Federations are key to Internet security

Common threats demand common defenses. E-mail-borne malware - such as viruses, spam and spyware - represents the most serious threat to the stability and security of the Internet-based global economy. The Internet won't be truly safe for e-business until we have a governance structure that can effectively deal with these and other cyberthreats - specifically, a governance structure that is multinational, federated and self-policing.

Security vendors realize their limitations and have established communications channels for pooling intelligence on new attacks in real time and formulating countermeasures. However, most multi-vendor coordination efforts still seem too disjointed to deal with the steady stream of new cyberattacks. One disturbing aspect of the current ad-hocracy is the frequency with which different security vendors attach different names to the same attack. If nothing else, vendors should establish a common federated registry, nomenclature and procedures for positively and unambiguously identifying new malware species.

But much more than a federated naming approach is necessary to deal with these threats. Security vendors should be pooling all of their real-time intelligence - including patterns, signatures, alerts and filter updates -into a common federated repository available free to IT administrators and users throughout the world.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Common threats demand common defenses. E-mail-borne malware - such as viruses, spam and spyware - represents the most serious threat to the stability and security of the Internet-based global economy. The Internet won't be truly safe for e-business until we have a governance structure that can effectively deal with these and other cyberthreats - specifically, a governance structure that is multinational, federated and self-policing.

Security vendors realize their limitations and have established communications channels for pooling intelligence on new attacks in real time and formulating countermeasures. However, most multi-vendor coordination efforts still seem too disjointed to deal with the steady stream of new cyberattacks. One disturbing aspect of the current ad-hocracy is the frequency with which different security vendors attach different names to the same attack. If nothing else, vendors should establish a common federated registry, nomenclature and procedures for positively and unambiguously identifying new malware species.

But much more than a federated naming approach is necessary to deal with these threats. Security vendors should be pooling all of their real-time intelligence - including patterns, signatures, alerts and filter updates -into a common federated repository available free to IT administrators and users throughout the world.

The closest we have to such an all-encompassing repository is CERT. Unfortunately, CERT isn't part of the official multi-national, federated governance of the Internet. Rather, the operation is funded by a single nation, the U.S. What's needed is a CERT-like function that's governed and funded by a multilateral treaty organization.

Anti-malware federations of increasing scope are necessary for the effective self-monitoring and self-policing of the Internet. One of the most noteworthy trends discussed at the recent RSA Conference 2004 was the growing number of industry alliances to deal with various federated-governance aspects of the mail-borne malware problem. At the conference Microsoft announced that several anti-virus vendors have joined the Virus Information Alliance, created last May as a centralized clearinghouse for helping users find information about the latest virus threats affecting Microsoft technology. Microsoft also announced the formation of the Global Infrastructure Alliance for Internet Safety, which will facilitate rapid coordination between Microsoft and ISPs worldwide to respond to malware attacks. These are worthy initiatives, but they only address the security of Microsoft environments.

Even more interesting was Microsoft's announcement of its Caller ID for E-Mail service specification. This specification defines extensions to the DNS that would provide e-mail recipients with greater certainty on the identities of message originators, thereby facilitating spam identification. What's most interesting about this proposal is that it would leverage a ubiquitous, federated infrastructure - DNS - to address a critical requirement that's threatening the Internet's continuing viability. And it's not a radical proposal.