LANCE J. HOFFMAN
Cyber Security and Privacy Research
Institute
Computer Science Department
The George Washington University
Washington, D. C.
202 994-4955
(Last updated July 8, 2016. A
more graphics-friendly version of roughly the same material is at http://www.linkedin.com/in/lancejhoffman.)
Lance J. Hoffman, educator and researcher,
is Distinguished Research Professor of Computer Science and Director of the
Cyber Security and Privacy Research Institute (CSPRI) at The George Washington
University (GW) in Washington, D. C. CSPRI [1]
facilitates and executes interdisciplinary research in cyber security. Inside
GW, the Institute bridges discipline barriers to bring together researchers
from all of the ten Schools of GW with interests in technological and policy
issues related to cybersecurity.
Professor Hoffman developed the first
regularly offered course on computer security at the University of California,
Berkeley in 1970 after serving on the Advisory Committee to the California
Assembly Committee on Statewide Information Policy. His second book, Modern
Methods for Computer Security and Privacy, published in 1977, was a
standard textbook in the few computer security courses offered at the time
around the world. His other books, all anthologies, captured the
state of cybersecurity and privacy at various times:
a. Security and Privacy in Computer Systems in 1973, the year of the first
international connections with the ARPANET
b. Computers and Privacy in the Next
Decade in 1980, after the advent of public-key cryptography
c. Rogue Programs: Viruses, Worms, and Trojan Horses in
1990, after viruses and other malware were becoming common problems
d. Building in Big Brother: The Encryption Policy Debate in
1995, during cryptographic policy debates related to the proposed Clipper chip.
A Fellow of the Association for Computing
Machinery, Dr. Hoffman institutionalized the ACM Conference on Computers,
Freedom, and Privacy [2]. He has served on a number of
Advisory Committees including those of Federal Trade Commission, the Department
of Homeland Security, the Center for Democracy and Technology, and IBM. He
has chaired the Information Security Subcommittee of the IEEE Committee on
Communications and Information Policy and is a Member of the Subcommittees on
Law, and Security and Privacy of the U. S. Public Policy Council of the ACM.
His research has spanned multiple aspects
of cybersecurity, including models and metrics for secure computer systems [3], cryptography policy [4], risk analysis[5], societal vulnerability to computer system
failures [6], improved architectures for in-vehicle
security systems [7], a smart-card-protected operating system [8], portable security labs [9], medical record security and privacy [10],
and statistical inference for data mining [11].
His thought leadership has included the
organizing of several projects that pushed forward emerging areas of
cybersecurity:
a. a 1987 workshop that was one of the first
to explore issues related to Internet voting and personal computer-based voting
machine systems, and whose report [12]
suggested actions to develop uniform standards, improve testing and audit
capabilities and internal controls, clarify responsibilities, improve training,
and standardize terminology in election systems
b. a 1999 study of foreign encryption
products that explored the effect of the United States export control regime on
American and foreign manufacturers. It identified 805 hardware
and/or software products incorporating cryptography manufactured in 35
countries outside the United States, and identified 512 foreign companies that
either manufactured or distributed foreign cryptographic products in at least
67 countries outside the United States [13]. Dr.
Hoffman later testified before the U. S. Senate Commerce Committee on the
topic, displaying an array of the products purchased at the time.
c. a 2004 workshop that explored a National
Cyber Security Exercise for Universities, issued a report that described types
of cyberexercises, proposed a generic structure
for them, and enumerated logistical and other considerations, resources and
costs required, and governance issues. This work [14] sparked numerous cybersecurity educational
competitions.
d. a 2010 workshop on information assurance
education and workforce Development that examined the challenges of developing
the workforce in cybersecurity and articulated steps to insure that
universities produce appropriately educated individuals [15]. This led to a broader paper that
summarized the workshop and related it to other cybersecurity workforce issues
[16].
e. the development and promulgation of new
courses as the field of cybersecurity grew, for example on e-commerce security
[17], information policy, and cybersecurity and
governance.
Dr. Hoffman served as thesis advisor for
nine doctoral students, and numerous master’s and bachelor’s students studied
under him. But his reputation in cybersecurity education circles
also stems from his work as the initiator and principal investigator for the GW
CyberCorps scholarship program [18] that has produced dozens of cybersecurity
experts with degrees in at least ten majors [19]. All have had
cross-disciplinary instruction that recognizes cybersecurity as a discipline
with technology, policy, and management components, often presented by
government and industry information security leaders who regularly visit the GW
campus to provide timely topical briefings. These graduates have
gone on to work for dozens of different federal organizations.
