BlackHat USA 2009: Government Calls For Fundamental Changes to Ensure Web Security

Government officials are calling for a new Internet paradigm that incorporates a risk-management approach and innovative technologies to keep the Web secure in future generations.

During a Black Hat 2009 keynote Thursday, Robert Lentz, deputy assistant secretary of defense for cyber identity and information assurance, said that the time is now to embark on the enormous undertaking of securing and preserving the Web.

"This really has to be our No. 1 priority. Everything we do is all about preserving the Internet," he said. "If there's anything we need to do, it's to all team up together and make this a global issue as we deal with this fragile ecosystem."

Ensuring the preservation of the Internet is crucial simply due to the fact that infrastructure and critical systems are completely dependent on it, he said.

In the past, the Internet relied on a network-centric model, Lentz said. However things like cloud-based services and Web 2.0 applications are pushing the Internet toward a content-centric model.

"Network-centric and content-centric are slowly converging," Lentz said. "How are we going to be able to leverage technologies? This race is real but it's daunting and we have a lot of challenges in front of us."

However, the current models can't support the rapid changes to the Internet infrastructure. Adapting new technologies while simultaneously preparing for current and future security threats would require fundamentally changing the Internet, Lentz said.

"We have to be able to change everything that we've been doing, the defense in depth architecture that has been the basic foundation isn't going to work in the content centric way we are right now."

Subsequently, a new model would be necessary to amalgamate both the network-centric and content-centric models into a new "risk management" model that incorporates comprehensive security systems while enabling the free flow of information sharing.

But securing the Web will be an enormous undertaking, and in order to be successful, Lentz called for widespread adoption of innovative security technologies and practices to facilitate the transition to a risk management-based paradigm. Lentz said we would have to strengthen network underpinnings, and focus on the weaknesses and vulnerabilities of DNS.

Lentz added said that there needs to be more understanding of cloud protocols to secure them in the future. He also said there needs to be more investment in multi-factor authentication. In addition, there needs be more resources directed at education, lead by a Cyber Czar, to head training and awareness. There also needs to be robust mapping capabilities and secure content automation protocol, he said.

"If you look at everything I've talked about up until now, it's an important time for all of us. We have to accomplish this shift, to get to that resilient cyber ecosystem," Lentz said. "This is the kind of thing we need to do as a nation to focus on this ecosystem. If we all pull together, we can solve those challenges."

Tweet

   

More Security