Internet security faces chronic problems

ARLINGTON, Va., Jan. 5 (UPI) -- U.S. network software and procedures must be continually updated to eliminate weaknesses, and tested to assure gaps have been successfully closed.

Also, there must be a mechanism among network administrators across the United States for sharing information about threats that provides timely and useful warnings of danger.

Finally, defensive measures carried out by the U.S. government and its relevant agencies must be sensitive to the missions of users, so that they do not impair network functionality in the process of providing protections.

The respected SANS Institute uses a six-step framework for explaining how cyber incidents should be addressed that begins with being prepared, and then proceeds through identification of danger, containment of the threat, eradication of the threat, system recovery and follow-up.

Each of these steps may entail dozens of discrete actions aimed at detecting, characterizing, isolating and suppressing the danger, and then restoring the network to its beginning state.

Experts typically stress the importance of being prepared before an attack occurs, and conducting postmortems to derive useful lessons about how dangers can be minimized in the future. Military experts also emphasize the importance of developing offensive cyber capabilities as a way of deterring or countering attacks.

While the generic measures necessary to cope with cyber aggression are easy enough to identify, applying them to specific threats and mission areas can be devilishly difficult. Efforts to do so have revealed a number of chronic problems that policymakers eventually must address.

First, vital national networks are so balkanized among military, civil and commercial operators that it is difficult to enforce any particular standard with regard to cyber defense.

Second, the inability to trace attacks made over the Internet to their point of origin severely hampers efforts to deter or punish predators.

Third, network administrators seldom have the sort of enterprise-wide view of their information assets needed to fashion a durable and complete security regime.

Fourth, government by its nature is not well equipped to keep up with such a fluid and multifaceted challenge.

The U.S. federal government acquired most of its information networks on a piecemeal basis, without much thought as to how the parts one day might fit together or how enemies might try to exploit them.

The U.S. government's recent efforts to organize for cyber defense have been hampered by the fragmented character of federal information systems. This problem is compounded by the fact that many networks vital to the economy are in the private sector, and the legal authorities for implementing security measures there are incomplete at best.

--

(In Part 7: The role of the National Security Agency in securing U.S. national cyber and Internet security)

--

(Loren B. Thompson is chief executive officer of the Lexington Institute, an Arlington, Va.-based think tank that supports democracy and the free market.)

--

(United Press International's "Outside View" commentaries are written by outside contributors who specialize in a variety of important issues. The views expressed do not necessarily reflect those of United Press International. In the interests of creating an open forum, original submissions are invited.)