Securing the future
- 18 June, 2002 09:15
Security has become a game of wits where the good guys try to react to the latest move by the bad guys to break into something. Now that billions of dollars and lives are at stake, the time has come to put aside childish things in favor of building a more robust IT infrastructure that can not be hacked by teenagers or terrorists. In an interview with InfoWorld Editor in Chief Michael Vizard, Hewlett-Packard Co.'s Rich DeMillo, vice president of technology strategy, and Stephen Squires, vice president and chief science officer, argue that the tools are at hand to secure systems once and for all -- if everyone makes the same commitment to solving the problem.
Q: Why is everything in IT so inherently insecure?RD: What we have is a series of technologies that are connected together in a more or less ad hoc fashion. In the old operating-system security days we used to talk about steel doors and paper walls. Now the house with paper walls is much, much bigger -- there are many more doors. So you have lots of special concerns dealing with their own security problems and there are lots of ways around what everybody is doing by himself. It is really patch and fill. The difference today is that the number of hosts is still growing exponentially. The number of packets is still growing exponentially. All of this is at the critical-need junction on the exponential curve. It's hitting people, it's hitting consumers, and it's hitting businesses in ways that were invisible 10 or 15 years ago.
Q: How do we get past a model where major companies are essentially held hostage by the activities of teenagers?SS: The fundamental techniques to make a modern Internet as strong as you like, within reason, have been known for some time. The real issue is that after many years of essentially prototype development, suddenly something happened and people found the stuff really worked. This lead to massive, explosive growth in a very short period of time and not enough time for all of the deep results about security to be applied. What we have today is a wonderful first prototype of the global information infrastructure. We have learned so much about the challenges of having a highly secure system and we know many techniques to do it, and transistors are cheaper than ever before, so there are ways to create new system architectures.
Q: How should people approach building those architectures?RD: Patch-and-fill approaches have got to be set aside. They're never going to work. You'd go crazy trying to figure out what the next 12-year-old kid is going to do. You have to start thinking about this in an architectural way. You've got to start with base infrastructure and build up a set of protections from base infrastructure. You've got to have a place to put keys on PCs, so you have to have some standard like the TCPA (Trusted Computer Platform Alliance) to do trusted key storage, to do basic operations. You've got to have architectures, like the one we're pushing at HP with Itanium, that use the four levels of protection to build up a set of protections that don't allow you a hardware back door. ... You start building up these chains of trust and then every layer that you add on top of that authenticates itself to the layer below. Those are very tight security models, and they don't require you to have ad hoc understanding of a particular threat or vulnerability.
Q: What's wrong with the way people think about security today?RD:: People tend to think of security as a feature and so it gets mixed up with cost-benefit discussions that don't really have anything to do with security. It's never been a good model for security. There are things that you simply won't undertake unless you have what I call "table stakes" where you have a required level of security.
Q: Is now is the time for fundamental change given the general business climate and international security threats?SS: It has to shift in a fundamental way. It has to go from a reactive mode to a proactive mode. Systems today fundamentally come up with ways to detect, and once you detect a problem, come up with a way to diagnose and repair. We need to get to ... [what it takes] to make the system fundamentally strong. Given the continued expected growth of the Net, we're not going to have enough people ... on the planet to be security wizards. The reinvention process needs to begin, and it's enabled by having high-grade architectures like Itanium.
Q: What does Itanium bring to the table?RM: The arithmetic on Itanium is really tuned to cryptographic calculation. SSLs [Secure Sockets Layers], for example, just run screamingly fast on Itanium. Forget about accelerators, forget about using parallel processing, especially parallel processing to do SSL acceleration. Just use the native math libraries in Itanium, and you get many multiples speed improvement on SSLs.
Q: How will the adoption of Itanium change the economics of security?SS: Today security is mostly handcrafted by wizards. One thing you learn in technology is that at some point, the wizards get tired of doing the handcrafting and decide to go up to the next level. ... Let's try to create the next level of technology, which enables us to do what we understand can be done in a much more automated and architectural way. That's the transition I think we have to go through.
Q: How important is IPv6 going to be to get us to that next level?RD: It is a necessary condition. If you try to do high-grade security without it, it becomes much too hard and much too limiting. At the very root of this is something we'll call Secured DNS, running on high-grade commercial secure servers, so the binding of names to addresses has a high-level assurance of correctness associated with it. Then you can imagine using that to build up a chain of trust all the way out to digitally signed packages of software and digitally signed certificates, all the way to end-users, which have devices which would, say in time of crisis, be used as end-user access points for first responders.
Q: Where does wireless fit in the grand scheme of security?RD: I think all the publicity about weaknesses in 802.11, for example, have made companies like us step back and say "We're going to architect the introduction of the wireless LAN in our enterprise so that it comes into existence with a table stakes that guarantees a certain amount of what's associated with it."
Q: What can the average CTO do to help?SS: The best thing they can do is work with the leaders in the IT community to start advanced pilot projects to discover how well this stuff works, understand what has to be improved, and then get into some progressive and increasing rapid deployments to improve the quality of the systems.