Creating Ag Extension Agent for Cyber

Championing a New Way to Spread Infosec Awareness

By , August 10, 2011.
Creating Ag Extension Agent for Cyber
Read Transcript

Eugene Spafford thinks America needs the cybersecurity equivalent of an agriculture extension service to help educate citizens on IT security.Spafford, executive director of Purdue University's Center for Education and Research in Information Assurance and Security, doesn't claim he conceived the idea, but champions it as a way to spread IT security awareness and best practices to the populous.

"Having a cybersecurity extension service, where people could go to get advice on how to protect their systems, how to deal with privacy breaches and break ins, would be very valuable," Spafford says in an interview with Information Security Media Group (select a Podcast Option at right to listen).

Spafford sees the extension service complementing the efforts by the National Institute of Standards and Technology, which provides detailed guidance on cybersecurity, but is too technical for the average Internet user, including small businesses.

The Purdue University computer science professor, who has testified before Congress on cybersecurity matters, says county agriculture extension agents field questions from local farmers and gardeners about a variety of anomalies. "If I discover an odd weed or an unusual bug in the garden, I can take it into the extension agency and they can identify and give me some suggestions on how to control it and whether or not it's a problem," Spafford says.

The same would hold true for a would-be cybersecurity extension agent assessing a different kind of bug. "We have so many people that are falling victims to botnets, viruses, identity theft, and they don't really know where to turn," Spafford says. "The government has some resources that are all available at a centralized location. ... We need to do a better job there pushing education in the system out."

In the interview, Spafford also discusses:

  • Breach notification bills before Congress, and presents his views on what requirements they should include.
  • Prospects of Congress enacting significant cybersecurity legislation this year.
  • Effects of the weak economy on funding cybersecurity awareness initiatives.

Spafford has served on the Purdue faculty since 1987. He is also a professor of philosophy, communications and electrical and computer engineering. His research interests focus on information security, computer crime investigation and information ethics. He is recognized as one of the senior leaders in the field of computing.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE AV Firms Defend Regin Alert Timing

Anti-virus firms Symantec, F-Secure, and Kaspersky Lab have been criticized for not issuing public...

Latest Tweets and Mentions

ARTICLE AV Firms Defend Regin Alert Timing

Anti-virus firms Symantec, F-Secure, and Kaspersky Lab have been criticized for not issuing public...

The ISMG Network