balamm
11-21-2003, 07:08 PM
This is a long read but it is interesting. At least check out the red sections.
Marcus Sachs
Marcus Sachs was the Director of Communications Infrastructure Protection in the
White House under Richard Clarke and a staff member of the President's Critical
Infrastructure Protection Board. Marc played a key role as the lead government technical
person responding to several major attacks and vulnerabilities from Code Red to sendmail
to Blaster. He recently returned to SANS where he will translate the lessons he learned in
the Army, the White House, and the Department of Homeland Security, into improvements
and expansions of SANS courses. At CDI, Marc will help present the 2003 SANS/FBI Top
20 Internet Security Vulnerabilities.
A couple of months ago, Marc was visiting Australia when The Australian's journalists
caught up with him and asked about implementation of the US National Strategy to Secure
Cyberspace. Here are excerpts from that interview.
You say the Internet was created on open
protocols to connect universities and govern-
ments, but it was not designed to protect infor-
mation from malicious users. Today the Internet
connects everybody everywhere - how do we
begin to get international agreement over
securing such a structure?
I don't think any of us, in the history of
humankind, have ever seen anything like this,
other than perhaps the law of the sea where we
agreed aeons ago to an international law for
merchant shipping and such.
I don't know of any other phenomenon, or
technology, or cultural change as big as this,
and we've only created it in the past 10 years.
Look how far we've come in less than half a
generation.
It is a huge challenge, but we built the
Internet, so we ought to be able to defend it.
How will the Department of Homeland Security
and other US agencies address the problem,
given the enormous diversity of people linked to
the network?
We are conscious there are other people out
there - that the US doesn't own the Internet. We
have a big problem at home, of course, with
homeland security, so that has to be our
number-one focus.
But we can never forget that it's a global
network and a global culture.
So, at the same time we're pushing the
domestic agenda, we push the international
agenda - but not on the world stage. We push
the international agenda at home, so that others
recognize this is not just a US issue; this also
affects Mexico and Canada because they're
directly connected to us, and then people on
other continents that are connected to us by
undersea cables or satellites.
We also host thousands of servers that
belong to other nations - entire countries have
their online presence electrically in the US.
So we are stewards, essentially, of those
countries' presence in cyberspace, their
commerce -- they depend on us.
US authorities haven't even been able to curb all
the spam that originates in the US.
Yes, and the spam that comes from small
Pacific islands or Caribbean islands or African
countries.
Most of it comes from the States.
Unfortunately, a lot of it now has moved
offshore into smaller countries with high-speed
connections. It may say dot.com and may say it's
registered in the US, but electrically it sits
someplace else -- again, they are also trying to
get out of Europe.
So even spammers are trying to go for a low-
cost, offshore option.
That's exactly right. It's no different from
banks or gamblers who go outside territorial
waters.
So where do we start if we are going to make
the Internet more secure?
Initially we're pushing for accountability.
Many people want to be anonymous on the
Internet as individuals, and that's fine. There's
nothing wrong with that - you can maintain
your anonymity.
But your computer -- the actual device
connected to the network -- needs to be
accountable. We need to know where that
address is, so that if a piece of silicon and
copper starts misbehaving we can mark it as
unsafe and quickly take it off the network.
As a human being, you can still be
anonymous. It's just the electrons -- the piece
of hardware -- that we need to identify.
That's where there's a new protocol coming,
called IPv6, that will enable us to positively
identify all the machines that are out there.
That would open up a brand-new world of
connectivity.
Yes, it does. If you can uniquely identify
every device on the network, you can start doing
many new things.
There's a remarkable experiment going on
in Japan, for example, where they have
connected little sensors to the windshield wipers
on taxi cabs and set up a wireless network
throughout Tokyo. They know that wherever
the wipers are running, it's raining. That
provides a far more accurate rain map than any
radar system could provide.
You can't do that with existing networks, but
you can with IPv6. Now, if a set of wipers started
misbehaving, I could take it off the network - to
save the network -- because I can account for
that device.
That would include every PDA or mobile phone?
