Professional Documents
Culture Documents
a c ec ss R i ng S
ginee
r
m o te p
g Re e c M a l wa re P ay l o a d Pa c k e t a m
h in b Lu lz S s niffer
P Spe
is ig c b om
se V iru s Vu lner ab ility W ha lin
hi s hin a
Lo hor g W h g R
h
g n i
r-ph
ja te e
fer P
gg in b Tro sh K e y s t ro k e l o g L o g i c G
Volume 39 • Issue 1 • MArch 2015 • theinstitute.ieee.org
g g i n ra mo
a b y
is
om ktivis t H o m b Lul h
e b c z atH
e lo
te a
m ng H a c k d o o r B l a c k h a t B o t B o t n Sec
cB a et B M
k
ca ki
c
e rute- alw
o
cess
n t i
ystr
ack
sA
re T
o u forc
e at
ing
m
e
Root
y
tH
are ne phish
a
on ta
K
yw
Hac
h
Pay
p
kit Sc
s
ck
re A
S
vist Ha
ktivis
l
Clo
o ad
g
wa
f n
d
i
P
A
rip
o
acket
haling
t Hash
o
gic
Sp
i n g Co d e
g
sniffer Phi
S PEC IA L RE P ORT
it y W
n
CYBERSECURITY
i
C
i
l
o
h
i
m p i l e r Co o k i e C
b
p
a
-
Thwarting
n
e
l
p
u
S
V
m
iV ru s
attacks
a
r
p
a c
S
k i
e
g
n
s
n
gD
r
i
s
o
r
s
e
h
e
R
n
e
i
n
o
i
pa m S
n
l
a
o
-
c
m
i
of
j
t
t
Ha
g
k
i
-se
o
b
n
it
at
l
r
p
S
L
v
h
c
ic
ex
u
l
ea
y
p
r
a
ip
r ttac lzSe
ai
G
o
c
y
l l
b
a
a kD
i r ew
i
d
die
e
c
im istrib
e
o
F
M
ing Soci
i
r
T uted d
e
x
a
re D o
Z
enial-of-service a ttack
s
al
w
are a k
h
t
engin w
a
y t
i
p p
h
n
P e g S ri
g
a er fi n c
et
poo y in oo S
i
g
S
n
ab
R li
s
t sniffer Ph e s s a
eK y
Spyw a cc h
i
ishing Remot e li ity W ty W
li
sh ar ra b e Tim h
Ha e bomb Troj rse Virus Vuln e alin
i st an ho gW
h i te
ktiv
03.Cover.LO [P].indd 1
h 2/2/15 9:30 AM
Calendar & Briefings
IEEE Events
March April May
4 1962
1 1964
The first nuclear power John G. Kemeny and
plant in Antarctica Thomas E. Kurtz run
begins operation, in the first program in
McMurdo Sound. BASIC, the computer
language they created
6 as a teaching tool.
1957
Hundreds of people
take one last trip on
New York City’s trolley
cars [above] as they
make their final runs.
7–8
Region 10 meeting
in Dhaka, 10–12
Bangladesh. Region 3 meeting
in Fort
Lauderdale, Fla.
15 11
1915
Thomas J. Watson is 11 1924
Birth date of Antony
named president of the 1900 Hewish [above],
Computing-Tabulating- The U.S. Navy acquires corecipient of the 1974
Recording Co. (later its first submarine Nobel Prize in Physics
IBM), a position he propelled, once for his contribution to
would hold until 1956. submerged, by the discovery of pulsars,
electric motors. cosmic objects that emit
pulses of radio waves.
15–19
Region 5 meeting
in New Orleans.
22
1960
❂ Mildred Dresselhaus
Historical events are provided by the IEEE History Center. For photos and videos of these
Science.” She became a professor of 2014 U.S. Presidential Medal of
engineering milestones, visit http://theinstitute.ieee.org/briefings/calendar.
electrical engineering in 1967, joined Freedom, the country’s highest honor
Clockwise from top: Marty Lederhandler/AP Photo; Rex Features/AP Photo; Hedrich Blessing Collection/ the physics department in 1983, and for civilians, for “deepening our
Chicago History Museum/Getty Images; iStockphoto(2); AP Photo; iStockphoto; cover: bonnie nani
became an Institute Professor of understanding of condensed matter
Inside
of carbon—which has contributed Calif. Her responsibilities include 25 patents and written more than 50
to major advances in electronics and creating programs for technical stan- technical papers. He was twice named
materials research.” dards development and software tool an IBM Research Master Inventor.
The Medal of Honor is sponsored interoperability, building relation- Mintzer was vice president of IEEE
by the IEEE Foundation. Dresselhaus ships with universities and research Technical Activities in 2012 and direc- Protecting Against
is to receive the award at the annual institutions worldwide, and engaging tor of Division IX in 2008 and 2009. He
Cyberattacks 6
IEEE Honors Ceremony, to be held customers with social media. She was 2009 chair of the IEEE Employee President’s Column:
20 June at the Waldorf Astoria Hotel joined Synopsys in 1995 as manager Benefits and Compensation Com- Planning for IEEE’s Future 11
in New York City. of its standards group and was direc- mittee and has been on several other
—Amanda Davis tor of quality from 2000 to 2002. committees, including the IEEE Greg Shannon:
She received the 2003 Marie Nominations and Appointments, Gov- Safeguarding Systems 14
R. Pistilli Women in Electronic ernance, and Investment committees.
Meet the 2016 Design Automation Achievement In 2009 he served as Region 1 liaison
Introducing the 2015
Class of IEEE Fellows 18
Candidates Award. Bartleson also authored a
book, The Ten Commandments for
to the IEEE Technical Activities Board.
