Starting over with the Internet is cybersecurity Shangri-la
Many of the worst problems on the Internet are probably unsolvable, at least as a practical matter. One of the favorite models to imagine our way out of this ordeal is to start over with a new and more "secure" Internet. Sadly, this is an even less practical idea than fixing the one we have.
The latest to dare to imagine this dream is U.S. Cyber Command chief Gen. Keith Alexander who wants a ".secure" network for critical infrastructure: ".secure would require visitors to use certified credentials for entry and would do away with users' Fourth Amendment rights to privacy. Network operators in the financial sector, for example, would be authorized to scan account holders' traffic content for signs of trouble. The current Internet setup would remain intact for people who prefer to stay anonymous on the Web".
As a security professional it's easy to get frustrated with the Internet. It's not hard to envision solutions to many of the worst problems it has, but these solutions will never happen because they are incompatible with established standards used worldwide. Consider SMTP. the email protocol of the Internet. To this day it's easy to spoof the identity of the sender of an email message. The protocol was built without authentication, and efforts to build authentication in have been only sparingly adopted.
So this would be a good place to ask one of the obvious questions: Would [email protected] be able to receive email from the "unsecured" Internet? How could he trust it? I suppose the email would have to include some sort of hardened credential, but there's a limit to how much you can trust if the message comes from the outside.
It's in the interactions of the secure and insecure Internets that this idea falls apart. Obviously they have to interact, and in order to allow that there has to be some element of trust between them. The definition of "critical infrastructure" usually includes banks. Well, I'm out here in the ".insecure" world and I use the Internet to connect to my bank. Am I talking to the secure one or not? Are they saying I need to provide fingerprints in order to do online banking?
Once you really think through any such scheme it collapses under the myriad compromises necessary for it. The only way to make it really work securely is to make a whole new one that does not interact with the existing one. Who thinks that could ever happen?
Incidentally, this is a really old idea. Here's my first exposition on it back in April, 2003 when I was mostly thinking about email. I gave the subject another shot in July, 2005 and concluded, like General Alexander, that "a new, more secure Internet, would be far more restrictive".
I am now officially dismissive of the idea of a new ".secure" network. I don't believe it can be done in a practical sense. That doesn't bother me. What gets me concerned is that someone like General Alexander would think that it's necessary, because that means he agrees that the rest of the Internet is a lost cause.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contributing Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.