October 28, 2007
How do you secure something that is changing faster than you can fix it? The Internet has had security problems since its earliest days as a pure research project. Today, after several years and orders of magnitude of growth, is still has security problems. It is being used for a purpose for which it was never intended: commerce. It is somewhat ironic that the early Internet was design as a prototype for a high-availability command and control network that could resist outages resulting from enemy actions, yet it cannot resist college undergraduates. The problem is that the attackers are on, and make up apart of, the network they are attacking. Designing a system that is capable of resisting attack from within, while still growing and evolving at a breakneck pace, is probably impossible. Deep infrastructure changes are needed, and once you have achieved a certain amount of size, the sheer inertia of the installed base may make it impossible to apply fixes.
Posted by kamokazi at October 28, 2007 02:57 PM