Information Warfare: August 3, 2001


The Code Red worm has been described as the perfect media software. It doesn't do much damage, although a mutant strain could be pretty deadly, and will stay around for years (until all severs running NT or Windows 2000 are upgraded or patched.) If you're having a slow news day, Code Red will always be there for another scary headline. But Code Red has also done a public service by making more people (especially clueless sysadmins) aware of the importance of keeping server software up to date. Another side effect is a repeat of the call for some fundamental changes in how the internet operates. From the beginning, it was easy for users to hide their identity on the net. No one foresaw the enormous growth, and commercialization, of the internet. So in the beginning, security was not a critical issue. That has obviously changed. Reconfiguring internet software to eliminate the anonymity would be a major task, made more difficult by getting so many people to sign off on it. It has been proposed many time before. This would be a bitch to do considering the "legacy code" that would have to be changed. Making everything traceable It would not be a panacea, though, for there would always be ways around. Making things harder for the blackhats is a good thing, though. 

Another often repeated proposal is to form a special security force for policing the internet. The problem with cybercops is that there is such a (trained, not to mention talented) manpower shortage right now (and in the foreseeable future) that it would be difficult to staff such a force at government pay levels. One solution would be to try and organize and reward the pro bono cybersecurity efforts that have been going on for some time. A lot of talented whitehats just get pissed off and go after bad guys on their own nickel. An example is HoneyNet (the pro bono network of honeypots set up to attract, analyze and document backhat activities and techniques). The government's only hope would be to set up CyberCorps as a separate corporation, find a few really good people to run it, give them a lot of money and turn them loose. CyberCorps could pay market rate for the right people, and still have a close working relationship with government agencies and commercial firms that spend a lot on net security (banks and brokerages, for example.)

Most of the successful criminal activity comes from the victim being careless. Cybercops won't be able to do much about that. But a lot of the malicious mischief on the internet could be eliminated if the Cybercops were good enough to hunt down and successfully prosecute a lot of the blackhat vandals. These guys don't steal as much as disrupt. But to a business that has to pay millions of dollars in additional personnel costs to fix the damage, it's not much different than an outright theft. 

But the freewheeling structure, and atmosphere, of the internet is very popular. It will probably take a more formidable threat than Code Red to motivate any fundamental change in how the internet operates.


Article Archive

Information Warfare: Current 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 



Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close