In the aftermath of the Sept. 11 attacks, government officials and security experts have warned that the nations vital IT infrastructure is likely to come under assault from terrorists in the near future.
To help combat such an attack, Richard Clarke, the cyberspace security advisor, last week announced plans to build a special voice and data network–dubbed Govnet–for use strictly by the government.
The network would be private and unconnected to the public Internet, a feature that Clarke believes will keep it safe from the “risk of penetration or disruption from users of other networks.”
However, security experts say Clarkes proposal is misguided and say the network not only would be nearly impossible to build but would not solve the problems at hand either.
“I understand the approach that Clarke and the rest of the government are under, but I believe that this approach is absolutely the wrong approach,” said Randy Sandone, CEO of Argus Systems Group Inc. in Savoy, Ill., a provider of secure application environments. “[Most] of the national infrastructure is private. Banks, utilities and communications providers all make up the nations information infrastructure. This might protect government systems, but what about the rest of us?”
What Clarke is proposing is essentially a return to the pre-Internet days when the nations computer systems were a scattered mix of unconnected, incompatible private networks. Inefficient at best, such a design would negate most of the huge jumps in productivity that the Internet has brought to the worlds of government and business.
And then there is the question of whether anyone could build such a network from the ground up, to say nothing of securing it. Even if the Govnet is not connected to the public Internet, the fact remains that the majority of security breaches in government and corporate networks come from insiders with legitimate access to the network.
Sandone, for one, believes that the government would be better served concentrating its efforts on the security of the existing Internet infrastructure.
“We built this fundamentally insecure infrastructure and then started cobbling security around it,” he said. “We never had a serious look at this. The Net exploded and no one addressed the systemic problem of security.”