A recent article in the NY Times profiled Peter Neumann (Noy-man), computer scientist, musician, veteran of Bell Labs, and computer security pioneer/tireless evangelist. He cites a breakfast meeting he had with Albert Einstein in 1952, when he heard the first-hand utterance of Einstein’s “Everything should be made as simple as possible, but no simpler,” as being a pivotal and defining moment in his career.
(While Neumann describes the event as a cameo appearance, it really may have been more destiny. Neumann’s mother, Elsa Schmid Neumann, was a noted artist and mosaicist, and some years earlier, Einstein’s step-daughter had turned to her to learn mosaic techniques. Einstein himself wrote a letter of appreciation to Elsa for the power of her portrait.)
In the Times article, Steven M. Bellovin, fellow alum of Neumann’s at Bell Labs, noted security specialist himself, and now chief technology officer of the Federal Trade Commission, cited Neumann as an inspiration for providing a corollary to Einstein’s phrase: “Complex systems break in complex ways,” with regards to the zoysia grass-like proliferation of hardware, software, interconnectedness of devices and networks.
I met Bellovin numerous times due to the close association with my former colleagues from Lumeta, which was involved in network topology and security. There were long and vigorous discussions on convenience vs. security, a must-have vs. a need to have. Lumeta’s CTO, Bill Cheswick, was a hardliner: no email attachments of any kind. We sneaker-netted disks to him – attachments to everyone else.
Those days seem far behind us as we store data literally everywhere, on everything, and it’s seemingly accessible to all. IT security has the Sysiphean task of trying to lock it all down while ensuring that the right people get what they need.
Leading a team of researchers in a 5-year program funded by the Pentagon, Neumann is looking for a better way to redesign software and computers to assure that the nation’s critical infrastructure is secured. As we look around and live architecture creeps, it is not too soon to assess and reconsider: are there simpler ways to do things?