BOSTON -- According to one of the information security industry's most respected experts, despite the United States' growing dependence on the Internet, IT infrastructure risks could be mitigated by establishing better redundancy for critical IT systems and maintaining manual processes.
Forget the banks; it’s the Internet that is too big to fail.
Speaking to attendees at the 2012 SOURCE Boston Conference this week, Dan Geer, CISO at In-Q-Tel, the not-for-profit venture capital arm of the CIA, pointed out that addressing security by restricting an open Internet is not desirable, nor an efficient way of addressing the threat posed by cyberattacks on a critical infrastructure.
Geer, widely considered to be among the most innovative thinkers in the industry, said instead that maintaining redundancy – backup systems and manual processes – is necessary to not only secure the nation’s critical infrastructure, but also to provide the necessary fallback mechanisms for the country to run properly in the event of a catastrophic Internet disruption.
“Forget the banks; it’s the Internet that is too big to fail,” Geer said. “While there is no entity that can bail out the Internet, there is no meaningful country that is not today researching ways to disrupt the Internet use of its potential adversaries. The most a country can hope to do is to preserve the Internet interior to itself.”
Compounding the problem is that the growing technical complexity of Internet-connected systems has created unintended mutual dependences, making it increasingly difficult to tell when failures occur. Geer pointed out that Internet rejectionists -- those that attempt to stay off the “grid” -- could play a failsafe role in the event of some catastrophic Internet failure. But it is becoming increasingly difficult to avoid reliance on the Internet, he said. From banking to paying a utility bill, some businesses are forcing consumers to use online services. With more people dependent on the Internet, he said the private sector and the nation’s infrastructure gives up a kind of “societal resilience.”
“Accommodating rejectionists preserves alternate, less complex, more durable means and therefore balances dependence as a society,” Geer said.
Geer described the interdependencies necessary for electronic health records and smart grid technology for electric utilities. With respect to the electronic health records initiative, he said the technology relies on the smooth functioning of electric power and network displays, while smart grid technology still depends on a wide range of industrial controls to function properly. Together they add new levels of risk exposure failure modes to the world.
“Because both of these involve new levels of exposure to common-mode risk, and some of those are risks that electronic health records share with smart grids, they will add new failure modes to the world we live in,” Geer said. “On good days both will deliver far better, more cost-effective benefits than those we now have; on bad days, the reverse will be true.”
Preservation of processes that don’t rely on the Internet gives the nation “a guarantee of fallback mechanisms that do not have a common mode failure with the rest of the interconnections usually vulnerable in the Internet world,” Geer said. There is no easy way to preserve manual processes, and Geer admits he doesn’t have a fully working model. Security technology cannot keep pace with cyberattackers, so “preserving fallback is prudent if not essential,” he said. Adding more expensive security systems will only exacerbate the complexity problem.
“If we are to practice evidence-based medicine on the Internet, it may well be that expensive therapy is not always the answer,” Geer said.