni-
makes little sense to be cavalier versity Software Engi-
and software vulnerabilities, the subject about cybersecurity and cyber- neering Institute, in
privacy. Just ask the European Pittsburgh. The initia-
of cybersecurity—the focus of this Central Bank, Korea’s Hydro and tive was established
Nuclear Power Co., Microsoft, or in January 2014 by
special report—is particularly timely. The Sony Pictures—some of the recent
cyberattack victims. Credit-card
the IEEE Computer
Society and the IEEE
payment systems have been raided. Future Directions
attacks showed that every organization’s Floor plans of sensitive facilities have Committee.
been posted on social media. Gam- Not enough
computers and data are at risk, no matter ing services have been disrupted and investment is being
employees’ personal information made to ensure that
what its goals are or where it’s located. leaked. Companies’ reputations have sufficient security
been damaged, customers have fled, and privacy controls
The incidents have led to a renewed top executives have been fired, and are implemented,
hefty fines incurred. Shannon says, adding
focus on improving the security and What’s more, the financial that the R&D com-
impact of an intrusion is growing. munity has not given
privacy of computers and networks. Last year, the average cost per inci- engineers the tools they
dent increased 15 percent over 2013 need to understand all
to US $3.5 million, according to the the possible threats against
H a c k e r s t a k e advantage help prevent software design annual Cost of Data Breach Study their systems and how to
of weak spots to break into flaws that could compromise sponsored by IBM and conducted by mitigate them.
systems that aren’t properly privacy and security. the Ponemon Institute, of Traverse The initiative is accelerating
patched or updated. Cyber- The issue also deals with City, Mich. The study surveyed innovative research and developing
criminals may download meeting the challenge of pro- 250 companies in 11 countries and cybersecurity privacy technologies to
attachments containing mal- tecting private information found that the cost incurred for protect commerce, innovation, and
ware or viruses or take advan- on mobile devices [see p. 8] each lost or stolen record contain- freedom of expression.
tage of computers that were and what must be done so ing sensitive information increased “Now is the time not only for
disposed of without having that cybersecurity is taken more than 9 percent compared with better defensive measures but also
been wiped clean. They can more seriously as a profession the previous year, to $145. for cybersecurity standards and best
also gain access through vul- [p. 9]. And we’ve profiled Greg Attackers gain access in many practices that consider the entire
nerabilities introduced by engi- Shannon, chair of the IEEE ways, including through viruses technology life cycle,” Shannon says.
neers and software designers. Cybersecurity Initiative [p. 14]. and malware, stolen passwords, “It is IEEE’s responsibility to empha-
Often, software engineers lack The initiative also aims to and personal information stored size strongly the things that can
the training and tools needed get the word out about IEEE’s on publicly accessible directories. improve security and privacy, and
to mitigate and defend against expertise in cybersecurity. The As has been the case for decades, this means not ignoring the engi-
security and privacy threats. organization has been offering hackers find their way in because of neering mistakes made in develop-
This report describes products, conferences, and engineering and operating mistakes. ing and operating software systems.
IEEE’s efforts to make devel- standards on the subject for The IEEE Cybersecurity Initiative These may be less noticeable but can
opers more knowledgeable more than three decades [p. 12]. wants to change that. prove just as harmful.
through its Cybersecurity This issue also announces “It has become clear that, gener- “Alone of any professional society,
Initiative, launched in January the winners of the 2014 IEEE ally, engineers have not had suf- IEEE has been involved in cyber
2014 by the IEEE Computer election and includes the list of ficient training nor been encouraged security from soup to nuts,” he adds.
Society and the IEEE Future senior members elevated to the to have a mind-set that considers IEEE has been helping
Directions Committee, the 2015 class of Fellows, as well as how an adversary might thwart their engineers recognize, resist, and
organization’s R&D arm. proposed revisions to the IEEE system, whether it’s on the security recover from cyberattacks for more
The initiative is working to constitution that members will side, the privacy side, or the vulner- than three decades. The annual
educate engineers and others be asked to vote on this year. ability side,” says the initiative’s IEEE Symposium on Security and
and is developing tools to —Kathy Pretz, Editor in Chief chair, IEEE Senior Member Greg Privacy, for example, marked its
Shannon. He’s chief scientist for the 35th anniversary last year. And IEEE
3p.features.LO [P].indd 6 2/5/15 2:18 PM

personal health-monitoring devices
are gaining in popularity. More gad-
gets are sharing health and medical
e T r u s
information electronically, which
u m t A
puts the privacy and security of the
s s u
data at risk.
A th “People don’t want just anybody
ev r o
to be able to access their health
profile and related information,”
Shannon points out.
“Because these devices are in
low-power, low-bandwidth envi-
r iz
e
ronments, they present challenges

N
from an engineering point of
e Af
view,” he says. The hurdles include
ctly
ensuring that data from wearable

trackers are being uploaded to an
authorized device and the plat-
te r A u t h e
form uploading the data is getting
it from the correct sensor. “A solu-
e
tion to this challenge that works on

the desktop might not work for a
r
wearable device,” Shannon adds.

r
And larger medical devices

come with their own set of security
o
concerns. The medical community

C
has generally been unconcerned

about the possible theft or manipu-
lation of its data because medical
y
n ti devices have traditionally been

ensconced in hospitals and medical
h
facilities. But once the machines

become portable and common
p
c
in homes and their information
a
is increasingly shared, the data

a
g r tin could be manipulated in ways the

original engineers never considered,
pto e Cr y
g Us Shannon cautions.
“Many of these devices use
vulnerable components and oper-
ating systems, and patching them
is a concern,” he says. “Engineers
have to be very careful about
whether the patched product will
still be certified by agencies that
oversee them, like the U.S. Food
and Drug Administration, and
whether the update causes some-
thing else to malfunction. If it’s
your pacemaker, you care a great
deal about that.”
To that end, the initiative is
offers conferences, publications, stan- but some aspect of its execution center was formed by such organi- developing “building codes” for
dards, and other services [see p. 12]. fails. The security industry has zations as Athens University of Eco- medical devices similar to those
But many in the cybersecurity field been focused mostly on finding nomics and Business, Cigital, EMC, used in the construction industry.
are unaware of the breadth, depth, and eradicating bugs; it has virtu- Google, Harvard, Twitter, and the “Security and privacy issues—
and longevity of IEEE’s work, accord- ally ignored the fact that design University of Washington, Seat- what is important and what is
ing to Shannon. The initiative plans flaws may also be the subject of tle. The CSD released a report in reasonable or what is not—are still
to change that, too, along with add- attack. Unfortunately, not much August detailing the top 10 most being defined by society,” Shannon
ing new offerings to the field. reference material exists on how to widely and frequently occurring says. “Part of a broader aspect of
avoid these types of flaws. software security design flaws, the initiative is to help understand
SE CU R I T Y: F R O N T AN D CEN T ER That’s why the initiative estab- as well as recommendations for the decisions that must be made,
About half of all security breaches lished the IEEE Center for Secure avoiding them. The report is also as well as larger issues such as
are possible because of flaws in the Design, hosted on the initiative’s on the initiative’s website. who has a right to what data, and
software’s architecture and design. website at http://cybersecurity.ieee. what can and can’t companies be
Bonnie Nani (2)
The rest result from bugs in the org/center-for-secure-design.html. GUA RDING M EDICAL data allowed to do with personal data.
software’s implementation—the It focuses on identifying and pre- Wearables, smartphone apps, We know that IEEE will help inform
overall design may appear sound, venting software design flaws. The portable diagnostic units, and other that conversation.” ◆

