More

Gerry Smith
Gerald.Smith@huffingtonpost.com Become a fan of this reporter
GET UPDATES FROM Gerry
 

Fixing The Internet May Mean Building A New One

Cybersecurity

First Posted: 07/15/11 10:49 AM ET Updated: 09/14/11 06:12 AM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

As hackers expose widespread cybersecurity lapses and heighten fears about defending critical infrastructure from attack, one proposed solution has started gaining traction: Rather than attempt to tighten security on the modern Internet, it suggests creating an entirely new one.

Earlier this month, former CIA Director Michael Hayden became the latest figure in Washington to call for a separate, secure Internet to shield vital systems like the power grid from cyber-attacks. The new commander of the military's cyberwar operations, Gen. Keith Alexander, has also endorsed the idea.

The proposal is an acknowledgement that very little can be done to protect a network connected to the World Wide Web -- a system originally designed for connectivity, not security -- from sophisticated hackers.

"It's an acceptance that the existing Internet is an inherently insecure platform," said Jeffrey Carr, founder of the security consulting firm Taia Global Inc. and author of the book "Inside Cyber Warfare." Computer networks tied to vital industries "can't afford that kind of exposure," he said.

Recently, federal officials acknowledged that a digital upgrade to the power grid, known as the "smart grid," could leave the nation's electricity supply more exposed to a cyber-attack. Meanwhile, a string of recent data breaches at corporations and government contractors by anonymous hackers has elevated concerns about gaps in the nation's high-tech armor.

"I think that's really raised attention as to how insecure everybody is, and how easy it is to retain anonymity and generate chaos and have very little chance of being caught," Carr said.

The new Internet, which could use the domain ".secure" instead of ".com," would enhance cybersecurity by running on a separate channel fenced off from the Web and thus invisible to outside hackers, proponents say. Eventually, private citizens who are concerned about their data being hacked could opt in to the more secure network, Carr said.

The proposal also contains some controversial provisions, however. For one, it would allow the government to monitor traffic for potential cyber-attacks. And it would require users to prove their identity, perhaps by fingerprint, before gaining access, eliminating a fundamental concept of the modern Internet -- anonymity.

But the growing concern for cybersecurity has some defending the idea of asking Internet users for their identity. Lack of anonymity could be a deterrent to hackers; if no one is anonymous, it would be easier for law enforcement to track suspects, Carr said.

Others argue that creating a system to identify Internet users would limit free speech, cost billions of dollars and not actually improve security. They say hackers would simply route their attacks through other user's computers.

"What such attempts would do is affect the average user's access to free speech, including those who use the Internet's anonymity to survive: dissidents in Iran, China, and elsewhere," cybersecurity expert Bruce Schneier wrote last year in an essay posted on Forbes.com.

The idea of a private Internet is not new. It hearkens back to a precursor of the modern Internet known as ARPANET, a government-financed network started in the late 1960s that linked universities and research labs.

But now that the Internet underpins nearly every facet of modern life, there is growing consensus that it is not cut out for today's cybersecurity needs.

"It was designed to interconnect supercomputer centers," said Joe Mambretti, director at the International Center for Advanced Internet Research at Northwestern University. "It wasn't meant to be all things to all people."

Proponents say the new Internet would resemble the type of protected communications used by the military and diplomats. But critics argue those networks are still vulnerable to insiders leaking sensitive information to the public.

As an example, they cite the case of Pfc. Bradley Manning, an Army military intelligence analyst who is charged with downloading diplomatic cables and intelligence reports from a military computer system and giving them to the whistle-blower website Wikileaks.

"That's a network of only 1 million users, and it still had a catastrophic security breach," said Chris Palmer, technology director at the Electronic Frontier Foundation.

For years, a wide range of industries have used versions of private Internet networks, from scientists working on particle accelerators to employees handling medical records. Recently, advertising and movie production companies have also started using them because they are faster and more secure, Mambretti said.

As Congress debates cybersecurity legislation, the role of protecting the power grid, transportation network and financial system from cyber-attacks has largely been assigned to the Department of Homeland Security.

But in an interview, Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus, said he planned to introduce legislation that would create a separate Internet domain for critical infrastructure. Langevin's colleague, Sen. Sheldon Whitehouse, (D-R.I.) chairman of the Judiciary Subcommittee on Crime and Terrorism, suggested that creating an entirely secure computer network could save lives.

In a speech last November on the Senate floor, Whitehouse compared a secure Internet to medieval times, when communities located infrastructure such as wells and granaries inside castle walls to protect them from raiders.

"Not everything needs the same level of protection in cyberspace, but we need to sort out what does need that kind of protection," Whitehouse said, adding, "We simply cannot leave that core infrastructure on which the life and death of Americans depends without better security."

FOLLOW HUFFPOST TECH

As hackers expose widespread cybersecurity lapses and heighten fears about defending critical infrastructure from attack, one proposed solution has started gaining traction: Rather than attempt to tig...
As hackers expose widespread cybersecurity lapses and heighten fears about defending critical infrastructure from attack, one proposed solution has started gaining traction: Rather than attempt to tig...
Related News On Huffington Post:
 

More in Technology...