His work on automated risk analysis [20]
led to a commercial product, RISKCALC [21], in the mid-1980s.
Beyond his computer science
accomplishments, he has envisioned the application of computers in several
other fields. For example, he wrote an early paper in 1973 on computers
and commodity trading [22] and ran a computer dating service while a graduate
student at Stanford, where he earned his Ph. D. in Computer Science in 1970,
after a B.S. in Mathematics from Carnegie Mellon University.
REFERENCES
1. Cyber Security and Policy
Research Institute, The George Washington University, www.cspri.seas.gwu.edu.
2. Proceedings of the Second Conference on Computers,
Freedom, and Privacy (Editor), Association for Computing Machinery
Conferences Office, New York, N. Y., 1993, http://cpsr.org/prevsite/conferences/cfp92/home.html/
3. (with Kim Lawson and Jeremy Blum), Trust Beyond
Security: an Expanded Trust Model,
Communications of the ACM, July 2006, vol. 9, no. 7, pp. 95-104
4. (with F. Ali, S. Heckler, and A. Huybrechts), Cryptography
policy, Communications of the ACM 37, 9 (September 1994)
5. "Risk Analysis and Computer Security: Bridging the
Cultural Gaps", Proc. 9th National Computer Security Conference, National
Bureau of Standards, Gaithersburg, Md., September 1986.
6. (with L. Moran), "Societal Vulnerability to Computer
System Failures", Computers and Security, Vol. 5 (1986), pp.
211_217.
7. Blum, J., Eskandarian, A., and
Hoffman, L. (2003) Mobility Management of Inter-Vehicle Networks,
Columbus, OH: IEEE IV2003 Symposium, pp. 150-155.
8.
(with P. C. Clark) BITS: A Smartcard Protected Operating System,
Communications of the ACM 37, 11 (November 1994), 66-70, 94.
9.
(with Tim Rosenberg) Taking Networks on the Road: Portable Solutions
for Security Educators, IEEE Security & Privacy, January-February 2006,
pp. 64-67.
10. "Data Security and Privacy in
Health Information Systems", Topics in Emergency Medicine 17,
4 (December 1995).
11. (with W. F. Miller) "Getting a
Personal Dossier from a Statistical Data Bank", Datamation,
May 1970.
12. Making Every Vote Count: Security and
Reliability of Computerized Vote-Counting Systems, Report GWU_IIST_87_17, Department
of Electrical Engineering and Computer Science, The George Washington
University, Washington, D. C., December 1987.
13.
(with David M. Balenson, Karen A. Metivier-Carreiro, Anya Kim, and Matthew G. Mundy),
Growing Development of Foreign Encryption Products in the Face of U. S. Export
Regulations, The George Washington University Cyberspace Policy Institute,
Report GWU-CPI-1999-02, June 1999.
14.
(with Ronald Dodge, Timothy Rosenberg, and Dan Ragsdale), Exploring a National
Cyber Security Exercise for Universities, IEEE Security & Privacy, vol. 3,
no. 5, September/October 2005, pp. 27-33.
15.
Lance J. Hoffman, Building the Cyber Security Workforce of the 21st
Century: Report of a Workshop on Cyber Security Education and Workforce
Development, Report GW-CSPRI-2010-3, December 15, 2010.
16.
(with Diana L. Burley and Costis Toregas), Holistically Building the
Cybersecurity Workforce, IEEE Security & Privacy, Vol. 10, No. 2
(March/April 2012), pp. 33-39.
17.
(with Rachna Dhamija and
Rachelle Heller), Teaching E-Commerce to a Multidisciplinary Class,
Communications of the ACM, 42, 9 (September 1999), pp. 50-55.
18. GW CyberCorps: Information Assurance
Scholarship for Service Program, http://www.seas.gwu.edu/cybercorps/
19. The majors are computer science,
electrical engineering, engineering management, forensic sciences (high
technology crime investigation), business administration, and public policy,
international science and technology policy, information science, information
systems technology , international affairs.
20. "PC Software for Risk Analysis
Proves Effective", Government Computer News, Vol. 4, No. 18, September 27,
1985, pp. 58-59.
21. “A General Purpose Shell for Risk
Analysis” in L. A. Cox, P. F. Ricci (Editors), New Risks: Issues and
Management, Vol. 6 of Advances in Risk Analysis, Springer Science Business
Media, September 30, 1990.
22. (with R. Sandor)
"Computers and Commodity Trading", Commodities, Vol. 1,
No. 1, February/March 1973, pp. 20_23.