BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific

BBC News World Edition
 You are in: Technology  
News Front Page
Middle East
South Asia
Talking Point
Country Profiles
In Depth
BBC Sport
BBC Weather
Friday, 20 September, 2002, 08:19 GMT 09:19 UK
The cost of defending cyber-space
Bill Thompson
It is possible to increase security on the internet but we have to be willing to pay for it, argues technology consultant Bill Thompson.

Concern about the potential use of the internet by terrorist groups or hostile nations has been growing for some time.

Frightening reports about the ways that a group of dedicated hackers could disrupt emergency services, scramble air traffic control or shut down power supplies appear from time to time in the more credulous newspapers.

Even if we disregard the ill-considered speculation of technically illiterate journalists fed stories by security companies, there is still a lot to worry about.

Many of us rely on the internet at work and a growing number of vital services are available online, from banking to health records.

As a result, governments around the world are thinking seriously about how to make the net more robust.

Now the US Government has published a report into internet security, along with a set of recommendations for action.

Sensible ideas

The plan was drawn up by Richard Clarke, who used to be with the US National Security Council.

Richard Clarke, head of the White House Office of Cyber-defenses
Clarke: Wants to tighten net security
He was appointed head of the White House Office of Cyber-defenses last October as part of the Homeland Security group set up after the attacks on New York and Washington.

The proposals are largely sensible and roughly what you would expect of any competent technical analysis of the problems with today's net.

For example, the same sorts of poor security that make it so easy for spammers to forge the return address in their e-mails or hide the point at which they connect to the network can be exploited by those whose goals are more political than commercial. If they could be blocked off then everyone would benefit.

Similarly, the dire state of the domain name system (DNS), the service which translates computer names (like into the numerical addresses used by internet software, is held up to the light at last.

Many of the companies registering domains simply do not make enough effort to ensure that contact details are accurate or that their servers cannot be compromised.

If someone can steal a DNS entry then they can, for example, make sure that anyone who tries to go to a bank site really gets sent to their fake - and password-stealing - site instead.

Expensive business

The current moves toward trusted computer systems are also seen as a good idea, although the point that we would not be in such a mess by now if Microsoft had not spent years ignoring the security problems of many of its products is strangely omitted.

Perhaps this is because Richard Clarke's co-author, vice-chairman Howard Schmidt, was once a senior executive at Microsoft and does not want to embarrass his former employer.

The result is likely to be a lot of hyped-up scare stories about threats to the US from terrorist hackers

Overall, the report is sensible, well-judged and useful. The biggest complaint I have about it is that most of the suggestions are just that.

The plan is voluntary, calling on software companies, router manufacturers and internet providers to improve their attitude to security.

But it skips over the fact that installing new hardware and configuring firewalls - programs that monitor network traffic and deter intruders - takes time and costs money.

Unfortunately the US Government seems unwilling to take action that would force companies to spend more on security, even when the chief beneficiaries are going to be those same companies.

The result is likely to be a lot of hyped-up scare stories about threats to the US from terrorist hackers - do not be surprised if they are all somehow funded by Iraq or took programming classes from Saddam Hussein himself - but no real change.

This will not actually do anything to help us stop those with the motivation and the skills from causing damage to the net.

National priority?

It would be unfortunate if the UK Government, where concern about the security and stability of the net is also increasing, took the same approach.

Cables from eyewire
Who will pay to upgrade the net?
Over here we are at least willing to accept that some things done by government cost money and just have to be paid for. We are even willing to entertain the possibility that taxes can be spent on providing for the common good, as in the health service and education.

Perhaps we should be deciding which aspects of internet security are so important that they should just be funded by the state, in the same way as we decided some time ago that doctors, teachers and fire officers were worth supporting from the public purse, and fund the improvement of our digital infrastructure as we fund the improvement of roads.

The alternative - making it a statutory obligation on ISPs to have secure networks - just passes the costs on to the network users, something which was perhaps reasonable when so few people used the net and so little depended on it, but is now a much less defensible point of view.

If everyone will have access by 2005 and all government services will be electronically accessible by the same date, then paying for net security would seem to be a reasonable thing to do.

Send us your comments:

Your E-mail Address:



Disclaimer: The BBC will put up as many of your comments as possible but we cannot guarantee that all e-mails will be published. The BBC reserves the right to edit comments that are published.

The Bill Thompson column is courtesy of BBC WebWise, part of BBC Education's ongoing campaign to teach people about the internet and how to use it. Bill is a regular commentator on the BBC World Service programme Go Digital
Bill Thompson guides you through the world of technology

See also:

19 Sep 02 | Business
10 Oct 01 | Americas
18 Sep 02 | Technology
01 Mar 02 | Business
11 Oct 01 | Science/Nature
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Technology stories are at the foot of the page.

E-mail this story to a friend

Links to more Technology stories

© BBC ^^ Back to top

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East |
South Asia | UK | Business | Entertainment | Science/Nature |
Technology | Health | Talking Point | Country Profiles | In Depth |