BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Wednesday, 17 October, 2001, 10:57 GMT 11:57 UK
US plan for secure internet 'flawed'
Computer BBC
Cyber attacks are expected to double this year
Kevin Anderson

Security experts have warned that the secure computer network planned by the US Government could be undermined by careless users.

The Bush administration, newly focused on security since the 11 September attacks, wants to create a network, called Govnet, to provide protected data and voice communications.

Richard Clarke, recently named special advisor to the president for cyberspace security, is behind the new initiative and believes it to be vital to future, critical, government operations.

But security experts say that the role of the new network needs to be clarified and that it could still be at risk, even if it were segregated from the public internet.

Cyber safety zone

The network would use the same technology that powers the internet, but the proposal for Govnet says: "There will be no interconnections or gateways to the internet or other public or private networks."

The proposal for Govnet also calls for:

  • all information on the network to be encrypted;
  • the network to be immune from cyber-strikes from external networks, such as denial of service attacks;
  • it to be impossible to spread malicious code, such as computer viruses, over Govnet from external networks.
Mr Clarke has long spoken of the vulnerability of the US to a cyber-attack, especially considering the country's reliance on computer networks.

Last week, in accepting his new position, he said: "Our economy, our national defence, increasingly our very way of life depends upon the operation - secure and safe operation - of critical infrastructures that in turn depend on cyberspace."

Although his new appointment is part of the larger homeland security initiative created following the attacks, the planning for Govnet began months ago and the idea of a separate secure network for critical government communications is something Mr Clarke has advocated in the past.

Last year, speaking at a Microsoft conference on network security, he said: "What I envision is a secure critical infrastructure zone within cyberspace."

Attacks increasing

The problem of cyber attacks is increasing. The Computer Emergency Response Team Coordination Centre said that it had counted nearly 35,000 attacks and probes in the first nine months of the year.

At the current rate, the number of attacks could top 46,000, more than double the 22,000 incidents last year. This includes reports from companies or organisations that are victims of computer intrusions, worms, viruses or other attacks.

By separating Govnet from external networks, it would dramatically minimise the risk of an attack, said Mark Rasch, vice president of cyberlaw with security firm Predictive Systems.

But more importantly, Mr Rasch asked: "Why do we need this?

"Is it intended to be a classified network or separate internet? Or is it more like a secure network, which is less vulnerable to denial of service attacks and other disruptions?

"Or is Govnet intended as a backup system for crucial command and control if the internet goes down?"

Most likely it was a more secure, less vulnerable network, he said.

But if the government wanted a way to carry on government-to-government communication were the internet or public telephone network to go down, it might achieve the same goal for less money by segregating part of the internet, he said.

The weakest link

As security experts say, a network is only as secure as its weakest link, and often that is the computer users themselves.

The danger posed by careless employees was demonstrated in dramatic fashion when the former head of the CIA John Deutch was stripped of his security clearances after he left the agency for storing classified files on an insecure computer in his home.

Hands on a computer keyboard BBC
Often the weakest link is the computer user
Furthermore, it was found that someone had used the computer to access "high risk" sites on the internet.

It was not determined whether any classified information was released. However, his successor, current CIA director, George Tenet, admitted during a public hearing: "There was enormously sensitive material on this computer, at the highest levels of classification.

"He was sloppy in what he did," said Mr Tenet, adding: "Nevertheless, as director, I believe he should have known better."

The main challenge facing Govnet could be whether managers will be able to teach their employees to take the necessary security precautions to keep the network secure.

See also:

10 Oct 01 | Americas
US names cyber-terrorism czar
12 Sep 01 | Sci/Tech
US computer networks at risk
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories