Presidential advisor says U.S. should fund, test ‘Net security

The U.S. government should fund and test Internet Engineering Task Force developments and initiatives to bolster the security of Internet communication, including extensions to the BGP protocol, a presidential advisor said this week.

Internet protocols such BGP and Domain Name System (DNS) can be targets of intentional malicious activity or sources of instability that compromise the security and reliability of the Internet, says Richard Clarke, Special Advisor to the President for Cyberspace Security. Indeed, there have been recent instances of malicious activity – the Oct. 21 Distributed Denial of Service attacks on 13 Internet root servers – and Clarke says BGP frequently “flops” massive routing tables between ISPs, creating “pockets” of instability.

“We’re proposing that there be an increased role for the federal government in terms of funding research, in terms of being an early adopter when there are successful new things, and in terms of helping to create testbeds,” said Clarke. “The U.S. government should be doing more, not in terms of regulating, mandating or dictating; but in terms of facilitating the work of people like the IETF.”

Governmental funding of IETF work is tricky, however, Clarke notes, because the IETF and the Internet and worldwide organizations and entities. “Ownership” is therefore ambiguous, as is the source of research and development funding, he says.

“Issues of BGP, secure BGP and secure DNS have been kicking around in the security group and the protocol groups in the IETF for a long time,” Clarke says. “But nothing much has happened. And that’s in part because who owns the Internet? The world does, so that everyone owns it in common. No one feels responsible for funding this work.”

Clarke says the U.S. government has been in discussion with Jeff Schiller, security area director for the IETF, about funding and testing. Clarke says Schiller is receptive but sensitive to the possibility that the federal government would “dominate” the IETF’s work, Clarke says.

“We’re not interested in dominating, we’re not interested in regulating,” Clarke says. “But we are interested in facilitating their work. What (Schiller) said is that they certainly could use assistance in funding R&D, funding testbeds, that would make it possible for them to make decisions or RFC conclusions more rapidly than they have been.”

Under consideration is the creation of a “civilian DARPA” in the Homeland Security Department to solicit the participation of the private sector in Internet security and stability R&D, Clarke says. DARPA — the Defense Advanced Research Projects Agency, the research and development arm of the U.S. Defense Department – funded early development of the Internet in the 1970s.

The U.S. government is also discussing joint funding and research with the European National Security Agency, a department of the European Union, Clarke says.

“The real issue is getting somebody – the U.S. government is the logical candidate – to worry about these underlying protocols and support the work of the experts,” Clarke says. “Not impose our solutions, but first of all say to the expert community, ‘We think there are some problems here. Do you?’”

Clarke says there are two kinds of problems with BGP: one is instability, which arises mostly from human error. The other is security.

“Right now, (BGP) doesn’t use authentication or encryption,” Clarke says. “That poses a potential vulnerability, which people have been aware of and talking about for years but no one has done anything to fix yet. So there are two problems, they’re related, and we’re interested in solutions that facilitate both of them.”

Clarke feels these “solutions” can be bolted onto the existing BGP protocol rather than requiring the development of a new peering protocol for the Internet.

Clarke says the IETF is likely to require “a few million dollars” annually from the federal government to fund research and development of Internet security and stability initiatives. Testbeds would need to assimilate a very large-scale system as well, he says.