Former US Official: Invest in Secure Internet Protocols

The state of security on the Internet has become so dire that research is needed in next-generation protocols, a former senior White House official for cybersecurity said on Wednesday.

Developing those protocols would be a better use of research money than investing in the next Xbox game system, said Richard A. Clarke, who served as a special advisor to president George W. Bush on cyber issues and now teaches at Harvard University's Kennedy School for Government.

Clarke wasn't taking an intentional jab at Microsoft per se, but during a 45-minute presentation at the RSA security conference in London on Wednesday, he outlined some of major issues affecting Internet security, including the concepts of cyberwarfare, cyberespionage and the proliferation of highly effective malicious software programs such as Stuxnet.

Stuxnet, which appears intended to manipulate SCADA (supervisory control and data acquisition) systems made by Siemens, used four different zero-day vulnerabilities. Stuxnet was a "narrowly targeted" guided missile, Clarke said.

But there are plenty of other examples of sophisticated malware, many of which are designed to steal money from online bank accounts. Also, the so-called Aurora attacks, which resulted in dozens of major companies such as Google being hacked, show that there is a general failing in security software, Clarke said.

"Instead of spending more money on more antivirus, more money on IPS [intrusion protection systems], more money on firewalls....maybe we need some serious rethinking about re-architecting our networks to create redoubts, fortresses for what really are the crown jewels," Clarke said.

Forty years after the creation of the Internet, it may be time to figure out another model for securing information, Clarke said. The cost of investing in basic research into more secure protocols would pale in comparison to the cost that enterprises and governments now spend on security software.

"The cost of doing the R&D for that would be a mere fraction of the cost of what we're paying for the crap that doesn't work," Clarke said.

Send news tips and comments to jeremy_kirk@idg.com

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon