Technology executives involved in the Global Internet Project (GIP) met in Northern Virginia for a two-day forum this week to discuss answers to some of the questions surrounding the future reliability, privacy and security of the Internet.
The GIP is an international group of executives representing the telecommunications, software, hardware and financial services sectors who are committed to fostering continued growth of the Internet. The forum was the second in a series of GIP-sponsored high-level meetings focused on the security, reliability and privacy of the Next Generation Internet. The first forum was held in November last year in Berlin. U.S. government officials, including Richard Clarke, U.S. national coordinator for security, infrastructure protection and counterterrorism at the National Security Council, participated in the meeting in Herndon, Virginia, which concluded late Tuesday.
A few of the executives expressed concern that the growing reliance on the Internet in the U.S. to speed the communications necessary to carry out more and more tasks -- particularly in the areas of finance, transportation and law enforcement -- made the country vulnerable to an "electronic Pearl Harbor."
In a keynote address, Clarke told the executives that U.S. President George W. Bush wants private industry participation in the drafting of a new national plan on critical infrastructure.
"We need your help to think about not how to secure the current system, but how to secure the next generation of the network," Clarke said. "We are increasingly putting things into the IP (Internet protocol) cloud upon which the national economy depends and upon which our national security depends."
The Bush administration opposes the passage of regulations to ensure the security of the Internet, he said. Instead it aims to prove that partnerships between the government and industry can succeed in securing cyberspace.
He listed five questions that industry leaders must contemplate in order to continue the dialogue with the government. Among the questions Clarke posed were whether the Internet should continue to be shared by everyone, from large government entities such as the Federal Aviation Administration to people who want to program their microwave ovens from the road.
"In this era of fiber optic glut, do we want to talk about taking functions out?" he asked.
Clarke also said industry should consider the level of responsibility of ISPs (Internet service providers) to prevent the transmission of denial of service and smart virus attacks. He also said industry should ask itself who will be responsible for making sure that the old vulnerabilities affecting the Internet now do not migrate to the new infrastructure.
Another U.S. government official, Martha Stansell-Gamm, chief of the computer crime and intellectual property section of the U.S. Department of Justice, suggested greater cooperation between companies and government agencies to share information about attacks and vulnerabilities.
Government and industry have a tendency to act like 5-year-olds playing soccer whenever they are dealing with Internet security issues, Stansell-Gamm said.
"Wherever the ball goes, we're all over it," she said. It would be better if the parties involved "played positions," realizing there are other people involved, sometimes doing similar things and sometimes in different disciplines.
"We should know where the other guys are on the field, and be ready when the ball comes to you, then pass at the appropriate time," she said.
Industry and government should take a hard look at what information sharing needs to look like, Stansell-Gamm said. For example, law enforcement officials sometimes inform victims of a cyber attack not to talk with anyone about the incident. This often is a bad security decision because it means the victim can't warn other companies that might be vulnerable to the same kind of attack.
Vinton Cerf, senior vice president of WorldCom Inc., whose company helped sponsor the forum, concluded the day's discussion by saying that he believes the reliability of the Internet should be the focus. That's not to say that security isn't important, he said, but reliability would be easier to measure than something like privacy.
Among the other possible action items noted by Cerf was the need to simplify the Internet architecture, possibly by moving to IP version 6 (IPv6); the use of strong authentication to secure the domain name system; increase redundancy in the system by adding equipment and circuits; the tightening of configuration management; and the need to avoid homogeneity of software across different enterprises.