Is It Time To 'Harden' The Internet?
In tech terms, 'hardening' refers to fixing a computer system - sometimes in various layers, with each layer requiring a unique method of security. Today, Internet protocol designers are talking about applying similar security methods to harden the Internet. But, that's no easy feat. Hardening the Internet requires a coordinated effort involving the research community, the infrastructure equipment development community as well as the network service operator community.
Discussions around hardening the internet has been around for over a decade, especially with regard to surveillance versus security. Historically, there has always been a conflict between the need for surveillance in the interest of national security and the need for network security for Internet users. Prevailing opinions are that pervasive monitoring is a technical attack that should be mitigated by the likes of Internet Engineering Task Force, a volunteer-run organization that promotes Internet standards protocols, wherever possible. The Internet engineering community has consistently taken a consensus position that pushes back against technology-based and indiscriminate government surveillance. The engineering community believes that extensive and indiscriminate surveillance is an assault on individual privacy, and that tightened protocols should make surveillance more expensive or not easily feasible in the least.
In 2013, after Edward Snowden's disclosures on America's NSA surveillance practices, the Internet protocol designers began seriously began talking about applying end-to-end encryption to protect the Internet. This encryption talk is not new, though. A few years ago, the Internet Architecture Board (IAB) issued a statement about confidentiality, recommending that encryption be the norm throughout the protocol stack by default. The intention was to provide confidentiality and to restore trust in the Internet, which is probably at its all-time low right now.
We all know that networks and the computers connected on Internet are not immune to threats that exist throughout the Internet today. These varied threats include, an employee compromising corporate networks to the plethora of viruses to which a system/network can be vulnerable. Then, there's the constant threat of information attack against seemingly isolated infrastructures.
Well, there are two distinct areas that could benefit from Internet hardening. The first is the core infrastructure, which refers to routers, servers and the 'backbone' links that are at heart of the network. The second is the customer environment - personal devices, enterprise networks and e-business servers that are connected to the Internet that support businesses across the world. End-to-end encryption, a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another, should be the security method of choice. It enables commerce but bars, to a certain extent, pervasive surveillance for whatever rationale. However, when it comes to the interest of national security - there cannot be two ways about it. Pervasive monitoring or lawful intercept has to come first.
One thing is certain: we live in a much different world than when the Internet first came onto the scene. Maybe it's time for academics, statesmen, and the business community to find common ground on just what constitutes Internet surveillance. I realize such thinking is overly optimistic, but new global issues deserve a new look at how we limit or extend the Internet's reach.