Emergency Response and Wireless Location Systems
by Manlio Allegra
Topics: Main | Core | Edge | Access | MPLS | Packet Voice | Softswitch | Session Border Controllers | OSS | Software | Security | Test Systems | IPv6 | SANs | P2P | Enterprise | Home Networks | Carrier Ethernet | Archive
NGN 2002 Keynote: Cyber Security - Vulnerabilities, Threats, and Responses The United States must prepare for a major attack on its networks at a level that could bring down the economy, warned Richard Clarke, Special Advisor to the President for Cyberspace Security, Critical Infrastructure Assurance Office (CIAO), in a keynote address at the Next Generation Networks conference in Boston . No one should assume that future attacks to networks will be simply the worms, viruses and denial of service zombies that we have experienced in the past. Al Qaeda, Iraq , or some other terrorist group could target the basic mechanisms of the Internet, seeking to disable or destroy key switches, routers and transmission facilities. Too many vulnerabilities exist. Preparing for such a threat, argued Clarke, is everyone's responsibility, not simply the role of government. He believes that Internet security currently faces a "tragedy of the commons" - everyone believes that someone else should be responsible for maintaining and securing the common good. While the federal government played a key role in creating the Internet, Clarke argued that the government should not run or regulate the Internet. It should be an advisor to industry, a role model and fund basic research.
Clarke shared nine specific security goals that he asked network equipment vendors and service providers to work on:
- Routers and switches must be designed with security in mind. Today, they are generally shipped without security features activated, and most do not use encryption and authentication.
- Address the security vulnerabilities of BGP now
- Address the security vulnerabilities of DNS now
- Quickly adopt protocols that enhance security, especially IPv6. A world of mixed IPv4 and IPv6 implementations actually increases the security threat.
- Address the physical security of our networks, especially key sites and fibers where the backbone is concentrated. Peering points and telecom hotels are vulnerable. Real redundancy, diversity and protection are needed.
- ISPs should not blindly pass off traffic to their peers. They have the responsibility to know what is in the packets and not to hand off viruses or attacks. We need technology that allows us to scan packets in real time at high speeds.
- We need a NOC system that can provide a real-time, holistic view of the entire Internet. The industry could achieve this with some government support.
- We must get over the belief that segmenting networks is a "violation of Internet religion." We need some air-gapped networks, such as for utilities, aviation, banking, etc.
- Security must be designed into systems from the beginning. It is not acceptable to rush technology to market before finding and fixing the vulnerabilities, or treating security as a difficult to use add-on.
Last month, the Bush administration announced a Draft National Strategy to secure Cyberspace. The government is currently seeking input and commentary from the industry and the general public. Clarke encouraged everyone review and comment on the plan, which can be found at:
http://www.whitehouse.gov/pcipb/
17-Oct-02
Search
this site
Search
the Web
Emergency Response and Wireless Location Systems
by Manlio Allegra
Interview: NSN's Sue Spradley on LightSquared's Wholesale Mobile Data Paradigm
by Sue Spradley
Mobile Backhaul Transition Requires New Testing
by Joe Zeto
Cybersecurity Requires Public/Private Coalition
by Greg Oslan
A Rethinking of Cloud Services and Network Architecture
by Jim Theodoras
Delivering Scalable Video Solutions <br><i> Advantages of SVC-Optimized QoS</i>
by Andy Singleton