He was president of the IEEE
T h e I EEE B o a r d of Directors has Effective Standards: Practical Insights Signal Processing Society in 2004 and
nominated Senior Member Karen
Bartleson and Life Fellow Frederick
“Fred” Mintzer as candidates for
for Creating Technical Standards,
published by Synopsys Press in 2010.
She was president of the IEEE
2005. As president, he helped launch
the society’s IEEE Transactions on
Information Forensics and Security.
Online
Available 6 March at
2016 IEEE president-elect. They are Standards Association in 2013 and —A.D.
theinstitute.ieee.org
set to face off in the annual election 2014. As president, she led the
later this year. The winner will serve
as IEEE president in 2017.
development of a new strategic
plan; furthered OpenStand, a set Proposed a history of hacking
The Institute explores more than
Bartleson is senior director of
corporate programs and initiatives at
of principles for developing global
standards; and finalized IEEE’s
Amendment a century of hacking incidents.
Synopsys, an electronic design auto- membership in the Global Standards to the IEEE membership statistics
Find out which IEEE groups
Collaboration, a volunteer organiza-
tion that promotes cooperation and Constitution showed the most growth in 2014.
collaboration in communications The I EEE Boa rd of Directors has in memoriam
standards development. proposed revisions to the IEEE Con- IEEE honors the lives of three
As a member of the IEEE Board of stitution designed to update the doc- members who recently died.
Directors in 2013 and 2014, Bartleson ument and accomplish the following:
chaired and led the development of
the strategic plan for the IEEE Internet n better define IEEE membership
Initiative Committee, which aims to n eliminate operational procedures roles of IEEE directors, as
boost IEEE’s influence in the areas of that are currently well defined detailed in the bylaws
Internet governance, cybersecurity, in, or more appropriate for, the n create a closer tie to IEEE’s
and policy development. She was also IEEE bylaws or other lower-level Certificate of Incorporation, the
a member of the IEEE Strategy Com- governing documents document that legally establishes
Clockwise from top left: Johnny Wilson Photography; Isabel Solano/Getty Images; Barbara Santagata
mittee, overseeing the development of n better define the roles of the the organization
IEEE’s role in global public policy. IEEE Assembly and its delegates, n change the voting requirement
Mintzer joined IBM in 1978 and which are separate from the for amending the constitution to
spent the early part of his career
there investigating signal and image
Karen Bartleson processing. He later managed projects
that developed image-based digital
library technologies and applied
them to joint projects with museums
and libraries, including the Egyptian
Museum, in Cairo; the Hermitage
Museum, in Saint Petersburg, Russia;
and the Vatican Library, in Vatican
City. From 2001 to 2005 he was senior
manager of IBM’s visual technolo-
gies department, which worked on
computer graphics, data visualization,
and digital imaging.
From 2005 to 2013 he was program
director for IBM’s Blue Gene Watson
supercomputer facility and associate
director of its Deep Computing Insti-
tute, both at the company’s T.J. Watson
Research Center, in Yorktown Heights,
Frederick “Fred” Mintzer N.Y. He retired on 1 January 2014.
1
U n i ted States
ment at its August 2014 meeting
and asks the members to vote ■■Student branch formed at 1-6 8
Fairfield University, Connecticut.
yes on the proposed amend-
■■ Student branch at the University of
ment, which will be a part of the
2015 IEEE annual election ballot.
Maine, Orono, forms IEEE Power & Energy 10
Society chapter.
To adopt this amendment,
■■ Berkshire (Massachusetts) Section 9
an affirmative vote of at least forms IEEE Life Member affinity group.
two-thirds of all ballots cast is
■■ Green Mountain (Vermont) Section
required, provided the total forms IEEE Power & Energy Society chapter.
number of those voting is at least
10 percent of all IEEE’s members Eas tern United S tates
region
who are eligible to vote.
2
■■Student branch at the Univer- ■■ Student branch formed at the ■■ Chengdu (China) Section forms IEEE
More details on the sity of Delaware, Newark, forms University of Basilicata, Potenza, Italy. Power & Energy Society chapter.
revisions are available at IEEE Women in Engineering ■■ Student branch formed at Al-Hussein ■■ Student branch formed at the North
http://www.ieee.org/elections. (WIE) affinity group. Bin Talal University, Ma’an, Jordan. China University of Technology, Beijing.
To read the procedure on how ■■ Switzerland Section forms IEEE Educa- ■■ Student branch at Southeast University,
to oppose proposed revisions region So uthea stern United tion Society chapter. Nanjing, China, forms IEEE Instrumenta-
3
(IEEE Policies, Section 13.7), States ■■ Student branches in Tunisia at National tion and Measurement Society chapter.
visit http://www.ieee.org/ ■■ Student branch at Georgia Tech Engineering School of Gabès, National ■■ Shanghai Section forms IEEE Industry
about/corporate/governance/ forms IEEE Engineering in Medi- Engineering School of Monastir, and Applications Society chapter.
index.html. cine and Biology Society chapter. National Institute of Applied Science and ■■ Xian (China) Section forms IEEE Reli-
Technology form IEEE Industry Applica- ability Society chapter.
—Parviz Famouri, tions Society chapters.
