|You are in: Technology|
Friday, 20 September, 2002, 08:19 GMT 09:19 UK
The cost of defending cyber-space
It is possible to increase security on the internet but we have to be willing to pay for it, argues technology consultant Bill Thompson.
Concern about the potential use of the internet by terrorist groups or hostile nations has been growing for some time.
Frightening reports about the ways that a group of dedicated hackers could disrupt emergency services, scramble air traffic control or shut down power supplies appear from time to time in the more credulous newspapers.
Even if we disregard the ill-considered speculation of technically illiterate journalists fed stories by security companies, there is still a lot to worry about.
Many of us rely on the internet at work and a growing number of vital services are available online, from banking to health records.
As a result, governments around the world are thinking seriously about how to make the net more robust.
Now the US Government has published a report into internet security, along with a set of recommendations for action.
The plan was drawn up by Richard Clarke, who used to be with the US National Security Council.
The proposals are largely sensible and roughly what you would expect of any competent technical analysis of the problems with today's net.
For example, the same sorts of poor security that make it so easy for spammers to forge the return address in their e-mails or hide the point at which they connect to the network can be exploited by those whose goals are more political than commercial. If they could be blocked off then everyone would benefit.
Similarly, the dire state of the domain name system (DNS), the service which translates computer names (like www.bbc.co.uk) into the numerical addresses used by internet software, is held up to the light at last.
Many of the companies registering domains simply do not make enough effort to ensure that contact details are accurate or that their servers cannot be compromised.
If someone can steal a DNS entry then they can, for example, make sure that anyone who tries to go to a bank site really gets sent to their fake - and password-stealing - site instead.
The current moves toward trusted computer systems are also seen as a good idea, although the point that we would not be in such a mess by now if Microsoft had not spent years ignoring the security problems of many of its products is strangely omitted.
Perhaps this is because Richard Clarke's co-author, vice-chairman Howard Schmidt, was once a senior executive at Microsoft and does not want to embarrass his former employer.
The plan is voluntary, calling on software companies, router manufacturers and internet providers to improve their attitude to security.
But it skips over the fact that installing new hardware and configuring firewalls - programs that monitor network traffic and deter intruders - takes time and costs money.
Unfortunately the US Government seems unwilling to take action that would force companies to spend more on security, even when the chief beneficiaries are going to be those same companies.
The result is likely to be a lot of hyped-up scare stories about threats to the US from terrorist hackers - do not be surprised if they are all somehow funded by Iraq or took programming classes from Saddam Hussein himself - but no real change.
This will not actually do anything to help us stop those with the motivation and the skills from causing damage to the net.
It would be unfortunate if the UK Government, where concern about the security and stability of the net is also increasing, took the same approach.
Perhaps we should be deciding which aspects of internet security are so important that they should just be funded by the state, in the same way as we decided some time ago that doctors, teachers and fire officers were worth supporting from the public purse, and fund the improvement of our digital infrastructure as we fund the improvement of roads.
The alternative - making it a statutory obligation on ISPs to have secure networks - just passes the costs on to the network users, something which was perhaps reasonable when so few people used the net and so little depended on it, but is now a much less defensible point of view.
If everyone will have access by 2005 and all government services will be electronically accessible by the same date, then paying for net security would seem to be a reasonable thing to do.
Disclaimer: The BBC will put up as many of your comments as possible but we cannot guarantee that all e-mails will be published. The BBC reserves the right to edit comments that are published.
19 Sep 02 | Business
10 Oct 01 | Americas
18 Sep 02 | Technology
01 Mar 02 | Business
11 Oct 01 | Science/Nature
The BBC is not responsible for the content of external internet sites
Top Technology stories now:
Links to more Technology stories are at the foot of the page.
|E-mail this story to a friend|
Links to more Technology stories
To BBC Sport>> | To BBC Weather>> | To BBC World Service>>
© MMIII | News Sources | Privacy