Everything. Everything will be uniquely
addressed -- your refrigerator, your microwave
oven, your wristwatch, anything that can be
connected to the network.
So by having an accountable network, we
can then start realizing some of the security we
want, because we know where every little piece is.
Again, that's separate from the humans that
are on the network, where we want to maintain
some privacy.
You've flagged a need for new routing and
naming mechanisms to deliver truly dependable
network services.
Routing protocols today are already
reaching their limits. They were not designed
for a network as big as the Internet; they were
designed for smaller networks. If we go to even
larger networks, we need to have new types of
routing protocols, and we need new naming
protocols -- ones that are much more adaptive
to rapidly changing networks.
I'm looking at the networks of the future
because, remember, we're only 10 years into the
web -- what the general public understands as
the Internet.
There were 20 years of development before
that, of course, that most people aren't aware of,
but we're still only talking 30 years. We're
building networks that may last for the next 1000
years or more.
Now, are we going to do that with today's
protocols, and who is going to come up with
new ones?
For example, do we want spam e-mail to go
away? Probably. When we come back 100 years
from now, do we think spam will still be a
problem? At some point, hopefully, we will have
taken care of spam. But when is that point - is it
next year, is it 10 years from now?
We're arguing that this generation -- us --
we're the ones who are responsible for building
the networks that everybody else will have to
live with, pretty much forever. It's much like the
Romans building their roads in Europe.
In every country, the width of today's roads is
largely based on the original Roman roads, and
the original Roman war chariots. Those
standards are still around.
Assuming we don't blow the planet up,
standards being established today may still be in
communications and information networks in
1000 or 2000 years from now.
also,
You also talk about trusted software, and
resilient services that don't fail.
Trusted or trustworthy software refers to
software that actually does what it is supposed to
do. If I have graphics software like PowerPoint,
all it really does is graphics - it has nothing else
built into it.
A classic example years ago was Microsoft's
Excel spreadsheet. One version had a flight
simulator built into it - you went to a certain
cell, pushed keys in the right order, the screen
would change and you would get flight
simulator.
That's not trustworthy software, because I
paid for a spreadsheet. I didn't pay for a flight
simulator. How do we know what else is in
commercially available software? We need to
have software engineers and companies thinking
in terms of writing code that only does what it's
supposed to do, and not adding things that
people may not know about.
Well, maybe that's something for legislators to
address?
No, why does that need a legal response?
It's a question of ethics, a cultural change that
says software writers need to create software that
does what it is supposed to do, versus software
that has unknown built-in features.
But surely there's a commercial impetus for a
company such as Microsoft to cultivate its
interests in various ways, including extra
features?
Part of this is also about consumer
awareness, in the sense that you have a choice
in what you buy. Microsoft is very dominant,
but you don't have to buy its products - there's
competition out there.
We recently saw an example of consumer power
in relation to the planned introduction of radio
frequency ID tags. There was a huge backlash
over the potential for monitoring.
Sure, if a store wants to tag a box of corn
chips that's okay -- until I buy it. When I've
paid, the tag needs to be erased. Nobody needs
to know that bag of corn chips is in my car and
where I go when I leave the store.
What about when a smartchip is embedded in
clothing?
The technology makes it possible to embed
a smart chip, which the maker can use to track
the garment from the warehouse to the store.
But if the tag is not turned off when you walk
out of the store, it can be used to track you. So
the tag needs to be killed at the point of
purchase.
You think consumer pressure will achieve that?
Absolutely. Consumers have a lot of control
if they work together.
Are you talking about measures like encryption,
public key infrastructure?
People have been trying to figure out how to
set up cryptographic exchanges so information
can be transferred in a secure manner -- as an
encrypted message that only you can open. But
how do we exchange the keys? How do I give
you the key to unlock the file I'm going to send
without somebody in between intercepting
that key?
This is a huge challenge, and there are a lot
of solutions out there but none of them really
scale to the entire Internet.
That's the challenge.
How do we get something that scales to the
entire planet and, ultimately, into the solar
system? Well, there's no stopping it, right? We
can just keep going and going.
