Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

How to Save the Internet

Imagine labels on software like those on cigarettes - Infosecurity General's Warning: The use of software and hardware that is not certified secure can harm your system and other people's systems, and you may be held liable for those damages.
Page:

Computing on the Net is heading for a fall because security is a joke. So we summoned the best minds to see if we could put Humpty back together again.

Professor Hannu H Kari of the Helsinki University of Technology is a smart guy, but most people thought he was just being provocative when he predicted, back in 2001, that the Internet would shut down by 2006. "The reason for this will be that proper users' dissatisfaction will have reached such heights by then that some other system will be needed," Kari said, "unless the Internet is improved and made reliable."

Late last year, Kari bolstered his prophecy with statistics. Extrapolating from the growth rates of viruses, worms, spam, phishing and spyware, he concluded that these, combined with "bad people who want to create chaos", would cause the Internet to "collapse!" - and he stuck to 2006 as the likely time.

Kari holds dozens of patents. He helped invent the technology that enables mobile phones to receive data. He's a former head of Mensa Finland. Still, many observers pegged him as an irresponsible doomsayer and, seeing as how he consults for security vendors, a mercenary one at that.

And yet, in the past year, we've witnessed the most disturbingly effective and destructive worm yet, Witty, that not only carried a destructive payload but also proved nearly 100 percent effective at attacking the machines it targeted. Paul Stich, CEO of managed security provider Counterpane, reports that attempted attacks on his company's customers multiplied from 70,000 in 2003 to 400,000 in 2004, an increase of over 400 percent. Ed Amoroso, CISO of AT&T, says that among the 2.8 million e-mails sent to his company every day, 2.1 million, or 75 percent, are junk. The increasing clutter of online junk is driving people off the Internet. In a survey by the Pew Internet and American Life Project, 29 percent of respondents reported reducing their use of e-mail because of spam, and more than three-quarters, 77 percent, labelled the act of being online "unpleasant and annoying". Indeed, in December 2003, the Anti-Phishing Working Group reported that more than 90 unique phishing e-mails released in just two months. Less than a year later, in November 2004, there were 8459 unique phishing e-mails linking to 1518 sites.

Kari may have overstepped by naming a specific date for the Internet's demise, but fundamentally, he's right. The trend is clear.

"Look, this is war," says Allan Paller, director of research for The SANS Institute. "Most of all, we need will. You lose a war when you lose will."

So far, the information security complex - vendors, researchers, developers, users, consultants, the government, you - have demonstrated remarkably little will to wage this war. Instead, we fight fires, pointing hoses at uncontrolled blazes, sometimes inventing new hoses, but never really dousing the flames and never seeking out the fire's source in order to extinguish it.

That's why we concocted this exercise, trolling the infosecurity community to find Big Ideas on how to fix, or begin to fix, this problem.

Our rules were simple: Suggest any Big Idea that you believe could, in a profound way, improve information security. We asked people to think outside the firewall. Some ideas are presented here as submitted; others we elaborated upon. Those who suggested technological tweaks or proposed generic truths ("educate users") were quickly dismissed.

What was left was an impressive, broad and, sometimes, even fun list of Big Ideas to fix information security. Let's hope some take shape before 2006.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ACT, AT&T, AT&T, Bill, Counterpane, Creative, Department of Defence, Good Guys, Helsinki University of Technology, HIS Limited, Internet2, Interpol, ISO, Manhattan, Meta Group, Microsoft, Motorola, National Research, National Security Agency, NSA, Office of Management and Budget, Oracle, Pew Internet, SANS Institute, Securities and Exchange Commission, Sophos, The SANS Institute

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • 2-Layer BPM: Oracle's Unique Strategy Towards Exceptional Agility and Business Process Efficiencies
    Today, a new approach to BPM — the use of BPM and SOA together in a layering strategy — offers built-in smartness and high configurability. This dynamic approach to business process management is based on context and content. It offers agility throughout an organization, and it can dramatically increase productivity and time-to-market.
    Learn more »
  • NAND Flash Solid State Storage for the Enterprise
    NAND Flash-based solid state storage (SSS) solutions, as they exist today, offer unparalleled performance combined with a level of data integrity and availability for mission-critical data that matches and potentially exceeds storage solutions based on mechanical, magnetic drives. Long associated with consumer electronics, NAND Flash has become a viable storage medium for commercial and governmental information systems, often referred to collectively as enterprise applications.
    Learn more »
  • Case Study: Understand How Edith Cowan University has Regained Control of their Storage Environment
    Storage infrastructures continue to grow at alarming rates - up to 60% or more, annually. Like many organisations, Edith Cowan University was facing such rapid data growth, with its storage system capacity projected to double each year. Using IBM Tivoli storage solutions, the university has been able to reduce the number of physical disks required and make better use of their existing storage capacity, helping them to make more efficient use of the space in their data centre and reduce their spend on power and cooling. They now make space-efficient snapshots for failover and are able to recover systems in hours instead of days.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.

HP and IDG news, product videos and resources