Many could crash the 'Net ... but they lack motivation

Last week's column on Cisco's fracas with one Michael Lynn and its implications for shutting down the 'Net generated interesting feedback. Thanks to all who wrote in.

What do you think? Discuss in our forum.

Reader Dane Dawson disapproved: "Cisco was able to work with the other people and stay the issue, but that didn't stop a media-driven periodical such as yours . . . from publishing whatever you want."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Last week's column on Cisco's fracas with one Michael Lynn and its implications for shutting down the 'Net generated interesting feedback. Thanks to all who wrote in.

What do you think? Discuss in our forum.

Reader Dane Dawson disapproved: "Cisco was able to work with the other people and stay the issue, but that didn't stop a media-driven periodical such as yours . . . from publishing whatever you want."

I should point out that I am not an employee of Network World and my editor doesn't control what I write (except to correct the grammar and take out the dirty words).

So, why do I think the Cisco fracas matters so much? My concern was that Cisco chose security through obscurity to paper over the cracks in the Internet infrastructure, which is effectively a Cisco monoculture.

Dawson continued, "So instead of working quietly to hush this, you publish it so that every anti-Cisco, anti-American, terrorist [in the name of journalism], hacker and anyone else who was close to destroying a company, has access and the tools to exploit routers . . . . Congratulations, you have become a terrorist yourself."

Even though I didn't write about any details of the exploit or even point out where you could find out how it worked, I am apparently a terrorist for having the temerity to discuss a public issue! What this complaint demonstrates is a profound misunderstanding of how the Internet is vulnerable and who is the threat.

As you will see from the 'NetBuzz column due south of here , Paul McNamara and I disagree on how vulnerable the 'Net really is. He contends that if it was that vulnerable, someone would have had a whack at it by now. As we can see no signs of such an attempt, we should conclude it isn't vulnerable.

<digression>This is essentially the anti-UFO "alien wrench" argument: If aliens are visiting us all the time then why haven't we found an alien wrench lying around? I don't believe in UFOs but let's see: If you're several million miles from the garage wouldn't you plan to keep track of your wrench? Wouldn't completely cleaning up after you've scared the bejesus out of some hick farmer and disemboweled one of his cattle be logical?</ digression>

Anyway, I contend that the Internet is vulnerable and it hasn't been taken down because the bad guys with the wherewithal don't have the motivation to do so. Consider the terrorists. There are lots of them all over the world and many of them have the wherewithal, but they need the 'Net.

For example, it is well-known that Al Qaeda uses the Internet extensively for communication and publishing propaganda. Take out the 'Net and they'd have to go back to traditional communications. It would also screw up their banking arrangements.

Is your average hacker a risk to the Internet? It would only be by accident. A really knowledgeable hacker probably wouldn't attack the 'Net because if you are that savvy you can foresee the consequences and they would be serious to say the least.

The wild card is someone as crazy as the Unabomber. Luckily he didn't have the wherewithal when it came to the 'Net but he's not the only looney out there.