co-director of Systems and Internet Infrastructure Security (SIIS)

Ball State University (M.S., computer science, June 1991)

Ohio University (B.S., computer science, August 1989)

I am the co-director and founder of the Systems and Internet Infrastructure Security Laboratory, an associate professor of computer science and engineering at The Pennsylvania State University, and an adjunct professor of The Stern School of Business at New York University.

I was a senior technical staff member at AT&T-Research.

My research focuses on network and computer security. This research has led to major publications in, among others, telecommunications security, secure routing and address management, formal security policy, digital rights management, and distributed systems security.

I am active in the academic security research community. I have authored over 100 books, papers, and reports and given over 100 invited talks. I am the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and serve as associate editor of the journals ACM Transactions on Information and System Security, IEEE Transactions on Software Engineering, and IEEE Transactions on Computers. I have served as the technical program chair for several leading conferences in computer security including the IEEE Symposium on Security and Privacy and the USENIX Security Symposium, and participated in over 50 program committees in the last five years.

I actively participate in national debates on important public policy issues. I was named the principal investigator of the EVEREST project analyzing the security of voting systems used in Ohio. Working directly with the Ohio Secretary of State and leading teams from Penn State, the University of Pennsylvania, and the University of California-Santa Barbara, I directed source code and red-teaming efforts used to illuminate security issues in voting systems and to assess the effectiveness of technical and procedural countermeasures addressing flaws. Extending previous reports in Florida and California, the vulnerabilities and procedures revealed in this report directly informed the election procedures used nationwide in the 2008 Presidential election.

My work on telecommunications security has uncovered serious vulnerabilities in the structure of the existing cellular network widely reported in the popular press. The reported vulnerabilities relate to the misuse of text messaging to congest control channels on the "over-the-air" protocols, thereby preventing the delivery of legitimate voice and data. Working with cellular providers and national carriers, I have extended this work to 3G data services and uncovered similar problems in new standards. I have worked with the FBI, FCC, DHS, Lucent, and now sits on the President's National Security Telecommunications Advisory Committee (NSTAC) in the helping craft national telecommunications public policy and provide avenues to better secure the critical national infrastructure.

Throughout my career, I have fostered public awareness of the dangers and solutions of increasingly interdependent online systems and critical infrastructure. Along with his work on the NSTAC, I have worked directly with the FCC and the FBI in understanding the nature of vulnerabilities and their effects in telecommunication networks. I have also worked with the Department of Homeland Security and industry to understand and develop practical

solutions for securing global network routing.

My prior work on online public policy has had significant impact. My work on movie piracy in peer-to-peer networks uncovered major leaks within the production industry, and was used as a principal vehicle for arguing against proposed legislation in congressional hearings. I have also written and spoken frequently on a number of other important policy issues such as usability, privacy, and censorship.