Former CIA Director George J. Tenet yesterday called for new security measures to guard against attacks on the United States that use the Internet, which he called "a potential Achilles' heel."I agree with George about our Internent vulnerability. I disagree that we need more "governance and control" to solve the problem.
"I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability," he told an information-technology security conference in Washington, "but ultimately the Wild West must give way to governance and control."
The way the Internet was built might be part of the problem, he said. Its open architecture allows Web surfing, but that openness makes the system vulnerable, Mr. Tenet said.What George is saying is that the Inherent Design of the internet is not compatible with infrastructure security. Duh.
Access to networks like the World Wide Web might need to be limited to those who can show they take security seriously, he said.
What we actually need is less stupidity.
What we need to do is to provide more security for our networked systems. The Internent is not the answer to infrastructure control problems. It is inherently insecure. As a controls engineer I have been arguing this point for at least five years. Well before 9/11.
Wiring up a factory to use the Internet Protocol (IP) for in factory and inter factory control is a stupid idea. Since the IP is well understood using it to destroy a facility would be rather easy. Nothing new to learn except the control settings of the individual factory or company.
Worse is controlling a factory with wireless internet. With that kind of setup you don't have any fire wall between your operations and the outside world. In fact you don't even need to know IP or wireless protocols to cause trouble. All you need is a jammer to bring a factory to its knees. And the jammer need not be on continuously. An intermittent jammer could wreak havoc with sensitive factory processes.
Some current and future aircraft designs are using IP as a communications protocol instead of a custom one. Aircraft. Stupid.
My prescription: all factory intercommunication ought to be done with custom protocols done over hard wires or better yet fiber optic cable. Control functions need to be separated from data collection. Fire walls are essential - several levels of fire wall in fact.
This does not need new Internet rules or governance. It just needs an end to stupidity.