h1

Protecting our electronic infrastructure: why we need to move now

December 1, 2010

By Steve Gold, freelance business and IT journalist for over 25 years

Listening to Richard Clarke, chairman of Good Harbor Consulting, at the recent RSA Europe Conference, I began to see a striking parallel between cybercrime and real-world terrorism.

Both forms of crime attack a nation’s assets and significantly disrupt people’s daily routines. Although cybercrime and cyberterrorism  result primarily in loss of revenue and do not come close to “real-world” terrorism’s tragic loss of life, they are still a serious threat to business stability – and, therefore, national stability.

It took a visionary like Clarke, who had already counselled several US presidents on the real-world terrorist issue, to bring these parallels to the fore.

At RSA Europe, Clarke connected the dots in the minds of attendees by reminding them that the current spate of cybercrime, driven by the dastardly Zeus Trojan and its offspring, is really a déjà vu situation from previous years. The tools may change, but the main modus operandi of the cybercriminals hasn’t changed much.

Clarke reminded the audience of the financial frauds of the 1980s, when fraudsters laundered their money through “brass plate” companies with headquarters on the islands in the Pacific.  To stop those financial games, the US government passed some heavy-duty legislation that froze the assets of miscreants, as well as making it structurally impossible to carry out the money laundering processes.

Clarke says we can do the same with Internet security.

Now I have to say my first reaction was “Whoa!  Here comes the US autocracy telling everyone how the electronic world will be.”

But actually, if the US doesn’t do it, who else will? The coalition UK government? Or a gusset of European politicians?

I somehow doubt it.

Clarke says we can limit the Internet traffic in and out of renegade countries, as well as filtering that traffic.

This strategy dovetails well with Microsoft’s call to disconnect – or limit IP traffic – to and from PCs that are infected by Trojans and form part of a botnet.

That gameplan would be administered by ISPs in concert with a division of Microsoft or an international cybercrime entity, perhaps along the lines of ISPA here in the UK.

“That’s not fair,” cry the libertarians. Fair point. The proposed system has its faults, as does Clarke’s potentially dystopian solution to the electronic anarchy that is the Internet today.

But we have excellent organisations like the Electronic Frontier Foundation to act as a check and balance for our control system.

Once again, there are parallels with the real world. Sometimes the people in the position of protecting us turn out not to deserve our trust. For example, like most of us, I was appalled to hear about the death of Ian Tomlinson, a newspaper seller who was knocked to the ground by a police officer in London during last year’s G20 protests. But regardless of the outcome of the ongoing investigations, the reality is that most police officers are reasonable people who wouldn’t do this sort of thing.

That is the genus of the problems we face with the Internet. Clarke’s proposed solution –  having potentially autocratic organisations controlled by a consensus of Internet users at all levels – is, in my humble opinion, infinitely better than having business IT systems brought to their knees by an infestation of the Stuxnet virus, or a Zeus Trojan infection.

Here’s a real-life example of the pervasiveness of cybercrime. In one of my tasks for Infosecurity Magazine, I organise a series of webinars with high-ranking industry speakers presenting on a variety of interesting topics. The events are thoroughly educational and entertaining for the audience, but my goodness, they take a lot of organising. (Fortunately, they’re worth it). As I write this, I’m now getting some of my presenters having to duck and weave with their own organisation for the webinars, as crises involving their companies’ IT systems being downed by a DDOS attack, or a client’s IT platforms infected with Stuxnet, are becoming all too common.

We’ve all been there. Cybercrime may not be as headline-grabbing as good old-fashioned terrorism, but it’s everywhere. As businesses and governments become more dependent on their IT systems, it’s against this backdrop that the Internet security proposals of Richard Clarke, Microsoft and Bruce Schneier seem quite attractive, and, quite frankly, for all the right reasons.



Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: