The Web: Indispensable but not impervious

By GENE J. KOPROWSKI, UPI Technology News

This is the first in a series of UPI articles examining the current state and future prospects of the global communications and data network known as the Internet.



CHICAGO (UPI) -- From the New York City blackout, to Hurricane Isabel, to coordinated hacker attacks, the World Wide Web endured an array of extreme challenges during the last year. Still, the Internet, conceived in the late 1960s by the Pentagon as a communications link for key government policy players in the event of nuclear war, remains vulnerable to attack by cyber-terrorists and cannot be considered completely reliable by users for e-business or e-mail.

"The Internet is a complex animal," Paul Leroux, chief technology officer of Gomez, Inc., of Waltham, Mass., a leading consultancy, told United Press International. "It is a system of distributed computers, working to provide services to PCs all over the world. There are too many steps in the process for it to be 100-percent reliable."


That complexity also is a virtue, however, as far as technology experts are concerned.

"You can have terrorist attacks and terrorist attacks, within a region," Arun Srinivasan, chief operating officer of BroadSpire Inc., of Mission Hills, Calif., a managed hosting provider for Paramount Pictures and others, told UPI. "But you can route around those particular cities, or locales."

Growth of the Internet remains robust, and about 81 percent of U.S. households are expected to be online by 2007, according to Jupiter Research of New York City, an Internet consultancy.

However, increased usage brings increased threats, as foreign governments use the 'Net to conduct espionage against American firms, common criminals cyber-stalk individuals with home PCs, and sociopathic hackers seek to take down segments for kicks with viruses and worms.

To combat these threats and protect the Internet's organization, companies are developing risk-management strategies for their online assets. Sometime in the near future, individual users may have to do so, too.

"There are different tiers of threats online, which are characterized by different motives, and different ways of operating," Ronald L. Dick, former assistant deputy director for counter-terrorism at the FBI, and now with Computer Sciences Corp., in Washington, D.C., told UPI.


Dick is working with the Department of Homeland Security to protect the nation's information infrastructure, and the challenge is daunting.

"With state sponsored espionage, you don't have to physically go to countries anymore with James Bond-type spies," said Dick. "You can intrude into their computer systems in the R&D department."

A key problem with detecting such activities is online spies "don't want to advertise that they are there," Dick explained, "and with electronic documents being copied, you never know they are gone."

A lot of the spying occurs in high-tech industries, such as pharmaceutical development, where billions of dollars are spent to create new products. "If someone can steal some of the R&D, they will have a competitive advantage," Dick said. He added it is impossible to manage every threat faced by a company's -- or a government's -- computer systems that is connected to the Internet.

"It is not about threats and vulnerabilities," said Dick. "It is about risk management. There are only so many dollars available to a government, or to a company. You can't protect everything. The question you have to ask yourself is, what are my key risks? Thereafter, you prioritize. You devote limited security dollars to what is most important to you."


There is no avoiding the fact that the Internet's overall reliability is related to its security, experts say. One factor rendering Internet transactions less than 100-percent reliable is not hacking -- it is technological incompatibility-- for example, home users dialing up with a slow modem to a cinema chain or a retailer's Web site, which is handling other transactions at the same time.

Leroux said the state of Internet technology is roughly equal to that of the "third or fourth generation of telephones" today. For most static applications, such as Web surfing, the Internet is 99-percent reliable, he said.

"But when someone is completing a transaction online, we see the reliability fall off," he continued. "It depends on the complexity of the transaction. (Many) online transactions are aimed at reducing costs and generating revenue, and for these transactions, with higher complexity, the reliability is in the low 90s to high 90s."

Gomez provides a service to its corporate customers roughly akin to the "mystery shoppers" who visit retailers to gage the level of online customer service, Leroux said. Using computer agents, the company logs into online services, at appointed times to determine how fast the service was, how reliable it was and if all the data requested could be retrieved.


"Telephone companies can offer the five nines -- 99.999 percent reliability," said Leroux. "But information services can't reach that level."

However, as companies and the government get better at protecting their sites and making them more reliable, hackers are likely to target home-based users as a means of penetrating secure networks, Srinivasan said.

"Now that the 'Net is a big part of everyone's life -- someone may infiltrate your life through your home network, through networked appliances like the microwave or the refrigerator," he said.

The Internet always will retain an "inherent vulnerability," Ted Julian, chief strategist and co-founder of Arbor Networks in Lexington, Mass., told UPI.

"This has nothing to do with how well the networks are operated. It has to do with the protocols that the 'Net is built upon -- which encourage the cooperative exchange of information. Because of that, it is easy to launch denial of service (DOS) attacks," said Julian, whose company emerged from a Pentagon Internet security research project a few years ago.

Simply put, a hacker easily can trick a computer into thinking it is receiving a request for information -- when the requestor actually might be a worm or a virus, designed to overwhelm the network with simulated requests.


"The Internet is a public network," Steven Gill, leader of the technical security group at SunGard Availability Services of Wayne, Pa., a computer consultancy, told UPI. "You have to deal with the public."

Latest Headlines


Follow Us