MONDAY, MAY 21, 2001

 

7:30p	Opening Dinner
Sponsor:	WorldCom, Inc.

Introduction:  Harris Miller, President, Information Technology Association of America
Keynote Speakers:
John Patrick, Vice President for Internet Technology, IBM and Chairman, Global Internet Project; Vint Cerf, Senior Vice President, WorldCom and Principal Member of GIP and XIWT; John F. Sopko, Acting Assistant Secretary for Communications and Information of the Department of Commerce, and Acting Administrator of the National Telecommunications and Information Administration (NTIA).

Meeting Themes Established:

• The Internet is becoming a powerful instrument and an integral part of our critical infrastructure, a "utility" on which we depend, so security is becoming a priority.
• Trust in the Internet will require reliability.
• Reliability (securing information and protecting the critical infrastructure) will require collaboration between private industry, government, academia, media and other stakeholders. No one interest group holds all the pieces.
• Broad education about these issues and their importance is needed.
• The influence of the "human" element must be considered in assuring privacy and securing information.

  Harris Miller - The ability to trust our infrastructure forms the foundation of our economic prosperity. Appreciation for information security and critical infrastructure has not developed to the level it should. As stewards of the information infrastructure and its applications, too much time is spent considering the concept of information security and not enough on moving the marketplace forward. Our industry has not done enough to raise awareness and get more attention on information security issues. We need to partner with other industries, government, media and other key stakeholders to implement an aggressive education campaign. The goal is to motivate every company, government agency, NGO, and organization to adopt appropriate information security practices, including purchase of hardware and software, development and implementation of best practices, and development and provision of training to support the use of these practices. Promoting the use of best practices is one of the greatest challenges we face.

  John Patrick - The Internet is very much about a massive transfer of power from institutions to people. There is a growing gap between user expectations-which are expanding daily-and the user experience. Closing this gap will require embracing the Next-Generation of the Internet, which is going to be: fast, always on, everywhere, natural, intelligent, easy and trusted. This next step will require a dramatic shift in our attitude towards use of the new technologies and collaboration between business, government, and academia.

  Vint Cerf - Reliability, which refers to general survivability and reliance, is the key to trust in the Internet. Reliability will depend on our ability to build better systems. Another challenge is the possibility that legislators could write into law requirements that cannot be implemented. One goal of the GIP is to educate legislators about what is and is not possible.

  John F. Sopko - President Bush has indicated that protecting the nation's critical infrastructure is a core security priority. The cyber economy IS the economy. Corrupt this infrastructure and you corrupt the Economy. Private industry owns the nation's critical infrastructure and so government is dependent upon private industry.

  The nation's effective cyber defense will require:
  

• Increased awareness and understanding of cyber security issues, vulnerabilities, and threats;
• more technical specialists with the skills needed to secure large complex systems;
• expansion of research programs that lead to advances in new computer security products; and
• improvement of the legal structure to deal with the problems of information sharing and dealing with criminals who attack the systems.

  The Department of Commerce is not a regulator, but is where the interest of industry and government come together. It works closely with industry through the Consortium for Infrastructure Protection and requests the support and cooperation of private industry.

   

  TUESDAY, MAY 22, 2001

   

  7:30a	Networking Breakfast
  Sponsor:	The Global Internet Project and the Information Technology Association of America

  Introduction:  John Patrick, Vice President for Internet Technology - IBM, and Chairman - GIP

  Keynote Speakers:
  

• Eric Brewer, Co-Founder and Chief Scientist, Inktomi Corporation; and
• John Gage, Chief Researcher and Director of the Science Office, Sun Microsystems.

  John Patrick - As the Internet evolves, it will be so pervasive, reliable and transparent that we'll all just take it for granted. But right now, there is a gap between what people expect from the Internet and what they get. There are seven characteristics to the next generation of the Internet. They are:
  