IEEE Secretary region Centra l United S tates ■■ Student branch at the Hong Kong Univ
4
■■Student branch at Purdue ersity of Science and Technology, Clear
University, West Lafayette, Ind., region Latin A m erica Water Bay, forms IEEE Solid-State Circuits
9
forms IEEE Robotics and Auto- ■■Student branch at Pontifícia Society chapter.
mation Society chapter. Universidade Católica de Minas
■■ Student branches in India at ABES Engi-
Gerais, Belo Horizonte, Brazil,
neering College, Christu Jyothi Institute of
So uthwestern forms IEEE Robotics and Auto-
region Technology and Science, ITS Engineering
mation Society chapter.
5
U n i ted States College, and Kakatiya University College of
■■Student branch formed at the ■■ Chile Section forms IEEE Signal Pro- Engineering form IEEE WIE affinity groups.
University of Houston. cessing Society chapter.
■■ Student branch formed at Diponegoro
■■ Colombia Section forms IEEE YP University, Semarang, Indonesia.
W e s t e r n U n i t e d S tat e s affinity group.
region ■■ Kansai (Japan) Section forms IEEE WIE
6
■■Student branch at San José ■■ Student branch formed at Universidad affinity group.
State University, California, Surcolombiana, Neiva, Colombia.
■■ Student branch at INTI International
forms IEEE Signal Processing ■■ Student branches formed in Mexico at University, Nilai, Malaysia, forms IEEE
Society chapter. Universidad Politécnica de Puebla, San Computer and Communications Society
Pedro Cholula, and Instituto Tecnológico chapters.
Ca n a da de La Paz.
region ■■ Lahore (Pakistan) Section forms IEEE
7
■■Kingston (Ontario) Section ■■ Student branch at Universidad de Inge- Power & Energy Society chapter.
forms IEEE Power Electronics niería y Tecnología, Barranco, Peru, forms
■■ Philippines Section forms IEEE Solid-
Five Elected Society chapter.
■■ Student branch at the University of
IEEE Industry Applications Society chapter.
■■ Student branch at the University of
State Circuits Society chapter.
■■ Thailand Section forms IEEE Broadcast
to the Board Calgary, Alberta, forms joint chapter
of IEEE Industry Applications and IEEE
Piura, Peru, forms IEEE WIE affinity group.
Technology Society chapter.
T h e IEEE A s s e m b l y in Power & Energy societies. region Asia a nd Pacif ic
November elected five officers Send us your news The Institute
10
■■Student branch formed at
to the IEEE Board of Directors region Eu r ope, M idd l e E ast, the University of Technology, publishes announcements of new groups
for 2015.
8
an d Af rica Sydney. once they’ve been approved by IEEE
Four of the five, who began ■■Student branch formed at ■■ Western Australia Section forms IEEE Member and Geographic Activities.
serving one-year terms on Zewail City of Science and WIE affinity group. To send us local news, like student
1 January, are new officers: Technology, Giza, Egypt. ■■ Student branch formed at the branch events and competitions, WIE or
Parviz Famouri, secretary; Jerry L. ■■ Hungary Section forms IEEE Young Chittagong University of Engineering preuniversity outreach efforts, or other
Hudgins, treasurer; Wai-Choong Professionals (YP) affinity group. and Technology, Bangladesh. IEEE group activities, use our form on
“Lawrence” Wong, vice president, ■■ Iraq Section forms IEEE Computational ■■ Student branch formed at the Royal the Region News page at
Member and Geographic Activi- Intelligence Society chapter. University of Bhutan, Thimphu. http://theinstitute.ieee.org/region-news.
ties; and Sheila Hemami, vice
president, Publication Services
THE INSTITUTE (ISSN 1050-1797) is published quarterly by The Institute of Electrical and elected IEEE officers are labeled as such. They are reviewed by the individuals to whom they
and Products. Saurabh Sinha Electronics Engineers Inc., 3 Park Ave., 17th Floor, New York, NY 10016-5997; tel. +1 212 419 are attributed, unless they are a matter of record. The editorial staff is responsible for selection
istockphoto (2)
was elected to serve a second 7900. Periodicals postage paid at New York, NY, and at additional mailing offices. Canadian
GST# 125634188. Annual subscription rate: US $26.95. Eight additional monthly issues are
of subject matter and its placement within the issue. Copyright © 2015 by The Institute of
Electrical and Electronics Engineers Inc. THE INSTITUTE is a registered trademark owned by
year as vice president, Educa- available online. The editorial policies for IEEE’s major publications are determined by the The Institute of Electrical and Electronics Engineers Inc. POSTMASTER: Send address changes
IEEE Board of Directors. Unless otherwise specified, IEEE neither endorses nor sanctions any to THE INSTITUTE, IEEE Operations Center, Coding Department, 445 Hoes Lane, Piscataway,
tional Activities. positions or actions espoused in THE INSTITUTE. Major IEEE boards review items within their NJ 08854. IEEE prohibits discrimination, harassment, and bullying. For more information, visit
—A.D. purview prior to publication. When published in THE INSTITUTE, individual viewpoints of http://www.ieee.org/web/aboutus/whatis/policies/p9-26.html.
Technology Insurance
Computers Auto/Home
Student Software Health
And More Dental
Life
Death & Dismemberment
Disability
Moving & Storage Short-Term Health Insurance
Shipping Services Long Term Care
Auto Buying Medicare Supplement
Language Learning Software Professional Liability
Small Employer Group Plans
Travel
Vacations
Car Rentals
Travel Insurance
And More
14-MDI-015 4/14
Visit www.ieee.org/discounts
*Discount availability varies by country.
