There's no escaping the fact that the Internet is a dangerous place, rife with malware and security holes that expose individuals and businesses to millions of dollars in losses to cyber criminals every day. Making the Internet safer should be a high priority throughout the world. Moreover, it wouldn't even be all that difficult, if the right people were to gather in a room to tackle the problem.
Just how might that be accomplished? It's a question I frequently get after giving presentations on the current state of Internet malware, during which we share all sorts of frightening facts and scary statistics that leave some audience members too scared to touch their computers. Among those facts: More unique malware programs were created last year than legitimate ones; online crime would barely drop even if all software could be engineered to have zero security defects; and 91 percent of cyber crime is conducted by organized syndicates.
[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this Web Browser Security Deep Dive PDF guide. ]
I've written a white paper titled "Fixing the Internet" with ideas on how to make the Internet a safer place to compute -- but if you'd like the abridged version, it comes down to this: All it would take is a global group of security technologists from the private sector and government to agree on what values to put in a few different tables. That's it. We already have the technology and protocols to do it. We all know what we need to do. We just need to do it.
In a nutshell, the paper promotes the following ideas:
- A new Internet infrastructure must promote default identity, authentication, and attribution.
- Every computer and network packet should be assigned a trust rating, which would indicate a level of trustworthiness generally agreed upon.
- It would be all voluntary. You can join if you don't like the current state of your Internet today.
- The new, safer Internet would inter-operate with the old Internet model just fine, but all legacy traffic would be treated as highly "untrusted" (which is similar to how it is handled today).
- A new DNS-like security service would track malicious networks and compromised legitimate companies and report their reputation to any asking receivers. When the bad guys move their networks, we could all know immediately. Were a legitimate Website to be compromised, we would all know immediately -- as we would know when it was safe to visit again.