• Fast: We are all looking for more speed and are seeing it with increased backbone capacity. Recent advances in technology will also provide users with instant access to media-rich content including higher speed Internet connections to residential customers and small businesses.
• Always on: Just like today's telephone, you'll start using the Internet without the need of an elaborate dial-up or log-on sequence. We will have autonomic environments where a system can sense if there is a problem, then be able to allocate resources to respond.
• Everywhere: Due to the growth of wireless devices, people will not be limited to using their PCs. People will choose their Internet device much like they choose their entertainment device.
• Natural: For most people, the Internet is not "natural." Language translations, text to speech, and voice recognition will make it easier for people to use it.
• Intelligent: We will see a new level of intelligence. New standards for encoding structure and meaning will greatly shape the Next Generation Internet. Through new standards for encoding structure and meaning, we will see content separated from its form, so that web pages' information can have meaning and be reused in many different contexts. This will result in a more fulfilling experience for the customer.
• Easy: There is nothing easy about this, but on the consumer front, consumer companies are entering the fray with items that are easier to operate.
• Trusted: Here we have a little ways to go. There are many degrees of trust (in addition to security) relating to privacy and authentication (digital IDs, authorization, confidentiality, non-repudiation, and integrity in transactions). We don't have a widespread deployment of this nature just yet. The next step requires leadership on the part of organizations and companies of all kinds.

  Eric Brewer - Capitalism vs. Privacy
  Safety and reliability are in line with capitalism; privacy is not and is not going to happen automatically. However, dialogue needs to take place prior to establishment of any policy decisions. The natural progression of capitalism should ensure privacy eventually, but that may be too late. ANY two known facts about a person can be linked (if not today, in the very near future). Information cannot be retracted, it is permanent, so "privacy" is about preventing the dissemination of private information. Things you might want to be private someday must be guarded from inception. Credit cards and cookies are a distraction to the real private data issue involving medical and financial records and social security numbers. There will be no technological substitute for "privacy;" the choice will need to be up to the data owner (the user) and will be based upon his/her decisions.

  Privacy is Forever - Privacy obligations (promises made by companies) will have to last forever, through all unilateral changes, such as bankruptcy, death, mergers and acquisitions, and changes in personnel. Privacy policy should affect liability, estate law, M&A, and the judicial system (should be exempt from subpoena). Policy must support retraction of data and should err on the side of assured privacy unless voluntarily forfeited - especially since released information is not truly retractable.

  Liability - Focus should be placed on liability for violation of privacy. There should be multiple damages for: the unauthorized release of private data; the failure to delete private data on request/termination; accidental loss of private data (e.g., security holes). Legislation is required, but should be simple, should clarify what information is "private, and should have no explicit compliance costs.

  Freedom of Speech - Without "freedom to hear" (i.e., private, unobserved conversations), we have no freedom of speech. Restrictions must be placed on observation. We must make a distinction between privacy and tools for policing society.

  John Gage - It is important to build policy that allows for and protects the freedom to innovate, the freedom to problem solve and then address accountability. "Cessation of financial transactions due to Internet failure would shut down the economy and would be more devastating than setting off a nuclear device over a large city or attack by another hostile state," according to a quote from John Sopko. All utilities/appliances (consumption vehicles) should be autonomic and self-regulating to prevent blackouts and other disruptions of consumption.

  Conclusions:
  Ensuring privacy of data will require:
  

• Limitation on the collection and use of private data.
• Definition of "private data."
• Understanding that things are observable and tomorrow will be downloadable and connectable.
• Users/consumers have the right to private data storage (including from the courts, the government, ISB, etc.)
• Drawing a privacy line now based on current technology.
• There should be a liability cost (not a compliance cost), i.e., punishment of privacy violations - especially since data is not retractable.
• Protection of free speech as observation impedes free speech.
• Determine what is "inalienable."

   

   

  10:00a	Section I: Securing Private Data - How to Assure the Customer

  Section Keynote:  Austin Hill, Co-Founder and Executive Vice President, Zero-Knowledge;
  Section Chair:  Harriett Pearson, Chief Privacy Officer, IBM;
  Panelists:

• Michael Lamb, Chief Privacy Officer, AT&T Corp.;
• Thomas Leary, Commissioner, U.S. Federal Trade Commission;
• Tara Lemmey, CEO, Psoom Corporation and Member, TRUSTe Board of Directors;
• Dr. Erik Oldekop, Vice president, TEC, The Venture Technology Group, Deutsche Bank AG; and
• Les Seagraves, Vice President and Chief Privacy Officer, Earthlink.

