Is an 'alternate Internet' the only refuge from mounting threats?

FBI Cyber Division official suggests separate, transparent domain for sensitive and critical networks

The rapid adoption of mobile computing is creating vulnerabilities and threats faster than they are being addressed, a panel of industry and government experts said on May 18.

“Mobile is hot, and it will remain hot,” said John Landwehr, Adobe Systems’ senior director of security solutions and strategy.

Landwehr said that mobile, wireless access to the Internet is likely to surpass wired access as early as the end of this year, and most of mobile devices do not have the same level of security as laptop and desktop PCs. “That is going to cause the security landscape to shift very quickly,” he said.

Those statements, made at the FCW Federal Executive Briefing on risk mitigation, were not surprising, but a solution proposed by Steven Chabinsky, deputy assistant director of the FBI’s Cyber Division, was potentially controversial. He suggested that what is needed is an alternate network architecture that provides greater visibility and less privacy.


Related stories:

Mobile computing ripe for 'catastrophic malware disaster,' report states

Cyber thieves stealing fewer records – why is that bad news?


Chabinsky said the problem today is that the Internet is using a single set of rules in which requirements for privacy and anonymity trump assurance and attribution. This is fine for protecting civil liberties but inadequate for running processes with conflicting security needs. On some systems, such as those using sensitive information or controlling physical processes in critical infrastructure, it is more important to know exactly who is on a network and to be able to see exactly what they are doing.

The concept of separating networks for greater security is not a new. For decades, Supervisory Control and Data Acquisition (SCADA) systems were protected by the fact that they were usually proprietary systems not connected with the Internet or other networks, and difficult to breach or compromise. When legacy SCADA systems began to be replaced with standards-based networking equipment connected to the enterprise network and the Internet for greater convenience, they became more vulnerable.

Chabinsky stopped short of suggesting a separate Internet or proposing a specific architecture, but said that a separate domain that would allow attribution of activities could provide a level of security that has not been attained on the Internet despite advances in government and private-sector cooperation.

One of the growing threats identified by Chabinsky is the market for expertise and logistics resources that criminal organizations are developing. This know-how now is being used primarily for theft and fraud in the pursuit of profits. But the same skills could be peddled to nation states or terrorist organizations for use in espionage, terrorism and cyberwarfare, he warned.

“Terrorist organizations are showing an interest in cyber,” he said. Although they have not yet displayed the skills needed to launch significant cyber attacks, “they are not idiots,” he said. “Don’t sell them short.”

Chabinsky also warned that a rush to cloud computing could add an additional layer of vulnerability for enterprises.

“There is no such thing as safe and secure cloud computing, because there is no such thing as safe and secure computing,” he said.

With most current cloud service contracts, the service provider assumes no liabilities and makes no guarantees about the security of the systems and data, but the customer who has responsibility for security does not have control over or visibility into the infrastructure.

Mark Belk, director of federal cybersecurity for Juniper Networks, said that the growing use of personal mobile devices in the enterprise is creating problems because such devices typically are not locked down or managed by the enterprise. To respond to this trend, security needs to be pushed down to the application and content layers, with tools to analyze behavior and identify and flag anomalous activities, he said.

 

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Thu, May 26, 2011 Dee

Is this the big Internet 2 build out that Level 3 is putting together?

Thu, May 19, 2011 Secret_Squirrel ...

I was gonna leave a good one, however I am opting to save the idea, and present it in person, when I do decide to deliver it.

Thu, May 19, 2011 JustMe US

Ironic..how on this same page is a link letting us know that 282,000 individuals information could have been compromised in the State of Mass employment dept! Yes, something needs to be done! Additionally, the thought of a SSN being the sole identifer of an individual these days really needs to be re-evaluated!

Thu, May 19, 2011 Chip Hollywood, Florida

Making 'the other, safer internet' seems like a good idea on the surface. But, to me at least, the issue is not that simple. The good guys have to get security right every single time, the bad guys only have to get it right once. It seems like a second internet is just going to push the problem down the road because how long will it take for the bad guys to figure out how to do what they do on the other side of that wall?

Thu, May 19, 2011 Captain Obvious

Our board of health insists on an air gap between fresh water supply and drain, so somebody has figured it out. But this doesn't prevent the spy with the fake Lady Gaga CD.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above