When trust isn't enough

Security automation: The next wave Security counterattack How to SOC it to the bad guys Visa: Taking on Web services with resolve Your opinion: Tech talk Q&A: When trust isn't enough

K.C. Claffy, a well-respected member of the computer science research community, has made it her mission to understand the Internet and all its nuances. As principal investigator at the Cooperative Association for Internet Data Analysis (CAIDA), an 8-year-old collaboration among commercial, scientific and government entities, Claffy watches over the Internet - collecting and analyzing performance statistics in order to help create an Internet robust enough to handle ever-increasing resource demands. For instance, with Claffy leading the way, CAIDA is the go-to organization for information on 'Net-based virus attacks. In this interview, Claffy, one of our 50 most powerful people in networking for 2004, talks about security on the Internet and in the next-generation enterprise network.

In your time at CAIDA, what Internet performance trends have you noticed?

Consumers and producers in the IT marketplace have gotten used to Moore's Law and expect similar advancements in every product area. Combine the push for more/better/faster with globalization and commoditization and you get the happy result of 10 Gigabit Ethernet selling for the same cost per port in 2005 that 10M-bit/sec Ethernet sold for in 1985. At this point, the challenge isn't getting enough but rather keeping it long enough to depreciate it. Eventually, we'll reach a saturation threshold where a vast majority of powered devices are stagnant. For example, a TCP/IP controllable light switch in your home will send about 10 bits a minute, but because of cost-per-port issues it will be connected by a 54M-bit/sec wireless or 100M-bit/sec wired Ethernet. Upgrades will not be possible.

What changes have you seen in how Internet security is handled?

The greatest single advance has been in "up leveling," the training and salary of law enforcement personnel responsible for managing information-age crime. Ten years ago, anyone who knew how to track down a child pornographer could make a ton more money in the private sector than in the public sector. Today, these skills are taught at the community college level and just about every new FBI special agent is an expert before he gets his badge. This is good, but it's still only the tip of the iceberg. Inter-governmental cooperation, treaties and research funding for information-age affairs is still tiny compared to, for example, what's done with atomic power or space exploration.

Do you see any performance and security problems that can't be solved?

If some day we do all we can - which we're not, today - we'll still be left with human nature. Smart, motivated people will continue to find ways to break laws that haven't been invented yet, and cause law enforcement and the technology industry to innovate to keep up. It's possible that as an evolutionary force, this is good, since it ensures that complacency can't happen.