  Overview:  Internet users -- both consumers and businesses -- want their private data to be secure. Yet, privacy can be threatened by any number of factors including exposure to hackers or disgruntled employees, theft or other unauthorized access to private databases. To deal with such threats, businesses must assess how privacy policies - or lack thereof - can be sustained within their business models. While many companies have adopted strict privacy policies, such policies are meaningless if adequate Internet security technology and procedures are not also in place. Fortunately, promising new privacy and security technologies offer Internet users powerful new tools for assuring that their data is not misused and is secure, and companies and government agencies are doing formal audits to assess how they operate. This panel examines how organizations are ensuring the privacy of their customer's data and how we can assure consumers that they are secure on-line. In addition, the section will assess the level of resources required to enhance security of private data and determine if/how business models can be sustained for the long term.

  Austin Hill - SECTION KEYNOTE
  A new trend is companies having to own responsibility for protecting data about people because violating privacy has a negative affect on a company's reputation/brand. The definition of privacy is "information self-determination" and is about controlling who, what, where, and when your information is distributed. Information is a core asset and is growing in complexity. Information about individuals will dominate information resources.

  Policy-based information management for private data needs enforcement technology such as layered authentication, auditing, etc. and use: privacy proxies or middleware; the DRM privacy wrapper approach; and the security model through which distribution policies are communicated, i.e. consent databases.

  The solution cannot be technology or policy alone. It will have to be comprehensive and include: strategy, policies, practices/processes, technology, training, and communication. Privacy Rights Management (PRM) is not unlike copyright management (DRM, Digital Rights Management).

  This environment of ubiquitous computing will require a new human-centric architecture that accommodates user/manager comfort with trust in the system.

  The cost of getting and keeping customers is directly related to customer concerns about privacy. The cost of compliance to company policies will drive industry to implement workable solutions.

  Harriet Pearson:  This panel will grapple with the intersection of policy, technology and the desire for privacy. How will resources be allocated to the three following areas of need?
  

• Seatbelts - The needs for a certain baseline of privacy/security.
• Profit Models - Are there companies that can help with the development of feasible models?
• Law - What is the role of legislation (new and old laws), and how should it be enforced?

  Thomas Leary - The Role of Law and Legislation.
  Careful thought needs to be given to the issue of "privacy" prior to implementation of policy:
  1. There is evidence of a high public awareness and concern about privacy, but that does not necessarily mean legislation is needed.
  2. There is a lot of confusion about "privacy" and about "security". A distinction needs to be made.
  3. It is not self-evident that you need a separate set of rules for online and offline commerce. All personal information needs to be considered, not just online information.
  4. Should substantive standards be enacted as opposed to requiring people to describe in an adequate way what they do? Privacy disclosures are frequently incomprehensible. There are certain basic principles of disclosure that could be enacted. There is a difference between controlling the content of the notice rather than the substantive content of the privacy policy.
  5. There is good argument for allowing the option of releasing/retaining data ("opt-in/out"), but the economics are very different from the philosophy. One issue is regulation: What is the penalty for "opting-out"?
  6. Difference between some of the internal maximization of fair information practices. There is a conflict between adequate notice of security measures and substantive security measures.
  7. There is a conflict between access and security. Security issues are raised when access to change data is allowed.
  8. Economic and legal costs must be considered.
  9. Is privacy more important than public safety? The courts (for now, and in the foreseeable/near future) will attach a higher value to the First Amendment than to "privacy values."
  10. Is a broad scale or more targeted approach more useful? What about special needs such as the rights of children, medical and financial information, etc.?
  11. Who owns the information? The assumption is that the privacy interest is that of the buyer in a commercial transaction. Sellers may also have privacy interests.
  

  QUESTION: HOW CAN FOR-PROFIT COMPANIES DEVELOP A BUSINESS MODEL AND SUPPLY ORGANIZATIONS WITH PRIVACY TECHNOLOGY? HOW CAN THEY OPERATE IN THIS SPACE? HOW CAN NON-PROFITS ENABLE PRIVACY?
  Tara Lemmey -  TRUSTe (non-profit) was organized to address the issues of transparency and consent that exist in the current absence of policy. For for-profit companies, this is about a contractual process (not just a "seal of good housekeeping"); it is about something that businesses can adhere to, and that consumers can respect. The challenge is that the legal binding policy is warehoused in a private location and the data is acting independently on the Internet. The issue is a data asset management issue rather than a privacy issue. Data is becoming the primary asset and needs to be managed as such to minimize the risk factor.

