Internet Security

President Obama's new approach to cybersecurity likely is more of an Internet game-changer than many appreciate. Initial reporting and commentary has been superficial and has not connected dots or analyzed the broader logical implications of this new policy emphasis and trajectory.   

Why is it a game-changer for the Internet?

• First, it formalizes a new leading priority for the Internet.
• Second, it formalizes the lack of cybersecurity as the Internet's leading problem.
• Third, it practically redefines what "open Internet" means.
• Fourth, it practically takes any extreme form of net neutrality off the table. 

Moreover, the new cybersecurity focus will likely have a practical effect on the trajectory of Internet 3.0, which embodies:

• Cloud computing (where security has not been a primary priority by many);
• The Mobile web (where security has always been a very high priority); and
• The Internet of Things (where security will be imperative to prevent theft, intrusion, and sabotage).

I.   Cybersecurity -- New #1 Internet Priority

President Obama said:

New evidence continues to spotlight the Open Internet's growing security problem. 

"Network Based Security Is In Our Future" is an outstanding must-read analysis by Tom Tovar, CEO of Nominum.

Please read his full piece, its brief. Let me highlight some excellent points he made:

"All our information is being sucked into the cloud. Privacy is over." That was the bold declaration of Attorney Steve Masur at DCIA's P2P Media Summit per Washington Internet Daily.

• Wow. As stark an assessment that that is, what really disturbs me is the thought process and tech ethic that underlies this view.
• Mr. Masur is not alone, he is part of a growing publicacy mentality/movement that looks at privacy as:
  • A neandrethal expectation in the Internet Age,
  • Buzz-kill for Internet innovators, and
  • Road-kill for the cloud-computing bus speeding down the information super-highway.

My pushback here is the blind worship of technology or tech-determinism.

• I define tech-determinism to be:
  • if technology or innovation can do it, it must be good; and
  • if something stands in the way of technology and innovation, like privacy, it is in the way and should be terminated. 

Did it ever occur to the tech determinists that if there is no privacy in the cloud, many won't go there?

• Most users appreciate that technology should work for them, they don't work for technology.

Privacy isn't over. 

New evidence continues to spotlight the Open Internet's growing security problem. 

• The growing catalogue of evidence from mainstream sources is getting harder and harder to ignore. See previous parts of the series:  I, II, III, IV, V, VI, VII & VIII.

"Internet security threat report finds malicious activity continues to grow at a record pace -- Web based attacks evolve as hackers target end-user information; Underground economy continues to thrive." Symantec

High profile Internet security/safety/privacy problems continue to spotlight the Open Internet's growing security problem.

"Computer hacking attacks soar as gangs focus on financial data" -- FT

• "Computer hackers stole more sensitive records last year than in the previous four combined, with ATM cards and Pin information growing in popularity as targets, according to a study..."

"Computer Attackers target popular sites in quest for profit" IBD

• Symantec...  "found new varieties of malware rose 265% last year vs. 2007."
• "This is about fraud and theft — I don't think there's any doubt in anyone's mind," said Dean Turner, director of Symantec's global intelligence network unit. "Where this is headed is not good for anybody."

"Computer Spies Breach Fighter Jet Project" WSJ

• "...He spoke of his concerns about the vulnerability of U.S. air traffic control systems to cyber infiltration, adding "our networks are being mapped." He went on to warn of a potential situation where "a fighter pilot can't trust his radar."

"New Military Comand to Focus on Cybersecurity" WSJ

Why is one of the most-serious identified internet/cybersecurity risks currently affecting the Internet and network operators not on the FCC's radar screen?

• More specifically, why does a search of the FCC's website for the term "conficker" return zero results? (see below)

A Google search on "conficker"returned 4.86 million results.

The open Internet's inherent vulnerability to bad actors made the front page of the Wall Street Journal today in an important-to-read article: "Electricity Grid in U.S. Penetrated by Spies." 

Now we better can much better appreciate why Senate Commerce Committee Chairman Rockefeller is so concerned about cybersecurity and committed to making protection of the Nation's critical cybrastructure a much more urgent priority for the Internet.

The WSJ article hit the core internet problem on the head in the article -- its a lack of accountability:

• "It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace."

This problem in this article spotlights why cybersecurity and online safety are very real and pressing problems on the Internet today. It is surprising and alarming why there is not as much public focus on the very real problems of the Internet as there is on potential unproven Internet problems.

Part V

My point here is not at all anti-innovation, but simply that all innovation is not good, because innovation is a means not an end. People can innovate for both good, and bad, purposes. 

• Cyber-criminals, hackers, predators, terrorists and other malfactors, constantly innovate on the open Internet with malware, viruses, spam, botnets, p2p piracy and phishing, denial of service attacks, etc.
• Cyber-security experts marvel at the innovation and ingenuity of these multiplying malfactors.    

My big point here is that the push for the Government to maximize innovation by mandating an "open Internet" is a knife that can cut both ways. Just like an open Internet enables well-intentioned innovators, it also can enable innovative cyber-crooks and bad actors. 

Anything good can become bad or a problem, if it is taken to excess.

Evidence continues to mount that the real problem on the Internet is that it is not as safe and secure as it needs to be -- not that it is not open enough. (Parts: I, II, III, IV) 

"Cyber Security: The Achilles Heel of U.S. Might?" Washington Post

• "...the fact that the nation's cyber vulnerabilities continue to grow, and fast."
• "Both the high-profile attacks and more routine infiltrations have shed light on the vulnerability of critical information infrastructures. For example, the Defense Science Board noted that the U.S. military's information infrastructure is the "Achilles' heel of our otherwise overwhelming military might."

"Smart Grid May be Vulnerable to Hackers" CNN

• "A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout."

'Website-infecting SQL injection hitting 450,000 a day" USA Today