software—is used to gather sensitive Furthermore, the framework
information, gain access to private would help prevent data leaks by
networks or accounts, or disrupt relying on engines designed to
system operations. Consumers block potential breaches that can
unknowingly encountering malware give hackers access to passwords,
can give hackers entry into their online accounts, documents,
mobile devices. and more. The cloud feature
Unlike the sophisticed scans that would make it possible to collect
run on desktop systems, mobile information gathered from all
devices have limited options for
running antimalware or antivirus
software; the gadgets don’t have the
computing and battery power to
handle the workload. Mobile devices
“The threats to mobile devices are
part of an enormous problem,” says are roaming
Greg Clark, CEO of Blue Coat Systems,
an information security company in
Sunnyvale, Calif. “Many users don’t
through some
fully grasp the scope of the efforts
contrived to entice them to down-
of the worst, yet
load malware on their devices.”
Blue Coat issued a report last
most advanced,
year on mobile threats, covering
some of the concerns above. Clark security-
looks at security in mobile devices
as akin to walking through one of threat spaces
the most dangerous neighborhoods
wearing an expensive suit and car-
rying a fancy briefcase. “Some of
in the world.
these mobile devices are roaming
through some of the worst, yet most
advanced, security-threat spaces in the devices connected with the
the world,” he says. “These devices framework to more easily identify
are hardly protected.” new malicious applications and
Developers could choose, how- Web-based threats.
ever, to make mobile devices more Antivirus and antimalware
resistant to attacks, Clark says. engines accessible through a cloud-
based service would take the load
A N EW FRAM EWOR K off the devices, Li says. As part of
Mobile Devices
Methods for increasing security in the scanning service, the network
operating systems have changed could catalog and report on the
dramatically over the years. “It’s reputation, risk, and vulnerability
Lack Security
been a cat-and-mouse game,” Clark levels of each installed application—
explains. “Security companies like which would help users decide
ours find a way to stop hackers, who what apps to keep.
then find another way in.” Network-based inspections
Clark and Qing Li, Blue Coat’s are scalable, flexible, and able to
It’s a problem developers can no longer ignore chief scientist, are developing
a framework they call an
intercept and disrupt threats, Clark
says. “In the Wild West of mobile
BY MONICA ROZENFELD infrastructure-centric security apps and the rapid sprouting of
ecosystem with a cloud defense, websites,” he says, “users want
O
which mobile developers could their networks to inform them
f the world’s smartphones and tablets designed adopt for their operating systems. when they are accessing malicious
7 billion people, by nearly the same number of They describe it in an article, “Mobile content and proactively terminate
6 billion rely on developers. Many of them are nov- Security: A Look Ahead,” published in the attacking threats. And we want
mobile phones or ice designers with little concern for IEEE Security & Privacy magazine. to allow the network to be pro-
tablets to bank, shop, protecting the security and privacy Their cloud-based framework grammable to offer layered defense
post to social media, and monitor of the data their apps collect and would be an agile system able to for the end points.”
their health. With all the personal store. Moreover, when downloaded, keep pace with evolving threats. The willingness to have an
and professional information being many of the apps have access to The framework would consist of open network, however, has to
shared, it’s important that data other information in the mobile application proxies, real-time come from the users and service
from mobile devices be secure. Yet device, making them potential out- content categorization and rat- providers in order to allow security
that’s rarely the case. lets for data leakage and theft. ing engines, and real-time URL solutions to inspect and analyze
Securing such information is That’s just one issue. Another is analysis engines to help decide activities to ensure harmful
no small feat. Unlike applications malicious websites. More than half which websites are safe to browse. content is not being accessed, Li
designed for laptop and desktop of websites are live for 24 hours or The Blue Coat model would also says. “Mobile security,” he points
iStockphoto
computers—often created by just less, which makes them difficult filter malware from compromised out, “requires an entire ecosystem
a handful of companies—there are to monitor for harmful content. websites to prevent an attack from to participate in the defense of
now more than 1 million apps for Malware—short for malicious ever reaching a user’s device. mobile devices and their users.” ◆

C
areers
address cybersecurity,” Shannon Computer Security Institute, and the
says. “Meanwhile, not enough new International Society for Profession-
people are entering the profession als in E-Commerce. Plus, the field is
to fill the void.” rife with conflicting definitions and
Raising the Bar LET’ S SET STA NDARDS

To bridge the gap, researchers from
competing requirements.
Universities should establish a
more unified educational path for
for Cybersecurity the Pell Center at Salve Regina Uni-

versity, in Newport, R.I., are call-
ing on the cybersecurity industry
students interested in a cyber
security career, Kern says, noting,
“There are no nationally or interna-
Specialists to create professional standards for

those in the field. In July, they issued
“Professionalizing Cybersecurity,” a
tionally accredited programs that
universities can adhere to and pub-
licize in a way that a student can say,
report that calls for an overarching ‘That’s where I can obtain the kind
More training and standards are needed to professional association to create of education I need to get started in
clear paths for a variety of careers. the cybersecurity profession.’”
meet the growing demand B Y J o h n R . P l a t t “What we propose is not just a way
to put more people in the pipeline,” lear n i n g t h e la n g uag e
D
says Pell Fellow Francesca Spidalieri, The Pell report offers recommenda-
o y o u k n o w how to “This confusion causes the profes- who coauthored the report with Lt. tions for developing a more orga-
become a cybersecurity sion to grow less efficiently than it Col. Sean Kern, a Pell Center adjunct nized cybersecurity profession,
professional? Do you could,” says IEEE Senior Member fellow with the U.S. Air Force. “It is including establishing clear bodies
know what courses to Greg Shannon, chief scientist for the also about guaranteeing that those of knowledge and educational paths
take, which certifica- CERT Division at Carnegie Mellon in the industry reach the highest for the 31 workforce specialties.
tions are needed, and what skills University Software Engineering Insti- professional standards.” “You really have to have that
employers require? As a hiring tute, in Pittsburgh, and chair of the The industry has tried to body of knowledge, along with
manager, can you assess whether IEEE Cybersecurity Initiative. “People respond to the needs of the market- some means of assessing if a person
your new hire knows how to write can’t say, ‘These are the credentials place by developing certifications understands that knowledge and
secure mobile apps, defend systems I need’ and ‘This is how much itis and other educational standards can apply it creatively against
against cyberattacks, or protect cus- going to cost me to get them.’” for various career paths. However, whatever problems an organization
tomer credit-card data? The lack of clarity, Shannon these have sprung up individually. faces,” Spidalieri says. “That’s the
The truth is, not many people can says, has contributed to a wide- They often overlap each other and language of a profession.”
answer those questions. And that spread shortage of trained, experi- leave gaps. There are many different roles
uncertainty, experts say, is a problem enced cybersecurity professionals. The report found that cyberse- to fill in cybersecurity, says IEEE
for the cybersecurity industry. Its Similarly, it has created a challenge curity is composed of 31 different Senior Member Gary McGraw, chief
rapid growth during the past decade for employers to hire people with specialties dealing with such areas as technology officer of Cigital—a
has led to an unclear educational the right skills. HR reps find them- information assurance compliance, software security firm in Dulles,
path for students. There is also an selves confronted with a variety systems security architecture, and Va.—and a volunteer for the IEEE
absence of generally accepted quali- of certifications from about two digital forensics. These specialties Cybersecurity Initiative.
fications that tell hiring managers dozen organizations. are served by at least 23 different “Each role needs to have its
and human resources departments “There are people out there certification programs from such own education and experience
which job candidates have the right who are being positioned, rightly organizations as the American path,” McGraw says. “If you think of
experience and credentials. or wrongly, beyond their skills to Society for Industrial Security, the security like medicine, you need first
responders, nurses, doctors, brain
surgeons, and everything in between.”
The largest cybersecurity
certification program, the Certi-
fied Information Systems Security
Professional (CISSP), would serve
the emergency medical responders,
nurses, and maybe doctors, but it
wouldn’t help the brain surgeons
and other specialists, McGraw says.
“Organizing a common body of
knowledge in any area is always
useful,” he says. “A CISSP certifica-
tion guarantees only that you have
a modicum of knowledge about a
swath of cybersecurity. Your knowl-
edge may be wide but not very deep.”
Spidalieri and Kern also call for
each specialty to develop its own code
of ethics, something currently lacking.
“Part of what we learn in engineer-
Erik Isakson/Getty Images
ing these systems correctly is how to

break in,” McGraw says. “You need to
break into systems and find security
flaws before hackers do.” Otherwise,
he points out, some will use those
same skills for nefarious purposes. ◆