  QUESTION: HOW DOES A COMPLEX ENTITY LIKE AT&T VIEW THE EMERGING PRIVACY MANAGEMENT TECHNOLOGIES?
  Mike Lamb -  Privacy is not a technology issue; it is a social issue. Technology neither protects nor invades privacy. Privacy rests on the commitments companies make to customers. While technology is critical in meeting those commitments and making meeting those commitments cost-effective, the real question is about how to best reassure your customers. Technology is just a tool; companies reassure customers by making privacy commitments to them. Customers are beginning to choose providers based on privacy considerations (privacy policies). Marketplace forces will have a real affect in driving privacy policies as consumers become more savvy and selective based on company privacy policies. Technology will not make a difference if the privacy policies are not in place.

  QUESTION: WHAT IS THE INTERNATIONAL, NON-US PERSPECTIVE ON THIS ISSUE?
  Erik Oldekop -  Business that customers don't trust will go out of business. The basic privacy principle is a customer-focused principle: the customer decides what kind of information will be shared with the corporation. This principle is limited to browsing and searching and does not apply to commercial transactions, which leaves traces. Institutions have to think carefully about how to fulfill the trust principle. Business is moving in the direction of privacy rights management and implementing technology systems that allow auditing of data use. This is an expensive solution and an implementation nightmare, but this is the direction the financial services industry seems to be going.

  International aspect. The current existence of independent regulations implemented by various countries and states, with attached liabilities, is a commercial nightmare, a live minefield. However, the existence of these myriad regulations may serve a positive purpose in leading towards the development of a global principle that will eliminate these un-navigable individual regulations.

  QUESTION: CAN COMPANIES GAIN COMPETITIVE ADVANTAGE THROUGH DEVELOPMENT OF A PRIVACY POLICY?
  Les Seagrave -  Yes, and Earthlink has. Don't share ANY data. Privacy pays.

  QUESTION: AS EXPERTS, WHAT DO YOU BELIEVE IS THE SINGLE BIGGEST CHALLENGE IN THE COMING DECADE?
  Lemmey:  We have just begun to scratch the surface on this issue, which is not really "privacy"; the bigger issue is really identity. The current commercial concerns will prove to be pretty small as the related DNA, biotech and biometrics issues emerge and introduce debates about discrimination and other such complex topics.
  Oldekop:  What is private? What should only I know and what should I share with others.
  Lamb:  Customer Education. When customers are informed, the marketplace works really well.
  Seagrave:  Getting the message out to customers so that they understand their choices and what those choices mean.
  Pearson:  Getting implementation right. Implementing business processes systems that will get you where you need to be. Not about technology, but about making and keeping commitments.
  Leary:  Dealing with the proliferation and patchwork of regulation that will be developing. No matter what the regulations, there is always a potential for leakage. Since, information is not retractable, there is no true legal solution to this.
  Hill:  The complexity between education, technology and policy.
  

  Conclusions:
  

• Customer assurance is about trust, which is a "human" (social) issue, not a technological issue. Technology is a tool-commitments honored create trust.
• Securing private data will require strategy planning and communication, implementation of technology, development and enforcement of policy and best practices, and education and training.
• Policies, practices and technology will need to take into account human behavior and attitudes toward technology.
• Policy and legislation should not be allowed to inhibit commerce. Marketplace forces will drive development of privacy. The cost of compliance to company policies will drive industry to implement workable solutions.

   

   

  11:45a	Section II: Reliability of the Internet - More Robust and Dependable Networks and Applications

  Section Keynote: Jack Waters, Group Vice President and CTO, Level 3 Communications;

  Section Chair: Niel Ransom, Chief Technology Officer, Alcatel USA;

  Panelists:
  

• Scott Bradner, Senior Technical Consultant, Harvard University and Co-Director, IETF Transport Area;
• Randy Catoe, Senior VP, Internetwork Services, Conxion Corporation;
• Bob Hinden, Chief Technology Officer, Nokia IPRG; and
• John Reidel, Vice President, Business Development, Juniper Networks.

