IP: Some thoughts by Dave Farber (me) on Living Riskier Electronically

[Dave Farber <farber () cis upenn edu>]

I have gotten several notes re the Times article and have noted Bob 
Morris's comment [ I knew Bob first when his Dad Bob Morris put him in my 
arms at Bell Labs djf]

There are two areas of attack on the Internet. The first and the one we 
primarily have seen are primarily attacks on the user and server software. 
They will always be subject to what one could call the ECM turnstile. We 
will get attacked and the software will be fixed and the attackers will 
search for new vulnerabilities and we will get hit and fix those and it 
will be a endless round and round. Proper  attention to correct security 
design in new products would help a lot. Better hardware systems to ensure 
the ability to build secure software will help. Bob's concerns address this 
point. What I worry about is that future and maybe current attackers will 
not be high school kids but very smart and with it professionals with a cause.

I am a lot more worried by attacks on that part of the Internet that lies 
in its arterial structure -- namely the  set of protocols and software that 
control the routers and traffic systems of the core internet. Much of the 
protocols were designed in those happy old days (well reasonably happy). I 
and others I have spoken to have little confidence that there are not a 
number of interesting attacks which can do a number on the internet 
communications system with result similar to the failure of the SS7 part of 
the POTS network (not the same causes).

We also may be constructing a commercial environment which is very 
vulnerable to  reliability failures due to limited peering relationships.

I for one would like to understand just how solid or vulnerable  we 
actually are so we can fix it and as we fix it we can tell senior policy 
makers and the congress what the true state of the net is.

Dave


"The Net's going to go fumbling along until there's a massive intrusion," 
said Dave Farber, an Internet pioneer and chief technologist for the 
Federal Communications Commission. "Then everything will hit the fan. 
Congress is going to go ballistic, and we're going to panic our way into 
doing something."

"The Internet was built in an age when we all knew each other, we all 
trusted each other, we were talking about where to have dinner and what 
silver futures to buy," said Mr. Farber, speaking of the scientists who 
built it. "Now we've moved it into an environment where the country counts 
on it. And it's very hard to retrofit security."

"The opportunity for things to go wrong is always increasing," said Robert 
Morris, an assistant professor of computer science at the Massachusetts 
Institute of Technology who is perhaps better known as the creator of the 
first Internet worm, which crippled the network in 1988. "More people are 
also going after things. But it's not clear who's going to win, the people 
who write software with bugs or the people trying to fix the bugs."