opinions
and embedded processing and IEEE Q u i c k G u i d e
storage capabilities.
SDNs will become “nervous sys-
tems” for things like terminals, drones, T h e IEEE
robots, machines, and cars. With Support Center
Visit https://supportcenter.ieee.org
SDNs and NFV, the border between
to search the knowledge base for
the telecom infrastructure and what information by topic, read answers
connects to the “things” will blur. to frequently asked questions,
submit your own question, or initiate
an online chat with an agent.
hackers f or hire
We asked readers whether tech com-
panies should hire hackers to find T h e IEEE
security flaws in their software. Contact Center
For assistance with IEEE products
and services or help with
“Professional hackers are specialists,
publication delivery
hence best qualified to find and fix
For e-mail inquiries
Q ue s t i on o f t h e m o n t h security problems, but how do you The IEEE Contact Center is open from 4:30
know they didn’t install or leave p.m. ET (20:30 GMT) Sunday to
Should We Fear
open a ‘back door’?” 4:30 p.m. ET Friday.
E-mail: contactcenter@ieee.org
“No, just as banks shouldn’t hire Tel.: +1 732 981 0060 (worldwide)
a Catastrophic
Tel.: +1 800 678 4333
thieves as security guards.”
(U.S. and Canada)
Fax: +1 732 562 6380
“The FBI and some casinos in Las To renew membership
Cyberattack?
Vegas have hired former criminals http://www.ieee.org/renew
to work for them. Obviously, this is T o J OIN
potentially risky, but in some cases it http://www.ieee.org/join
could be effective. There’s no simple
In a survey by the Pew Research Center of 1,642 black-and-white answer here.” Contact Points
cybersecurity experts, 61 percent said a widespread IEEE O p e r a t i o n s C e n t e r
false predictions about tech Tel.: +1 732 981 0060
cyberattack will occur in the next 10 years, leading Readers added to our list of famous 445 Hoes Lane
Piscataway, NJ 08854-4141 USA
to at least one of the following: the theft of tens of predictions that proved to be wrong. Business hours: 8 a.m. to 5 p.m. ET
billions of dollars, harm to a nation’s security and “Television won’t be able to hold on to
(12:00 to 21:00 GMT),
Monday through Friday
capacity to defend itself, or a significant loss of life. any market it captures after the first IEEE C o r p o r a t e Off i c e
N e w Yo r k C i t y
six months. People will soon get tired Tel.: +1 212 419 7900
Chime In Tell us what you think by commenting online at of staring at a plywood box every
IEEE – USA
http://theinstitute.ieee.org/opinions/question. night.” —Darryl F. Zanuck, executive Wa s h i n g t o n , D . C .
at 20th Century Fox, in 1946 Tel.: +1 202 785 0017
Fax: +1 202 785 0835
E-mail: ieeeusa@ieee.org
“Two years from now, spam will A s k * IEEE D o c u m e n t D e l i v e r y
be solved.” —Bill Gates, in a 2004 Tel.: +1 800 949 4333
Sparking Conversation Information Week article Fax: +1 303 758 1138

E-mail: askieee@ieee.org
In December, The Institute delved into software-defined Rem em bering Ra lph Ba er C o n f e r e n c e I n f o r m at i o n

Tel.: +1 732 562 3878
networks (SDNs), which decouple hardware from Tributes poured in for the IEEE Fellow Fax: +1 732 981 1769
software and then execute the software either in the and inventor of the first video game E l e va t i o n F o r m s
cloud or in clusters of distributed IT servers. Online, we console, who died on 6 December. Associate to member:
blogged about famously false technology predictions and http://ewh.ieee.org/forms/v2/md/memelv.htm
published a tribute to the late Ralph Baer, the father of video games. The “This man paved the way for innova- Member to senior member:
http://www.ieee.org/
conversation continued on our website. tive human-computer interaction membership_services/membership/senior/
and interfaces. It’s amazing to think application/index.html
A s k t he E x p e r t s Q: What security issues are that it all started with his putting IEEE m e m b e r d i s c o u n t s P r o g r a m
Antonio Manzalini, chair of the associated with SDNs? pen to paper at a bus terminal.” Tel.: +1 800 438 4333
IEEE Software Defined Networks Chemouil: The risk is that a cen- Fax: +1 732 981 0538
E-mail: discounts@ieee.org
Initiative, and Prosper Chemouil, tralized SDN controller could be a “I had the pleasure of hearing Ralph
Ombudsman
chair of the initiative’s conference single point of attack or failure. To Baer as the keynote speaker at Tel.: +1 800 678 4333
subcommittee, answered readers’ get around this, some researchers an IEEE New Hampshire Section E-mail: ombudsman@ieee.org
questions about SDNs. have proposed setting up multiple annual meeting. Prior to that, I S e ct i o n a n d C h a p t e r
SDN controllers, either in a distrib- had no idea that video games had I n f o r m at i o n
Q: How will SDNs hold up in the face uted or hierarchical structure. started in this state.” Tel.: +1 732 562 5511
Fax: +1 732 463 9359
of massive congestion?
Hiroshi Watanabe/Getty Images
E-mail: sec-chap-support@ieee.org
Manzalini: Traffic engineering and Q: How will SDNs facilitate the “Many people have been unable to St u d e n t Act i v i t i e s I n f o r m a t i o n
the orchestration of functionalities Internet of Things? find work they love doing, perhaps Tel.: +1 732 562 5527
will help lessen the risk of massive Manzalini: SDNs and network because they’ve been taught there Fax: +1 732 463 3657
congestion. In SDNs, data and functions virtualization (NFV ) can be no gain without pain. This E-mail: student-services@ieee.org
control planes could be logically are accelerating the transition man obviously loved what he did. Technical Societies
I n f o r m at i o n
and physically decoupled, easing to telecommunications Ave atque vale.” [Latin for “Hail Tel.: +1 732 562 3900
any congestion. infrastructure with more pervasive and farewell.”] ◆ E-mail: society-info@ieee.org
10 the institute March 2015 theinstitute . ieee . o r g
3p.Opinions.LO [P].indd 10 2/2/15 12:32 PM

H o wa rd E . Mi c hel IEEE Presi dent a nd CEO
Editor in chief
Kathy Pretz, k.pretz@ieee.org
A s s o c i at e E d i t o r
Toward a More
Monica Rozenfeld, m.rozenfeld@ieee.org
S e n i o r E d i t o r i a l a s s i s ta n t
Amanda Davis, amanda.davis@ieee.org
Secure Future
E d i t o r i a l C o n s u lta n t
Alfred Rosenblatt
Copy Editors
Joseph N. Levine, Michele Kogon,
History is We hold more than 1,400 To this end, we ran a pilot
Mark Yawdoszyn, Peter Borten littered with conferences annually, face-to- program in 2014, and this year we’ll
Senior Art Director
companies that face meetings that are episodic. be launching IEEE Collabratec. It
Mark Montgomery did almost Nothing new here; people have will provide a suite of online tools
Art Director
everything right been holding meetings for eons. with which to network, collaborate,
Bonnie Nani but failed anyway. And between meetings, people and create—making publishing
Photography director
Some failed are communicating and innovat- faster and easier.
Randi Silberman Klett because they didn’t understand ing 24/7/365, across the globe. However, we are not alone.
Director of Periodical
what their business was, or should Some are using video chat tools, Facebook, LinkedIn, Research-
Production Services have been. For example, Eastman webinars, and blogs. Episodic, Gate, Twitter, and Wikipedia, to
Peter Tuohy Kodak thought it was in the film face-to-face meetings are becom- name a few, are also innovating
Editorial & Web business. Actually, it was in the ing obsolete in the Internet Age. in the information space. While
Production Manager business of capturing and preserv- In the future, nearly all schol- they are not our direct compet
Roy Carubia ing images. It ignored disruptive arly and business information itors today, they could be if we
W e b P r o d u c t i o n C o o r d i n at o r innovations that would render its will be created by individuals miss the sea change in how tech-
Jacqueline L. Parker traditional film business obsolete. nologists produce, acquire, and
M u lt i m e d i a P r o d u c t i o n Today, it is far from the powerhouse use information.
Specialist company it once was.
Michael Spector
In 1975, Steven Sasson, an
electrical engineer on Kodak’s
More than ever, LOO K IN G AH E AD
IEEE is focusing this year on not
Editorial Offices
IEEE Operations Center
445 Hoes Lane, Piscataway, NJ
research team, created the first
digital camera—decades before
IEEE needs to just our immediate future but also
on what is coming in 5, 10, and 15
08854-4141 USA
Telephone: +1 732 562 6825
Fax: +1 732 562 1746
digital cameras flooded the mar-
ket and built-in cameras became address the years. We will talk about the future
of information, the future of con-
commonplace in cellphones. ferences, the future of membership
E-mail: institute@ieee.org
Web: theinstitute.ieee.org The company saw no business future of in professional technical organiza-
opportunity for its digital camera, tions, the future of publications,
Editorial
A dv i s o r y B oa r d
because it could not imagine a
world in which its film was sup-
information. and the future of standards devel-
opment. In short, we will talk about
Alexei Botchkarev, Hierold Christofer, planted by digital media. Less the future of IEEE.
Anthony Durniak (Staff Executive, IEEE
than 30 years later, Kodak was IEEE’s Board of Directors has
Publications), Matthew Genovese, Susan
Hassler (Editor in Chief, IEEE Spectrum), struggling to reinvent itself in the who never meet in person— already been incorporating these
Sheila Hemami (Vice President, IEEE digital media world. Film had brought together through tech strategic discussions into the fab-
Publication Services and Products), become an anachronism. nology and bound by a passion ric of our meetings. Such a strate-
Terrance Malkinson, Cecilia Metra,
to better the world. Information gic examination and visualization
Mirela Sechi Moretti, Annoni Notare,
James O’Neal, Krishnan Parameswaran, OU TSID E THAT BOX will be consumed by yet another of IEEE’s future is an absolute
Chonggand Wang Like Kodak, IEEE cannot allow set of individuals, indifferent to necessity. It is being given priority
itself to continue thinking within its source, working on problems at every board meeting.
I E E E M E DIA its traditional parameters. Mem- spanning diverse disciplines. Time For IEEE to remain a touch-
Publisher bers and volunteers come together will be critical, whether to save stone organization for engineers
James A. Vick to create, disseminate, and use lives or to maintain competitive and technologists, it must evolve.
A d v e r t i s i n g Sa l e s C o o r d i n a t o r information to advance technol- advantage in the marketplace. That evolution, while swift, cannot
Mindy Belfer ogy for humanity. But we are much More than ever, IEEE be haphazard. Instead, there must
Business Manager more than a membership organi- needs to address the future of be a comprehensive vision of what
Robert T. Ross zation, conference organizer, pub- information: how technical pro- IEEE is as a community today and
Marketing & Promotion lisher, and standards developer. fessionals will create it, share it, what we wish to be in the future.
Manager Our world is increasingly and use it in an evolving, global By the end of this year, it is my
Blanche McGurr
driven by information. Yet we talk marketplace. Imagining and act- goal to have an actionable vision,
A d v e r t i s i n g Sa l e s
about papers—whether presented ing on that future are critical to articulated in a comprehensive
+1 732 562 3946
at a conference or archived in a IEEE’s continued success. strategic plan and accompany-
Advertising
Production Manager
journal—as if the papers were We’ve taken a lot of positive ing global strategy plan everyone
Felicia Spagnoli the information. Papers are a steps to build this future. Articles in our community can embrace.
Advertising Production centuries-old technology to record in our IEEE Xplore Digital Library But most important, I want that
+1 732 562 6334 and share information. They were have been transformed from vision to be an outgrowth of the
born in a time when scholars col- static PDF files into interactive ideas and insights gathered from
Darren carroll
laborated through letters delivered XML. We’ve built technical com- across IEEE.
on horseback. This is the 21st munities spanning societies to I look forward to your thoughts
century. We need a new medium better assist researchers working and suggestions. Please send them
for sharing our information. on multidisciplinary problems. to me at president@ieee.org. ◆
theinstitute . ieee . org March 2015 the institute 11
3p.Opinions.LO [P].indd 11 2/2/15 2:29 PM

