On April 12, 2011, John Savage served as a witness and gave testimony before a Senate Judiciary Committee on “Cyber Security: Responding to the Threat of Cyber Crime and Terrorism.”
According to John, “The problem of making our computers, networks and applications safe from attack is unsolved and probably will remain so for several reasons. First, human innovation is relentless, and especially if there is money to be made or an enemy to defeat. Second, security has been notoriously difficult to define. This is illustrated by the fact that a single‐bit error can result in a system intrusion.”
“Given the above, can the cyber security problem be made manageable? My answer is “Yes.” I liken our computers to our homes. A determined attacker can easily break into them. So why aren’t most of our homes invaded more often? Apparently because the locks are good enough, the neighbors sufficiently vigilant, uniformed police officers sufficiently visible, and the punishment, if caught and convicted, sufficiently onerous to deter attackers. We need to arrive at a similar state in cyber. However, it cannot be done without more secure hardware and software, surveillance of the abuse of computers and networks, government regulation, international engagement and, possibly, the creation of an intergovernmental organization. Since it is better to build in security rather than try to add it after the fact (such as firewalls and intrusion detection), hardware and software vendors and network providers should be required to conform to reasonable cyber security guidelines,” he concluded.
A full webcast of the testimony is available. The hearing starts 21 minutes into the video.