Eugene (Spaf) Howard Spafford

Co-developer of a number of "firsts" in computer security, Spafford is a leading computer security expert and historically significant Internet figure, renowned for first analyzing the Morris Worm and his prominent role in the Usenet backbone cabal. His primary research has related to information security, with a secondary interest in the reliability of computer systems and the consequences of computer failures. In addition to work in computer and network security, this has involved research into issues of computer crime, and issues of liability and professional ethics.

His work in security resulted in several oft-cited papers and a number of books, as well as the development of the COPS and Tripwire security programs for Unix — tools used world-wide for assistance in the management of system security. In 1991, he developed the idea of target monitoring for intrusion detection and defined one of the first active monitoring techniques to counter denial of service attacks on networks. He has served as a member of the President's Information Technology Advisory Committee from 2003 to 2005, as an advisor to the National Science Foundation (NSF), and has advised over a dozen other government agencies and major corporations.

Spafford attended State University of New York at Brockport, completing a double B.A. in both Mathematics and Computer Science in 3 years. He then attended the School of Information and Computer Sciences (now the College of Computing) at the Georgia Institute of Technology. He received his M.S. degree in 1981, and his Ph.D. in 1986 for his design and implementation of the original Clouds distributed operating system kernel.

During the early formative years of the Internet, he made significant contributions to establishing semi-formal processes to organize and manage Usenet, then the primary channel of communication between users, as well as being influential in defining the standards of behavior governing its use. At Purdue, Spafford has held a joint appointment as a Professor of Computer Science and as Professor of Electrical and Computer Engineering, joining the faculty in 1987. He has also served as a Professor of Philosophy and a Professor of Communication (both courtesy appointments).

He has also served as Executive Director of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security) and as founder and Director of COAST Laboratory, which preceded CERIAS. Spafford has been involved in a number of professional societies and activities outside Purdue, including serving on the Board of Directors of the Computing Research Association and as co-Chair of the (ACM) Association for Computing Machinery's U.S. Public Policy Committee. He has served on a number of advisory and editorial boards and is internationally known for his writing, research, and speaking on issues of security and ethics.

He authored or co-authored four books on computer and computer security, including "Practical Unix and Internet Security" for O'Reilly, as well as over a hundred research papers, chapters, and monographs. Spafford has stated that his research interests focus on "the prevention, detection, and remediation of information system failures and misuse, with an emphasis on applied information security. This has included research in fault tolerance, software testing and debugging, intrusion detection, software forensics, and security policies."

Among notable software he designed and/or supervised were the freeware Tripwire tool coded by his student Gene Kim (of which he later served as chief external technical advisor to the Tripwire company during their first few years), and the freeware COPS tool coded by his student Dan Farmer. He initiated the Phage List as a response to the Morris Worm, and some of his research also helped inspire the creation of the MITRE CVE service and the NIST ICAT database. Research by other graduate students of his resulted in tools for software testing and debugging, distributed processing, cyber forensics, firewalls, intrusion detection, auditing, and network traceback. He also discussed on C-SPAN a piece in the New York Times that examined how the Internet served as a conduit for all types of "cybercrime."

Spafford has been the recipient of numerous awards. In 1992 he was inducted into Sigma Xi, the research scientists' honor society, and into the Computer Sciences honor society Upsilon Pi Epsilon. In 1996 he was awarded charter membership in the IEEE Computer Society's Golden Core for distinguished service to the Computer Society during its first 50 years, and received both the Award of Distinguished Technical Communication (highest award) and the Award of Merit by the Society for Technical Communication for Practical Unix and Internet Security. In 1997 he was inducted as a Fellow of the Association for Computing Machinery, and in 1999 as a Fellow of the American Association for the Advancement of Science.

In 2000 he received the NIST/NCSC National Computer Systems Security Award, was proclaimed a CISSP honoris causa by (ISC)², and was inducted as a Fellow of the Institute of Electrical and Electronics Engineers. He was named to the ISSA (Information Systems Security Association) Hall of Fame in 2001, and in 2003 was awarded the U.S. Air Force Medal for Meritorious Civilian Service. In 2005 Spafford received an honorary D.Sc. from the State University of New York (SUNY), and in 2006 received the IEEE Computer Society Technical Achievement Award "For contributions to information security and digital forensics." He received the ACM President's Award in 2007, the Computing Research Association Distinguished Service Award in 2009, and in 2013 was elected to the Cybersecurity Hall of Fame.