The Problem with Waiting for Catastrophes

摘要

A few months ago, in a conversation about cybersecurity I was moderating at MIT's CIO Symposium, Erik Brynjolfsson, the director of MIT's Center for Digital Business, listed the complicated and controversial things that he felt would be necessary to make the Internet secure. He concluded by saying we might need to build a second, secure Internet, because the existing public network was not designed to be our global network for communications and commerce. This sort of talk is not unusual. Beginning on page 46 of this issue, David Talbot describes a "perfect scam" in which Web users are shown bogus warnings that announce 'Your Computer Is Infected!" and are then urged to buy fake antivirus software that provides no protection and sometimes conscripts the user's computer into a botnet controlled by malefactors. It's a billion-dollar criminal industry, and it's aided by the insecurity of basic parts of the overall networking infrastructure. Talbot has argued for years that we might need a new architecture that apportions security roles to various elements in the system (see "The Internet Is Broken,"December 2005/January 2006).