Issue No.01 - January/February (2008 vol.6)
Published by the IEEE Computer Society
Eugene Spafford , Purdue University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.15
In memory of James P. Anderson
On 18 November 2007, noted computer pioneer James P. Anderson Jr. died at his home in Pennsylvania.
Anderson, born in Easton, Pennsylvania, graduated from Penn State with a degree in meteorology. From 1953 to 1956, he served in the US Navy as a gunnery officer and later as a radio officer. This later service sparked his initial interest in cryptography and information security. Anderson was unaware in 1956, when he took his first job at Univac, that his career in computers had begun. In 1959, he went to Burroughs Corporation as manager of the Advanced Systems Technology Department in the research division, where he explored issues of compilation, parallel computing, and computer security. While there, he conceived of and was a patent holder of one of the first multiprocessor systems, the D-825. After being manager of systems development at Auerbach from 1964 to 1966, Anderson formed an independent consulting firm, James P. Anderson Company, which he maintained until his retirement.
Anderson's contributions to information security involved both the abstract and the practical. He is generally credited with the invention and explication of the reference monitor (in 1972) and audit trail-based intrusion detection (in 1980). He was involved in many broad studies in information security needs and vulnerabilities. This included participation on the 1968 Defense Science Board Task Force on Computer Security that produced the Ware Report, which defined the technical challenges of computer security. He was then the deputy chair and editor of a follow-on report to the US Air Force in 1972. That report, widely known as the Anderson Report, defined the research agenda in information security for well over a decade. Anderson was also deeply involved in the development of a number of other seminal standards, policies, and over 200 reports including BLACKER, the TCSEC (the Orange Book), and other documents in the Rainbow Series.
Anderson had broad interests, deep concerns, great insight, and a rare willingness to operate out of the spotlight. His sense of humor and patience with those earnestly seeking knowledge were greatly admired, as were his candid responses to the clueless and self-important.
Anderson eschewed public recognition of his many accomplishments, preferring that his work speak for itself. His accomplishments have long been known within the community, and in 1990 he was honored with the NIST/NCSC (NSA) National Computer Systems Security Award, generally considered the most prestigious award in the field.
With his passing, the field of cybersecurity has lost one of its founding fathers.