I
n t h e f a c e of growing CERT Division at the
data breaches, denial-of-service attacks, computer security breaches, it Carnegie Mellon Uni-
makes little sense to be cavalier versity Software Engi-
and software vulnerabilities, the subject about cybersecurity and cyber- neering Institute, in
privacy. Just ask the European Pittsburgh. The initia-
of cybersecurity—the focus of this Central Bank, Korea’s Hydro and tive was established
Nuclear Power Co., Microsoft, or in January 2014 by
special report—is particularly timely. The Sony Pictures—some of the recent
cyberattack victims. Credit-card
the IEEE Computer
Society and the IEEE
payment systems have been raided. Future Directions
attacks showed that every organization’s Floor plans of sensitive facilities have Committee.
been posted on social media. Gam- Not enough
computers and data are at risk, no matter ing services have been disrupted and investment is being
employees’ personal information made to ensure that
what its goals are or where it’s located. leaked. Companies’ reputations have sufficient security
been damaged, customers have fled, and privacy controls
The incidents have led to a renewed top executives have been fired, and are implemented,
hefty fines incurred. Shannon says, adding
focus on improving the security and What’s more, the financial that the R&D com-
impact of an intrusion is growing. munity has not given
privacy of computers and networks. Last year, the average cost per inci- engineers the tools they
dent increased 15 percent over 2013 need to understand all
to US $3.5 million, according to the the possible threats against
H a c k e r s t a k e advantage help prevent software design annual Cost of Data Breach Study their systems and how to
of weak spots to break into flaws that could compromise sponsored by IBM and conducted by mitigate them.
systems that aren’t properly privacy and security. the Ponemon Institute, of Traverse The initiative is accelerating
patched or updated. Cyber- The issue also deals with City, Mich. The study surveyed innovative research and developing
criminals may download meeting the challenge of pro- 250 companies in 11 countries and cybersecurity privacy technologies to
attachments containing mal- tecting private information found that the cost incurred for protect commerce, innovation, and
ware or viruses or take advan- on mobile devices [see p. 8] each lost or stolen record contain- freedom of expression.
tage of computers that were and what must be done so ing sensitive information increased “Now is the time not only for
disposed of without having that cybersecurity is taken more than 9 percent compared with better defensive measures but also
been wiped clean. They can more seriously as a profession the previous year, to $145. for cybersecurity standards and best
also gain access through vul- [p. 9]. And we’ve profiled Greg Attackers gain access in many practices that consider the entire
nerabilities introduced by engi- Shannon, chair of the IEEE ways, including through viruses technology life cycle,” Shannon says.
neers and software designers. Cybersecurity Initiative [p. 14]. and malware, stolen passwords, “It is IEEE’s responsibility to empha-
Often, software engineers lack The initiative also aims to and personal information stored size strongly the things that can
the training and tools needed get the word out about IEEE’s on publicly accessible directories. improve security and privacy, and
to mitigate and defend against expertise in cybersecurity. The As has been the case for decades, this means not ignoring the engi-
security and privacy threats. organization has been offering hackers find their way in because of neering mistakes made in develop-
This report describes products, conferences, and engineering and operating mistakes. ing and operating software systems.
IEEE’s efforts to make devel- standards on the subject for The IEEE Cybersecurity Initiative These may be less noticeable but can
opers more knowledgeable more than three decades [p. 12]. wants to change that. prove just as harmful.
through its Cybersecurity This issue also announces “It has become clear that, gener- “Alone of any professional society,
Initiative, launched in January the winners of the 2014 IEEE ally, engineers have not had suf- IEEE has been involved in cyber
2014 by the IEEE Computer election and includes the list of ficient training nor been encouraged security from soup to nuts,” he adds.
Society and the IEEE Future senior members elevated to the to have a mind-set that considers IEEE has been helping
Directions Committee, the 2015 class of Fellows, as well as how an adversary might thwart their engineers recognize, resist, and
organization’s R&D arm. proposed revisions to the IEEE system, whether it’s on the security recover from cyberattacks for more
The initiative is working to constitution that members will side, the privacy side, or the vulner- than three decades. The annual
educate engineers and others be asked to vote on this year. ability side,” says the initiative’s IEEE Symposium on Security and
and is developing tools to —Kathy Pretz, Editor in Chief chair, IEEE Senior Member Greg Privacy, for example, marked its
Shannon. He’s chief scientist for the 35th anniversary last year. And IEEE
e T r u s
information electronically, which
u m t A
puts the privacy and security of the
s s u
data at risk.
ev r o
to be able to access their health
profile and related information,”
Shannon points out.
“Because these devices are in
low-power, low-bandwidth envi-
r iz
e
e Af
view,” he says. The hurdles include
ctly
te r A u t h e
form uploading the data is getting
it from the correct sensor. “A solu-
e
c
in homes and their information
a
pto e Cr y
g Us Shannon cautions.
“Many of these devices use
vulnerable components and oper-
ating systems, and patching them
is a concern,” he says. “Engineers
have to be very careful about
whether the patched product will
still be certified by agencies that
oversee them, like the U.S. Food
and Drug Administration, and
whether the update causes some-
thing else to malfunction. If it’s
your pacemaker, you care a great
deal about that.”
