[ISN] How To Save The Internet
InfoSec News
isn at c4i.org
Wed Mar 16 03:15:15 EST 2005
http://www.cio.com/archive/031505/security.html
BY SCOTT BERINATO
CIO Magazine
Mar. 15, 2005
Professor Hannu H. Kari of the Helsinki University of Technology is a
smart guy, but most people thought he was just being provocative when
he predicted, back in 2001, that the Internet would shut down by 2006.
"The reason for this will be that proper users' dissatisfaction will
have reached such heights by then that some other system will be
needed,"
Kari said, "unless the Internet is improved and made reliable."
Last fall, Kari bolstered his prophecy with statistics. Extrapolating
from the growth rates of viruses, worms, spam, phishing and spyware,
he concluded that these, combined with "bad people who want to create
chaos," would cause the Internet to "collapse!".and he stuck to 2006
as the likely time.
Kari holds dozens of patents. He helped invent the technology that
enables cell phones to receive data. He's a former head of Mensa
Finland. Still, many observers pegged him as an irresponsible
doomsayer and, seeing as how he consults for security vendors, a
mercenary one at that.
And yet, in the past year, we've witnessed the most disturbingly
effective and destructive worm yet, Witty, that not only carried a
destructive payload but also proved nearly 100 percent effective at
attacking the machines it targeted. Paul Stich, CEO of managed
security provider Counterpane, reports that attempted attacks on his
company's customers multiplied from 70,000 in 2003 to 400,000 in 2004,
an increase of over 400 percent. Ed Amoroso, CISO of AT&T, says that
among the 2.8 million e-mails sent to his company every day, 2.1
million, or 75 percent, are junk. The increasing clutter of online
junk is driving people off the Internet. In a survey by the Pew
Internet and American Life Project, 29 percent of respondents reported
reducing their use of e-mail because of spam, and more than
three-quarters, 77 percent, labeled the act of being online
"unpleasant and annoying." Indeed, in December 2003, the Anti-Phishing
Working Group reported that more than 90 unique phishing e-mails
released in just two months. Less than a year later, in November 2004,
there were 8,459 unique phishing e-mails linking to 1,518 sites.
Kari may have overstepped by naming a specific date for the Internet's
demise, but fundamentally, he's right. The trend is clear.
"Look, this is war," says Allan Paller, director of research for The
SANS Institute. "Most of all, we need will. You lose a war when you
lose will."
So far, the information security complex.vendors, researchers,
developers, users, consultants, the government, you.have demonstrated
remarkably little will to wage this war. Instead, we fight fires,
pointing hoses at uncontrolled blazes, sometimes inventing new hoses,
but never really dousing the flames and never seeking out the fire's
source in order to extinguish it.
That's why we concocted this exercise, trolling the infosecurity
community to find Big Ideas on how to fix, or begin to fix, this
problem.
Our rules were simple: Suggest any Big Idea that you believe could, in
a profound way, improve information security. We asked people to think
outside the firewall. Some ideas are presented here as submitted;
others we elaborated upon. Those who suggested technological tweaks or
proposed generic truths ("educate users") were quickly dismissed.
What was left was an impressive, broad and, sometimes, even fun list
of Big Ideas to fix information security. Let's hope some take shape
before 2006.
[...]
More information about the ISN
mailing list