X

A New Deal for Internet security

VeriSign's Ken Silva says the U.S. government needs to wake up to the damage caused by its neglect of the nation's vital information infrastructure.

3 min read
In 1932, Franklin Delano Roosevelt, newly elected president, pledged to create a "new deal for the American people." Designed to help the United States out of its worst economic depression, the New Deal was an opportunity to rebuild the American infrastructure. An unprecedented amount of legislation was passed establishing agencies to rebuild America's highways, dams and bridges--the vast majority of which are still used and depended on every day. That investment in physical infrastructure was our greatest ever, and it's now time for a similar investment in the Internet's infrastructure--both in shoring up actual underpinnings and in teaching people how to be more cyberaware.

Astoundingly, even two years now after the Sept. 11 terrorist attacks, America has still failed to secure our vital information infrastructure. Yet we've all seen the mass disruption caused by the recent Sobig, Nachi and MSBlast worms. Even though these worms were considered "unsuccessful" because they did not destroy data, they cost American businesses over $3.5 billion in August alone--a cost our economy cannot sustain. The Internet is attacked virtually every minute of every day, and many of us still take this amazing system for granted.

Estimates put the deployment of baseline security across all North American users at $450 billion, roughly equivalent to the annual value of the "information economy." Federal Reserve Chairman Alan Greenspan and others rightly attribute our enormous productivity gains in the past decade to the explosion of information technology in our economy. But with these gains comes the price of security. While this massive networkwide investment will require many groups coming together in concert, clearly we can no longer underestimate the impact of these attacks and write them off as nuisances.

Nor should we place blame on vendors in the larger Internet community. Without a doubt every operating system, Web browser and e-mail client application used today could have benefited from additional security features embedded in it before it was released. But finger-pointing and the blame game will get us nowhere, especially when should be busy installing the patch management options available from vendors to fix these security gaps.

There are no magic solutions or silver bullets that will shore up cybersecurity
in a day.
And let's not forget that worms and viruses don't launch themselves. Our adversaries prey not only on the weaknesses of software and operating systems, but on the predictability of human beings. Even now, despite all the press, Sobig continues to get relaunched by unwitting individuals every day--all the more reason we need to continue educating people about how to use the Internet responsibly.

The Internet is a communal network--it benefits everyone, and everyone has a responsibility to protect it:

• For home users, that means changing passwords often, using antivirus software and turning off DSL and cable modems when not in use.

• For government agencies, that means demonstrating full compliance with patches and serving as a role model for good security practices.

• For vendors, it means making security a foremost thought when designing products.

• And for critical infrastructure providers, it means taking that obligation very seriously and investing substantial amounts in hardware, engineers, and research and development to stay at the forefront of cybersecurity.

There are no magic solutions or silver bullets that will shore up cybersecurity in a day. But there are steps that, taken over time, will improve the overall health, security and viability of the Internet.

Recent steps by the government are encouraging. Congress has begun to investigate the issue, and the Bush administration is expected very soon to nominate a cybersecurity chief, who hopefully will begin executing on the recommendations outlined in the National Strategy to Secure Cyberspace released earlier this year. More government leadership, infrastructure investments, greater action from industry and increased cyberawareness among Americans will go a long way toward improving the resilience of the network to attacks.

Organized crime, terrorists and bored teenagers have taken advantage of the weaknesses in our cyberinfrastructure for long enough. These adversaries understand our growing dependence on the Internet and are exploiting these vulnerabilities to harm America. If we don't strengthen our cyberinfrastructure and increase our level of cyberawareness, it will only get worse.

History has proven that investing in our infrastructure is money well spent. With America's national security and economic viability at stake, it's time to up the ante and begin investing in the Internet's infrastructure.