Ross John Anderson (15 September 1956 – 28 March 2024) was a British researcher, author, and industry consultant in
security engineering
Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system's operational capabilities. It is similar to other systems engineering activities in that ...
.
He was Professor of Security Engineering at the
Department of Computer Science and Technology, University of Cambridge where he was part of the University's security group.
Education
Anderson was educated at the
High School of Glasgow.
After leaving school he attended Glasgow University and studied Natural Philosophy. He did not complete his studies there and moved to Cambridge. In 1978, he graduated with a
Bachelor of Arts
A Bachelor of Arts (abbreviated B.A., BA, A.B. or AB; from the Latin ', ', or ') is the holder of a bachelor's degree awarded for an undergraduate program in the liberal arts, or, in some cases, other disciplines. A Bachelor of Arts deg ...
in mathematics and
natural science
Natural science or empirical science is one of the branches of science concerned with the description, understanding and prediction of natural phenomena, based on empirical evidence from observation and experimentation. Mechanisms such as peer ...
from the
University of Cambridge
The University of Cambridge is a Public university, public collegiate university, collegiate research university in Cambridge, England. Founded in 1209, the University of Cambridge is the List of oldest universities in continuous operation, wo ...
where he was an undergraduate student of
Trinity College, Cambridge
Trinity College is a Colleges of the University of Cambridge, constituent college of the University of Cambridge. Founded in 1546 by King Henry VIII, Trinity is one of the largest Cambridge colleges, with the largest financial endowment of any ...
, and subsequently received a qualification in
computer engineering
Computer engineering (CE, CoE, or CpE) is a branch of engineering specialized in developing computer hardware and software.
It integrates several fields of electrical engineering, electronics engineering and computer science.
Computer engi ...
. Anderson worked in the
avionics
Avionics (a portmanteau of ''aviation'' and ''electronics'') are the Electronics, electronic systems used on aircraft. Avionic systems include communications, Air navigation, navigation, the display and management of multiple systems, and the ...
and banking industry before moving back to the
University of Cambridge
The University of Cambridge is a Public university, public collegiate university, collegiate research university in Cambridge, England. Founded in 1209, the University of Cambridge is the List of oldest universities in continuous operation, wo ...
in 1992, to work on his doctorate under the supervision of
Roger Needham and start his career as an academic researcher.
[Curriculum Vitae – Ross Anderson](_blank)
May 2007 He received his PhD in 1995.
Research and career
Anderson was appointed a
lecturer
Lecturer is an academic rank within many universities, though the meaning of the term varies somewhat from country to country. It generally denotes an academic expert who is hired to teach on a full- or part-time basis. They may also conduct re ...
at Cambridge in 1995.
In addition to teaching at the University of Cambridge, he also taught at the
University of Edinburgh
The University of Edinburgh (, ; abbreviated as ''Edin.'' in Post-nominal letters, post-nominals) is a Public university, public research university based in Edinburgh, Scotland. Founded by the City of Edinburgh Council, town council under th ...
.
[
Anderson's research interests]dependability
In systems engineering, dependability is a measure of a system's availability, reliability, maintainability, and in some cases, other characteristics such as durability, safety and security. In real-time computing, dependability is the ability to ...
and technology policy
There are several approaches to defining the substance and scope of technology policy.
According to the American scientist and policy advisor Lewis M. Branscomb, technology policy concerns the "public means for nurturing those capabilities and op ...
.cryptography
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, he designed with Eli Biham
Eli Biham () is an Israeli cryptographer and cryptanalyst who is a professor at the Technion - Israel Institute of Technology Computer Science department. From 2008 to 2013, Biham was the dean of the Technion Computer Science department, afte ...
the BEAR
Bears are carnivoran mammals of the family (biology), family Ursidae (). They are classified as caniforms, or doglike carnivorans. Although only eight species of bears are extant, they are widespread, appearing in a wide variety of habitats ...
, LION
The lion (''Panthera leo'') is a large Felidae, cat of the genus ''Panthera'', native to Sub-Saharan Africa and India. It has a muscular, broad-chested body (biology), body; a short, rounded head; round ears; and a dark, hairy tuft at the ...
and Tiger
The tiger (''Panthera tigris'') is a large Felidae, cat and a member of the genus ''Panthera'' native to Asia. It has a powerful, muscular body with a large head and paws, a long tail and orange fur with black, mostly vertical stripes. It is ...
cryptographic
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...
primitives, and co-wrote with Biham and Lars Knudsen
Lars Ramkilde Knudsen (born 21 February 1962) is a Denmark, Danish researcher in cryptography, particularly interested in the design and cryptanalysis, analysis of block ciphers, cryptographic hash function, hash functions and message authentic ...
the block cipher
In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...
Serpent, one of the finalists in the Advanced Encryption Standard (AES) competition. He also discovered weaknesses in the FISH
A fish (: fish or fishes) is an aquatic animal, aquatic, Anamniotes, anamniotic, gill-bearing vertebrate animal with swimming fish fin, fins and craniate, a hard skull, but lacking limb (anatomy), limbs with digit (anatomy), digits. Fish can ...
cipher and designed the stream cipher Pike.