To that end, the initiative is
offers conferences, publications, stan- but some aspect of its execution center was formed by such organi- developing “building codes” for
dards, and other services [see p. 12]. fails. The security industry has zations as Athens University of Eco- medical devices similar to those
But many in the cybersecurity field been focused mostly on finding nomics and Business, Cigital, EMC, used in the construction industry.
are unaware of the breadth, depth, and eradicating bugs; it has virtu- Google, Harvard, Twitter, and the “Security and privacy issues—
and longevity of IEEE’s work, accord- ally ignored the fact that design University of Washington, Seat- what is important and what is
ing to Shannon. The initiative plans flaws may also be the subject of tle. The CSD released a report in reasonable or what is not—are still
to change that, too, along with add- attack. Unfortunately, not much August detailing the top 10 most being defined by society,” Shannon
ing new offerings to the field. reference material exists on how to widely and frequently occurring says. “Part of a broader aspect of
avoid these types of flaws. software security design flaws, the initiative is to help understand
SE CU R I T Y: F R O N T AN D CEN T ER That’s why the initiative estab- as well as recommendations for the decisions that must be made,
About half of all security breaches lished the IEEE Center for Secure avoiding them. The report is also as well as larger issues such as
are possible because of flaws in the Design, hosted on the initiative’s on the initiative’s website. who has a right to what data, and
software’s architecture and design. website at http://cybersecurity.ieee. what can and can’t companies be
Bonnie Nani (2)
The rest result from bugs in the org/center-for-secure-design.html. GUA RDING M EDICAL data allowed to do with personal data.
software’s implementation—the It focuses on identifying and pre- Wearables, smartphone apps, We know that IEEE will help inform
overall design may appear sound, venting software design flaws. The portable diagnostic units, and other that conversation.” ◆
Mobile Devices
Methods for increasing security in the scanning service, the network
operating systems have changed could catalog and report on the
dramatically over the years. “It’s reputation, risk, and vulnerability
Lack Security
been a cat-and-mouse game,” Clark levels of each installed application—
explains. “Security companies like which would help users decide
ours find a way to stop hackers, who what apps to keep.
then find another way in.” Network-based inspections
Clark and Qing Li, Blue Coat’s are scalable, flexible, and able to
It’s a problem developers can no longer ignore chief scientist, are developing
a framework they call an
intercept and disrupt threats, Clark
says. “In the Wild West of mobile
BY MONICA ROZENFELD infrastructure-centric security apps and the rapid sprouting of
ecosystem with a cloud defense, websites,” he says, “users want
O
which mobile developers could their networks to inform them
f the world’s smartphones and tablets designed adopt for their operating systems. when they are accessing malicious
7 billion people, by nearly the same number of They describe it in an article, “Mobile content and proactively terminate
6 billion rely on developers. Many of them are nov- Security: A Look Ahead,” published in the attacking threats. And we want
mobile phones or ice designers with little concern for IEEE Security & Privacy magazine. to allow the network to be pro-
tablets to bank, shop, protecting the security and privacy Their cloud-based framework grammable to offer layered defense
post to social media, and monitor of the data their apps collect and would be an agile system able to for the end points.”
their health. With all the personal store. Moreover, when downloaded, keep pace with evolving threats. The willingness to have an
and professional information being many of the apps have access to The framework would consist of open network, however, has to
shared, it’s important that data other information in the mobile application proxies, real-time come from the users and service
from mobile devices be secure. Yet device, making them potential out- content categorization and rat- providers in order to allow security
that’s rarely the case. lets for data leakage and theft. ing engines, and real-time URL solutions to inspect and analyze
Securing such information is That’s just one issue. Another is analysis engines to help decide activities to ensure harmful
no small feat. Unlike applications malicious websites. More than half which websites are safe to browse. content is not being accessed, Li
designed for laptop and desktop of websites are live for 24 hours or The Blue Coat model would also says. “Mobile security,” he points
iStockphoto
computers—often created by just less, which makes them difficult filter malware from compromised out, “requires an entire ecosystem
a handful of companies—there are to monitor for harmful content. websites to prevent an attack from to participate in the defense of
now more than 1 million apps for Malware—short for malicious ever reaching a user’s device. mobile devices and their users.” ◆
D
says Pell Fellow Francesca Spidalieri, The Pell report offers recommenda-
o y o u k n o w how to “This confusion causes the profes- who coauthored the report with Lt. tions for developing a more orga-
become a cybersecurity sion to grow less efficiently than it Col. Sean Kern, a Pell Center adjunct nized cybersecurity profession,
professional? Do you could,” says IEEE Senior Member fellow with the U.S. Air Force. “It is including establishing clear bodies
know what courses to Greg Shannon, chief scientist for the also about guaranteeing that those of knowledge and educational paths
take, which certifica- CERT Division at Carnegie Mellon in the industry reach the highest for the 31 workforce specialties.
tions are needed, and what skills University Software Engineering Insti- professional standards.” “You really have to have that
employers require? As a hiring tute, in Pittsburgh, and chair of the The industry has tried to body of knowledge, along with
manager, can you assess whether IEEE Cybersecurity Initiative. “People respond to the needs of the market- some means of assessing if a person
your new hire knows how to write can’t say, ‘These are the credentials place by developing certifications understands that knowledge and
secure mobile apps, defend systems I need’ and ‘This is how much itis and other educational standards can apply it creatively against
against cyberattacks, or protect cus- going to cost me to get them.’” for various career paths. However, whatever problems an organization
tomer credit-card data? The lack of clarity, Shannon these have sprung up individually. faces,” Spidalieri says. “That’s the
The truth is, not many people can says, has contributed to a wide- They often overlap each other and language of a profession.”
