Protecting Internet Infrastructure Michael M Roberts mmr darwin ptvy ca us MS E 237 July 11 2002 Stanford University Changed Internet Security Environment Terrorist threat Terrorist employment of advanced technology Public expectation demand for govt response Recognition within net community before 9 11 that security tools and deployment are not adequate Dimensions of Internet Security Problem Network Size 750 Million Clients Growing Diversity of Physical Facilities Locales Vulnerability of Open Architecture Complexity of Users Uses Mastery of Security Technology Zero to Management Will Capacity to Allocate Resources Security Action Framework Make IT Security higher and more visible priority Do better job with existing security tools incl policies Design develop deploy better security for future Raise level of collaboration among Govt Industry Education Train human resources for security jobs Security Policy Issues Balancing individual vs organizational responsibility and accountability What level of security breach damage is tolerable Sanctions for security misbehavior Civil liberties vs law enforcement e g Patriot Act and client scanning for holes Entitlement to due process Security Implementation Issues Managing large number of players and creating consistent set of expectations Obtaining resources for security when risk is always relative success nothing happens Preventing quick technical solutions that have adverse long term impact on net Fending off federal demands for command control accountability Monitoring reporting getting credit for improved security