Point of View

Leaders Have Key to Internet Security

by / May 6, 2001
The hissing sound of the dot-com bubble as it bursts isnt the only noise on the Internet these days. Listen carefully and you might hear the rip and tear of hackers as they find their way past firewalls to steal information. Lately, the stock market woes of Internet companies have grabbed most of our attention, but its at the expense of a problem that has grown far more serious and could have major implications for the long-term success of the Internet.

Consider the recent raft of trouble that has occurred online: In March, the FBI announced that hackers from Russia and the Ukraine had stolen more than a million credit card numbers from commercial Web sites in the United States. Before that, there was the hacker ring that stole thousands of long-distance phone card numbers from Sprint and the disgruntled employee who shut down Forbes magazine for two days. A study last year of 186 companies by the Computer Security Institute and the FBI found they lost $377 million to hacker attacks. Overall, the report found that the frequency of computer intrusions and their costs are on the rise.

Its growing increasingly clear that financial transactions on the Internet are not receiving the protection they need. If attacks and theft continue to grow, public confidence in the Internet could be seriously undermined, threatening the long-term success of electronic commerce for the private and public sectors.

The good news is that we have the technology to secure important transactions. Public Key Infrastructure (PKI) allows individuals and businesses to exchange sensitive information securely and safely through the use of electronic keys that lock out intruders. The bad news is that few U.S. companies or federal, state and local governments are using the technology in any significant way.

A recent article in The Washington Post reported that American businesses and governments lag behind Europe and Asia when it comes to adopting PKI. The reason for the disparity, according to the Post, is a matter of government involvement: "Wherever PKI has taken off -- Australia, for example, where the government took the lead two years ago in articulating a standard and pressing for its use -- the public sector has driven the change."

Apparently, foreign governments have realized the value of having such an infrastructure for public and private benefit and are not afraid to tackle the problems of standards, complex technology and government-issued identification, something that raises the hackles of privacy advocates here.

As the Post article points out, the business sector has been reluctant to adopt PKI, despite its reliability. As a result, we are at least five years behind in having PKI to protect online transactions. Rather than wait for the private sector to make the first move, government should step up and take the initiative.

In fact, public-sector interest in PKI was initially strong. The General Services Administration launched a program called ACES to jumpstart use of the encryption technology in federal agencies. At the state and local level, government associations, such as NASIRE and Public Technology Inc., set up programs to educate their members about the usefulness of PKI. But as a recent report by the General Accounting Office points out, PKI adoption has been stymied by interoperability problems and the entrenched silo effect of information management in government.

What we need are government leaders who are engaged when it comes to technology and are willing to take the lead in establishing the policies and procedures that will smooth the way for PKI adoption throughout government. The idea of e-government has forced public officials to re-examine the way government operates and serves its constituents. PKI might be the technology that will force government to actually retool and rebuild itself for the future. But it wont happen without effective and engaged leadership.
Tod Newcombe Features Editor