Vint Cerf: Concerns over packets and politics

For a technologist, Vint Cerf is plenty opinionated.

In a telephone interview, Cerf -- often called "the father of the Internet" for his co-authoring of the formidable Transmission Control Protocol/Internet Protocol (TCP/IP) -- fielded questions on an array of topics, including his disdain for the current U.S. administration's handling of science and technology issues. He's one of a few IT executives of this caliber willing to attach their names publicly to a political cause.

In his current function as senior vice president of technology strategy at MCI Inc., Cerf still has his finger on the pulse of the Net. He's concerned about the rise of cyber attacks and encourages everyone to scream at developers of buggy software. He's confident that IPv6 (Internet Protocol version 6) will come soon if for no other reason than China alone could someday devour more than a third of the Net addresses currently available with IPv4. And he prefers to avoid contributing to what he calls "the current hype" over VOIP (voice over IP) because, in his opinion, this new service is just one of many available via the Internet, whereas telephony is the main service in circuit-switched public networks.

IDGNS: If you look at all the cyber attacks these days, what scares you most?

Cerf: The harder attacks are not the subtle "I'm going to break into your operating system attack" but rather the DDOS (distributed denial-of-service) attacks where somebody has already broken into 100,000 PCs sitting on totally unprotected DSL (Digital Subscriber Line) and cable modems and has all of them launch back at the target. This is really hard to defend against. We're now deploying systems that will detect these kinds of attacks and try to divert them before they get into our customers' access lines. Because when these DDOS attacks swamp access lines, then filtering at the other end doesn't help.

IDGNS: Some experts are truly concerned about cyber attacks on critical infrastructures, such as electricity and gas networks. How concerned are you about such terrorist threats?

Cerf: The purpose behind terrorism is to instill fear in people -- the fear that electrical power, for instance, will be taken away or the transportation system will be taken down. If the threat is credible, it can be used as a weapon to coerce people into doing things. So one of the most important things we can do in the industry is make sure that the threat of cyber attacks is minimized as much as possible. This understanding has driven us -- as well as our competitors and colleagues -- to build an increasing amount of robustness into our Internet implementations. Similarly the VPNs (virtual private networks) we construct for customers are increasingly resilient and redundant and resistant to various forms of attacks.

IDGNS: But attacks are still rampant, so what's missing?

Cerf: None of these things are perfect, as you can see from the long list of bugs that our friends at Microsoft (Corp.) and elsewhere pump out. Even if we go to the trouble to protect the network itself, what about the hosts? If these aren't adequately protected, they're vulnerable, and that's bad. So the monkey is on the operating system provider's back to produce much more robust and resistant operating systems.

IDGNS: And how are these companies doing on that front?