Marcus Sachs
Marcus Sachs was the Director of Communications Infrastructure Protection in the
White House under Richard Clarke and a staff member of the President's Critical
Infrastructure Protection Board. Marc played a key role as the lead government technical
person responding to several major attacks and vulnerabilities from Code Red to sendmail
to Blaster. He recently returned to SANS where he will translate the lessons he learned in
the Army, the White House, and the Department of Homeland Security, into improvements
and expansions of SANS courses. At CDI, Marc will help present the 2003 SANS/FBI Top
20 Internet Security Vulnerabilities.
A couple of months ago, Marc was visiting Australia when The Australian's journalists
caught up with him and asked about implementation of the US National Strategy to Secure
Cyberspace. Here are excerpts from that interview.
You say the Internet was created on open
protocols to connect universities and govern-
ments, but it was not designed to protect infor-
mation from malicious users. Today the Internet
connects everybody everywhere - how do we
begin to get international agreement over
securing such a structure?
I don't think any of us, in the history of
humankind, have ever seen anything like this,
other than perhaps the law of the sea where we
agreed aeons ago to an international law for
merchant shipping and such.
I don't know of any other phenomenon, or
technology, or cultural change as big as this,
and we've only created it in the past 10 years.
Look how far we've come in less than half a
generation.
It is a huge challenge, but we built the
Internet, so we ought to be able to defend it.
How will the Department of Homeland Security
and other US agencies address the problem,
given the enormous diversity of people linked to
the network?
We are conscious there are other people out
there - that the US doesn't own the Internet. We
have a big problem at home, of course, with
homeland security, so that has to be our
number-one focus.
But we can never forget that it's a global
network and a global culture.
So, at the same time we're pushing the
domestic agenda, we push the international
agenda - but not on the world stage. We push
the international agenda at home, so that others
recognize this is not just a US issue; this also
affects Mexico and Canada because they're
directly connected to us, and then people on
other continents that are connected to us by
undersea cables or satellites.
We also host thousands of servers that
belong to other nations - entire countries have
their online presence electrically in the US.
So we are stewards, essentially, of those
countries' presence in cyberspace, their
commerce -- they depend on us.
US authorities haven't even been able to curb all
the spam that originates in the US.
Yes, and the spam that comes from small
Pacific islands or Caribbean islands or African
countries.
Most of it comes from the States.
Unfortunately, a lot of it now has moved
offshore into smaller countries with high-speed
connections. It may say dot.com and may say it's
registered in the US, but electrically it sits
someplace else -- again, they are also trying to
get out of Europe.
So even spammers are trying to go for a low-
cost, offshore option.
That's exactly right. It's no different from
banks or gamblers who go outside territorial
waters.
So where do we start if we are going to make
the Internet more secure?
Initially we're pushing for accountability.
Many people want to be anonymous on the
Internet as individuals, and that's fine. There's
nothing wrong with that - you can maintain
your anonymity.
But your computer -- the actual device
connected to the network -- needs to be
accountable. We need to know where that
address is, so that if a piece of silicon and
copper starts misbehaving we can mark it as
unsafe and quickly take it off the network.
As a human being, you can still be
anonymous. It's just the electrons -- the piece
of hardware -- that we need to identify.
That's where there's a new protocol coming,
called IPv6, that will enable us to positively
identify all the machines that are out there.
That would open up a brand-new world of
connectivity.
Yes, it does. If you can uniquely identify
every device on the network, you can start doing
many new things.
There's a remarkable experiment going on
in Japan, for example, where they have
connected little sensors to the windshield wipers
on taxi cabs and set up a wireless network
throughout Tokyo. They know that wherever
the wipers are running, it's raining. That
provides a far more accurate rain map than any
radar system could provide.
You can't do that with existing networks, but
you can with IPv6. Now, if a set of wipers started
misbehaving, I could take it off the network - to
save the network -- because I can account for
that device.
That would include every PDA or mobile phone?