benefits
IEEE Transactions on In 2010, the ICSG released
Information Forensics and free XML schemes for shar
Security, published by the ing malware samples.
IEEE Signal Processing The Malware Metadata
Society, covers the science, Exchange Format Work
Help With Fending technologies, systems, and

applications related to
information security, bio
ing Group also focuses on
expanding the breadth of
information exchanged.
Off Cyberattacks metrics, surveillance, and

related fields.
Other IEEE publications
The Privilege Manage
ment Protocols Working
Group develops procedures
that cover security regularly for efficient authentication
The resources needed to combat include Computer, IEEE and secure determination of
computer-security threats B Y K A T H Y PRETZ Pervasive Computing, IEEE “who can do what.” The “who”
Software, IEEE Transactions is defined as a framework
on Reliability, and IT Pro. that uses public key–based
Look for them in the identities for authentication.
IEEE Xplore Digital Library. In cryptography, a public
key is a value provided by a
EDUCATI O NA L C O URS E S designated authority that,
The Computer Society combined with a private key
offers four software derived from the public key,
security–related courses: can be used to encrypt mes
Foundations of Software sages and digital signatures.
Security, Secure Software The authorization of “what”
Design, Managing Security a device can do is based on
Software Development, and management of the identity
Security Software Coding. that can be authenticated,
The foundations course, formed by hashing the public
for example, provides key. This approach has
an overview of counter considerable advantages over
measures used to thwart shared key–based systems.
well-known and emerging The IEEE Standards
threats. The course on cod Association offers other
ing presents language- and types of assistance to com
application-specific tech bat malware. The IEEE Anti-
niques. Each course takes Malware Support Service
about 7 hours. has two tools: the Clean File
They can be found in the Metadata Exchange (CMX)
Professional Education sec and a “taggant” system.
tion of the society’s website. The CMX provides real-
time access to information
SUPP OR T SERV ICES related to clean software
The IEEE Industry Con files, even prior to the pub
I E E E o f f e r s a variety of IEEE Senior Member Gary diverse aspects of informa nections Security Group is lication of the correspond
tools and services to help McGraw has been hosting tion assurance such as legal composed of organizations ing software. That can help
make systems more secure. for more than eight years. issues, privacy concerns, that pool their resources to reduce the number of false
McGraw, chief technology tools for securing informa address threats. The ICSG positives detected by anti
W E B P OR TA L officer at the software secu tion, attack analysis, cyber was established in 2009 virus software as it searches
Cybersecurity.ieee.org rity consultant Cigital, inter security design trends, and under the umbrella of the for malware.
houses the latest activi views security experts on a developments in hardware IEEE Standards Association’s The taggant system
ties of the IEEE Cybersecu variety of topics. and software. Industry Connections pro places a cryptographically
rity Initiative, including its One of the episodes, for Also from the Computer gram, which brings together secure marker in files cre
Center for Secure Design, example, is a roundtable Society is the bimonthly market competitors to build ated by commercial software
which seeks to identify com discussion with people who IEEE Transactions on consensus and incubate distribution packaging
mon software design flaws. helped establish the Cen Dependable and Secure standards, products, and programs, or packers.
The portal also has links to ter for Secure Design. They Computing, which pub services suitable for sharing. Legitimate packers often
organizations involved with discuss its origin, explain lishes archival research Four subgroups have are abused by malware
protecting computer secu why design flaws are more results focusing on the been established. The Mal creators that develop many
rity and privacy, as well as difficult to fix than imple foundations, methodolo ware Working Group tackles difficult-to-detect variants of
excerpts from books on soft mentation bugs, and point gies, and mechanisms of malicious software that can their malware. The taggant
ware security and articles out the problems with soft systems and networks. infiltrate operating systems system’s markers identify the
from the IEEE Computer ware designed for cars. Articles focus on mea and cause all kinds of specific packer user’s license
Walter Bibikow/Getty Images
Society Digital Library. surement, modeling, and trouble, including the loss key, enabling a blacklisting
PU B L I CAT I ON S simulation techniques, as of personal data. The group of the malware. The system
P O D CA S T S IEEE Security & Privacy well as on foundations for is establishing better ways also reports suspicious files.
The portal also has a link to magazine, from the IEEE jointly evaluating, verify of sharing malware samples Information about all
the entire catalog—more Computer Society, pub ing, and designing within and the information associ the Standards Association
than 100 episodes—of the lishes articles by lead performance, security, and ated with them, so as to services is available at http://
www.standards.ieee.org. ◆
IEEE
“Silver Bullet” podcast, which ers in the field. It covers dependability constraints. improve computer security.
3p.Benefits.LO [P].indd 12 2/5/15 2:12 PM

