Tackling the Untrustworthy Internet

Imagine that each of us would need a tank to safely drive on the road. We would be well protected from any obstacles that could come our way, but at the expense of speed, agility, and cost. We could also blow each other up, forcing us to buy bigger and better tanks all of the time to retain a consistent state of security. That's the kind of environment that companies face when using the Internet. Rather than being able to invest in economical transport, each has to regularly procure stronger individual protection to defend themselves. What went wrong?

When we drive an automobile, motorcycle, truck, or other vehicle, we can safely assume that there are common standards that govern the road and a basic set of rules that promote a common, predictable behavior. While specifics may vary around the world, the basics remain the same and help ensure that the roads are safe for private use, to conduct commercial activities, and to move people consistently over great distances. We trust the infrastructure and (generally) trust others to all abide by common rules of use. Unfortunately, we are so far failing to realize the same success for instilling trust in the Internet infrastructure.

According to Wikipedia, the basis for the road infrastructure trust developed rapidly. Laws requiring that drivers be tested to receive a license to drive began in the United States during the 1910s. The installation of the first electronic traffic signals and stop signs came shortly thereafter. Given that Henry Ford hadn't even begun mass producing the Model T until 1914, history shows that societies around the world recognized the need for establishing consistent road behavior before automobiles became too prominent. By the 1950s, consistent standards and behaviors resulted in a fairly trustworthy infrastructure and nations had begun establishing safety standards for the vehicles that used it.

Assuming that the founding of the first Internet Service Providers (ISPs) around 1990 represents the Model-T moment for the Internet infrastructure, then I submit that we've missed every key milestone in developing a trustworthy infrastructure in over 20 years that we were able to achieve for the road infrastructure in less than 10 years. What's worse is that we aren't even close to achieving any of the major milestones.

Here's a brief look at each of the key functions that I argue we need to meet to establish a trustworthy Internet infrastructure.

• Use Signals. Traffic signals and signage establish the rules for using a local road infrastructure segment. They explain what drivers should expect from the road and from other drivers, alert us to potential hazards, and announce upcoming road conditions. When using the Internet, users have very limited access to this type of infrastructure use information, essentially forcing us to go from place to place blind.
• Education. To be allowed to drive, we are required to demonstrate that we have a basic level of experience in using the road infrastructure well. To attain that, we have to be able to read road signs, obey traffic signals, and use a vehicle in a safe and predictable manner. For the Internet, we don't need to know anything about how to conduct ourselves safely and respect each other.
• Monitoring. Municipalities accept responsibility for the road infrastructure, routinely and constantly watch roads to identify threats, target inappropriate usage, and detour traffic around hazards. This monitoring can take many forms that are often aggregated to determine abnormal behavior. The Internet Infrastructure has no such monitoring, depending instead on service providers and users to perform similar functions. The resulting flexibility comes at the expense of visibility, leaving the Internet in a perpetual "fog of war" state for most organizations and forcing them to individually invest where shared investment would be much more cost-efficient and effective.
• Enforcement. If we're caught violating standard driving principles, then we receive warnings, pay fines, lose the authorization to continue driving, or get arrested for flagrant actions (even those that may due more to ignorance than intent). Without any similar authority accepted on the Internet, users are forced to depend on a "honor system" utopia.

"Trust but verify" represents a basic tenet of security. In any system that includes independent elements, the system is most effective when you allow the elements to function as they need but then apply a standard set of instructions that will characterize their interactions with other functions in the system. Those instructions provide the basis for monitoring, identifying, and responding to abnormal or damaging actions.

But, that basic security tenet functions best when applied at the core system level. In the case of the Internet, the core infrastructure is managed by private organizations, a stark contrast with the road infrastructure that is primarily under public management. As such, the security focus naturally shifts from protecting the community to protecting the organization that serves the community. Unless subscribers demand that the organization serving them provide the basic trust functions I describe above (and are willing to pay for it), they will continue to employ less effective and more costly individual measures to protect themselves.

Organizations need better advice than the standard industry refrain of "spend more to stay the same (or get less)." Innovative solutions such as cloud services provide a means for organizations to pool their resources, implement more effective data protection solutions, and to focus critical funding on building their business rather than protecting it. InfusionPoints believes that organizations can break the infinite spend cycle to do more with less. They just need the right partner that cares more about the organization than about how much its willing to pay.

This posting originally appeared on the InfusionPoints blog site on December 16, 2011.