Pin It

An Officer and a Gentleman: Norwich prof Michel Kabay takes on computer security 

click to enlarge JEB WALLACE-BRODEUR
  • Jeb Wallace-Brodeur

Major Michel Kabay, a professor at Norwich University in Northfield, is just the sort of person you’d expect to find in a military uniform. He’s meticulous in speech and conservative in dress, and his socks and shoes are all the same color: black. He says he’s never worn his hair long or owned a lick of jewelry, nor has he ever smoked a cigarette or ordered a drink in a bar. What he calls his “violently active superego” makes him, as he puts it, “excessively scrupulous about the letter and spirit of the law.” He readily confesses that he won’t even walk across a lawn for fear of damaging the grass. His rule-respecting attitude also gives him a deep and abiding respect for those in law enforcement and the military.

But Kabay is not a typical soldier. Though he wears a military uniform to work every day, he is not an active serviceman in any branch of the armed services. For that matter, he is not an American, though he is currently applying for citizenship. In the 1960s and ’70s this French-Canadian, who holds a Ph.D. in applied statistics and invertebrate zoology, rallied against the Vietnam War; a decade later he was active in the anti-apartheid movement. Still, at age 52, Kabay dismisses his politics — past or present — as utterly irrelevant to his work.

Suffice it to say, the man is a rare breed.

Kabay — or “Mich,” as he’s known to his friends — agrees to an interview at his spacious Barre home, which is perched like a citadel on a neatly landscaped hillside. Big as a bear but disarmingly affable, he leads the way to an upstairs office with an impressive computer work station. He occasionally interrupts his conversation to reposition his Corgi puppy, Gwyneth, onto a protected section of the couch.

Kabay has just begun his second year as an associate professor of Computer Information Systems. Norwich is the oldest private military college in the United States. According to the National Security Agency (NSA), it is also one of the nation’s top institutions in the field of “information assurance” — that is, protecting and defending the confidentiality, control, accuracy, authenticity, availability and utility of electronic information. Kabay is a Certified Information Systems Security Professional — the highest ranking in the field. His “mission” is to train the next generation of military officers and civilians — one-quarter of the students are not enlisted — in a civil defense of sorts: safeguarding computer systems against the endless barrage of cyber attacks launched by domestic and international terrorists, organized crime, anti-corporate “hacktivists” and countless other miscreants who prowl the digital frontier.

Computer security is, to say the least, a field commanding intense scrutiny. Military and civilian leaders alike have been scrambling, in the wake of 9/11, to plug the real and perceived holes in the nation’s electronic infrastructure. It’s also an area that has sparked heated debate in some unlikely places — among video and bookstore owners, librarians, reseachers — about the erosion of civil liberties and the irreparable loss or destruction of vital historical documents.

Kabay has surprisingly little to say about the effects of 9/11 on his work, particularly about the U.S.A. Patriot Act, which he dismisses as part of the natural ebb and flow of rights and responsibilities in society.

“There’s political pressure to alter the agreements of society over what constitutes public and private spheres,” he explains. “But this is not new. For anyone who’s been following this area of privacy law and concepts of privacy, it’s in constant ferment.”

Nonetheless, Kabay’s skills are now in constant demand. He has lectured in counterintelligence at NATO headquarters; he convened the first two international conferences on information warfare, in 1993 and 1995; and he is the co-author of the Computer Security Handbook, a 1224-page tome of information security principles and practices. “I am proud to report that I have been named as an enemy by a good number of criminal hackers,” Kabay says, “and have appeared as a target for criminal hacker groups.”

But his “enemy” status is not what interested Norwich. Tom Aldrich, the school’s manager for information assurance education and training, declares that Kabay “is a world-recognized figure and renowned speaker in the field of computer and network security. He’s also one of the most dynamic teachers I have ever seen. He has students totally enthralled throughout class.” Moreover, Aldrich adds, Kabay “challenges the students and they totally rise to the occasion — he really cares about them.”

Formerly in the employ of a computer networking consultant company with the fanciful name of Atomic Tangerine, Kabay now belongs to the Vermont Militia. His uniform bears the insignia of that unarmed civilian corps, which was established under Norwich University’s constitution in 1819 and is comprised of its full-time faculty. “We’re wearing a costume out of respect for the real military people who are active-duty people… I will salute any enlisted person regardless of their rank,” says Kabay in his exuberant, sing-songy voice. “It’s a curious custom. It’s like a game.”

This professor’s work is anything but a game, though plenty of criminal hackers out there think and act otherwise. They fall victim — or so Kabay speculates — to the spurious logic that because the Internet uses the same interface as a video game, the two are roughly equivalent. “This is not a video game. Life does not have a ‘cheat sheet’ that lets you get away with pressing the control key or fixing the problem by rebooting,” Kabay emphasizes. “Five seconds of pleasure that some 13-year-old gets by destroying a Web site by printing, ‘Ha ha ha! We own you!’ can translate into a week of extreme pain and panic on the part of the staff who are trying to rebuild the Web site, and who are going to be humiliated at their next job performance or may lose their jobs, not be able to pay their mortgage and so on.”

Kabay knows those stories well. Among his numerous ongoing projects is compiling the INFOSEC Year in Review, an annual summation of key developments in information security. As you might expect from a report by an invertebrate zoologist with “a fondness for creepy-crawly things,” his work is a veritable taxonomy of cyber critters: “digital worms,” “viruses,” “infestations” and other predators along the information superhighway.