IEEE Standards Cybersecurity Conferences
on Cybersecurity Upcoming IEEE events will address identity protection,
They cover a variety of applications, malware, and trust protocols
including authentication and data
protection B Y M O N I C A R O Z E N F E L D trust protocols, trusted
information flow,
remote enabling and
Th e I E E E S ta n da r ds communications over disabling techniques
Association has intro- phone lines, radio waves, for integrated circuits,
duced a number of fiber optics, and more. intellectual property and
standards related to The protocol could be watermarking, hardware
cybersecurity, with more implemented in new metering, supply chain
in the works. equipment or when ret- risk mitigation, and
rofitting existing systems. secure remote sensing.
n IEEE 1888.3-2013 SPONSOR: IEEE
APPROVED OCTOBER 2013 n IEEE P2030.102.1 Computer Society
VISIT: http://www.
“IEEE Standard for Ubiq- “IEEE Standard for hostsymposium.org
uitous Green Commu- Interoperability of
nity Control Network: Internet Protocol Secu- n IEEE International
Security” supports rity (IPsec) Utilized Conference on Trust,
enhanced security man- Within Utility Control Security, and Privacy
agement functions Systems” promotes in in Computing and
for sustainable com- four basic steps the secu- Communications
puting. Included are rity of control systems HELSINKI; 20–22 AUGUST
security requirements, deployed by electric util-
system security architec- ities: defining functional TOPICS: Network
ture definitions, and a requirements based on computing, operating
description of authen- needs, selecting open- systems, software and
tication and authoriza- source specifications to applications, social
tion. The standard helps
avoid unintended data
meet those requirements,
developing interoperable
IEEE Symposium on networks, e-commerce,
mobile and wireless
disclosures to the public
and unauthorized access
configuration profiles for
the specifications, and
Security and Privacy communications, Web
applications, parallel
to resources. testing and validating SAN JOSE , CALIF.; 18–20 MAY and distributed systems,
the configurations. and cloud computing.
n IEEE 1686-2013 The proposed TOPICS: Access control, accountability, SPONSOR: IEEE
APPROVED JANUARY 2013 standard would allow application security, cyberattacks and defenses, Computer Society
for functionality to be VISIT: https://research.comnet.
“IEEE Standard for Intel- applied at the device authentication, cloud security, forensics, aalto.fi/Trustcom2015
ligent Electronic Devices level on a case-by-case intrusion detection, malware, mobile privacy
Cyber Security Capabili- basis. It offers guide- and security, security architectures, privacy n IEEE Conference on
ties” defines the func- lines that would make policies, Web security and privacy, and Communications and
tions and features to be it easier for utilities to embedded and distributed systems. Network Security
integrated into intelli- procure and implement FLORENCE , ITALY;
gent electronic devices secure systems, pro- SPONSOR: IEEE Computer Society 28–30 SEPTEMBER
for critical infrastruc- vide adequate security VISIT: http://www.ieee-security.org/TC/SP2015
ture protection pro- controls, and minimize TOPICS: Privacy and
grams. Access, operation, efforts to configure anonymity, biometric
configuration, firm- devices that support n IEEE International monitoring and defense, authentication and
ware revision, and data cybersecurity functions. Symposium on telecommunications identity management,
retrieval are addressed. Technologies for security, and system computer and network
n IEEE P802.1AEcg Homeland Security and network recovery. forensics, data and
The following are WALTHAM, MASS.; SPONSOR: IEEE-USA application security, data
under development. “IEEE Standard for Local 14–16 APRIL VISIT: http://ieee-hst.org protection, location
and Metropolitan Area security, outsourcing
n IEEE P1711 Networks: Media Access TOPICS: Cybersecurity, n IEEE International of network and data
Control (MAC) Security biometrics and forensics, Symposium on communications services,
Walter Bibikow/Getty Images
“IEEE Standard for a Amendment: Ethernet land and maritime border Hardware-Oriented traffic analysis, and
Cryptographic Protocol Data Encryption Devices” security, cyberattack and Security and Trust intrusion detection
for Cyber Security of facilitates secure com- disaster preparation, MCLEAN, VA.; 5–7 MAY and prevention.
Substation Serial Links” munication over publicly cloud computing, big SPONSOR: IEEE
specifies a practice that accessible networks for data, personnel screening, TOPICS: Cyberattacks Communications Society
can protect the integrity which security has not secure information and detection techniques, VISIT: http://cns2015.
and confidentiality of already been defined. ◆ sharing, supply chain hardware-based security, ieee-cns.org ◆
3p.Benefits.LO [P].indd 13 2/5/15 2:14 PM

People
Greg Shannon:
Cybersecurity
Champion
Safeguarding computer systems from
serious threats B Y P R A C H I P A T E L
I n t o d a y ’ s digital, data-reliant ment structures in place to deal

world, cyberthreats can take many with risks, and identifying possible
forms, including hackers conduct- threats from inside a company.
ing cyberespionage, troublemakers Organizations regularly fail to
hijacking electronic highway signs, incorporate strategies for reduc-
and globe-spanning cybercrime ing software vulnerability and risk,
rings perpetrating bank fraud. Shannon says. He intends to start
IEEE Senior Member Greg changing that by delivering inexpen-
Shannon’s job is to help the United sive, practical solutions to govern-
States stay at least one step ahead of ment agencies. CERT researchers
increasingly sophisticated cyber- have, for example, developed mal- he says. “But that compromises Spanning Tree, which developed
criminals. He is chief scientist at CERT, ware analysis tools and secure cod- security and privacy.” technology for network scanning
part of the Carnegie Mellon Univer- ing techniques that help software The IEEE Cybersecurity Initiative and vulnerability assessment. After a
sity Software Engineering Institute, developers reduce glitches in their gives Shannon an ideal platform for Canadian network company bought
in Pittsburgh, which is funded by the systems and find defects in applica- furthering his cybersecurity mission. Spanning Tree, he joined Ascend
U.S. Defense Department’s R&D cen- tions. Although they are produced He points to IEEE’s important role Communications in Dublin, Ohio, as
ter. At CERT, he partners with govern- for government clients, many of the in promoting security research, its an engineering manager, working on
ment, academia, law enforcement, tools are available in open-source substantial membership, and its firewalls and other security software.
and industry to develop methods and formats for the general community, position in the engineering com- Lucent Technologies acquired
tools to deal with cyberthreats. Shannon says. munity, as well as its “amazing” Ascend in 1999, and Shannon
In November, Shannon was But even if organizations imple- standards development program. became a technology and busi-
named chair of the IEEE Cyber- ment better strategies, no defined He also aspires to bring the ness strategist there. He designed
security Initiative. Launched in metrics exist for gauging software security and privacy communities and tested network security tools,
January 2014, its mission is to security. “If you can’t measure some- together. Too often, data security worked on security policy and stan-
advance the field through educa- thing and provide feedback, then and privacy concerns are perceived dards, and headed company-wide
tion, conferences, and standards. you can’t help people improve their as adversarial, he says, and he security initiatives.
CERT was formed in 1988 to systems,” Shannon says. wants people to see that they are But entrepreneurship beckoned
counter the Morris worm, the first His research focuses on develop- complementary. again, and in 2003 he became chief
computer worm distributed through ing cybersecurity metrics and effec- scientist at the start-up Counter
the Internet. That incident “brought tive ways to analyze them. He says A WI ND I N G R OAD Storm, which focuses on network-
the Internet as it was then to its he expects to have useful metrics Shannon earned a bachelor’s degree based detection of cyberthreats and
knees,” notes Shannon, who joined and measurement techniques in the in computer science from Iowa State malware. “Building enterprises from
the organization five years ago. next two years. University, in Ames, in 1982. For scratch has always been a big part of
David Biber/Carnegie Mellon University Software Engineering Institute

“CERT was part of the response team But building security into code three of his undergraduate years, he my career,” he says.
to get it back online.” from the get-go is safer and more worked at the school’s Ames Labo- When CERT approached him
Responding to cybercrime by economical than finding and fixing ratory, programming computers to in 2010, he knew it was the perfect
providing analytical support to bugs later on, Shannon notes. He analyze mass spectrometry data. opportunity to not only apply his
federal law enforcement agencies has led the development of secure That gave him a strong sense of the varied experience but also have a big
remains an important part of CERT’s coding guidelines for software that computer’s role in science. impact on cybersecurity. He spends
mission, but the explosion of the includes C and C++, Java, and the After earning his Ph.D. in half his time at CERT in Pittsburgh
Internet has far expanded its scope. Android platform. Cisco, Oracle, computer science in 1988 from and a quarter of it in Washington,
and other companies have adopted Purdue University, in West Lafay- D.C., in meetings with government
sa f e t y i n L AYE RS CERT’s guidelines. ette, Ind., he became a professor agencies including the National
Cybersecurity today involves much Shannon is also trying to of computer science at Indiana Science Foundation, the Defense
more than defensive measures, understand how organizations can University in Bloomington. Advanced Research Projects Agency,
Shannon points out. It is vital for integrate security technologies He soon realized that teaching and the Department of Homeland
organizations to build secure foun- throughout the software develop- was not his calling, however, and he Security. The rest of the time he’s on
dations and anticipate security ment chain. “Today, developers can moved on to Los Alamos National the road, traveling to conferences
challenges. That includes design- find a lot of open-source projects Laboratory, in New Mexico, in 1993, and government labs. “A big part
ing secure code, finding software and tools and pull them together to work on fraud detection and of what I do is travel,” he says. “My
vulnerabilities, putting manage- to create different technologies,” security. He left a year later to launch workdays are often unpredictable.” ◆
3p.People.LO [P].indd 14 2/2/15 11:17 AM

