When it comes to investing in computer security, the US government could get a good return on investment by shoring up its networking protocols, according to the man who's been hired to coordinate computer security between federal agencies.
Though Rod Beckstrom said he's still working out his initial plans for his new role as director of the US Department of Homeland Security's National Cybersecurity Centre, he said he's been focused on the economics of security and of networking protocols like DNS (Domain Name System) and BGP (Border Gateway Protocol) in particular.
He'd like to see government and industry shore up these widely used but insecure protocols. "We want to invest in protocols because it may be some of the cheapest security dollars we can spend," Beckstrom said, speaking at a keynote address at the Black Hat security conference this week. "These are the long-term underlying things that don't take that much money to move forward."
Beckstrom has been looking at the big picture since taking his new job in May. "I'm actually doing some work right now on developing some models on the economics of networks to answer the simple question of 'How valuable is a network?'" he said. "We need to understand this to drive some of the re-architecting of the system."
Beckstrom has a personal interest in security. He was in New York during the September 11 terrorist attacks on the World Trade Centre, and his wife was at one point booked on the doomed United Airlines flight 93, which crashed in a Pennsylvania field that day after being hijacked by terrorists. She had rescheduled her flight 10 days earlier.
Being in New York, Beckstrom saw first-hand how critical networks performed in a crisis. Mobile phones stopped working that day, but the low-bandwidth SMS (Short Message Service) system, used by mobile phones to send text messages, kept working.
Beckstrom said that because the SMS system is dependent on the Internet as well, it's important to focus on the plain old telephone system, to have something that works should the Internet be taken out in an attack.
A technology entrepreneur and co-author of a book praising the virtues of decentralized organizations, Beckstrom is a bit of a Washington outsider. "He doesn't look like a typical govvie," said Andrew Cushman, director of security response and outreach at Microsoft, in an introduction to Beckstrom's talk.
Whether he will be able to make Washington's computer systems more nimble and more secure remains to be seen, but at least Beckstrom has a budget now. Congress approved the National Cybersecurity Centre's initial funding just last week, he said.
Beckstrom cited DNSSEC (DNS Security), an effort to secure the DNS system, as the type of project that would make a good investment. Although DNSSEC solves many of the problems cited at the heart of the recent widely publicized bug in the DNS system, it is still not widely adopted.
In an interview after his keynote, Beckstrom said that he believes DNSSEC adoption will eventually happen within the federal government. "The question is, does it happen before the big crisis or after?" he said.