 
 
  • Comments
  • 268
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
Page: 1 2 3 4 5  Next ›  Last »  (9 total)
photo
BusterCluster
20 Fans
 
05:26 PM on 07/21/2011
This is a bad Idea. secure means that the government is watching you real close. If you want to invisible on the Internet it's simple but companies want your information so they can sell you things. They want information about you.
Any network can be hacked. The ones that LulzSec and Anonymous hack are the easy ones- the lowest hanging fruit that have bad security in the first place.
Take a look at http://uscyberlabs.com/blog and you can see the free tools for Security work or Hacking. You make the choice. While on that site look at the Cyber Crew(z) that are needed to hack. If you want China Cyber Capabilities got to http://ChinaCyberWarfare.wordpress.com it documents the Chinese Cyber war.
Permalink  |
photo
timbeaux
Novelist, anti-professional politicians, liberal l
170 Fans
01:08 AM on 07/20/2011
It's the online version of the TSA. And it's being proposed under a president I once supported.
Permalink  |
NevaforLeadership
673 Fans
05:37 PM on 07/17/2011
Interesting.
Permalink  |
Genders
Love, Tolerance, Enlightenment
1911 Fans
05:26 PM on 07/17/2011
The prevailing research suggest that no even moderately complex system can be 100% secure.

We could do a lot better, but the powers that be won't like it. They like being able hack folks systems.

What we really need is a new distributed, no server, encryption of data, and routing information. Each user's computer would spend a certain amount of it's time routing data to the nearest other computer. You would not be able to identify the source, the final destination, nor the content flowing through your computer, unless it was meant for you. It would use wide spectrum spread spectrum, that is very hard to jam. It has been designed, and probably tested.

Now you can see why the powers that be would not want this.
Permalink  |
photo
HUFFPOST SUPER USER
NoboyukiMasaki
happy-happy, joy-joy
656 Fans
 
08:55 AM on 07/17/2011
This is the only reasonable option.

Our infrastructure should be inaccessible to hackers - period.

I don't believe they would tolerate the privatization of a Military-controlled domain.
Permalink  |
HUFFPOST SUPER USER
Jim Shaffer
50 yo US citizen, 25 year resident in Bilbao Spain
316 Fans
 
11:41 PM on 07/16/2011
They don't really care about security, what they're interested in is control. Never have those in power been more exposed, and they don't like it. If they want to build a secure infrastructures net, it would have to be seperate from the internet with controlled and limited access. Trying to make a public access network 'secure' is a fools errand I don't care new protocols or technologies they come up with.
Permalink  |
HUFFPOST SUPER USER
eaenkiufo
26 Fans
10:57 PM on 07/16/2011
lol they are trying so hard to get the last bit of control...They want so bad to control your every thought...
Permalink  |
photo
HUFFPOST SUPER USER
Thanks4Watching
Daily dose of cynicism
869 Fans
 
06:29 PM on 07/16/2011
This shows a fundamental misunderstanding of how cybersecurity works. All it takes is one infiltration of a worm, delivered via USB flash drive perhaps, and there goes the entire system's supposed security. There is no truly secure system. All this would do is waste billions of dollars of taxpayers' money until the next Bradley Manning appears and blows the lid off the entire network. And believe me, there will be one. Not everyone is a mindless pawn, incapable of free thought.
Permalink  |
photo
HUFFPOST COMMUNITY MODERATOR
MilesLong
Livin' the Dream
1641 Fans
03:27 PM on 07/16/2011
Interesting concept, but we all know who stands in the way of a secure Internet, it's the Telcos who carry the traffic.

For example, there's a foolproof way to eliminate spam, have every email host reverse authenticate the origin of the message, a protocol that has been stuck in limbo for years,

Besides, the only way such a network would begin is by the government to pay for it...well, you know how that's going to go. Republicans will only go for that if their corporate friends will make a fortune on it...

Miles "Hot Air, Blowing Smoke" Long
Permalink  |
photo
HUFFPOST SUPER USER
Valerio della Porta
Entrepreneur and Web Developer
158 Fans
10:24 AM on 07/16/2011
This is total nonsense.

Firstly you cannot build a "separate" network because you cannot prevent a computer to be connected to both. Even if not concurrently connected, a computer can be connected to the Internet, disconnect and then connect to the supposedly secure network. Now you have a vector for attack. Not to mention USB devices like the ones that spread the Stuxnet worm.

Secondly the Internet is being built every day, you don't need to build a new one. Hundreds of new lines and routers are added or upgraded every day. All what is needed to make it secure is to get rid of IPv4. This has been known since the 90s but Telco lobbying has prevented so far the full switch to IPv6. Make it a National Security issue and get it done!

Lastly I suspect that the people pushing this nonsense are just looking for billions of dollars in defense contracts.
Permalink  |
airmikee99
I can has micro-bio?
133 Fans
02:47 PM on 07/16/2011
"Firstly you cannot build a "separate" network because you cannot prevent a computer to be connected to both" Really? Plugging my computer into my intranet means it's automatically connected to the internet? That's an interesting claim, has no basis in reality, but interesting none-the-less. Are you sure there's no way to force a computer to ignore certain internet protocols and only pay attention to the secure protocols?

