Multiple Private Internets - a Fed solution to protecting infrastructure.
HERNDON, Va. - The government is floating a network
security proposal that would divide the next-generation
Internet into multiple private networks that would shift
critical functions such as Web-based air traffic control
away from the rest of the Internet.
The notion of separating the Internet into multiple
networks as a way to stem cyber attacks drew a cool
response from industry executives and Internet security
specialists meeting here on Tuesday (May 22) to consider
plans for improving the security and reliability of the
future network infrastructure.
"I don't think it's viable on any level," said Ken Watson, president and chairman of the Partnership for Critical Infrastructure Security and manager of critical infrastructure protection at Cisco Systems Inc.
Richard Clarke, the Bush administration's point man on cyber-terrorism, raised the issue of separate networks in remarks about a new national plan to protect critical networks. The plan will be developed over the next several months, and Clarke pledged it "will be written jointly with the private sector."
Of greatest concern to U.S. officials charged with protecting critical networks such as power grids and financial systems are the growing number of non-PC devices connected to the Internet and the migration of critical functions like air traffic control to the Internet.
"More and more functions are moving to IP-formatted or Web-based systems because they are cheaper," said Clarke, the national coordinator for infrastructure protection at the National Security Council. "Do we want to start thinking of taking critical functions out of [cyberspace]," replacing virtual private networks with "really private networks?" he asked.
A prime example, Clarke said, is the Federal Aviation Administration's plans to move to a Web-based system for air traffic control. With wireless networks bringing more devices onto the Internet, Clarke asked whether critical applications should share cyberspace with consumer services.
Internet experts said the idea of operating multiple private networks as a way to improve network security has surfaced before but has generally been rejected. Whitfield Diffie, the Sun Microsystems engineer and co-creator of public key cryptography, called the U.S. proposal "strange," adding that it goes against the trend toward a unified Internet that preserves maximum network flexibility.
Others at the Internet conference agreed. Ensuring security through "a private Internet network will probably not succeed," said another network security expert.
Alternative proposals for beefing up network security on the next-generation Internet include non-routable IP addresses and a stronger user authentication infrastructure. Some observers said the conflicting goals of the future Internet - privacy on the one hand, strong authentication for business transactions on the other - argues in favor of creating private networks for some critical applications.
Clarke said policy makers formulating the new national net security plan are also examining how to ensure that current network vulnerabilities are not transferred to the future Internet. Planners also want to find ways to speed industry deliberations on open standards while preserving network security. They are also looking at how government and industry can share information on network threats.
As industry planners seek greater network security and reliability, Clarke warned that threats to the next-generation Internet are growing. "We are moving into a period where information warfare is possible," he said. According to government estimates, the United States alone is on a pace to suffer more than 30,000 network attacks during 2001.
Congress has approved legislation to protect health data and financial transactions on the Internet. Some worry that lawmakers will propose additional legislation that will create broader security regulations on the Internet. Clarke said government-industry cooperation is the best way to avoid further regulations.
"This administration will not support regulations to [mandate] security on the Internet," Clarke said.
- Mon, 2013-05-13 01:31
- Thu, 2013-05-09 01:40
- Mon, 2013-04-29 05:08