Securenet: How to Combat Internet Attacks

The prospects of cyber warfare that will bring down vital services sound like something out of a James Bond movie, but there is no question that the vulnerabilities of the Internet are being probed by both real and potential adversaries. If we want to avoid the worst consequences of a cliffhanger moment when critical infrastructures that rely on the Internet become unavailable for a considerable length of time, government needs to build and maintain a private network separate from the public Internet that would keep vital services -- governmental and nongovernmental -- connected and running in the event of a coordinated cyber attack.

The Internet is a public network that grew from what was initially a government sponsored military based private network, the ARPA-net. It became a public network because of the desire to make it widely available. One of the undesirable consequences of making the network public was that some vital services (e.g., the electric grid) became vulnerable because of their dependence on the Internet. We have all reaped enormous benefits from the public network, but a public network is like a public street on which anyone can travel, with inherent limits to its security. We can no longer ignore the substantial risks we are taking with critical infrastructure being reliant on the Internet, and the time to address the problem is before an adversary figures out how to create a cyber September 11th.

If you have three computers at home and want them to interact securely, you can create a private network that connects these three computers with no access to any other network. In contrast to this setting, the Internet allows many millions of computers to be connected to each other, and to transfer data to each other like those three computers at home, but this is not done in a closed network. It is using what is essentially a public road with open access.

The Secret Service will close a public road to securely transport the President. It is time to recognize that the security of what we think of as the Internet will actually require multiple networks -- the open pubic network that is today's Internet, but also a separate private network which we refer to as Securenet, tying together secure infrastructure that is too important to fail, limited to maintaining essential services, and closed to general-purpose traffic.

Securenet is a system analogous to that private network connecting the three computers at home. It is direct and discrete, a private network that connects project-oriented computers and tasks so that they are not part of the public Internet and are not accessible over the Internet. This is quite different from what is known as a Virtual Private Network, which uses the Internet to construct "secure connections" among the participating sites. Securenet provides the secure connections by deploying a dedicated private network without the need to piggyback on the Internet. This is as essential and unglamorous as sewer lines or water mains, without the vulnerabilities that come with the Internet's open architecture.

Just as public roads and public airspace need to be closed to securely transport the President, we need to create Securenet as a closed, secure kind of limited access information superhighway for infrastructure communications, achieving security and reliability that could not otherwise be accomplished without closing off the Internet to the rest of us.

The cost of Securenet is hard to assess, but we reasonably estimate a cost of $20-100 Billion to lay fiber and connect to a central hub, with redundancy to ensure robustness. This is not an insubstantial cost, but laying fiber for this network has the dual benefit of being both an enhancement of our national security infrastructure and a public works project that helps economic stimulus.

We need to continue to secure the Internet, and maintain back-up alternative strategies, because the Internet remains vital to modern life. But we are living in denial of reality if we fail to create a separate, secure network system that is not part of the Internet to run communications controlling the vital systems serving society.

It is Russian roulette if we continue to use the public road of the Internet for the communications that support society's basic services. The target to our adversaries is too tempting, the vulnerability too stunning. Bond movies may always end well, but we don't need to risk the cliffhanger ending caused by a problem that can be headed off long in advance of a crisis.

Mark A. Shiffrin, a lawyer, is a former Connecticut state consumer protection commissioner. Avi Silberschatz is Sidney J. Weinberg Professor and Chair of the Computer Science Department at Yale.