answer those questions. And that spread shortage of trained, experi- leave gaps. There are many different roles
uncertainty, experts say, is a problem enced cybersecurity professionals. The report found that cyberse- to fill in cybersecurity, says IEEE
for the cybersecurity industry. Its Similarly, it has created a challenge curity is composed of 31 different Senior Member Gary McGraw, chief
rapid growth during the past decade for employers to hire people with specialties dealing with such areas as technology officer of Cigital—a
has led to an unclear educational the right skills. HR reps find them- information assurance compliance, software security firm in Dulles,
path for students. There is also an selves confronted with a variety systems security architecture, and Va.—and a volunteer for the IEEE
absence of generally accepted quali- of certifications from about two digital forensics. These specialties Cybersecurity Initiative.
fications that tell hiring managers dozen organizations. are served by at least 23 different “Each role needs to have its
and human resources departments “There are people out there certification programs from such own education and experience
which job candidates have the right who are being positioned, rightly organizations as the American path,” McGraw says. “If you think of
experience and credentials. or wrongly, beyond their skills to Society for Industrial Security, the security like medicine, you need first
responders, nurses, doctors, brain
surgeons, and everything in between.”
The largest cybersecurity
certification program, the Certi-
fied Information Systems Security
Professional (CISSP), would serve
the emergency medical responders,
nurses, and maybe doctors, but it
wouldn’t help the brain surgeons
and other specialists, McGraw says.
“Organizing a common body of
knowledge in any area is always
useful,” he says. “A CISSP certifica-
tion guarantees only that you have
a modicum of knowledge about a
swath of cybersecurity. Your knowl-
edge may be wide but not very deep.”
Spidalieri and Kern also call for
each specialty to develop its own code
of ethics, something currently lacking.
“Part of what we learn in engineer-
Erik Isakson/Getty Images
Should We Fear
open a ‘back door’?” 4:30 p.m. ET Friday.
E-mail: contactcenter@ieee.org
“No, just as banks shouldn’t hire Tel.: +1 732 981 0060 (worldwide)
a Catastrophic
Tel.: +1 800 678 4333
thieves as security guards.”
(U.S. and Canada)
Fax: +1 732 562 6380
“The FBI and some casinos in Las To renew membership
Cyberattack?
Vegas have hired former criminals http://www.ieee.org/renew
to work for them. Obviously, this is T o J OIN
potentially risky, but in some cases it http://www.ieee.org/join
could be effective. There’s no simple
In a survey by the Pew Research Center of 1,642 black-and-white answer here.” Contact Points
cybersecurity experts, 61 percent said a widespread IEEE O p e r a t i o n s C e n t e r
false predictions about tech Tel.: +1 732 981 0060
cyberattack will occur in the next 10 years, leading Readers added to our list of famous 445 Hoes Lane
Piscataway, NJ 08854-4141 USA
to at least one of the following: the theft of tens of predictions that proved to be wrong. Business hours: 8 a.m. to 5 p.m. ET
billions of dollars, harm to a nation’s security and “Television won’t be able to hold on to
(12:00 to 21:00 GMT),
Monday through Friday
capacity to defend itself, or a significant loss of life. any market it captures after the first IEEE C o r p o r a t e Off i c e
N e w Yo r k C i t y
six months. People will soon get tired Tel.: +1 212 419 7900
Chime In Tell us what you think by commenting online at of staring at a plywood box every
IEEE – USA
http://theinstitute.ieee.org/opinions/question. night.” —Darryl F. Zanuck, executive Wa s h i n g t o n , D . C .
at 20th Century Fox, in 1946 Tel.: +1 202 785 0017
Fax: +1 202 785 0835
E-mail: ieeeusa@ieee.org
“Two years from now, spam will A s k * IEEE D o c u m e n t D e l i v e r y
be solved.” —Bill Gates, in a 2004 Tel.: +1 800 949 4333
E-mail: sec-chap-support@ieee.org
Manzalini: Traffic engineering and Q: How will SDNs facilitate the “Many people have been unable to St u d e n t Act i v i t i e s I n f o r m a t i o n
the orchestration of functionalities Internet of Things? find work they love doing, perhaps Tel.: +1 732 562 5527
will help lessen the risk of massive Manzalini: SDNs and network because they’ve been taught there Fax: +1 732 463 3657
congestion. In SDNs, data and functions virtualization (NFV ) can be no gain without pain. This E-mail: student-services@ieee.org
control planes could be logically are accelerating the transition man obviously loved what he did. Technical Societies
I n f o r m at i o n
and physically decoupled, easing to telecommunications Ave atque vale.” [Latin for “Hail Tel.: +1 732 562 3900
any congestion. infrastructure with more pervasive and farewell.”] ◆ E-mail: society-info@ieee.org
Editor in chief
Kathy Pretz, k.pretz@ieee.org
A s s o c i at e E d i t o r
Toward a More
Monica Rozenfeld, m.rozenfeld@ieee.org
S e n i o r E d i t o r i a l a s s i s ta n t
Amanda Davis, amanda.davis@ieee.org
Secure Future
E d i t o r i a l C o n s u lta n t
Alfred Rosenblatt
Copy Editors
Joseph N. Levine, Michele Kogon,
History is We hold more than 1,400 To this end, we ran a pilot
Mark Yawdoszyn, Peter Borten littered with conferences annually, face-to- program in 2014, and this year we’ll
Senior Art Director
companies that face meetings that are episodic. be launching IEEE Collabratec. It
Mark Montgomery did almost Nothing new here; people have will provide a suite of online tools
Art Director
everything right been holding meetings for eons. with which to network, collaborate,
Bonnie Nani but failed anyway. And between meetings, people and create—making publishing
Photography director
Some failed are communicating and innovat- faster and easier.