Part-time Passions
disc golf’s popularity has boomed, dise vouchers. A top tournament
especially in Oklahoma and Texas, prize averages $18,000.
he says. The PDGA has gone from His best win was in the Texas
more than 10,000 members at the State Doubles tournament in 1998,
time he joined to 60,000-plus. he says. More recently, he finished
Dan Olsen glide, and turn of the disc—and the
wind. If you get the wind behind
Olsen plays disc golf with his
friends after work for about four
second in the Seminole Nation
Days tournament in September in
Addressing the Disc the disc, it tends to dip and head for hours a week. He plays with his Wewoka, Okla.
the ground. But if it heads into the two grown sons when they visit. Olsen figures that between gear,
I E E E S e n i o r M em b e r Dan wind, it will lift, he explains, adding, And he looks for a course wherever participation fees, and travel, he
Olsen remembers the first time he “You don’t want it to lift up too fast he travels for business. “I play spends a few hundred dollars per
played disc golf, a competitive sport or it will end up in a tree.” whenever I can,” he says. “If I’m year on the sport. “It’s much less
akin to traditional golf but one that In 1996, Olsen joined the not walking the dog, I’m walking expensive than traditional golf,” he
uses Frisbee-like discs instead of Professional Disc Golf Association. the course. That’s my exercise and says, “even though you end up losing
clubs and balls. It was 1980, and he He has gone from PDGA novice to one of my main stress relievers.” some discs in the ponds and bushes.”
was a freshman at Oklahoma State Advanced Master, a category for He competes in six to eight local —Prachi Patel
University, in Stillwater, when friends players older than 40. He is now 54 and national tournaments per year.
took him to a course near Boomer and plays in the Amateur Division. It costs about US $50 to enter, he says,
Lake, two miles north of the school. In the three decades since he began, and winners get cash or merchan-
“I was hooked,” says John Moore
Olsen, now a power
systems engineer with Retro Radios
Shermco Industries, an
electrical distribution W h e n I E E E M em b e r John Moore
and renewable energy was 16, he used The Radio Amateur’s
services company, in Handbook to make a converter for
Tulsa, Okla. his aunt’s television that tuned it to
Each player traverses channels outside its normal range.
a 9- or 18-“hole” course, His love for such projects stayed with
throwing a disc toward him. Now 71 and semiretired, he is
a hole and then pick- a dedicated member of the Duxford
ing it up from where Radio Society—a volunteer associa-
it lands and throwing tion of communications specialists
it farther. The goal is who restore and repair donated radio
to get the disc into an equipment from both world wars
elevated metal basket at for Duxford’s Imperial War Museum,
each hole in the fewest near Cambridge, England.
throws possible. As with Moore, a history buff and born
regular golf, the ulti- tinkerer, discovered vintage equip-
mate achievement is an ment later in life. He was captivated
ace, or hole-in-one. when he visited the museum in 2010
Discs come in mul- for the first time: “I trotted in one
tiple styles—the edges Sunday and said, ‘What can I do to
are shaped differently to help?’ Someone on staff told me the
tailor the performance— society just got a radio receiver and
and weights, mimicking asked if I could get it going. I took it
golf’s long-range drivers, away and got it to work.”
midrange clubs, and He currently is helping to fix
short-range putters. an original H2S radar system.
Olsen picked up Invented by the British during
the sport quickly and World War II, it was the first
soon started playing in airborne ground-scanning radar.
tournaments. Comp He plans to interface it with a
ared with traditional computer so that it can be driven
golf, he says, disc golf is by a simulator.
more fun and intuitive. Moore goes to the museum once
“And with disc golf,” he or twice a month, and he spends
adds, “the improve- about four hours a week in his
ment of one’s skills is home workshop fixing receivers and
exponential.” transmitters. “It’s quite a thrill to take
Elements of physics home nearly irreplaceable equipment
are involved, he points and get it to operate again,” he says.
out. You have to factor “Finding what’s wrong is like detec-
Ty Saunders
in the weight of the disc, tive work.” Sometimes he rebuilds

the rating factor—which IEEE Senior Member Dan Olsen plays disc golf, a game in which players throw a Frisbee-like disk into an the donated equipment from
is a measure of the speed, elevated metal basket in the fewest possible tries. As with regular golf, the goal is to get an ace, or hole-in-one. scratch. He hunts down obsolete

components—like diodes, inductors,
capacitors, and tubes—from vintage
radio stores, websites, and other radio
societies. For repair instructions, he
pores through old wartime publica-
tions. Wireless for the Warrior, a set
of technical reference books for old
British Army radio equipment, is his
mainstay. He is thinking of replicating
hard-to-find items like multipin con-
nectors with a 3-D printer.
Moore considers himself fortu-
nate, he says, that his engineering
career links with his passion. He
has designed and built computer
monitors for International Com-
puters Ltd., a large, now-defunct
British manufacturer, as well as TV
monitors for Prowest Electronics.
In 1987, he helped found a start-up,
Manitron Displays, which made
the first compact radar screens. He
left Manitron to start a consultancy
in 1989 for flight simulators and
The vintage radio gear that IEEE Member John Moore tinkers with at the Duxford Imperial War Museum, outside Cambridge, England,
3-D displays.
dates back to World War I.
In 1992, at the age of 48, he
earned a Ph.D. in electrical engi-
neering from the University of wealth of knowledge shared by the demonstrating the radios to visitors. for them,” he says. “How cramped it
Cambridge, and he has since worked members of the Duxford Radio Soci- He recalls showing children how was; how, if you forgot to take your
John Moore
part time at its Centre for Advanced ety is exhilarating, he says. “You’re to use the radios in a mock-up of a oxygen supply to the plane’s bath-
Photonics and Electronics while forever learning new things,” he British Lancaster bomber of World room, you could pass out. It really
continuing his consulting work. The adds. But the most rewarding part is War II fame. “You can set the scene gives them a big charge.” —
P.P.
Become a published author in 4 to 6 weeks.

IEEE Access is a multidisciplinary journal that allows you to:
• Publish articles in 4 to 6 weeks
• Expect the IEEE trusted peer review with a typical one-third acceptance rate
• Reach millions of global users through the IEEE Xplore® digital library with free access to all
• Submit multidisciplinary articles that do not fit neatly in traditional journals
• Integrate multimedia and track usage and citation data for each published article
• Connect with readers through commenting
• Publish without a page limit for only $1,750 per article
IEEE Access... a multidisciplinary open access journal that’s worthy of the IEEE.
Learn more at:

14-PUB-246 12/14
www.ieee.org/ieee-access

Of Note
Chosen by members of the D E A D L I N ES AT A G L AN C E
respective technical divisions 15 March Deadline for
n IEEE Division II delegate-elect/ organizational units to submit
director-elect slates of candidates to the IEEE
2015 Election n IEEE Division IV delegate-elect/

director-elect
Board of Directors for inclusion
on the annual election ballot.
Countdown
n IEEE Division VI delegate-elect/
director-elect 15 April Deadline for submitting
n IEEE Division VIII delegate-elect/ an intention to file a petition
director-elect to run for an office on the
A look at open positions and deadlines n IEEE Division X delegate-elect/ annual election ballot.
director-elect
1 May IEEE Board of Directors
O n 1 M a y, the IEEE Board of petition must include the necessary Chosen by members of submits to the voting membership
Directors is scheduled to announce number of valid voting members’ the respective regions a list of nominees for IEEE
the candidates to be placed on this signatures, and the petitioner n IEEE Region 1 delegate-elect/ president-elect, delegate-elect/
year’s ballot for the annual elec- must meet other requirements director-elect director-elect, as applicable, and
tion of officers, which will begin on as well. Petitions should be sent n IEEE Region 3 delegate-elect/ other positions to be elected by
17 August. Those elected will take to the IEEE Operations Center, in director-elect voting members for the term to
office next year. The ballot includes Piscataway, N.J. The IEEE Board n IEEE Region 5 delegate-elect/ come. The board also announces
candidates for IEEE president-elect, of Directors is also responsible for director-elect whether it intends to put forward
who are nominated by the board, as placing any proposed constitu- n IEEE Region 7 delegate-elect/ any constitutional amendments.
well as nominees for delegate-elect/ tional amendments on the ballot. director-elect
director-elect openings submitted For more information about the n IEEE Region 9 delegate-elect/ 8 May Signed petitions nomin
by their respective division and process for getting on the ballot, director-elect ating an individual for placement
region nominating committees. visit the IEEE annual election Web on the annual election ballot
The ballot also includes nominees page (http://www.ieee.org/election) Chosen by members must be received by noon
for president-elect of the IEEE Stan- or write to elections@ieee.org. in Regions 1–6 EDT USA/16:00 UTC.
dards Association and the members- n IEEE-USA president-elect
at-large of its board of governors; U P FO R EL ECTIO N I N 2015 n IEEE-USA member-at-large 17 August Annual election ballots are
vice president–elect, IEEE Technical Chosen by all voting members sent to all voting members on record
Activities; and president-elect and n IEEE president-elect Chosen by members of the as of 30 June. Voters may also begin
member-at-large, IEEE-USA. IEEE Standards Association accessing their ballots electronically.
IEEE members who want to Chosen by members of n Standards Association
run for an office but have not been all technical societies president-elect 1 October Marked ballots
nominated need to submit a petition n IEEE Technical Activities vice n Standards Association board of must be received by 1 p.m.
to the IEEE Board of Directors. The president–elect governors members-at-large EDT USA/17:00 UTC.
The 2014 Election Results Region 8

