Posted on 08/31/2003 10:58:21 PM PDT by Timesink
he teenager accused of creating a version of the Blaster worm that infected computer systems across the world last week has been arrested. SoBig.F, an e-mail virus unleashed on the Internet just as Blaster was being stamped out, is expected to expire next week.
But all is far from quiet on the electronic frontier. Security experts are already preparing for SoBig.G. Another worm may already be squirming through newly discovered flaws in computer operating systems. And in the moments between epidemics, the Internet's more run-of-the-mill annoyances — spam, scams and spyware — can be counted on to keep users on edge.
The Internet has become a vital part of commerce and culture, but it is still a free-for-all when it comes to facing computer meltdowns. As America's 156 million Internet users brace for the next round of digital vandalism, some experts say that it is time for the government to bolster a basic sense of stability in cyberspace that societies expect from their critical public resources.
"The government has essentially relied on the voluntary efforts of industry both to make less-buggy software and make systems more resilient," says Michael A. Vatis, former director of the National Infrastructure Protection Center at the Federal Bureau of Investigation. "What we're seeing is that those voluntary efforts are insufficient, and the repercussions are vast."
Proposals for government action being discussed by policy makers and computer security experts include strengthening the Department of Homeland Security's cybersecurity division and offering tax incentives to businesses for spending on security. Another proposal would require public companies to disclose potential computer security risks in Securities and Exchange Commission filings.
Unlike the airwaves or the highways, the Internet is not subject to government oversight. And even the specter of intervention can raise hackles among business leaders and technologists who see the Internet's openness as crucial to its success as a platform for innovation.
But the increasing frequency and severity of computer virus attacks — last month's dual assault cost billions of dollars in lost productivity alone — may have muted the antiregulatory reflex.
"We need to encourage private industry and government to raise the standard of cybersecurity," said Representative Mac Thornberry, a Republican from Texas and the chairman of a House subcommittee on cybersecurity. "From my standpoint, we need to be moving more quickly on that front."
Many security experts now advocate direct regulation, in the form of legislation that makes software companies liable for damage caused by security flaws in their products.
"There's a reason this kind of thing doesn't happen with automobiles," says Bruce Schneier, chief technical officer at Counterpane Internet Security in Cupertino, Calif. "When Firestone produces a tire with a systemic flaw, they're liable. When Microsoft produces an operating system with two systemic flaws per week, they're not liable."
Most software licenses protect vendors from problems arising from vulnerabilities in their code. That leaves many computer users at the mercy of software makers, particularly Microsoft, whose ubiquitous Windows operating system and e-mail programs serve as the starting point for many demons in cyberspace.
Microsoft concedes that its software needs to be designed better, but it also points to the need for users to help ensure their own security.
"There are three major things every consumer and user of computers needs to do," Scott Charney, the security chief for Microsoft, said. "One, get antivirus software and keep it up to date. Two, get a fire wall and turn it on. And three, patch your machines."
That does not lend much comfort to many computer users.
Advocates of increased regulation say a California law that went into effect in July could serve as a model: the law requires companies conducting business in the state to disclose computer security breaches if they result in unauthorized access to residents' personal information. Customers can sue businesses that violate the new law for civil damages.
What federal officials can do now is track down those who create viruses and prosecute them under existing law. But despite the arrest on Friday of Jeffrey Lee Parson, 18, of Hopkins, Minn., who the F.B.I. thinks wrote the variation of the Blaster worm that was released on Aug. 11, critics have asserted that the Bush administration has relegated Internet security to too low a priority.
The F.B.I.'s National Information Protection Center, which investigated Internet attacks and sought to issue pre-emptive warnings, has been dismantled in an effort to consolidate antiterrorism operations under the Department of Homeland Security. The role of cybersecurity adviser has also been moved out of the White House and into the new department. But no one has been named chief of its cybersecurity division since Howard Schmidt announced his resignation in April.
"I kind of despair of the government doing anything," said Richard A. Clarke, who held the job before Mr. Schmidt and resigned in January. He warned that the nation would face a "digital Pearl Harbor" unless it took online security more seriously.
The rapidly rising level of aggravation in the face of the SoBig and Blaster attacks signals what could be a turning point for a medium that until now has been embraced as an unregulated engine of progress.
A survey released yesterday by the Pew Internet and American Life Project said that nearly 60 percent of Internet users say they favor the government's requiring American corporations — who are often reluctant to admit that their computers have been compromised — to disclose more information about their vulnerabilities. Half of those surveyed said they worried about terrorists damaging the Internet.
"It's been this nice electronic playground, but you can't help starting to wonder if maybe all this connection is not so great," said Ellen Waite-Franzen, vice president for computing and information services at Brown University. She sent teams of technical support workers into dormitory rooms to disinfect student computers after the school's network suffered a failure last week. "Now it feels like a war zone."
But some longtime Internet users worry that decisions about security, if left in private hands, may balkanize a network whose openness is precisely what has permitted it to flourish. Lawrence Lessig, a Stanford University law professor who is an expert on cyberspace, says, "There's an opportunity here for policy that would address the harms of worms and viruses and spam and invasions of privacy, without breaking the Internet."
So what problem are we trying to solve? The lawless Internet, or the dangerously vulnerable software?
Do we get to vote on it? ;-)
Whoever said the above doesn't know what he is talking about. I just installed a firewall...by myself...and if I can do it anyone can. It also works very well with my anti virus and I keep my patches up to date. No biggy.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.