Taking steps to protect the Internet

Feb 1, 1997 12:00 PM, By JOHN McCUMBER

As the Internet has grown, so have concerns about the security of its information. But don't worry, the federal government is looking into it. There is one sure way to get people in Washington talking - mention tax breaks. All our representatives, from Dick Gephardt to Newt Gingrich, have opinions on tax breaks. The subject is so popular someone has even started to float the idea of tax breaks that will significantly affect those of us in the security business!

Last spring, former Senator Sam Nunn, in his role as chairman of the Senate Permanent Subcommittee on Investigations, held hearings on threats to the national information infrastructure (NII), also known as the information superhighway. After hearing testimony from everyone from the secretary of defense to average folks like you and me, the committee decided we have a problem: The Internet is not secure. For many of us, this is not news. However, it was gratifying to see our elected officials come to a conclusion shared by most everyone who uses the Net.

As the committee wrestled with the import of its findings, members naturally discussed what steps could be taken to protect the data on this vital network. Before reaching any conclusion, however, the committee took a bureaucratic approach - it established working groups to study the issue and write reports.

While waiting for the reports to emerge, let's contemplate possible implementation strategies. Perhaps the biggest impediment to an NII-wide solution is the amorphous nature of the Internet. The Internet began as the ARPAnet, a telecommunications infrastructure linking research computers supported by the government. Soon, the military found wider applications for the technology, and the MILNET was born. Department of Defense use grew side by side with academic use, and the phenomenon became known as the Internet.

The real explosion, however, arrived with the advent of the World Wide Web. With the hypertext transfer protocol, e-mail, Web browsers and point-and-click applications, the Internet has become accessible to almost anyone with a PC. Never again will it be the private electronic domain of scientists, academics and computer geeks. It is now a national resource.

Although Internet-wide security solutions seem a long way off, one alternative to surface from the Senate hearings has many people talking. With exceptional clarity of thought, some lawmakers have come to realize they cannot mandate solutions from Washington. Discussion now centers on a suggestion that the federal government provide tax incentives to companies that enhance security safeguards for their little corner of the NII. In this way, Congress may acknowledge the decentralized attributes of the NII, and play a role in making the situation better.

But how to get government entities to take action? As with industry, money is a powerful elixir, so some groups have suggested budget plus-ups to agencies that implement appropriate technology solutions. Since such programs would involve the expenditure of my tax dollars, I feel I have the right to make some observations.

Here they are: *Improved security of NII resources must focus on critical infrastructure components vital to national interests. Tax breaks for corporations that support this infrastructure may be necessary. However, many industries have already recognized the benefits they receive by implementing security controls to support their information systems. Security solutions such as firewalls, encryption techniques, access control devices and auditing tools provide corporate decision-makers with accurate, confidential and timely data. Will proactive companies be penalized for implementing security controls before a national security rebate program begins?

Any program that could ultimately result in tax breaks and additional revenue is subject to abuse. It is assumed that the tax break would be commensurate with the amount of protection provided by the company. For the government to help underwrite the cost of protecting the NII, there would have to be empirical evidence to support any monetary incentive. But many information security solutions are not cost-effective, and many deep-pocketed companies could buy marginally effective products in order to simply recoup their cost from our tax money. This type of scheme could end up costing taxpayers millions while keeping inferior security products on the market. How could the government determine how much the investment is worth in tax savings? Will we need to fund an entire bureaucracy to ensure the money is spent wisely?

Call me silly, but I still have faith in capitalism. If your organization does not yet recognize the value of protecting intangible assets such as intellectual property and data, I believe it soon will. Unfortunately, this realization may come as a result of exploitation of these critical resources. When companies demand that their assets be protected, they will actively encourage the development of more cost-effective security tools and techniques, which will stimulate hardware and software vendors to include more security functionality in their off-the-shelf products.

These enhancements will soon become a value-added discriminator for the vendor. If there is little benefit from a product, it will become obsolete. The whole system will work as it was designed. Although tax breaks would make me an extremely busy consultant, I cannot see that it makes much sense to provide them to companies for doing the right thing. I believe the government needs to invest more resources in protecting its own information resources, and industry will come to the table once they realize it is in their best interest. No company can rely on faulty, mismanaged information.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue