[ISN] U.S. net-security proposal draws cool industry response

From: InfoSec News (isnat_private)
Date: Wed May 23 2001 - 00:13:19 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, May 23, 2001 (fwd)"

    By George Leopold 
    EE Times
    HERNDON, Va.  The government is floating a network security proposal
    that would divide the next-generation Internet into multiple private
    networks that would shift critical functions such as Web-based air
    traffic control away from the rest of the Internet.
    The notion of separating the Internet into multiple networks as a way
    to stem cyber attacks drew a cool response from industry executives
    and Internet security specialists meeting here on Tuesday (May 22) to
    consider plans for improving the security and reliability of the
    future network infrastructure.
    "I don't think it's viable on any level," said Ken Watson, president
    and chairman of the Partnership for Critical Infrastructure Security
    and manager of critical infrastructure protection at Cisco Systems
    Richard Clarke, the Bush administration's point man on
    cyber-terrorism, raised the issue of separate networks in remarks
    about a new national plan to protect critical networks. The plan will
    be developed over the next several months, and Clarke pledged it "will
    be written jointly with the private sector."
    Of greatest concern to U.S. officials charged with protecting critical
    networks such as power grids and financial systems are the growing
    number of non-PC devices connected to the Internet and the migration
    of critical functions like air traffic control to the Internet. "More
    and more functions are moving to IP-formatted or Web-based systems
    because they are cheaper," said Clarke, the national coordinator for
    infrastructure protection at the National Security Council. "Do we
    want to start thinking of taking critical functions out of
    [cyberspace]," replacing virtual private networks with "really private
    networks?" he asked.
    A prime example, Clarke said, is the Federal Aviation Administration's
    plans to move to a Web-based system for air traffic control. With
    wireless networks bringing more devices onto the Internet, Clarke
    asked whether critical applications should share cyberspace with
    consumer services.
    Internet experts said the idea of operating multiple private networks
    as a way to improve network security has surfaced before but has
    generally been rejected. Whitfield Diffie, the Sun Microsystems
    engineer and co-creator of public key cryptography, called the U.S.
    proposal "strange," adding that it goes against the trend toward a
    unified Internet that preserves maximum network flexibility.
    Others at the Internet conference agreed. Ensuring security through "a
    private Internet network will probably not succeed," said another
    network security expert.
    Alternative proposals for beefing up network security on the
    next-generation Internet include non-routable IP addresses and a
    stronger user authentication infrastructure. Some observers said the
    conflicting goals of the future Internet privacy on the one hand,
    strong authentication for business transactions on the other argues in
    favor of creating private networks for some critical applications.
    Clarke said policy makers formulating the new national net security
    plan are also examining how to ensure that current network
    vulnerabilities are not transferred to the future Internet. Planners
    also want to find ways to speed industry deliberations on open
    standards while preserving network security. They are also looking at
    how government and industry can share information on network threats.
    As industry planners seek greater network security and reliability,
    Clarke warned that threats to the next-generation Internet are
    growing. "We are moving into a period where information warfare is
    possible," he said. According to government estimates, the United
    States alone is on a pace to suffer more than 30,000 network attacks
    during 2001.
    Congress has approved legislation to protect health data and financial
    transactions on the Internet. Some worry that lawmakers will propose
    additional legislation that will create broader security regulations
    on the Internet. Clarke said government-industry cooperation is the
    best way to avoid further regulations.
    "This administration will not support regulations to [mandate]
    security on the Internet," Clarke said.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed May 23 2001 - 00:23:13 PDT