U.S. net-security proposal draws cool industry response

[InfoSec News <isn () c4i org>]

http://www.eetimes.com/story/OEG20010522S0077

By George Leopold 
EE Times
05/22/01

HERNDON, Va.  The government is floating a network security proposal
that would divide the next-generation Internet into multiple private
networks that would shift critical functions such as Web-based air
traffic control away from the rest of the Internet.

The notion of separating the Internet into multiple networks as a way
to stem cyber attacks drew a cool response from industry executives
and Internet security specialists meeting here on Tuesday (May 22) to
consider plans for improving the security and reliability of the
future network infrastructure.

"I don't think it's viable on any level," said Ken Watson, president
and chairman of the Partnership for Critical Infrastructure Security
and manager of critical infrastructure protection at Cisco Systems
Inc.

Richard Clarke, the Bush administration's point man on
cyber-terrorism, raised the issue of separate networks in remarks
about a new national plan to protect critical networks. The plan will
be developed over the next several months, and Clarke pledged it "will
be written jointly with the private sector."

Of greatest concern to U.S. officials charged with protecting critical
networks such as power grids and financial systems are the growing
number of non-PC devices connected to the Internet and the migration
of critical functions like air traffic control to the Internet. "More
and more functions are moving to IP-formatted or Web-based systems
because they are cheaper," said Clarke, the national coordinator for
infrastructure protection at the National Security Council. "Do we
want to start thinking of taking critical functions out of
[cyberspace]," replacing virtual private networks with "really private
networks?" he asked.

A prime example, Clarke said, is the Federal Aviation Administration's
plans to move to a Web-based system for air traffic control. With
wireless networks bringing more devices onto the Internet, Clarke
asked whether critical applications should share cyberspace with
consumer services.

Internet experts said the idea of operating multiple private networks
as a way to improve network security has surfaced before but has
generally been rejected. Whitfield Diffie, the Sun Microsystems
engineer and co-creator of public key cryptography, called the U.S.
proposal "strange," adding that it goes against the trend toward a
unified Internet that preserves maximum network flexibility.

Others at the Internet conference agreed. Ensuring security through "a
private Internet network will probably not succeed," said another
network security expert.

Alternative proposals for beefing up network security on the
next-generation Internet include non-routable IP addresses and a
stronger user authentication infrastructure. Some observers said the
conflicting goals of the future Internet privacy on the one hand,
strong authentication for business transactions on the other argues in
favor of creating private networks for some critical applications.

Clarke said policy makers formulating the new national net security
plan are also examining how to ensure that current network
vulnerabilities are not transferred to the future Internet. Planners
also want to find ways to speed industry deliberations on open
standards while preserving network security. They are also looking at
how government and industry can share information on network threats.

As industry planners seek greater network security and reliability,
Clarke warned that threats to the next-generation Internet are
growing. "We are moving into a period where information warfare is
possible," he said. According to government estimates, the United
States alone is on a pace to suffer more than 30,000 network attacks
during 2001.

Congress has approved legislation to protect health data and financial
transactions on the Internet. Some worry that lawmakers will propose
additional legislation that will create broader security regulations
on the Internet. Clarke said government-industry cooperation is the
best way to avoid further regulations.

"This administration will not support regulations to [mandate]
security on the Internet," Clarke said.







ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.