Page last updated at 08:17 GMT, Tuesday, 31 March 2009 09:17 UK

The Tech Lab: Ken Silva

Car engine, AFP/Getty
The engine of the internet could come to halt unless security is sorted out

Ken Silva, chief technology officer at Verisign, warns about the dangers that threaten the open internet.

Ask internet users what they want from their service and 99 times out of 100 the answer will be the same: more - more speed, more bandwidth and more flexibility of use.

Nobody knows this better than internet infrastructure providers, who for years have devoted the vast majority of their development budgets to meeting consumer demands for faster, more flexible networks. Security has often been an afterthought.

For the most part, this market-driven approach has been a boon to the internet and its users, but recent events have begun to illustrate the dangers of this single-minded focus.

The openness and interconnectedness that are the internet's hallmarks ensure that there will always be vulnerabilities for attackers to exploit.
In the past couple of years, two serious incidents have sent ripples throughout the global internet, causing real damage and painting a troubling picture of vulnerabilities that could someday bring this vital engine of commerce and communication to a grinding halt, imperilling billions of dollars in commerce and worse, as the internet becomes an ever more critical component of our daily lives.

The simple truth is that our global investment in the security and stability of the internet has not kept pace with our relentless pursuit of greater speed and flexibility. If we don't correct this growing imbalance, and soon, we face the possibility of a global online incident, the impact of which could be felt for years to come.

In April 2007, a spat between Estonia and Russia over a Soviet-era war memorial erupted into what has been described as the first modern "cyber war" as Russian-based attackers effectively took the entire nation of Estonia offline for a period of weeks.

In February 2008, the Pakistani government, responding to an anti-Islamic video clip appearing on YouTube, unintentionally set in motion a series of events that prevented most of the world's internet users from visiting the site - one of the internet's most popular - for a period of hours.

Perhaps the most remarkable thing about both of these incidents is how unremarkable they were - at least from a technical standpoint.

Ken Silva, Verisign
Silva: More can be done to secure the open internet

Although remarkably well coordinated, the Estonian attack was not the largest ever recorded, nor was it particularly novel in its methods. More than anything, the incident demonstrates just how damaging even a "typical" attack can be when timed properly to strike vulnerable targets.

As is the case in the hundreds of similar attacks that take place each day, the perpetrators harnessed the power of corrupted personal computers to swamp their targets in a sea of bogus internet traffic, effectively cutting off whole neighborhoods of the Estonian internet from legitimate traffic.

Millions of these infected "zombie" computers exist. Used in concert, they can generate attacks that few systems on earth are capable of withstanding.

The Pakistan-YouTube incident was even more commonplace - the result of two seemingly benign errors and a quirk in an internet protocol designed at a time when most of the global network ran on trust and virtual handshakes.

The details of the incident are less important than the fact that the circumstances that allowed it to occur remain unchanged, as do scores of similar vulnerabilities endemic to the internet's open architecture.

The message is that these sorts of incidents can - and almost certainly will - happen again. And if history tells us anything, it's that the next time will be worse. More powerful computers hooked up to more robust internet connections translate into more severe and disruptive attacks.

Also, as we rely on the internet to a greater and greater extent, the likelihood that such an incident will cause real harm to our lives and livelihoods only increases.

Home computer, SPL
Many home computers are part of zombie networks
It would be wrong to suggest that this is entirely preventable. The openness and interconnectedness that are the internet's hallmarks ensure that there will always be vulnerabilities for attackers to exploit.

But we can do a much, much better job of securing the critical internet infrastructure on which we all rely.

Stability and security must become a higher priority for everyone involved in the development and stewardship of the global internet. Companies may not be able to monetise security in the same way that they monetise speed, but nobody in this space can afford to remain ignorant of the costs associated with getting it wrong.

The "choice" between speed and flexibility on one hand, and stability and security on the other is more a product of cost than anything else. The cost of providing secure, stable network infrastructure is equal to, and in some cases, greater than the cost of increasing network speeds.

The good news is that there isn't, for the most part, a fundamental technological tension between flexibility and stability on the internet. Indeed, one of the most critical components of stability - excess capacity - is also essential to providing greater speed and flexibility.

This challenge doesn't require technological breakthroughs or dramatic paradigm shifts. We know what needs to be done if we are to bring the security and stability of this global network up to par with its stunning speed and flexibility.

The choice is so simple that it isn't a choice at all: invest the time and resources necessary to safeguard the internet against known dangers, or face the sort of failure that could permanently change the face of the internet for the worse.

Print Sponsor

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific