How to prevent the Internet from failing

Thursday - 2/10/2011, 3:26pm EST

Jeffrey Hunker, author, Creeping Failure

Click to hear the interview.

Download mp3

The Internet we have today was never built for the security threats that we now face - spam, phishing, hacking and even the prospect of cyber war. As agencies are encouraged to leverage technology to become more productive and cost-efficient, how can these reforms happen while maintaining security and reliability?

Jeffrey Hunker, who served on the Clinton administration's national security council leading cybersecurity efforts, says U.S. policy has failed so far in addressing the growing security risks online. Hunker is the author of Creeping Failure: How We Broke the Internet and What We Can Do To Fix It.

Hunker said the United States is very good at handling crises. However, the nation has not faced an Internet crisis yet.

"We haven't had the cyber Pearl Harbor. We haven't had the complete network breakdown," Hunker said in an interview with the DorobekINSIDER. "What instead has happened year after year, we have an ever increasing and ever more sophisticated cyber underworld."

Hunker compares today's Internet to Charles Dickens' London of the 1840s - The city then was vast, driven by new technologies and rich with commercial and social opportunities, he said. At the same time, London was filled with crime and had no effective law enforcement or government.

"That's all what today's Internet is like," Hunker said.

What happened in London in the mid-19th century - and what must happen now with the "cyber city" of the Internet - is to create the physical, technological and institutional changes to meet modern challenges, Hunker argues.

"How long are we going to continue with trying to patch more vulnerabilities built on top of a network that was never designed in the first place to be secure?" Hunker asked. "If there's ever a recipe for for ultimate frustration and eventual failure, I can't think of a better description."

The new Internet

Hunker said he envisions a high-security, high-reliability network that works "in parallel" with the Internet but will not replace it.

He proposes that the United States lead an international effort among defense communities - probably through NATO or through partnerships with Canada, the United Kingdom, Australia and other western nations - to build a small-scale network. As with the Internet decades ago, the network will gradually open up to other users, probably first to other parts of the government and critical infrastructure, and then to universities and the public, Hunker said.

The transition would not require new infrastructure and the cost would be "fairly limited," Hunker said.

"We're not talking about ripping cables out of the ground," he said. "We're talking about migrating to a new set of software protocols."

He added that a transition like this would probably occur over five to seven years, a time frame that coincides with the replacement cycle of software and most hardware components.

Y2K offers model

The government's preparations for the year 2000 switch-over produced public-private partnerships that encouraged the private sector to pay attention to the Y2K issue. For example, the Securities Exchange Commission told public companies to report their Y2K activities to their investors.

"That was a tremendous incentive, a signal to the private sector to say this was an important issue," Hunker said.

The government also set up an operation center with representatives of the private sector to work with federal and state governments.

This combination of incentives and institutional infrastructure could be a model now, Hunker said.

"Right now we don't have any structure or any incentives or any way of actually knowing how much cyber crime exists or take place," Hunker said. "We know more about liquor store robberies than we know about cyber crime."

To start, the government could require businesses to report cyber incidents to law enforcement, Hunker said. Without data, the government has no way to address the problem, he said.

The United States must also define quality standards for software producers to ensure their products have fewer defects.

"Because we do know how to make better software than what's being produced now," Hunker said.

To fix the Internet, the private sector has top take on more responsibility than it has in the past, Hunker said.

"So far this has been entirely voluntary on the part of the private sector. Unfortunately, and this is politically unpalatable to many, the evidence of the last 10 years suggests this voluntary public-private partnership has not worked," he said.

Chris Dorobek will interview Hunker on Feb. 16 at the free seminar Enterprise Strategies for Efficient Government Operations, presented by Federal Computer Week, Dell and Intel.