  Overview:  Internet users and providers alike want the network and the services it provides to be available and perform well as they come to depend on it for commerce, communications, recreation, and access to information. The very feature that makes the Internet -- and the information technology processing machinery it links -- robust and efficient as a network services infrastructure, also require well-coordinated approaches to standards. Also, operational problem solving must deal with events ranging from advances in technology, to physical wire cuts, to software mis-configuration, to malicious attacks. This panel will examine broad industry collaboration across a myriad of interests and capabilities that has created the amazing development and growth of the Internet, and will try to pinpoint specific initiatives and technologies that need to be developed or enhanced.

  Jack Waters - SECTION KEYNOTE
  Traditional notions of reliability may not transfer directly to IP based networks. Rates of change, services, number of players, of underlying technology, business relationships and standards methods are all different. Disruption technologies like those used by IP enable different services requiring different reliability requirements. There is a huge distinction between the Internet and an IP protocol suite (providers). An examination of Internet reliability must consider connectivity, public aspects, security and implications on reliability, routing, and provider interconnection. An examination of the IP-based reliability must consider protocol robustness, acknowledgment of the standard process to contemplate more than Internet applications. There are layers of reliability, many of which are independent of the Internet or the IP protocol suite.

  Both IP and the Internet depend on open standards, some of which are required while others are optional. There are also different types of open standards, such as market-based (IP, Optical Technology Development, IETF) and centrally planned standards environments (ITU). Reliability will require changes in design, implementation, operations and business models. Disaggregated markets drive rapid change and price improvements, but raises new reliability issues. Market driven policies and standards will continue to best serve the carriers, vendors and customers in a disaggregated market. The standard development process needs to continue on its cooperative path and not go towards centrally planned standards.

  QUESTION: WHAT IS MEANT BY THE "RELIABILITY" OF THE INTERNET AND WHAT WOULD BE THE APPROPRIATE MEASURES FOR DEFINING INTERNET RELIABILITY.
  Scott Bradner -  We can compare it to the ESDN reliability and the end-req reporting requirements, which is voluntary reporting. The Internet is actually very reliable due to redundancy and parallelism at the deepest layers. When talking about reliability, you have to determine what piece you are evaluating. The traditional model is not applicable in a meshed, interconnected, multi-service network such as the Internet. There needs to be a different understanding of what "reliability" is. Appropriate kinds of reporting mechanisms need to be identified and defined. For example, statistics from the provider will vary greatly from the end user statistics. From a service provider's point of view, the vast majority of failures are end circuit failures (in the outer layers of the Internet) and affects relatively few (1-1000) users.

  QUESTION: HOW RELIABLE IS THE INTERNET TODAY?
  Randy Catoe -  The Internet is not a controlled network, on which our original ideas about reliability are based. It is an amazingly complex, interdependent and, because of that, amazingly robust network. Commercial use of the Internet is not a reliability question, it is a risk management question: "In what ways should the Internet be used?"

  QUESTION: WHAT ARE THE AREAS OF FAILURE, WHERE THINGS CAN GO WRONG, PREVENTING A SUCCESSFUL INTERNET EXPERIENCE?
  Bob Hinden -  The Internet is becoming more complicated - and, therefore, fragile -- due to IPv4 address scarcity and the implementation of middleboxes, translators and gateways. End-to-end architecture is very robust but we have been moving away from that and need to get back to it as much and as quickly as possible. The provider interconnection, the BGP inter-domain protocol for exchanging routes between providers, could experience a massive outage, i.e., router failure. Need to view outages differently. The old monopoly concept no longer applies.

  QUESTION: IS THE INTERNET BECOMING MORE OR LESS RELIABLE?
  John Reidel -  It is not reliability of the Internet that is in question, it is the reliability of the service purchased from the "Service Provider" who chooses equipment, architecture design, and levels of service. Technical definition of consumer Internet access is cost.

  QUESTION: WHAT ARE THE CURRENT WEAK LINKS?
  Randy Catoe -  The ability of people operating the Internet may not have scaled as the Internet has grown. Information sharing.

  QUESTION: IS THERE A TENSION BETWEEN FUTURE RELIABILITY OF THE INTERNET AND ALLOWING PEOPLE TO TEST INNOVATIONS ON THE INTERNET AS IF THE INTERNET IS AN EXPERIMENTAL PLAYGROUND? WHAT ARE THE CONFLICTS?
  Bob Hinden -  No conflict. Many people and enterprises are not making the important distinction between the IP-level network and the application domains. If there is a choice to be made, innovation needs to be chosen.

