April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
FBI official says alternative Internet needed to defend critical networks
FBI's Shawn Henry
Critical infrastructure networks will always be vulnerable to electronic attacks as Cyber criminals get more and more adept at their craft, said a top FBI official, so the protectors of those networks need a new way to ferret out those threats.
A separate more secure Internet, of sorts, may be the answer to the relentless and more increasingly sophisticated electronic assault of criminals and governments around the world, said Shaw Henry, executive assistant director at the FBI in a speech at an Information Systems Security Association conference in Baltimore on Oct. 20.
“We can’t tech our way out of the cyberthreat,” Henry said. “The challenge with the Internet is you don’t know who’s launching the attack.” Understanding exactly who is on the network, what they did and when they did it, said Henry, is a key to securing those networks. A network where electronic signatures strip away the regular Internet’s cloak of anonymity and where only trusted employees can enter, could put a significant crimp in criminal activities aimed at critical networks, like those controlling power plants and financial systems.
Henry told Government Security News in an interview after his speech that the term “separate Internet” is a bit misleading. He said he’s not advocating a separate physical network but for more identity confirmation and attribution, involving exchange of electronic signatures and other techniques that reveal who’s doing what and where on a network. He is proposing an alternative architecture that would run alongside the existing Internet infrastructure , only using slightly different mechanics. He likened the more secure Internet to the different nozzles used at service stations for gasoline and diesel fuels, saying the infrastructure to support is the same, but the interface’s aren’t.
The need for more authentication and verification, he said, was due in part to the exponential increases in mobile devices and ever-more complex routing capabilities. “With the old wired telephone system, you knew where a call came from” and roughly who made the call. In today’s world of Internet Protocol-based telephone routing, proxy servers and other technologies, the ability to physically locate a person that accessed is extremely difficult.