The world has changed since 9/11 but why should the internet remain the same? Apparently I’m not talking about the development of internet technologies that have grown in leaps albeit the buzz word Web 2.0 is on its way out. I am taking about the basic internet protocols.
A 328-page report was recently released in the US about threats posed by rogue nations to security of the internet. The report said last year China Telecom broadcasted a bad BGP (Border Gateway Protocol) and routed a large portion of internet traffics through its opaque network for about 18 minutes (US military and government traffic were affected). Coming to mind was also the recent infiltration of Google by Chinese hackers.
After 9/11, the concept of preemptive security took a firm root in everyone’s mind. Also, there is now a greater sense of security awareness on personal computers but what have been left behind are the base internet protocols. Starting with basic HTTP, I think there should be a firm deadline for the deprecation of this protocol. Before now, the grouse with HTTPS has been with its bandwidth utilization because it uses more than plain vanilla HTTP but that is no longer tenable as broadband is now the norm. Google made a move in the right direction by making Gmail HTTPS a default but it can do better by making all its services HTTPS only.
DNS and other routing protocols should be addressed, a terrorist can do more damage (even physically the speculation of what the Stuxnet could do is extremely omnious!) by waging cyber-attacks than by blowing himself up.