  QUESTION: WHAT ROLE SHOULD THE GOVERNMENT HAVE IN INTERNET RELIABILITY?
  Scott Bradner - The role government has played in the PSTN is as a voluntary report mechanism, not regulatory. Regulators will fixate on what they understand, on the KOS issue not on the features issue. If we had regulations about quality, we would have never had cell phones. What the government does need to mandate is honesty; there should be legal/criminal penalties for not doing what you say you will. If government were to regulate the service quality -- which affects network architecture, subscribing links, use of a netbox vs. an email server - that would inhibit innovation.

  Conclusions:
  

• The Internet is reliable.
• Expectations are not appropriate and there is confusion about what the "Internet" is. There is lack of distinction between the PC, the servers and the network
• The reliability question applies to service providers and applications.
• Government should not regulate quality.

   

   

  1:15 p	Luncheon -- Comments on "Security in Cyberspace" and policy challenges ahead
  Sponsor:	Securify, Inc.

  Keynote: Richard Clarke, U.S. National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism, National Security Council.

  President Bush has requested a NEW plan, not an update of the existing plan, for protecting cyberspace. He has indicated that this new plan should be written jointly between the owners and operators of critical infrastructure-much of it by the private sector-and the government. All participants are seriously invited to participate in the drafting of this national plan. The question is not how to protect the current systems, but how to protect the next-generation of the National Information Infrastructure (NII).

  To avoid imposition of legislative regulations, private industry and government must prove they are successfully handling security issues through partnership. Partnership means government asking questions of the private industry and private industry proposing solutions to the government.

  Current government questions include:
  1. As new devices are introduced to cyberspace, should all functions be sharing the same network? Should critical functions be removed from the mix and moved to RPNs, Really Private Networks (vs. VPNs).
  2. What is the responsibility of ISP and backbone providers - carriers -- to prevent smart viruses, denial of service packets and hacker tools? Should providers be asked to develop protection against these problems?
  3. Who is going to prevent the migration of old vulnerabilities to the new national information infrastructure and model/test the new infrastructure for new vulnerabilities? Where is the national modeling capability to look at the interdependencies between the IT system and such things as electric power?
  4. Voluntary open standards take longer to develop but are better than imposed standards. How do we encourage voluntary adoption of open standards, which have security as their focus, in a more timely manner?
  5. How might information be shared across sectors, functions and the public-private gap for timely and comprehensive analysis and development of solutions to threats and vulnerabilities?
  

   

  2:30p	Section III: Security of the Internet -- Technology and Policy Choices for the Future

  Section Keynote: George Samenuk, CEO and President, Network Associates;

  Section Chair: Ira Parker, Senior VP and General Counsel, GENUITY;

  Panelists:
  

• Ron Dick, Director, U.S. National Infrastructure Protection Center;
• Dr. Taher Elgamal, CEO and President, Securify, Inc.;
• Dr. Andrew Rathmell, Chairman, Information Assurance Advisory Council, United Kingdom;
• Howard Schmidt, Chief Security Officer, Microsoft, and Chairman, IT ISAC; and
• Ken Watson, Alliance Manager, Critical Infrastructure Protection, Cisco Systems, Inc., and President and Chairman, U.S. Partnership for Critical Infrastructure Security.

  Overview: The Internet has become an important part of critical infrastructure systems around the globe, as a communications tool and as a driver of economic development. Reliance on the Internet will continue to grow as it becomes more pervasive and a more integral part of daily living. Yet, even as the network grows, viruses, denial of service, and other malicious attacks cause substantial economic damage and in extreme cases, threaten critical infrastructure systems. This panel will examine how the private sector and governments are collaborating to improve security and reliability of mission critical systems and to detect and respond to cyber attacks. The panel will highlight industry-led efforts to develop tools that deter hackers and prevent cyber attacks, and determine what/how safeguards must be implemented to improve the security and reliability of the next generation Internet.

  George Samenuk -SECTION KEYNOTE
  Today's technology definitely faces many problems and challenges affecting privacy and security, but there will be many more with the introduction of imminent new technologies. The security issue is more pressing and visible than ever before. The number and significance of attacks is growing with increasing costs to companies, governments, organizations and individuals. However, the true cost is the undermining of trust in the Internet, which is crucial to its future. While many of the technology-based vulnerabilities are due to individual products, vulnerability is also due to the overall complexity of systems. Human error and process also greatly contribute to vulnerability. Organizations need proper policies, employee training and enforcement of corporate security practices.

