Re: New Internet for Security

[Marty Manjak <mm376 () ALBANY EDU>]

In my view, yes.

If you follow Roger Grimes blog at Info World
<http://weblog.infoworld.com/securityadviser/archives/2009/01/fearless_new_ye.html?source=NLC-SECADV&cgd=2009-01-04>,
he's been advocating a separate, trusted Internet for well over a year.

We have a situation now that's not dissimilar to the era of Prohibition,
where criminal syndicates became very powerful, and enough people became
vested in their economic prosperity as to make it very difficult to root
them out. The people who are developing malware, managing its
distribution, and exploiting it, have become very sophisticated in their
operations. There may even be overlap between criminal activity and state
sponsored espionage.

Because of the revenue they are generating and the current patchwork of
laws addressing cyber crime, it makes it very difficult to identify and
bring these people to justice. As long as you cannot hold criminals
accountable, there is no deterrent factor. If easy money can be made, with
little chance of going to jail, talented people will be drawn into these
operations. The current, global economic downtown will only make things
worse by making cyber crime more attractive.

The key issue is end-to-end authentication, from the hardware level right
on up through the stack on out onto the wire.

Marty Manjak
CISSP
Information Security Officer
University at Albany

>  http://www.nytimes.com/2009/02/15/weekinreview/15markoff.html?th&emc=th
> Do We Need a New Internet?
>
> "Bad enough that there is a growing belief among engineers and security
> experts that Internet security and privacy have become so maddeningly
> elusive that the only way to fix the problem is to start over."
>
> Do you think it is really that bad?
>
> --
> Theresa Rowe
> Chief Information Officer
> Oakland University