Randi Silberman Klett because they didn’t understand ing 24/7/365, across the globe. However, we are not alone.
Director of Periodical
what their business was, or should Some are using video chat tools, Facebook, LinkedIn, Research-
Production Services have been. For example, Eastman webinars, and blogs. Episodic, Gate, Twitter, and Wikipedia, to
Peter Tuohy Kodak thought it was in the film face-to-face meetings are becom- name a few, are also innovating
Editorial & Web business. Actually, it was in the ing obsolete in the Internet Age. in the information space. While
Production Manager business of capturing and preserv- In the future, nearly all schol- they are not our direct compet
Roy Carubia ing images. It ignored disruptive arly and business information itors today, they could be if we
W e b P r o d u c t i o n C o o r d i n at o r innovations that would render its will be created by individuals miss the sea change in how tech-
Jacqueline L. Parker traditional film business obsolete. nologists produce, acquire, and
M u lt i m e d i a P r o d u c t i o n Today, it is far from the powerhouse use information.
Specialist company it once was.
Michael Spector
In 1975, Steven Sasson, an
electrical engineer on Kodak’s
More than ever, LOO K IN G AH E AD
IEEE is focusing this year on not
Editorial Offices
IEEE Operations Center
445 Hoes Lane, Piscataway, NJ
research team, created the first
digital camera—decades before
IEEE needs to just our immediate future but also
on what is coming in 5, 10, and 15
08854-4141 USA
Telephone: +1 732 562 6825
Fax: +1 732 562 1746
digital cameras flooded the mar-
ket and built-in cameras became address the years. We will talk about the future
of information, the future of con-
commonplace in cellphones. ferences, the future of membership
E-mail: institute@ieee.org
Web: theinstitute.ieee.org The company saw no business future of in professional technical organiza-
opportunity for its digital camera, tions, the future of publications,
Editorial
A dv i s o r y B oa r d
because it could not imagine a
world in which its film was sup-
information. and the future of standards devel-
opment. In short, we will talk about
Alexei Botchkarev, Hierold Christofer, planted by digital media. Less the future of IEEE.
Anthony Durniak (Staff Executive, IEEE
than 30 years later, Kodak was IEEE’s Board of Directors has
Publications), Matthew Genovese, Susan
Hassler (Editor in Chief, IEEE Spectrum), struggling to reinvent itself in the who never meet in person— already been incorporating these
Sheila Hemami (Vice President, IEEE digital media world. Film had brought together through tech strategic discussions into the fab-
Publication Services and Products), become an anachronism. nology and bound by a passion ric of our meetings. Such a strate-
Terrance Malkinson, Cecilia Metra,
to better the world. Information gic examination and visualization
Mirela Sechi Moretti, Annoni Notare,
James O’Neal, Krishnan Parameswaran, OU TSID E THAT BOX will be consumed by yet another of IEEE’s future is an absolute
Chonggand Wang Like Kodak, IEEE cannot allow set of individuals, indifferent to necessity. It is being given priority
itself to continue thinking within its source, working on problems at every board meeting.
I E E E M E DIA its traditional parameters. Mem- spanning diverse disciplines. Time For IEEE to remain a touch-
Publisher bers and volunteers come together will be critical, whether to save stone organization for engineers
James A. Vick to create, disseminate, and use lives or to maintain competitive and technologists, it must evolve.
A d v e r t i s i n g Sa l e s C o o r d i n a t o r information to advance technol- advantage in the marketplace. That evolution, while swift, cannot
Mindy Belfer ogy for humanity. But we are much More than ever, IEEE be haphazard. Instead, there must
Business Manager more than a membership organi- needs to address the future of be a comprehensive vision of what
Robert T. Ross zation, conference organizer, pub- information: how technical pro- IEEE is as a community today and
Marketing & Promotion lisher, and standards developer. fessionals will create it, share it, what we wish to be in the future.
Manager Our world is increasingly and use it in an evolving, global By the end of this year, it is my
Blanche McGurr
driven by information. Yet we talk marketplace. Imagining and act- goal to have an actionable vision,
A d v e r t i s i n g Sa l e s
about papers—whether presented ing on that future are critical to articulated in a comprehensive
+1 732 562 3946
at a conference or archived in a IEEE’s continued success. strategic plan and accompany-
Advertising
Production Manager
journal—as if the papers were We’ve taken a lot of positive ing global strategy plan everyone
Felicia Spagnoli the information. Papers are a steps to build this future. Articles in our community can embrace.