  There is a strong need for Cyber-Ethics education.

  "Public policy will never catch up to technological development." Companies can develop new products and technology faster than lawmakers can pass new laws and write new regulations.

  Protection is now needed for both systems and users. There is now a convergence in communications of: voice, data and multimedia; analogue and digital; phone lines, cable modems, fiber optics, and satellite hookup. Security needs to be implemented from the start across these technologies and applications, representing a completely new challenge to the industry. Convergences in businesses due to deregulation and market dynamics (banks merging with insurance companies, energy with transportation companies, and telecommunication providers with information technology) represent security needs that differ from sector to sector.

  The intersection of policy and security is global because the Internet is global. Policy and security involve global organizations such as the UN, OECD, and other standards bodies to multilateral/regional, national, state and other sub-national governing bodies. There is a wide variety (sometimes non-existence) of security measures: some complementary, many not compatible. Previously, public policy has been viewed as existing in a separate sphere from that of technology.

  Policy can potentially affect security and trust in the Internet in three ways:

• Drive security directions and promote innovation through development of model international laws, establishment of guidelines, standards, practices, and regulations and provision of funding;
• Enable security implementations by using policy to promote the use of e-commerce and e-government;
• Inhibit the development and proliferation of security through regulations controlling the importation, exportation and use of cryptography.

  Policymakers should: make certain that government agencies have adequate resources and accountability to ensure the government's own systems; fund R&D in cyber security; identify and eliminate barriers; define and enforce against cyber crime; let technology and markets drive solutions; leverage their own weight as a purchasing customer; and share information and coordinate responses.

  QUESTION: WHAT ARE THE APPROPRIATE ROLES OF GOVERNMENT AND PRIVATE INDUSTRY AND HOW CAN THEY WORK TOGETHER ON THESE ISSUES?
  Ron Dick - Government should facilitate information sharing between the various private sector industries and government. Customers, who demand safety and security, will drive solutions.

  Ken Watson - The Partnership for Critical Infrastructure Security (PCIS) is composed of industry groups who share information through a number of dedicated issue based working groups, has 15 board members, 26 founding members, about 200 general members, and meets twice per year. Some of its priorities are and areas of research are:
  

• National Plan-Helping to bring together pieces of the national Plan as written by several different sources
• Research and Development Roadmap
• Awareness Roadmap
• Cooperative Information Sharing-Developing a system to share information between ISACs
• Legislative Issues
• Interdependency Intersections

  Howard Schmidt -
  

• Costs are relatively low compared to the money flowing back and forth. (Risk management is actually relatively low).
• We have been sharing information for a long time; however, it has been on a more personal level. Changing to a more formal system of sharing information will take time in order to build relationships and trust.
• Regarding investigations and law enforcement-Law enforcement needs resources. Law enforcement needs take the information it collects, and immediately transfer it to those who are charged with the protection and investigation of activities against the networks.

  QUESTION: WHAT IS THE NON-US PERSPECTIVE ON THIS ISSUE?
  Andrew Rathmell - Security is an international issue. While national-level activities are required (legislation, prosecution), the real driving issues such as common problems of how to model interdependencies and how to share information, or broader public policy issues such as regulation and legislation, must be tackled at a multi-national level, even more broadly than the EU. Collaboration is necessary as policy-making organizations do not all have a relationship with industry. The sector sharing models can inform the needed development of horizontal (cross-sector) sharing. Many companies are global and are motivated toward a global response to security, privacy and sharing.

  QUESTION: WHAT IS THE ONE ISSUE THAT KEEPS YOU UP AT NIGHT?
  Taher Elgamal - Determining what you want the network to do. Then determining if it is doing it. A network of networks confuses the picture. You must match policy to reality.

  Conclusions:
  

• Protection is now needed for both systems and users.
• Security needs differ from sector to sector.
• Government should facilitate information sharing between the various private sector industries and government. Customer demands will drive solutions.
• Policymakers should: make certain that government agencies have adequate resources and accountability to ensure the government's own systems; fund R&D in cyber security; identify and eliminate barriers; define and enforce cyber crime; let technology and markets drive solutions; leverage their own weight as a purchasing customer; and, share information and coordinate responses.