Anderson always campaigned for computer security to be studied in a wider social context. Many of his writings emphasised the human, social, and political dimension of security. On online voting, for example, he wrote "When you move from voting in person to voting at home (whether by post, by phone or over the Internet) it vastly expands the scope for vote buying and coercion",think tank
A think tank, or public policy institute, is a research institute that performs research and advocacy concerning topics such as social policy, political strategy, economics, military, technology, and culture. Most think tanks are non-governme ...
and lobbying
Lobbying is a form of advocacy, which lawfully attempts to directly influence legislators or government officials, such as regulatory agency, regulatory agencies or judiciary. Lobbying involves direct, face-to-face contact and is carried out by va ...
group on information-technology policy.
Anderson was also a founder of the UK-Crypto mailing list and the economics of security
The economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics. Economics of se ...
research domain.
Anderson was well known among Cambridge academics as an outspoken defender of academic freedoms, intellectual property and other matters of university politics. He was engaged in the "Campaign for Cambridge Freedoms" and had been an elected member of Cambridge University Council since 2002. In January 2004, the student newspaper '' Varsity'' declared Anderson to be Cambridge University's "most powerful person".
In 2002, he became an outspoken critic of trusted computing
Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trust ...
proposals, in particular Microsoft
Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
's Palladium
Palladium is a chemical element; it has symbol Pd and atomic number 46. It is a rare and lustrous silvery-white metal discovered in 1802 by the English chemist William Hyde Wollaston. He named it after the asteroid Pallas (formally 2 Pallas), ...
operating system vision.
Anderson's TCPA FAQ has been characterised by IBM TC researcher David R. Safford as "full of technical errors" and of "presenting speculation as fact."
For years Anderson argued that by their nature large database
In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and a ...
s will never be free of abuse by breaches of security. He said that if a large system is designed for ease of access it becomes insecure; if made watertight it becomes impossible to use. This is sometimes known as ''Anderson's Rule''.
Anderson was the author of several editions of ''Security Engineering'', which was initially published by Wiley in 2001.[ He was the founder and editor of ''Computer and Communications Security Reviews''.]Edward Snowden
Edward Joseph Snowden (born June 21, 1983) is a former National Security Agency (NSA) intelligence contractor and whistleblower who leaked classified documents revealing the existence of global surveillance programs.
Born in 1983 in Elizabeth ...
beginning in June 2013, Anderson suggested one way to begin stamping out the British state's unaccountable involvement in this NSA spying scandal was to entirely end the domestic secret services. Anderson: "Were I a legislator, I would simply abolish MI5
MI5 ( Military Intelligence, Section 5), officially the Security Service, is the United Kingdom's domestic counter-intelligence and security agency and is part of its intelligence machinery alongside the Secret Intelligence Service (MI6), Gov ...
". Anderson noted the only way this kind of systemic data collection was made possible was through the business model
A business model describes how a Company, business organization creates, delivers, and captures value creation, value,''Business Model Generation'', Alexander Osterwalder, Yves Pigneur, Alan Smith, and 470 practitioners from 45 countries, self-pub ...
s of private industry. The value of information-driven Web companies such as Facebook and Google
Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
is built around their ability to gather vast tracts of data. It was something the intelligence agencies would have struggled with alone.
Anderson was a critic of smart meter
A smart meter is an electronic device that records information—such as consumption of electric energy, voltage levels, current, and power factor—and communicates the information to the consumer and electricity suppliers. Advanced meterin ...
s, writing that there are various privacy and energy security concerns.
Awards and honours
Anderson was elected a Fellow of the Royal Society (FRS) in 2009. His nomination reads:
Anderson was also elected a Fellow of the Royal Academy of Engineering
Fellowship of the Royal Academy of Engineering (FREng) is an award and Scholarship, fellowship for engineers who are recognised by the Royal Academy of Engineering as being the best and brightest engineers, inventors and technologists in United K ...
(FREng) in 2009.Fellow
A fellow is a title and form of address for distinguished, learned, or skilled individuals in academia, medicine, research, and industry. The exact meaning of the term differs in each field. In learned society, learned or professional society, p ...
of Churchill College, Cambridge
Churchill College is a Colleges of the University of Cambridge, constituent college of the University of Cambridge in Cambridge, England. It has a primary focus on science, engineering and technology, but retains a strong interest in the arts ...
[ Anderson was elected to the Royal Society of Edinburgh in 2023.
]
Personal life and death
Anderson met his wife, Shireen, while he was working in Johannesburg and they were married in Cambridge in 1992. Shireen Anderson is the coordinator of the Christina Kelly Association, of Churchill College, Cambridge.
Security Engineering
By agreement with the publishe
the third edition of Ross Anderson's book Security Engineering was made available for download at the Cambridge University archive in November 2024
References
{{DEFAULTSORT:Anderson, Ross J.
1956 births
2024 deaths
Alumni of Trinity College, Cambridge
British technology writers
Computer security academics
Copyright scholars
Fellows of Churchill College, Cambridge
Fellows of the Institute of Physics
Fellows of the Royal Academy of Engineering
Fellows of the Royal Society of Edinburgh
Fellows of the Royal Society
Members of the University of Cambridge Computer Laboratory
Modern cryptographers
People from Sandy, Bedfordshire