Month: November 2010

Time to upgrade internet protocols

In a post-9/11 world, the security of internet protocols remains critically overlooked. A 328-page U.S. report unveils the alarming threats from rogue nations, with incidents like China Telecom’s misrouted traffic and Google’s breach by Chinese hackers spotlighting the vulnerabilities. It’s high time for a fundamental overhaul, starting with the widespread adoption of HTTPS and a reevaluation of DNS and routing protocols. This piece explores the urgent need for preemptive security measures to protect not just digital infrastructure but our global security at large.

The world has changed since 9/11 but why should the internet remain the same? Apparently I’m not talking about the development of internet technologies that have grown in leaps albeit the buzz word Web 2.0 is on its way out. I am taking about the basic internet protocols.

A 328-page report was recently released in the US about threats posed by rogue nations to security of the internet. The report said last year China Telecom broadcasted a bad BGP (Border Gateway Protocol) and routed a large portion of internet traffics through its opaque network for about 18 minutes (US military and government traffic were affected). Coming to mind was also the recent infiltration of Google by Chinese hackers.

After 9/11, the concept of preemptive security took a firm root in everyone’s mind. Also, there is now a greater sense of security awareness on personal computers but what have been left behind are the base internet protocols. Starting with basic HTTP, I think there should be a firm deadline for the deprecation of this protocol. Before now, the grouse with HTTPS has been with its bandwidth utilization because it uses more than plain vanilla HTTP but that is no longer tenable as broadband is now the norm. Google made a move in the right direction by making Gmail HTTPS a default but it can do better by making all its services HTTPS only.

DNS and other routing protocols should be addressed, a terrorist can do more damage (even physically  the speculation of what the Stuxnet could do is extremely ominous!) by waging cyber-attacks than by blowing himself up.