Margaretha A.K. Eriksson
Magdalena Salazar-Palma
5,027
5,013
IEEE-USA President-Elect, 2015
Peter Alan Eckstein
Keith D. Grzelak
11,680
8,624
Here is the Tellers Committee’s tally of votes Region 10
counted in the 2014 annual election and approved Kukjin Chun 4,540 IEEE-USA Member-At-Large,
in November by the IEEE Board of Directors. Stefan G. Mozar 3,248 2015–2016
Chun Che “Lance” Fung 3,093 Scott M. Tamashiro 12,506
Gim Soon Wan 7,790
IEEE President-Elect, 2015 Division VII IEEE Standards Association
Barry L. Shoop 15,972 Alan C. Rotz 2,498 Board of Governors
Tariq S. Durrani 14,831 John J. Paserba 1,907 Member-at-Large, 2015–2016
Frederick C. Mintzer 14,056 Division IX Mark Epstein 523
K.J. Ray Liu 2,527 Philip C. Wennblom 452
IEEE Division Delegate-Elect/ René M. Garello 2,236 Dennis B. Brophy 336
Director-Elect, 2015
Division I IEEE Region Delegate-Elect/ IEEE Standards Association
Maciej J. Ogorzalek 1,358 Director-Elect, 2015–2016 Board of Governors
Rakesh Kumar 1,154 Region 2 Member-at-Large, 2015–2016
Renuka P. Jindal 947 Katherine J. Duncan 2,010 Glenn W. Parsons 611
Division III Carole C. Carey 1,251 Alexander D. Gelman 365
Celia L. Desmond 3,651 Region 4 Oleg Logvinov 334
Vijay K. Bhargava 3,635 Bernard T. Sander 1,599
Division V Hamid Vakilzadian 721 IEEE Technical Activities
Harold Javid 3,011 Region 6 Vice President–Elect, 2015
Paolo A. Montuschi 2,952 Kathleen A. Kramer 4,244 José M.F. Moura 14,083
iStockphoto
Sundaram K. “S.K.” Ramesh 1,100 Douglas N. Zuckerman 13,991
3p.OfNote.LO [P].indd 17 2/2/15 2:16 PM

Nachappa Gopalsami Susan M. Lord Gail Skofronick-Jackson
Manimaran Govindarasu Wenjing Lou Paris Smaragdis
Robert Ian Gresham David James Love Peter Jeffrey Smith
Min Gu Jianhua Lu Hing Cheung So
Josep M. Guerrero David L. Lubkeman Haruhisa Soda
Guna Seetharaman Giuseppe Macchiarella William S. Song
Gunasekaran Abhijit Mahalanobis Charles W. Stearns
Deepnarayan Gupta Scott A. Mahlke Eckehard Goetz Steinbach
Dan M. Gusfield Dragan Maksimovic Gregory Edward Stewart
John Bruce Hacker Roger John Malik Stefano Stramigioli
Paul David Hale Debendra Mallik Suresh Subramaniam
Dan Halperin Diana Marculescu Ponnuthurai Nagaratnam
K.V.S. Hari Detlev Marpe Suganthan
Zhihai He Sylvain M. Martel Dong Sun
Constance Louise Luis Marti Jian Sun
Heitmeyer Yehia Massoud Yu Sun
Abdelsalam Ali Helal Witold Piotr Maszara Dan Keun Sung
Jöerg Henkel Paolo Mattavelli Wonyong Sung
Gary Robert Hoffman Gianluca Mazzini Johan A. K. Suykens
Toshikazu Hori Stephen J. McArthur Dacheng Tao
Ray-Hua Horng Timothy John McCoy Paul J. Tasker
John Alexander Hossack Patrick D. McDaniel David Taubman
Introducing the Ekram Hossain

Jianying Hu
Hong Mei
Shengwei Mei
Fernando Lisboa Teixeira
Rajeev Thottappillil
2015 Class of Fellows

Yi Hu Jean-Pierre Merlet Yuichi Tohmori
Howard Cheng Huang Mehran Mesbahi Ridha Touzi
Giuseppe Iannaccone Ethan L. Miller Harry L. Trentelman
Meikei Ieong Stefan Gerhard Mozar James Joseph Truchard
The Institute congratulates these 300 IEEE Makoto Iwasaki Boris Murmann Masashi Usami
Ravishankar R. Iyer Tadao Nagatsuma Vesa Valimaki
senior members named IEEE Fellows for 2015. Qiang Ji Krishna Rama Narayanan Son Van Nghiem
They join an elite group of people who have Hong Jiang Paul Michael Newman John Thomas Vaughan
contributed to the advancement or application Hong Jiang
Nihar Jindal
Khai Doan The Ngo
Alexandru Nicolau
Vaithianathan
Venkatasubramanian
of engineering, science, and technology. James Arthur Jodice Tetsuji Oda Michel Verleysen
Richard Darryl Jones Kiyoshi Ohishi Mahesh Viswanathan
Anupam Joshi Michael E. Orshansky Yurii A. Vlasov
David Kazuo Abe Natalino Camilleri Laurent Pierre Desclos Tzyy-Ping Jung Marek A. Osinski Alexander Waibel
Vivek Agarwal Jiannong Cao Murthy Devarakonda Mohan V. Kalkunte Philip Norman Overholt Jian-Ping Wang
Héctor Jorge Altuve-Ferrer Paolo Carbone Peter August Dinda Safa Kasap Teresa Pace Geoffrey Ian Webb
Daniel Matthew Andrews Joseph R. Cavallaro Edward John Young-Han Kim Sokrates Theodore Mark H. Weichold
David Angeli Chandan Chakraborty Dobrowolski Youngky Kim Pantelides David Mandel Weiss
Jean Armstrong Elizabeth Jiang Chang Rolf Drechsler Tsunenobu Kimoto Unnikrishna Pillai Dieter J. Weller
David I. August Biao Chen Josef Cenek Drobnik Simon Alistair King Antonio J. Plaza Blake Shaw Wilson
Christopher P. Auth Chi-Chih Chen Jeffrey L. Duerk Stefanos D. Kollias Mark D. Plumbley An-Yeu Wu
Randy Keith Avent Xiaodong Chen Alistair Paul Duffy Hiroshi Kondoh David J. Pommerenke Hsiao-Chun Wu
Anastasios G. Bakirtzis Ming Cheng Frank Joseph Effenberger Christoforos Kozyrakis Radha Poovendran Ji Wu
Gerhard A. Bauch Xiuzhen Cheng Carl August Ekdahl Jr. David J. Kriegman Mircea Popescu Gaozhi George Xiao
Jason R. Baumgartner Howie M. Choset Randy E. Ellis Deepa Kundur Robert Caiming Qiu Xiaolan Xie
Randal W. Beard Jyh-Horng Chou Dara Entekhabi Hao-chung Kuo Bhaskar Ramamurthi Yuan Xie
Wiren Dale Becker Henrik I. Christensen Babak Fahimi Gérard Lachapelle Sundaram K. Ramesh Isao Yamada
Kristine L. Bell Chen-Nee Chuah Pingzhi Fan Sanjay Gouri Lall John Neal Randall Liuqing Yang
Ewert Bengtsson Mooi Choo Chuah Weileun Fang Edmund Y. Lam Spiridon A. Reveliotis Olexander Georgiyovych
Charanjit Singh Bhatia Israel Cohen Lorenzo Faraone Christian Laurent David John Richardson Yarovyi
Ricardo Bianchini Iain Bruce Collings Ernest Joseph Feleppa Paul Ren Lecoq Rasheek M. Rifaat Aylin Yener
Marcela Milena Marie John F. Conley Alan Simon Finkel Paul P. Lee Eric Rotenberg Bulent Yener
Bilek Javier Contreras William R. Finley Thomas H. Lee Ahmed A. Rubaai Wang Yi
Kenneth Paul Birman Jordi Cortadella Michael Paul Fitz Henry K. Leung Markus Rupp Chik Patrick Yue
Daniel Wesley Bliss Tie Jun Cui Michael Patrick Flynn Steven Peter Levitan Ponnuswamy Sadayappan Moti Yung
Aaron Fred Bobick John Michael Dallesasse Kenneth G. Foote Baochun Li Safieddin Safavi-Naeini Navid Reza Zargari
Nuno Borges Carvalho Sajal K. Das Stephanie Forrest Keqin Li Robert James Safranek Huaguang Zhang
Alberto Borghetti Dipankar Dasgupta Dieter Fox Ming-Jun Li Surya Santoso Wei Zhang
Olga Boric-Lubecke Purnendu Kumar Gordon John Frazer Xiang-Yang Li Richard Schreier Wei-Bin Zhang
Azzedine Boukerche Dasgupta Henry Fuchs Daniel Lidar Luca Selmi Yin Zhang
Victor M. Bright Michael Evan Davies Pascale Fung Cheng-Lin Liu Michael C. Shebanow Yong-Hang Zhang
Martin George Buehler Mérouane Debbah Xiqi Gao Ling Liu Peng Shi Zhijun Zhang
Wolfram Burgard Joe Charles Decuir Reza Ghodssi Yong Liu James D. Shields Haitao Zheng
Randi Klett
Rajkumar Buyya Lieven De Lathauwer Amitava Ghosh Yunhao Liu Yoshihiro Shiroishi Yahong Rosa Zheng
Christian Cachin Francisco de León Monisha Ghosh Zicheng Liu Moshe Shoham Kun Zhou
Ning Cai Michael Demetriou Patrick Girard John Robert Long Mario G. Silveirinha Yuanyuan Zhou

