 | |
| |
TechnologyDaily Mobile
Acting Locally, Networked Globally
by William New
In working to bolster the security of the nation's critical infrastructure, the Bush administration is trying to extend its effort to vulnerabilities to the Internet from abroad.
"At the outset, we recognize that the electrons don't stop at the water's edge," said Paul Kurtz, director for Critical Infrastructure Protection at the National Security Council. "We're in a global environment, getting more connected every day. So obviously this is an international effort."
Nevertheless, he concedes that the administration has its hands full addressing homeland security issues. "The most important imperative has been to get our own house in order," Kurtz told National Journal's Technology Daily. "We have had a lot of work to do."
Looking For Answers In The Y2K Model
Administration officials have begun holding discussions about cross-border security issues with closely allied partner nations, such as Canada.
Another effort is the creation of an infrastructure working group that involves a "phone tree" among companies like VeriSign and Cisco Systems, government agencies like the Defense Department and the National Security Council, and groups like the National Security Telecommunications Advisory Committee (NSTAC). The working group is creating e-mail groups to rapidly address technical and policy information and media content in the event of crisis.
But some observers, such as Bruce McConnell, the former chief of the International Y2K Cooperation Center, say the administration has not had time to develop a concrete plan for addressing international cyber threats. McConnell is launching a study of global cyber-security practices. He and others -- including Harris Miller, president of the Information Technology Association of America -- are discussing whether the former 170-nation Y2K center might be a viable model for a cyber-security center.
Miller, whose organization is one of 40 high-tech associations in the World Information Technology and Services Alliance (WITSA), first raised the Y2K idea a year ago. The WITSA World Information Congress to be held in Adelaide, Australia, in February will focus on international issues.
The Internet Security Alliance, formed in April by the Electronic Industries Alliance and the CERT Coordination Center, also is addressing international cyber security. CERT is a member of the international Forum of Incident Response and Security Teams (FIRST).
White House Expands Global Security Plans
Some of the new anti-terrorism machinery established by President Bush in recent weeks will try to cover international issues as well. Richard Clarke, the new special adviser for cyber security, reports both to White House Homeland Security Director Tom Ridge and, for international security issues, National Security Adviser Condoleezza Rice. Clarke will chair a senior executive board on critical infrastructure protection, as delineated in an Oct. 16 presidential executive order.
The executive order called for the board to support the State Department's coordination of U.S. government programs for international cooperation on infrastructure protection. At State, the responsibility for international cyber-security issues falls to John Bolton, undersecretary for arms control and international security.
The executive order also called for the creation of a standing committee on international affairs, chaired by a designee of the secretary of State, and that is expected to be Bolton. The order codifies State's authority on critical infrastructure, according to Michele Markoff, the senior coordinator for outreach policy on international critical-infrastructure protection.
Nations Work To Boost Cyber Hygiene
The United States also is working within various forums to improve the "cyber hygiene" of the rest of the world. There are efforts at the United Nations, the Organization for Economic Cooperation and Development, the Group of Eight industrialized nations, the Asia Pacific Economic Cooperation and the Organization of American States. The recently completed Council of Europe treaty on cyber crime is seen as a way to bolster nations' laws.
In the wake of the Sept. 11 terrorist attacks, nations are even finding themselves in anti-terrorism partnerships with nations they may not trust to manage the Internet well. For instance, while China's economy is slowly opening and it has shown support for the U.S. anti-terrorism effort, it has a poor track record on online expression.
There is movement to isolate subsets within the Internet in order to ban undesired characters or even countries. Examples are Govnet, a U.S. government intranet proposed last month by Clarke, and Interpol, the established worldwide criminal intelligence network.
"There's practicality in the way the Internet is deployed," said Michael Aisenberg, director of public policy at VeriSign, an Internet security company that manages the two U.S.-government-controlled root servers out of the world's total of 13. "If a portion of the Internet died or became corrupted, some in the tech community would favor severing that segment.
"The Internet was never designed to be impenetrable. It was designed to be resilient through diversity," Aisenberg said. Therefore, the company takes many precautions, such as using different types of hardware, backup systems on location of the root servers and off location, and different network suppliers. "In practice, we deploy more than twice as much system headroom than the Internet standard dictates," he said.
ICANN's Role In Global E-Security
Questions abound as to who is ultimately responsible for global Internet security. Some think the U.S. government still holds the edge, while others see its spawn, the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN), emerging. "From the standpoint of security policy, in looking at the governance of the Internet, there is a real schizophrenia between the authority exercised by U.S. government institutions and the globalized institution ICANN aspires to be and the global technology the Internet is," Aisenberg said.
ICANN's role in global Internet security will be debated at its annual meeting, in Marina del Rey, Calif., on Nov. 12-15. ICANN officials have said it will look at measures to protect the domain-name system.
U.S. control of the Internet is becoming increasingly limited. There is currently a total of 400 million Internet users worldwide, about 100 million of which are in North America. By the end of 2005, the North American audience is expected to double to 200 million, while the number of users in the rest of the world will more than triple, from about 300 million to nearly 1 billion.
The biggest threat to the Internet, according to ICANN and others, is not at the root-server level, but two levels below. The second level includes the roughly 250 generic domain-name suffixes such as .com and country-code suffixes such as .us or .uk.
The third level consists of hundreds of thousands of name servers operated by businesses and governments that handle a lot of traffic. Examples are whitehouse.gov or verisign.com. Of those, some 6,000 organizations or individuals, such as aol.com, have about 1,000 subscribers worldwide who have a diversity of approaches that cannot be controlled from the top down.
"There are so many operators that make independent judgments," Aisenberg said, "that there's a wide range of security practices observed at that level -- from the root servers that VeriSign observes to those who deploy no special security and whose security may consist of no more than that embedded in off-the-shelf commercial operating systems."
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
