Related link: http://www.washingtontimes.com/national/20041201-114750-6381r.htm
I can’t believe I’m linking to a Washington Times story (this wouldn’t be my paper of choice), but Former CIA Director George Tenet sounded off on the internet. Read the article, especially this excerpt:
The way the Internet was built might be part of the problem, he said. Its open architecture allows Web surfing, but that openness makes the system vulnerable, Mr. Tenet said.
Access to networks like the World Wide Web might need to be limited to those who can show they take security seriously, he said.
Mr. Tenet called for industry to lead the way by “establishing and enforcing” security standards. Products need to be delivered to government and private-sector customers “with a new level of security and risk management already built in.”
Well, the last paragraph is a nobrainer, sure, everything should be “secure by default”. Although, I have the feeling by “risk-management” he means, “Big Brother”-ish Digital Rights Management hardware. Those first two statements - I couldn’t disagree more. First, openness and transparency is the last thing this country has going for it. Second, the Internet has just started, and the WWW is nothing compared to what we’ll be doing in 20 years. Stifling innovation with government intervention at this point in the development of technology would be a huge mistake.
Start talking about regulating “who” can be “on the World Wide Web”? To me this is code for, “require all software publishers to be licensed by the federal government”. Say…..wouldn’t Microsoft love it if the Apache Software Foundation, or the Free Software Foundation had to work with some outrageous federal regulatory agency. Maybe we could name it something like, “Federal Information Security Office”. I’m thinking they would do something like making the lower levels of the TCP/IP stack classified and only hand out the specs to huge corporations with lobbyist. I can’t wait.
Also notice how Tenet boils the internet’s open architecture down to Web surfing. As if, “Web surfing” is the apex of this technology. Don’t let the dramatic changes we’ve all experienced during the past three decades fool you. All we’ve gained from telecommunications and computing is the ability to “surf” to the “Web”. The WWW may be the most visible benefit of the “Internet”, but the web alone didn’t do the trick. Without open access to the internet, the web would have been an overregulated, underused mess. No one has to ask the government to set up a web site. No one needs to talk to the authorities to publish a book, and no one needs to give a librarian a good reason why they want to read a Chemistry book.
I’ve got to say that the facts are in direct opposition to his remarks. Openness isn’t the problem. If anything is the problem, it is the danger posed to our security by proprietary software and closed standards. There is no public scrutiny for closed source software. If we reduce the transparency of our standards and software, we will reduce our security tenfold. Open source welcomes public scrutiny - “Find the bugs and we’ll fix them”.
Tenet is no stranger to being wrong. Or, has the Ministry of Truth started revising the past yet? Anyone read Orwell’s 1984 lately? That is a book we all need to read - again.
Lastly, Tenet misses the real danger - unresricted access to Gopher servers will destroy us. Gopher is like the Wild West. Being able to hyperlink to any other Gopher site in the world is our Achilles Heel.
Do you think “access to networks like the World Wide Web might need to be limited to those who can show they take security seriously”?
he does have a point
He states that the infrastructure of the internet is at risk when a large population of users with no regard for security use the network.
In that he is completely correct.
People with no firewalls, AV software, or anything else to prevent their computers being turned into zombies quickly become the unwitting tools used by those with an interest to bring down servers.
If those criminals are smart and have a wish to take down major backbones they can do it with enough zombies.
And it doesn't limit itself to people surfing the web.
The number of poorly secured servers is also quite large. Each of those machines can serve to create more zombies.
If he mentions only the web that's because this is a statement to the press and the average newspaper reader associates internet==web.
Where he is wrong is in thinking that disallowing internet access to US users without proper safeguards will do much as the majority of users are not in the US, but that can be forgiven as the vast majority of US people are extremely self-centered on the US and seem blissfully unaware that an outside world even exists (and if they do see it exists they normally think that US law is the law of the land all over the world).
Plans to force ISPs to supply security solutions to customers and enforce their use and/or have customers take a mandatory exam with regular refresher courses in computer security have been floated in other countries in the past but have so far not come to fruition.
What I think will happen is that the access to (most) US government controlled websites will be restricted to US based clients only (plus those belonging to US government agencies overseas).
This in fact seems to have been happening for at least a year now.
Since late 2002 I've been unable to connect to ever more US government run websites (I'm in the Netherlands).
At first I thought this was because the sites might be down but when asking friends in the US to check them out while I was also trying to connect to them they could invariably get in while my attempts were met by timeouts or 404s.
Access to networks like the World Wide Web might need to be limited to those who can show they take security seriously, he said.
"Access to networks like the World Wide Web might need to be limited... he said." Ha! Just agree with him. Then keep on having fun using the internet;) Bah. If only it were that easy to avoid the storm:(
he does have a point
A few months ago I would have agreed, Tenet must just be talking about consumers who don't have a firewall - unwitting zombies. I just don't think Tenet is thinking about consumers having more security. The US Intelligence community seems to be solely focused on eavesdropping, and I believe that when Tenet says something like this, he's trying to encourage an Internet more amenable to wire tapping. Tenet isn't a Zone Alarm salesman.
Read this New York Times Article, "On the Open Internet, a Web of Dark Alleys". This is an ineresting article, but the tone and focus of the article concerns me because it paints a picture of an Internet above the law. An internet in need of regulation.
he does have a point
He states that the infrastructure of the internet is at risk when a large population of users with no regard for security use the network.
In that he is completely correct.
People with no firewalls, AV software, or anything else to prevent their computers being turned into zombies quickly become the unwitting tools used by those with an interest to bring down servers.
If those criminals are smart and have a wish to take down major backbones they can do it with enough zombies.
And it doesn't limit itself to people surfing the web.
The number of poorly secured servers is also quite large. Each of those machines can serve to create more zombies.
If he mentions only the web that's because this is a statement to the press and the average newspaper reader associates internet==web.
Where he is wrong is in thinking that disallowing internet access to US users without proper safeguards will do much as the majority of users are not in the US, but that can be forgiven as the vast majority of US people are extremely self-centered on the US and seem blissfully unaware that an outside world even exists (and if they do see it exists they normally think that US law is the law of the land all over the world).
thank you!
Plans to force ISPs to supply security solutions to customers and enforce their use and/or have customers take a mandatory exam with regular refresher courses in computer security have been floated in other countries in the past but have so far not come to fruition.
In a brilliant piece by Tim O'Reilly, the paranoia regarding Google's GMail is discussed shortly and dismissed, point by point.
Tim then goes on and focuses on the real issues regarding Google’s take on information and information management. O'Reilly...