Skip to main content /TECH with /TECH

Security expert: Tighter measures needed

Bruce Schneier  

WASHINGTON (CNN) -- A noted computer security expert told a Senate subcommittee Monday that the Internet is steadily becoming a more dangerous place, and traditional computer security measures simply don't work.

Bruce Schneier, chief technical officer of Counterpane Internet Security Inc. and an expert in cryptography, told the Commerce Subcommittee on Science, Technology, and Space that businesses have no choice but to connect their internal networks to the rest of the world.

"But with that connection comes new threats: malicious hackers, criminals, industrial spies. These network predators regularly steal corporate assets and intellectual property, cause service breaks and system failures, sully corporate brands, and frighten customers," Schneier said in prepared remarks.

He predicted that many companies will be forced by economic reality to make security more than just an afterthought in their business plan. He said "network security insurance" will soon be as much a necessity as fire and theft insurance. And that, he said, may mean more accountability by companies such as Microsoft.

"What will happen when the CFO looks at his premium and realizes that it will go down 50 percent if he gets rid of all his insecure Windows operating systems and replaces them with a secure version of Linux? The choice of which operating system to use will no longer be 100 percent technical," Schneier testified. "Microsoft, and other companies with shoddy security, will start losing sales because companies don't want to pay the insurance premiums."

In response to Schneier's comments, Microsoft spokesman Jim Desler told CNN that the idea of Internet security insurance is still evolving.

"We feel our products and platforms are as secure as any out there," Desler said. And, he said, the company's process of responding to security vulnerabilities is "unmatched."

How can private sector be protected?

The subcommittee's chairman, Sen. Ron Wyden, D-Oregon, said the goal of the hearing was to determine how the private sector can make online businesses less susceptible to viruses, malicious hacker attacks, and service interruptions.

Part of the complexity of all these security issues is the dramatic morphing of the Internet from a government and academic research tool into a multi-billion dollar commercial enterprise.

"It was designed to be an open, borderless medium for communication and sharing information, and was not programmed with security features. Nor was it intended for commercial use," said Harris Miller, president of the Information Technology Association of America. The organization represents 500 corporate members.

Miller said it will not be an easy task to make security a priority in the corporate culture.

"CEO's want their IT (information technology) systems to be as fast as a Ferrari but as safe as an armored truck," he said. "Whenever tradeoffs arise, the bias is toward speed, not safety and security."

Miller said that's because worldwide, business-to-consumer e-commerce revenues will reach $96 billion this year, and business-to-business transactions on the Internet will reach $448 billion, according to Forrester Research.

• Subcommittees for Commerce, Science, and Transportation

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top