- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - The ambitious new U.S. strategy for securing the Internet sets critical goals that may be hard to put into practice, experts say, because some of them conflict and pose seemingly insurmountable technical problems.
The International Strategy for Cyberspace issued by the White House recently sets down seven basic goals for making the Internet safer and more reliable. Secretary of State Hillary Clinton trumpeted the document as a framework to develop, deploy, and coordinate policies that address the full array of cyber security issues.
"It is not a series of prescriptions," she says, "and that's an important distinction. Because as we work to achieve a cyberspace that is open, interoperable, secure and reliable, there is no one-size-fits-all, straightforward route to that goal." She sees that as strength of the policy, but it leaves others confused.
For instance the policy calls for support of freedom of expression and commerce via the Internet and also calls for denying those benefits to terrorists and criminals. The trick is to figure out who is who while maintaining another goal: Internet privacy.
"How can you do this unless you can discern terrorists from citizens and oppressed people and other folks?" says Josh Corman, a security analyst with the 451 Group after an initial reading of the strategy. "You need to monitor use, and monitoring means privacy violations."
He sees creating a formal policy as important but wants to hear concrete steps. "I like that it sets principles and priorities for discussion and debate, but there are things missing," he says. "I find myself wanting more about how we're going to do this."
The issues the document tries to address strike a chord with many because the Internet - and the evils that lurk there - touches so many.
Participants at a cyber security and privacy protection panel at this week's MIT CIO Symposium said they weren't yet familiar with the nuts and bolts of the administration's proposal, but they did say that protecting Web infrastructure was something the government should be more involved with.
"There's absolutely no reason my grandmother needs to fight a cyber war at her desktop," said Michael K. Daly, the director of IT security services at Raytheon. "It's absurd that she can be attacked from somebody in a foreign country and there's really no phone number for her to call. We wouldn't tolerate it if somebody was lobbing missiles over our borders, so I'm hoping we see more screening by the Internet service providers... I understand the risks to that, of course, I'm a fairly libertarian person and don't really encourage government involvement in my day-to-day life. But in this case I think we need a little more protection than what we're seeing right now."
Allen Allison, the chief security officer for NaviSite, who was also at the symposium, said that international cooperation in protecting Web assets was important because many private companies simply aren't getting enough information from governments about the nature of threats that originate overseas.