Everything. Everything will be uniquely
addressed -- your refrigerator, your microwave
oven, your wristwatch, anything that can be
connected to the network.
So by having an accountable network, we
can then start realizing some of the security we
want, because we know where every little piece is.
Again, that's separate from the humans that
are on the network, where we want to maintain
some privacy.
You've flagged a need for new routing and
naming mechanisms to deliver truly dependable
network services.
Routing protocols today are already
reaching their limits. They were not designed
for a network as big as the Internet; they were
designed for smaller networks. If we go to even
larger networks, we need to have new types of
routing protocols, and we need new naming
protocols -- ones that are much more adaptive
to rapidly changing networks.
I'm looking at the networks of the future
because, remember, we're only 10 years into the
web -- what the general public understands as
the Internet.
There were 20 years of development before
that, of course, that most people aren't aware of,
but we're still only talking 30 years. We're
building networks that may last for the next 1000
years or more.
Now, are we going to do that with today's
protocols, and who is going to come up with
new ones?
For example, do we want spam e-mail to go
away? Probably. When we come back 100 years
from now, do we think spam will still be a
problem? At some point, hopefully, we will have
taken care of spam. But when is that point - is it
next year, is it 10 years from now?
We're arguing that this generation -- us --
we're the ones who are responsible for building
the networks that everybody else will have to
live with, pretty much forever. It's much like the
Romans building their roads in Europe.
In every country, the width of today's roads is
largely based on the original Roman roads, and
the original Roman war chariots. Those
standards are still around.
Assuming we don't blow the planet up,
standards being established today may still be in
communications and information networks in
1000 or 2000 years from now.
also,
You also talk about trusted software, and
resilient services that don't fail.
Trusted or trustworthy software refers to
software that actually does what it is supposed to
do. If I have graphics software like PowerPoint,
all it really does is graphics - it has nothing else
built into it.
A classic example years ago was Microsoft's
Excel spreadsheet. One version had a flight
simulator built into it - you went to a certain
cell, pushed keys in the right order, the screen
would change and you would get flight
simulator.
That's not trustworthy software, because I
paid for a spreadsheet. I didn't pay for a flight
simulator. How do we know what else is in
commercially available software? We need to
have software engineers and companies thinking
in terms of writing code that only does what it's
supposed to do, and not adding things that
people may not know about.
Well, maybe that's something for legislators to
address?
No, why does that need a legal response?
It's a question of ethics, a cultural change that
says software writers need to create software that
does what it is supposed to do, versus software
that has unknown built-in features.
But surely there's a commercial impetus for a
company such as Microsoft to cultivate its
interests in various ways, including extra
features?
Part of this is also about consumer
awareness, in the sense that you have a choice
in what you buy. Microsoft is very dominant,
but you don't have to buy its products - there's
competition out there.
We recently saw an example of consumer power
in relation to the planned introduction of radio
frequency ID tags. There was a huge backlash
over the potential for monitoring.
Sure, if a store wants to tag a box of corn
chips that's okay -- until I buy it. When I've
paid, the tag needs to be erased. Nobody needs
to know that bag of corn chips is in my car and
where I go when I leave the store.
What about when a smartchip is embedded in
clothing?
The technology makes it possible to embed
a smart chip, which the maker can use to track
the garment from the warehouse to the store.
But if the tag is not turned off when you walk
out of the store, it can be used to track you. So
the tag needs to be killed at the point of
purchase.
You think consumer pressure will achieve that?
Absolutely. Consumers have a lot of control
if they work together.
Are you talking about measures like encryption,
public key infrastructure?
People have been trying to figure out how to
set up cryptographic exchanges so information
can be transferred in a secure manner -- as an
encrypted message that only you can open. But
how do we exchange the keys? How do I give
you the key to unlock the file I'm going to send
without somebody in between intercepting
that key?
This is a huge challenge, and there are a lot
of solutions out there but none of them really
scale to the entire Internet.
That's the challenge.
How do we get something that scales to the
entire planet and, ultimately, into the solar
system? Well, there's no stopping it, right? We
can just keep going and going.