The Security Sentinels

As far back as the 1970s, three women began preparing the world for the havoc about to be unleashed by networked computing. From their humble origins in law enforcement and academia, their influence on computer security practices has spread to government and private sector alike - despite the fact that two of the women had virtually no IT or scientific backgrounds.

These security pioneers include Martha Stansell-Gamm, a former U.S. Air Force judge advocate who started an arduous fight against breast cancer as she took over leadership of the then 8-year-old Computer Crime and Intellectual Property section of the U.S. Department of Justice (DOJ).

While developing the DOJ's forensics procedures for search and seizure of electronic evidence, Stansell-Gamm crossed paths with Raemarie Schmidt, who developed digital forensics procedures for Wisconsin's branch of the DOJ. Schmidt's work helped set the standard for computer forensics now used by law enforcement agencies around the nation.

And there's Dorothy Denning, a distinguished computer science professor at Georgetown University in Washington, whose writings have set the stage for information security practitioners for the past 27 years.

Fight of Her Life

WHO IS SHE? Martha Stansell-Gamm Position: Chief, Intellectual Property and Computer Crime, DOJ Education: Phi Beta Kappa, DePauw University, Greencastle, Ind.; law degree, Georgetown University; master's in international law, Harvard University Claims to fame: Helped shape amendments to the 1986 Computer Fraud and Abuse Act Group chairwoman and editor, Federal Guidelines for Searching and Seizing Computers, 1994 U.S. representative in Council of Europe's Cybercrime Treaty, 1992-2001 Coordinated the DOJ's participation in many high profile investigations, starting with the investigation that landed computer cracker Kevin Mitnick behind bars in February 1995

For eight years, Stansell-Gamm partnered with her department chief, Scott Charney, to grow the Computer Crime and Intellectual Property section of the DOJ. Logically, Stansell-Gamm was the best choice to fill Charney's shoes when he left the department in 1999. But the same week she learned of her promotion, she received news of a different sort: She was diagnosed with advanced breast cancer.

The department was already smarting from the loss of its founder, and Stansell-Gamm worried about what would happen to her unit during this leadership vacuum.

"All I could do is put one foot in front of the other, count on the section to do right by me and to do right by our mission," she says. "Everyone just handled it. They jumped into unfinished, high-level projects they had no experience with and took over what needed to be done."

Now cancer-free, she's been back on the job for two years, leading the DOJ's efforts in multijurisdictional computer crime investigations and coordinating DOJ representation in developing international cyberlaws. The biggest and most difficult part of her job, she says, is getting all the players - corporate victims, law enforcement, state attorneys and intelligence agencies - to "kick the ball" to one another.

"We're like a bunch of 5-year-olds playing soccer, where we all huddle around the ball," says Stansell-Gamm, who was a soccer mom when her three kids, now teens, were younger. "At public speaking engagements, I tell audiences that we need to position ourselves on the field and pass the ball."

That type of statement is typical of Stansell-Gamm, says Charney, who became Microsoft Corp.'s chief security officer April 1. "She sees the complexity of each issue," he explains of her leadership from 1994 to 1996 in amending the sentencing guidelines to the 1984 Computer Crime and Abuse Act. "For example, she recognizes that enforcing new laws on the Internet could chill free speech, so she has been careful not to turn evolving social mores on the Internet into definitions of criminal activity," he says.

Forensics Forerunner

Who: Raemarie Schmidt Position: Supervisor, curriculum development, computer crime section, National White Collar Crime Center, Fairmont, W.Va. Education: Bachelor's degree in chemistry, University of Wisconsin Claims to fame: Chaired the DOJ's working group to develop digital evidence seizure and processing protocols for the state of Wisconsin Assisted on search warrants and laboratory forensics examinations for the Wisconsin State Crime Lab and the National White Collar Crime Center from 1992 to 1999 Trainer at the Federal Law Enforcement Training Center, state agencies, NATO and the American Academy of Forensics Science Oversees curriculum development at the National White Collar Crime Center

Working law enforcement investigations in the mid-1990s was an exciting time for Schmidt, a digital forensics pioneer and supervisor of curriculum development for the computer crimes section at the National White Collar Crime Center in Fairmont, W.Va.

