Safer Passage

Is the Internet "too open" to guarantee acceptable security for the people and businesses that use it? To some extent, it is.

Is the Internet "too open" to guarantee acceptable security for the people and businesses that use it? To some extent, it is. But lets not get confused: What must be strengthened are technologies and security practices, not the governments control or oversight over what happens online.

The week following the terrorist attacks, amid incessant replays of the World Trade Center towers collapsing, it seemed evident that U.S. security measures have been fatally lax. After all, it was our freedom-steeped country that allowed suicidal terrorists to live unsuspected among its citizens. There are parallels between those carefully plotted plane attacks and the most serious Internet threats. A distributed denial-of-service attack, for example, requires hackers to "hijack" unsecured PCs and use them as brute-force battering rams against a targeted site.

I put the question of whether the systems that run the Internet are too open for their own good to David K. Black, who heads Accentures security consulting practice.

"Is our society too open?" Black replied. "We want our computers to be able to communicate. Thats one of the gifts of our society, because its easy to collaborate and share. Thats one of the great strengths of the Internet. If you start adopting a policy to close off our access, well, its just not in the American blood."

This doesnt mean there is nothing more that should be done to protect the Internets infrastructure. Certainly, the Internet must be much better secured. Its a matter of time before some clever fiend releases a worm that triggers a worldwide chain reaction of data destruction. Every I-manager needs to be prepared for that day.

Appropriate federal laws should be put in place to punish those who commit cybercrimes. But what will not help are the more fascist ideas that have resurfaced in recent weeks, such as granting U.S. government agencies new powers over electronic surveillance or — worse — putting new restrictions on encryption technologies.

Suppose a law were passed requiring every person logging on to the Internet to obtain a government-issued digital ID so their every action could be logged. Would that improve overall security of the network? Possibly, though its not clear. But people definitely would be less inclined to use it. Never mind the cost and complexity of rolling out such a system, or that someone would surely figure out how to forge or steal someone elses identity.

The Net needs to stay free from excessive government intrusion, and it must continue to be open so that its fundamental components are interoperable. The interests of everyone, including governments, rest on the Internet becoming more secure in that context.