A brief scan of the 2001 volume reveals the dead seriousness of Kabay’s work. Consider, for example, the teen-ager who gained access to the pager system of a Fairfax, Virginia, hospital and was giving nurses medical orders for their patients, including authorizing prescriptions and minor medical procedures. Or the 16-year-old boy who used a computer and a hand-held radio to send Denver police cruisers and helicopters on phony emergencies for more than a month before getting caught. Or the former employee of a nuclear power station who tried to hack sensitive data in order to sabotage the plant, and whose prior criminal history had remained unknown because no one had bothered to run a simple background check.

This 245-page compendium of hacking and phreaking, electronic embezzlement and industrial espionage paints a startling picture of a nation that’s been under constant attack in a war far older than the one now being waged against terrorism. For example, between 1995 and 2000, the incidence of identity theft tripled, making it economically the fastest-growing crime in the world.

Not surprisingly, Norwich is poised to address some of these threats: Its newest project on campus is an information warfare laboratory that will train students in real-world cyber-assault techniques, including ongoing “information warfare games” conducted in conjunction with West Point. And as one of 36 schools around the country chosen last May as a “Center of Excellence” by the NSA, Norwich will “also be putting together the master of science in information assurance,” program manager Aldrich notes. “Mich will be teaching a couple courses within that venue.”

You might expect Kabay to pepper his speech with the technojargon of computer geekdom. Instead, what crops up more often are words like “ethics,” “rectitude,” “truthfulness,” “integrity” and “kindness.” Kabay has written a series of papers and articles as well as a book entitled Cybersafety, which teaches children and adults to make safe and ethical decisions on the Internet. These range from not revealing credit-card numbers to strangers to not downloading stolen intellectual property such as music files, term papers or pirated software.

Kabay challenges those who use sloppy thinking to justify unethical or illegal behavior by posing some simple but straightforward questions: “Who gains and who suffers from your action? Would you tell your boss what you’re doing? Do you approve of the consequences of your actions if everyone behaved as you propose?”

“Some children have had so little contact with ethical decision-making that they seem to think ethics is on a par with preferences for the flavors of ice cream,” Kabay laments. “They have all the strength of emotion that they would over choosing pistachio over caramel. They seem to think that deciding whether to do something is purely a personal decision.”

All of Kabay’s computer-science courses at Norwich incorporate discussions of ethics; he says he never introduces a new topic without also exploring its moral implications. While this might not surprise anyone in the information-security field, popular media and entertainment rarely pay much heed to such Boy Scout virtues. When was the last time a spy thriller featured a computer genius who refused to perform a function because he objected to violating someone’s privacy or intellectual-property rights? In Hollywood, it seems, such concerns materialize only after a film is released.

In cinematic or real life, integrity in cyberspace clearly comes down to one important factor: people.

“Human beings are the element which will make or break security,” Kabay asserts. “You cannot secure an organization if the human beings… don’t want to cooperate. It just cannot be done, because no amount of gear is going to solve the problem.”

As Charles Mann points out in his article, “Information Insecurity” in the September issue of The Atlantic Monthly, lawmakers, law enforcement and the Bush administration all want to boost national security by spending millions of dollars on high-tech gadgetry like digital surveillance and facial-recognition software, “smart” driver’s licenses and retina, iris and fingerprint scanners. But in the long run, Mann asserts, such technocentric fixes “make a security system more prone to massive failures.”

Though Kabay is hardly anti-technology, he couldn’t agree more. “I worry about the peculiar attitudes that people seem to have about security,” he says. “It’s a bunch of amateurs who are making up rules on the spur of the moment without ever having thought about it.”

He cites as one example the new government protocol since Sept. 11 of asking airline travelers for valid government identification. “Timothy McVeigh was no doubt the owner of a valid ID, and he probably showed it to a lot of people,” Kabay says. “Did it make any difference? None.”

Instead, the professor offers a more pragmatic solution to airline security: Hire professional interrogators trained to spot inconsistencies in people’s stories, as the Israelis have done, and then start asking lots and lots of questions. Despite all of the country’s other security woes, an Israeli plane has not been hijacked in decades.

There’s something counterintuitive — and comforting — about a professor of cyber safety saying that the most effective security interface is the one that happens face-to-face.

Got something to say? Send a letter to the editor and we'll publish your feedback in print!

Pin It

More by Ken Picard

About The Author

Ken Picard

Ken Picard

Ken Picard has been a Seven Days staff writer since 2002. He has won numerous awards for his work, including the Vermont Press Association's 2005 Mavis Doyle award, a general excellence prize for reporters.


Subscribe to this thread:

Add a comment

Seven Days moderates comments in order to ensure a civil environment. Please treat the comments section as you would a town meeting, dinner party or classroom discussion. In other words, keep commenting classy! Read our guidelines...

Note: Comments are limited to 300 words.

Latest in Education

Recent Comments

Social Club

Like Seven Days contests and events? Join the club!

See an example of this newsletter...

Keep up with us Seven Days a week!

Sign up for our fun and informative

All content © 2016 Da Capo Publishing, Inc. 255 So Champlain St Ste 5, Burlington, VT 05401
Website powered by Foundation