"We'd go in behind the raid team and use an early precursor to the Jazz and Zip drives to make evidentiary backups from parallel port to parallel port. We had to do this without shutting down the legitimate business completely," she says. "And in home searches, you'd walk into a disaster zone - cables, equipment and floppies everywhere."

Before getting into computer investigations, Schmidt tested drugs for 20 years, first for a pharmaceutical company and then for law enforcement, where she set up the drug testing facility for the Wisconsin State Crime Lab in Milwaukee. That's where she discovered her knack for technology, linking laboratory testing instruments to early Unix systems in the late '80s by soldering on the cable connectors herself.

So when her boss returned from a seminar in 1992 and charged Schmidt with developing a computer forensics department, she approached it scientifically and technologically. She used her science skills to turn the ad hoc process of computer investigations into a modern-day forensics practice. Then she used her technological prowess to track down computer vulnerabilities and technologies to aid investigators.

Now, as supervisor of curriculum development, she's overhauling old courses and adding new ones, along with hiring and screening contractors and investigators and overseeing instructor development. And she's still researching the ways new technologies will be used in crimes.

"In the last year, we've really only seen the tip of the iceberg in digital forensics," says Chris Stippich, co-founder of Digital Intelligence Inc. in Waukesha, Wis., who worked with Schmidt at both the Wisconsin State Crime Lab and the National White Collar Crime Center. "I think Raemarie's going to continue to be at the forefront, pushing the envelope on the discipline of digital forensics."

The Security Mentor

Who: Dorothy Denning Position: Distinguished professor, computer science, Georgetown University Education: Bachelor's and master's degrees in mathematics, University of Michigan; doctorate in computer science, Purdue University Claims to fame: Founder of Georgetown's Institute for Information Assurance Writer on encryption, intrusion detection, information warfare and many other must-reads for IT security leaders Awards include Security Innovator, Time magazine, 2001; TechnoSecurity Professional of the Year, 2000; National Computer Systems Security Award, 1999 Association for Computing Machinery (ACM) fellow, 1999; ACM Recognition of service award, 1985, 1987, 1989, 1994, 1995

The relationship between computing subsystems and user access to resources intrigued Denning in the 1970s. She wrote her doctoral thesis on secure information flow in 1975, some 20 years before colleges were thinking about information security courses.

"The topic of my thesis was how to keep top-secret data from reaching an uncleared user, which was a challenging problem for the Department of Defense, who wanted all levels of users to share the same computer," she says.

After publishing her thesis, Denning kept writing. Since then, her 120 articles, three books and television and radio appearances, along with congressional testimonies, are the basis for much of today's thinking on IT security.

"She's become a mentor for those of us who are operational in the field, even though she's an academic," says Howard Schmidt, co-chairman of the President's Critical Infrastructure Protection Board in Washington. "Her writings give me a balance, particularly those on information warfare, intrusion detection, and even her unpopular belief on the Clipper chip and encryption-key escrow," he says, referring to when Denning positioned herself on the side of the government for these collection and recovery initiatives. When she did, the outcry was deafening.

"The attacks were very personal," she says. "I had new names, like 'Wicked Witch of the East.' I would come home very stressed out."

Denning coped by doing more research, even polling Howard Schmidt and others about the impacts of encryption on evidence recovery. She also responded in forums, including a July 1996 HotWired "Brain Tennis" match with John Gillmore, co-founder of the San Francisco-based Electronic Frontier Foundation. Eventually, as the government's proposals failed and Denning took a position in favor of easing encryption export laws, the criticism died down.

As Howard Schmidt says, Denning's position is all about balance. She talks of the balance between computer security and operability, something that made her quit her job in the early '80s at Menlo Park, Calif.-based SRI International Inc., where her responsibilities included trying to secure databases. She left for a position at Digital Equipment Corp. that focused on usability. Denning continues to analyze trends in network attacks for signs of terrorist activity.

"People want to know if cyberterrorism is going to happen and when it will happen," she says. "It's hard to know because it's speculative."

The Security Sentinels: Backgrounder on Steel Magnolias Credibility Through Invisibility The Security Sentinels