Given its increasingly integral role in business and society, the Internet’s security flaws are troubling, to say the least.
For businesses, the Internet continues to represent a tool of great potential in areas as diverse as cost-cutting, collaboration and retailing. But there’s a big, potential problem with the increasing reliance by business on the Internet. A 2005 report submitted to President Bush by the President’s Information Technology Advisory Committee described the problem bluntly: “The information technology [IT] infrastructure of the United States, which is now vital for communication, commerce and control of our physical infrastructure, is highly vulnerable to terrorist and criminal attacks.”
For a sobering assessment of the vulnerabilities of the Internet and related infrastructure, read the 2005 report Cyber Security: A Crisis of Prioritization by the President’s Information Technology Advisory Committee.
According to Tom Leighton, a professor of applied mathematics at MIT as well as co-founder and chief scientist of Akamai Technologies Inc. — a developer of techniques to handle Web interactions based in Cambridge, Massachusetts — the difficulty lies in the very design of the Internet. Leighton, who served on PITAC and chaired its subcommittee on cyber security, explained that the Internet protocols used today were in many cases built on top of the original Internet protocols developed almost 40 years ago. And the security needs of the Internet in those early days — when it was used by only a small number of trusted researchers at places like government labs and a few universities — were very different from those of today’s massive global network. “The [Internet] protocols that were developed then were developed in an environment of trust,” Leighton explained. “There were only a few people using the Internet back then, and they were very knowledgeable and very trustworthy.” Times have changed. “Now we have a situation where we have tremendous adoption and use of the Internet and the Web — with very little security,” states Leighton. This vulnerability, according to him, has implications not only for businesses but also for national security.
Leighton should know about Internet security issues. Akamai operates what is known as a “content delivery network” — in essence a worldwide, decentralized network of servers that hosts Web sites for other organizations and delivers their Web content and applications. For example, if a site using Akamai’s services receives a large spike in traffic, that traffic can be distributed throughout the network of servers so that the site’s operation is not disrupted.