Killing the Computer to Save It
Jim Wilson/The New York TimesMENLO PARK, Calif. - Many people cite Albert Einstein's aphorism âEverything should be made as simple as possible, but no simpler.â Only a handful, however, have had the opportunity to discuss the concept with the physicist over breakfast.
Peter G. Neumann on Cyber Security Close Video See More Videos 'One of those is Peter G. Neumann, now an 80-year-old computer scientist at SRI International, a pioneering engineering research laboratory here.
As an applied-mathematics student at Harvard, Dr. Neumann had a two-hour breakfast with Einstein on Nov. 8, 1952. What the young math student took away was a deeply held philosophy of design that has remained with him for six decades and has been his governing principle of computing and computer security.
For many of those years, Dr. Neumann (pronounced NOY-man) has remained a voice in the wilderness, tirelessly pointing out that the computer industry has a penchant for repeating the mistakes of the past. He has long been one of the nation's leading specialists in computer security, and early on he predicted that the security flaws that have accompanied the pell-mell explosion of the computer and Internet industries would have disastrous consequences.
âHis biggest contribution is to stress the âsystems' nature of the security and reliability problems,â said Steven M. Bellovin, chief technology officer of the Federal Trade Commission. âThat is, trouble occurs not because of one failure, but because of the way many different pieces interact.â
Dr. Bellovin said that it was Dr. Neumann who originally gave him the insight that âcomplex systems break in complex waysâ - that the increasing complexity of modern hardware and software has made it virtually impossible to identify the flaws and vulnerabilities in computer systems and ensure that they are secure and trustworthy.
The consequence has come to pass in the form of an epidemic of computer malware and rising concerns about cyberwarfare as a threat to global security, voiced alarmingly this month by the defense secretary, Leon E. Panetta, who warned of a possible âcyber-Pearl Harborâ attack on the United States.
It is remarkable, then, that years after most of his contemporaries have retired, Dr. Neumann is still at it and has seized the opportunity to start over and redesign computers and software from a âclean slate.â
He is leading a team of researchers in an effort to completely rethink how to make computers and networks secure, in a five-year project financed by the Pentagon's Defense Advanced Research Projects Agency, or Darpa, with Robert N. Watson, a computer security researcher at Cambridge University's Computer Laboratory.
âI've been tilting at the same windmills for basically 40 years,â said Dr. Neumann recently during a lunchtime interview at a Chinese restaurant near his art-filled home in Palo Alto, Calif. âAnd I get the impression that most of the folks who are responsible don't want to hear about complexity. They are interested in quick and dirty solutions.â
An Early Voice for Security
Dr. Neumann, who left Bell Labs and moved to California as a single father with three young children in 1970, has occupied the same office at SRI for four decades. Until the building was recently modified to make it earthquake-resistant, the office had attained notoriety for the towering stacks of computer science literature that filled every cranny. Legend has it that colleagues who visited the office after the 1989 earthquake were stunned to discover that while other offices were in disarray from the 7.1-magnitude quake, nothing in Dr. Neumann's office appeared to have been disturbed.
A trim and agile man, with piercing eyes and a salt-and-pepper beard, Dr. Neumann has practiced tai chi for decades. But his passion, besides computer security, is music. He plays a variety of instruments, including bassoon, French horn, trombone and piano, and is active in a variety of musical groups. At computer security conferences it has become a tradition for Dr. Neumann to lead his colleagues in song, playing tunes from Gilbert and Sullivan and Tom Lehrer.
Until recently, security was a backwater in the world of computing. Today it is a multibillion-dollar industry, though one of dubious competence, and safeguarding the nation's computerized critical infrastructure has taken on added urgency. President Obama cited it in the third debate of the presidential campaign, focusing on foreign policy, as something âwe need to be thinking aboutâ as part of the nation's military strategy.
A version of this article appeared in print on October 30, 2012, on page D1 of the New York edition with the headline: Killing the Computer to Save It.