Nominations Sought for WH O CA N NO M I N ATE?
Anyone may submit a nomination;
mittees and units are recommended
by the committee more often than
Leaders in 2016 and 2017

nominators do not need to be IEEE volunteers without such experience.
members, but nominees must meet For example, candidates for the IEEE
certain qualifications. Self-nominations Awards Board have a greater likelihood
are encouraged. An IEEE organizational of being recommended if they have
Volunteers are needed to serve as corporate unit may submit recommendations already served on an awards commit-
endorsed by its governing body or the
officers, committee chairs, and more body’s designee.
tee of a society, section, or region or
on another IEEE board.
A person may be nominated for more It is also helpful to check eligibility
than one position. Nominators need not
requirements at the N&A Committee
I E E E i s g o v e r n e d by volunteer 2016 IEEE Corporate Officers contact their nominees before submit-
website at http://www.ieee.org/
members and depends on them for n Vice president, Educational ting the form. The N&A Committee will
nominations before submitting a
many things. For example, they edit Activities contact them to determine their eligibility
nomination to avoid submitting an
IEEE publications, organize conferences, n Vice president, Publication and willingness to serve.
ineligible candidate.
coordinate regional and local activities, Services and Products
Individuals recommended for
write standards, lead educational activi- n Secretary
HOW TO NO M INATE president-elect and corporate officer
ties, and identify individuals for IEEE n Treasurer
For information about the positions, positions are more likely to be recom-
recognitions and awards. including qualifications and estimates mended if they have a strong record of
2016 IEEE Committees of the amount of time required during
The Nominations and Appointments leadership and accomplishment within
(chairs and members) the term of office, check the Guide-
(N&A) Committee is responsible for and outside IEEE. Recommended candi-
n Awards Board lines for Nominating Candidates at dates often have significant prior experi-
developing recommendations for staff-
n Employee Benefits and Compensation http://www.ieee.org/about/corporate/ ence on IEEE boards and committees.
ing many volunteer positions, includ-
n Ethics and Member Conduct nominations/nominations_guidelines. More information about the duties
ing candidates for president-elect and
n Fellow html. To nominate a person for a posi- of the different positions, qualifica-
corporate officers. Its recommendations n Governance tion, complete the online form.
are sent to the IEEE Board of Directors tions, and eligibility requirements (such
n History as prior service in certain positions or
and the IEEE Assembly. Accordingly, the n Nominations and Appointments
NO M I NATI NG TIP S IEEE grades) can be found in the Guide-
N&A Committee is seeking nominees n Public Visibility
Positions for which the N&A Commit- lines for Nominating Candidates.
for the following positions: n Tellers
tee makes recommendations repre-
sent the uppermost governance levels —Peter W. Staecker, Chair
2017 IEEE President-Elect (who will DEA D L I NE F OR NO M I N ATI ONS in IEEE. Volunteers with relevant prior 2015 IEEE Nominations and
serve as president in 2018) 15 March 2015 experience in lower-level IEEE com- Appointments Committee
IEEE Travel Discounts*

Come highly recommended by Members like you.
“With the IEEE Car Rental discount Before you book your next
vacation or business trip, visit
Program, we can stretch our budget www.ieee.org/discounts
and send more students to conferences and save big.
and meetings.” *Discount availability varies by country.
-Ali A.
From discounts on language software to car rentals and

insurance, IEEE members save big when they travel.
15-MDI-289 1/15

While the world beneﬁts from what’s new,
IEEE can focus you on what’s next.
Develop for tomorrow with

today’s most-cited research.
Over 3 million full-text technical documents
can power your R&D and speed time to market.
• IEEE Journals and Conference Proceedings

• IEEE Standards
• IEEE-Wiley eBooks Library
• IEEE eLearning Library
• Plus content from select publishing partners
IEEE Xplore® Digital Library

Discover a smarter research experience.
Request a Free Trial

www.ieee.org/tryieeexplore
Follow IEEE Xplore on
11-PIM-0544e_Xplore_WhatsNext_8.333x10.1389_FINAL..indd 1 12/16/11 9:32 AM

Timar 15

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Timar 15

Uploaded by

Copyright:

Available Formats

o o tk it Social en

idd mb Tro Hacktivist Hash Keystroke logging Lo Gray ha i

Keystroke logging Logic bo ear-phi

shing Remote acce

load Spam Spear-phishing Sp tk it Wh

IEEE Life Fellows Charles

30 is the first woman to receive IEEE’s

2 the institute March 2015 theinstitute.ieee.org

3p.Briefings.LO [P] [P].indd 2 2/6/15 10:09 AM

theinstitute.ieee.org March 2015 the institute 3

3p.Briefings.LO [P] [P].indd 3 2/5/15 12:16 PM

The Board of Directors 7

4 the institute March 2015 theinstitute.ieee.org

3p.Briefings.LO [P] [P].indd 4 2/5/15 12:42 PM

theinstitute.ieee.org March 2015 the institute 5

3p.Briefings.LO [P] [P].indd 5 2/5/15 12:43 PM

6 the institute March 2015 theinstitute.ieee.org

3p.features.LO [P].indd 6 2/5/15 2:18 PM

A th “People don’t want just anybody

ronments, they present challenges

from an engineering point of

ensuring that data from wearable

tion to this challenge that works on

wearable device,” Shannon adds.

And larger medical devices

concerns. The medical community

has generally been unconcerned

n ti devices have traditionally been

facilities. But once the machines

is increasingly shared, the data

g r tin could be manipulated in ways the

theinstitute.ieee.org March 2015 the institute 7

3p.features.LO [P].indd 7 2/5/15 2:21 PM

8 the institute March 2015 theinstitute.ieee.org

3p.features.LO [P].indd 8 2/5/15 2:29 PM

Raising the Bar LET’ S SET STA NDARDS

for Cybersecurity the Pell Center at Salve Regina Uni-

Specialists to create professional standards for

ing these systems correctly is how to

theinstitute.ieee.org March 2015 the institute 9

3p.features.LO [P].indd 9 2/5/15 2:30 PM

Sparking Conversation Information Week article Fax: +1 303 758 1138

In December, The Institute delved into software-defined Rem em bering Ra lph Ba er C o n f e r e n c e I n f o r m at i o n

10 the institute March 2015 theinstitute . ieee . o r g

3p.Opinions.LO [P].indd 10 2/2/15 12:32 PM

theinstitute . ieee . org March 2015 the institute 11

3p.Opinions.LO [P].indd 11 2/2/15 2:29 PM

Help With Fending technologies, systems, and

Off Cyberattacks metrics, surveillance, and

12 the institute March 2015 theinstitute.ieee.org

3p.Benefits.LO [P].indd 12 2/5/15 2:12 PM

3p.Benefits.LO [P].indd 13 2/5/15 2:14 PM

I n t o d a y ’ s digital, data-reliant ment structures in place to deal

David Biber/Carnegie Mellon University Software Engineering Institute

14 the institute March 2015 theinstitute.ieee.org

3p.People.LO [P].indd 14 2/2/15 11:17 AM

in the weight of the disc, tive work.” Sometimes he rebuilds

theinstitute.ieee.org March 2015 the institute 15

3p.People.LO [P].indd 15 2/2/15 11:18 AM

Become a published author in 4 to 6 weeks.

Learn more at:

16 the institute March 2015 theinstitute.ieee.org

3p.People.LO [P].indd 16 2/2/15 11:21 AM

2015 Election n IEEE Division IV delegate-elect/

2015 Election n IEEE Division IV delegate-elect/

Sundaram K. “S.K.” Ramesh 1,100 Douglas N. Zuckerman 13,991