Collaboration

Why Internet security has no nationality

Former CIA Director George Tenet advocates enacting stronger security controls of the Internet to shore up its vulnerabilities to potential terrorist attacks. Find out security writer Jonathan Yarden's response.

Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!

Ever since Internet access became widely available to the public, questions regarding its governance and administration have dogged both the public and private sector. On one hand, there's no question that the original Internet "governing" body created community rules that established the de-facto "government" of the Internet without any regard to enforcement.

On the other hand, the Internet wouldn't exist without some type of organizational structure. The core Internet protocols required standardization in order for data services to work at all.

In December of 2004, former Central Intelligence Agency (CIA) Director George Tenet gave a speech at an IT security conference in Washington, DC, in which he advocated enacting stronger security controls of the Internet to shore up its vulnerabilities to potential terrorist attacks. Comparing the Internet to the Wild West, Tenet argued that the "free and open society" of the Net can pose a threat to national security.

While I can't disagree with Tenet that the Internet is not without risks, I do think that "free and open" depends on your point of view. But more to the point, it's important to remember that the Internet is not a U.S. territory.

Controlling the Internet isn't the responsibility of the United States, but you'd think George Tenet thought it was. Since the formation of the Commercial Internet eXchange (CIX) in March 1991, which opened up unrestricted commercial Internet traffic, the U.S. government technically gave up control of the Internet.

The free and open standard for TCP/IP made it possible for Europe to quickly connect to the United States within a year of CIX, and the rest of the world quickly followed.

When the Internet crosses into the realms of countries connecting to it, as it often does, these nations can maintain their rights within their borders as they see fit. So if we accept that governments have a right to control what occurs within their sovereign borders, then we could consider circumventing Internet borders a crime.

However, Internet borders are technically nothing more than designated blocks of IP addresses, which anyone can block using firewalls. But it's important to remember that the free and open nature of the Internet doesn't imply that countries can't enforce their own sets of rules regarding Internet activity under their control.

So, while it's perfectly understandable to call for better security on the Internet—any reader of my columns knows I'll never argue for less security—any such improvements shouldn't arrive only at the discretion of the United States. The Internet doesn't belong to the United States, and any concerns about national security shouldn't override the sovereign rights of other countries.

What Tenet fails to understand is that the free and open exchange of information on the Internet is both an asset and a weakness. And now that the Internet public includes the entire world, there are indeed possibilities for problems that endanger the national security of all countries—not just the United States.

Editor's Picks