   

  4:15 p	An Action Agenda for a More Secure and Reliable Internet

  Section Leader: Vint Cerf, Senior Vice-President, WorldCom and Principal Member of GIP and XIWT;

  Panelists:
  

• Marty Stansell-Gamm, Chief - Computer Crime and Intellectual Property Section, U.S. Department of Justice;
• Harriett Pearson, Chief Privacy Officer, IBM;
• Niel Ransom, CTO - Alcatel USA; and
• Ira Parker, Senior VP and General Counsel, GENUiTY.

  Vint Cerf -
  1)  There are three "Ps" to policy enforcement:
  a)  Prevention: Prevent banned behavior through technical means
  b)  Punishment: Punish banned behavior if it is detected/reported
  c)  Principles: Exhort behavior based on moral principles
  

  2)   Possible Action Agenda Items
  a)   Reliability will depend on:
  

• Simplification of architecture
• Securing DNS
• Increased redundancy (of equipment, circuits, etc.)
• Tightened configuration management (reconcile configuration database and actual device configurations)
• Avoidance of "genetic homogeneity" of software b)   Security will be based upon:
  
• Use of strong authentication and source validation to combat some forms of attack
• Use of route servers and filters
• Exercise of cyber-hygiene for all components
• Use of strong authentication for identification and subsequent authorization
• Use of encryption in wireless environments
• Use of VPN tunneling from public Internet to enterprise networks
• Reduction of sole reliance on firewalls; securing of hosts
• Implementation of PC software that takes into account vulnerability in addition to functionality c)   Privacy will require:
  
• Deliberately drawn lines for data (as in privileged conversations)
• Promotion of "privacy protection" to the level of a commercial issue (rewards and/or punishments)
• Development of computing and communications systems to protect privacy (access controls, comsec, armored operating systems, etc.) - the issue here is: usability vs. security d)   Work with the US government on the National Infrastructure Protection Plan to establish goals and procedures for protecting Internet and IP-based systems e)   Governments around the globe should review current laws and apply to Cybercrime as appropriate

  Marty Stansell-Gamm -  Need to share information and cooperate across disciplines. This is an intelligence and law enforcement issue as well as a technical one. Everyone is working on different parts of the security problem and a coordinated response is required. We need to figure out what sharing information looks like, choose a model that defines what, where, to whom and when. Any course of action, other than voluntary cooperation, will fail.

  Ira Parker -  This is not a national issue. This is going to be a global issue and we have to work all together. If private industry doesn't secure their businesses (and their customers), government WILL step in with regulations.

  Niel Ransom -  Should be using technical prevention as well as enhancing increase awareness (on the part of the consumer) that different systems have different levels of security/privacy and that they, the consumers, have a choice (and, thereby activating the pressure of market forces).

  Harriet Pearson -
  

• We need to help educate non-technologists (policymakers, academics, etc.) about the trends and the challenges facing the technology about which policy-makers will be seeking to impose policy.
• Policy/privacy notices are very difficult to provide to users. Streamline this process with technology such as use of P3P (far beyond its application with cookies).
• Use technology to help companies with Privacy Rights Management/Enterprise Privacy Management.

  Vint Cerf -
  

• We need to focus on reliability first, because if it isn't reliable it won't survive as an infrastructure.
• In order to build a reliable system, we will need to use serious security technology. Without security, there is no privacy. Without privacy, there is no trust. We can measure reliability more easily than we can measure privacy, which is easier than measuring security, which is more difficult.

  Audience Priorities:
  1)  Worried about an "electronic Pearl Harbor"
  2)  Reliability:   Solutions must be socially engineered
  3)  Education issue:   How much are you willing to spend to manage how much risk?
  4)  Policies that create incentives for observation of privacy
  5)  Economic:   Cost vs. security trade-off
  6)  Cooperation:   What are viable incentives? In some cases, there are incentives to NOT cooperate. This is not a situation of ordering cooperation and disincentives need to be removed.
  

  THE GLOBAL INTERNET PROJECT AND XIWT ARE DEVELOPING A JOINT WHITE PAPER ON THE ISSUES DISCUSSED ABOVE, WHICH WILL BE AVAILABLE LATER THIS YEAR.