Upload
arnav
View
33
Download
0
Embed Size (px)
DESCRIPTION
Protecting Internet Infrastructure Michael M. Roberts [ [email protected] ] MS&E 237 July 11, 2002 Stanford University. Changed Internet Security Environment. •Terrorist threat Terrorist employment of advanced technology Public expectation/demand for govt response - PowerPoint PPT Presentation
Citation preview
Protecting Internet Infrastructure
Michael M. Roberts
MS&E 237July 11, 2002
Stanford University
Changed Internet Security EnvironmentChanged Internet Security Environment
• Terrorist threat
• Terrorist employment of advanced technology
• Public expectation/demand for govt response
• Recognition within net community before 9/11
that security tools and deployment are not adequate
Dimensions of Internet Security ProblemDimensions of Internet Security Problem
• Network Size - 750 Million Clients & GrowingNetwork Size - 750 Million Clients & Growing
• Diversity of Physical Facilities/LocalesDiversity of Physical Facilities/Locales
• Vulnerability of Open ArchitectureVulnerability of Open Architecture
• ComplexityComplexity of Users/Usesof Users/Uses
• Mastery of Security Technology = Zero to ? %Mastery of Security Technology = Zero to ? %
• Management Will/Capacity to Allocate Resources ?Management Will/Capacity to Allocate Resources ?
Security Action FrameworkSecurity Action Framework
• Make IT Security higher and more visible priority
• Do better job with existing security tools incl policies
• Design, develop & deploy better security for future
• Raise level of collaboration among Govt/Industry/Education
• Train human resources for security jobs
Security Policy IssuesSecurity Policy Issues
• Balancing individual vs organizational responsibilityand accountability
• What level of security breach/damage is tolerable?
• Sanctions for security “misbehavior”
• Civil liberties vs law enforcement, e.g. ‘Patriot’ Actand client scanning for holes
• Entitlement to due process
Security Implementation IssuesSecurity Implementation Issues
• Managing large number of players and creating consistent set of expectations
• Obtaining resources for security when risk is always relative (success=nothing happens!)
• Preventing quick technical solutions that haveadverse long term impact on net
• Fending off federal demands for command &control accountability
• Monitoring/reporting/getting credit for improved security