The change from IPv4 to IPv6 has NOTHING to do with security. That's like saying your house is protected from burglars just because the post office changed your zip code.

It's truly terrifying that you claim to be a web developed but it seems as though you have zero understanding of how the web works.
Permalink  |
photo
HUFFPOST SUPER USER
Valerio della Porta
Entrepreneur and Web Developer
158 Fans
04:27 PM on 07/16/2011
IPsec support is mandatory in IPv6 but optional for IPv4, see http://en.wikipedia.org/wiki/IPv6#Mandatory_support_for_network_layer_security

Even if you support IPsec in IPv4 you still can't protect the Authentication Header. Because of this situation we mostly use SSL, TSL and SSH instead of IPsec but these security systems operate on the upper layers of TCP-IP leaving the packet vulnerable. It's like wearing a bulletproof helmet without a bulletproof vest.

For what is concerning forcing a computer to ignore certain protocols I'd say that you cannot force anyone to do anything. In the Soviet Union you had to register every single typewriter with the government and even that didn't stop dissidents to write what they wanted to.

How do you know that any one of the computers accessing the supposedly secure and separate network is not compromised?

The tools to make the Internet secure are already in place, what's missing is the leadership to implement them.
Permalink  |
photo
HUFFPOST SUPER USER
RedDogBear
556 Fans
 
08:20 PM on 07/17/2011
"you cannot build a separte network because you cannot prevent a computer to be connected to both"

You are wrong. Its that simple. While its unlikely these days to have networks that aren't connected to the Internet its quite possible and they do still exist. i ran a computer R&D lab a while ago and the company I worked for was very security conscious. We had two separate physical networks. In each room there were network jacks for the internal network and the R&D network. The internal network was not connected to the Internet. It didn't even use Internet protocols for communication. It was a completely separate private network for company data that was physically disconnected from the Internet.
Permalink  |
photo
HUFFPOST SUPER USER
Valerio della Porta
Entrepreneur and Web Developer
158 Fans
12:44 PM on 07/18/2011
Please read my replies above. As long as a computer can connect to both networks you have a vector that you can use for intrusion.

In your setup the networks were synchronously disconnected (i.e. packets wouldn't flow from one network to the other) but they were asynchronously connected since data could be stored on a machine and relayed back and forth.

In fact I suspect that you have moved data from one network to another on a constant basis but since your company was very security conscious there has never been a problem.

However, in a network with hundreds of thousands if not millions of clients it is impossible to control them so some of these computers will be compromised and will act as asynchronous relays.

As I said above, the tools to secure the Internet are available, what's missing is the leadership to implement them.
Permalink  |
photo
dbw53022
Mostly optimistic. Sometimes sarcastic.
208 Fans
10:01 AM on 07/16/2011
We need newer, better, more secure "tubes".
Permalink  |
photo
HUFFPOST SUPER USER
Ramon Moreno
Read below.
356 Fans
02:55 AM on 07/17/2011
This time, let's wire the tubes in parallel.
Permalink  |
jo smith456
237 Fans
08:17 AM on 07/16/2011
It won't happen, No way. The current Internet setup is controlled by US; it has become TREMENDOUSLY convenient and easier means to monitor communications to help US intelligence agencies.

If, however, a "new" form of internet is to be created, it should be a worldwide effort and not just by one country.
Permalink  |
photo
Goose8
31 Fans
06:09 AM on 07/16/2011
If everyone used simple security practices, I don't think we would be in such a state of paranoia.

I know that autofill features are great and all, but is it really that bothersome to enter your username and password to open web based mail or check your bank account? And for God's sake, clean out your cookies and cache in your browser. Also, any digital copy I receive of sensitive personal information, I store offline on a removable HD.

These secure channels should be gov't only. Don't *force* me to keep a machine updated because of this. If I really want to use it, I'll go through the proper channels to gain access. If anyone wants my bank account information, they would be a fool. There's nothing in there and it would be a waste of their time.

Also, if the gov't really wants to do this...why release press statements? Showing this in the news and calling it better security is like playing hide n seek with a lion. You'll be gotten right when you think you're the safest. This is basically issuing a challenge to hackers everywhere saying, "I bet you can't..." After some time and research, the hackers will respond with a resounding "I told you so."
Permalink  |
photo
BoFo
Like, you talkin' to me?
178 Fans
05:28 AM on 07/16/2011
Yeah, let's build a "New Improved Internet" and then, instead of selling substandard Internet access at ridiculously-high prices, we can sell slightly-better Internet access at really, really, really, ridiculously-high prices and we can build back doors into everything too.
Permalink  |
photo
dukeofurl01
Information Systems Analyst & GIS Technician
26 Fans
04:53 AM on 07/16/2011
I think this only reinforces just how little all the old decision-makers actually know about how the Internet actually works.
Permalink  |
Page: 1 2 3 4 5  Next ›  Last »  (9 total)