Advertising Production centuries-old technology to record in our IEEE Xplore Digital Library But most important, I want that
+1 732 562 6334 and share information. They were have been transformed from vision to be an outgrowth of the
born in a time when scholars col- static PDF files into interactive ideas and insights gathered from
Darren carroll
laborated through letters delivered XML. We’ve built technical com- across IEEE.
on horseback. This is the 21st munities spanning societies to I look forward to your thoughts
century. We need a new medium better assist researchers working and suggestions. Please send them
for sharing our information. on multidisciplinary problems. to me at president@ieee.org. ◆
Society Digital Library. surement, modeling, and trouble, including the loss key, enabling a blacklisting
PU B L I CAT I ON S simulation techniques, as of personal data. The group of the malware. The system
P O D CA S T S IEEE Security & Privacy well as on foundations for is establishing better ways also reports suspicious files.
The portal also has a link to magazine, from the IEEE jointly evaluating, verify of sharing malware samples Information about all
the entire catalog—more Computer Society, pub ing, and designing within and the information associ the Standards Association
than 100 episodes—of the lishes articles by lead performance, security, and ated with them, so as to services is available at http://
www.standards.ieee.org. ◆
IEEE
“Silver Bullet” podcast, which ers in the field. It covers dependability constraints. improve computer security.
“IEEE Standard for a Amendment: Ethernet land and maritime border Hardware-Oriented traffic analysis, and
Cryptographic Protocol Data Encryption Devices” security, cyberattack and Security and Trust intrusion detection
for Cyber Security of facilitates secure com- disaster preparation, MCLEAN, VA.; 5–7 MAY and prevention.
Substation Serial Links” munication over publicly cloud computing, big SPONSOR: IEEE
specifies a practice that accessible networks for data, personnel screening, TOPICS: Cyberattacks Communications Society
can protect the integrity which security has not secure information and detection techniques, VISIT: http://cns2015.
and confidentiality of already been defined. ◆ sharing, supply chain hardware-based security, ieee-cns.org ◆
theinstitute.ieee.org March 2015 the institute 13
John Moore
part time at its Centre for Advanced ety is exhilarating, he says. “You’re to use the radios in a mock-up of a oxygen supply to the plane’s bath-
Photonics and Electronics while forever learning new things,” he British Lancaster bomber of World room, you could pass out. It really
continuing his consulting work. The adds. But the most rewarding part is War II fame. “You can set the scene gives them a big charge.” —
P.P.
IEEE Access... a multidisciplinary open access journal that’s worthy of the IEEE.
www.ieee.org/ieee-access
Countdown
n IEEE Division VI delegate-elect/
director-elect 15 April Deadline for submitting
n IEEE Division VIII delegate-elect/ an intention to file a petition
director-elect to run for an office on the
A look at open positions and deadlines n IEEE Division X delegate-elect/ annual election ballot.
director-elect
1 May IEEE Board of Directors
O n 1 M a y, the IEEE Board of petition must include the necessary Chosen by members of submits to the voting membership
Directors is scheduled to announce number of valid voting members’ the respective regions a list of nominees for IEEE
the candidates to be placed on this signatures, and the petitioner n IEEE Region 1 delegate-elect/ president-elect, delegate-elect/
year’s ballot for the annual elec- must meet other requirements director-elect director-elect, as applicable, and
tion of officers, which will begin on as well. Petitions should be sent n IEEE Region 3 delegate-elect/ other positions to be elected by
17 August. Those elected will take to the IEEE Operations Center, in director-elect voting members for the term to
office next year. The ballot includes Piscataway, N.J. The IEEE Board n IEEE Region 5 delegate-elect/ come. The board also announces
candidates for IEEE president-elect, of Directors is also responsible for director-elect whether it intends to put forward
who are nominated by the board, as placing any proposed constitu- n IEEE Region 7 delegate-elect/ any constitutional amendments.
well as nominees for delegate-elect/ tional amendments on the ballot. director-elect
director-elect openings submitted For more information about the n IEEE Region 9 delegate-elect/ 8 May Signed petitions nomin
by their respective division and process for getting on the ballot, director-elect ating an individual for placement
region nominating committees. visit the IEEE annual election Web on the annual election ballot
The ballot also includes nominees page (http://www.ieee.org/election) Chosen by members must be received by noon
for president-elect of the IEEE Stan- or write to elections@ieee.org. in Regions 1–6 EDT USA/16:00 UTC.
dards Association and the members- n IEEE-USA president-elect
at-large of its board of governors; U P FO R EL ECTIO N I N 2015 n IEEE-USA member-at-large 17 August Annual election ballots are
vice president–elect, IEEE Technical Chosen by all voting members sent to all voting members on record
Activities; and president-elect and n IEEE president-elect Chosen by members of the as of 30 June. Voters may also begin
member-at-large, IEEE-USA. IEEE Standards Association accessing their ballots electronically.
IEEE members who want to Chosen by members of n Standards Association
run for an office but have not been all technical societies president-elect 1 October Marked ballots
nominated need to submit a petition n IEEE Technical Activities vice n Standards Association board of must be received by 1 p.m.
to the IEEE Board of Directors. The president–elect governors members-at-large EDT USA/17:00 UTC.
Rajkumar Buyya Lieven De Lathauwer Amitava Ghosh Yunhao Liu Yoshihiro Shiroishi Yahong Rosa Zheng
Christian Cachin Francisco de León Monisha Ghosh Zicheng Liu Moshe Shoham Kun Zhou
Ning Cai Michael Demetriou Patrick Girard John Robert Long Mario G. Silveirinha Yuanyuan Zhou
“With the IEEE Car Rental discount Before you book your next
vacation or business trip, visit
Program, we can stretch our budget www.ieee.org/discounts
and send more students to conferences and save big.
and meetings.” *Discount availability varies by country.
-Ali A.