The Internet has withstood major assaults to bring the system crashing down, but each new cyberattack raises the spectre of a doomsday scenario. What if terrorists launched a physical attack in combination with a major cybersalvo aimed at bringing the Internet to its knees? Because of the increasing overlap between the various energy, electrical and communications grids, the potential risk is no longer theoretical.
It's a major concern for VeriSign chief executive Stratton Sclavos, whose company is the leading provider of domain name registrations. VeriSign processes more than 14 billion daily queries, on average, in its operation of the .com and .net infrastructure. The company's new ATLAS system -- short for Advanced Transaction Lookup and Signaling System -- is designed to accept more than 100bn queries per day and 25,000 updates per second.
Sclavos recently sat down with a group of reporters and editors from ZDNet UK sister site CNET News.com to discuss the state of cybersecurity, the future of the Internet Corporation for Assigned Names and Numbers (ICANN), and directions for his company in 2005.
Q: Earlier this year, Amit Yoran resigned. That makes the third online-security czar to leave the federal government within the last two years. Are you frustrated with the government's inability to get on top of cybersecurity?
A: I think I come at it with one foot in both camps. Raising the visibility of cyber within the Department of Homeland Security and the government -- and US society at large -- I think it's very, very important. But I don't think it's a single step of appointing an assistant secretary. We also have to start with education, right in the schools. I think we need to get the school systems involved, teaching the kids what responsible surfing is all about.
I sit on the Telecommunications Advisory Committee, and it's just in the last year that we finally got to talking about next-generation networks and the impact of the threats to cybersecurity versus talking about physical telecom networks. So it's a slowly moving issue -- for both government, as well as the telecom industry... That being said, after 11 September it would have been hard to argue that getting the physical job done right shouldn't be a higher priority than cybersecurity.
Where do you think we are in terms of IPv6 adoption in the US and what are the implications for security?
It's a technology, so what's probably more relevant is how to deploy it as opposed to whether it's enabling more security or less security. It kind of dovetails with the [Department of Homeland Security] situation. Our opinion is that a concerted cyberattack is going to be coupled with a physical attack.
What you're actually looking at is some blended attack which uses the networks either to bring down the information-sharing capability of law enforcement or of first responders because it is attached to some physical utility. Any area then can be preyed upon by a physical attack.
So when you talk about IPv6, what could that do to help prevent things? Well, if everything had a unique address, you're probably capable of tracking and tracing things much more quickly. Forensic analyses of where attacks are coming from can happen in a fraction of a second versus having to figure out network address translation buffers and shared IP addresses and revolving IP addresses. I think IPv6 gives you a footprint for figuring out how to track every point on the network and thereby develop the tools to be much more secure.
