Winn Schwartau isn't afraid of expressing controversial opinions. Schwartau, a leading speaker and author on Internet security, thinks the Internet's core protocols should be rewritten from scratch. And he worries that solar storms could send our wired world "back to the stone age."
Sound improbable? In fact, Schwartau has a lengthy track record of offering early warnings on emerging security threats and concepts, has testified before Congress as an expert on cybersecurity, and has been a regular speaker at DefCon and in the media. Schwartau will be the keynote speaker at the Data Center World Fall 2012 conference slated for Sept. 30 – Oct. 3 in Nashville, Tenn. We recently conducted a Q&A with Schwartau, who shared his take on the state of Internet security, the problem with Internet protocols, the challenges posed by the mobile data explosion - and yes, the threat posed by solar storms.
Data Center Knowledge: For years you have predicted that there would be more instances of corporations being hacked. There’s now a steady stream of headlines about these incidents. Is there a way to turn things around?
Winn Schwartau: What I said 24 years ago was that corporations and enterprises of all kinds worldwide would become significant targets of criminal and nation state hacking on a global basis. I also said there are two fundamental motivations behind the hacking. First is the profit motivation for intellectual property, trade secrets, client lists, etc. The second is not profit oriented, (but) the goal is harassment or upsetting operations of the company for potentially secondary profit effects, bad PR or other non-monetary goals.
Cyber war has been with us for 20 years; the media is finally reporting it. We have so missed the boat that our best approach today would be to reinvent the internet from scratch instead of trying to patch the broken systems. That sounds impossible, but unless we create a fundamentally secure mechanism for communication, we will lose by doing nothing - so we have to try.
DCK: You’ve called for efforts to rework core protocols to incorporate better security. This idea has been kicked around for a number of years by groups like ISA, but has never really gained serious traction. Does this require starting from scratch, or are there ways to incrementally build better security into key protocols?
Schwartau: The Internet is a mad scientist’s experiment run amok. It was never designed to do what we are using it for today, which is to manage the global economy. Does this require starting from scratch? Migration is needed. I’m not recommending unplugging the Internet. We need to create something better. Much like the “Field of Dreams.” If a new backbone is built correctly, scalable and secure – they will come, they will use it. And it will be more secure if we build the security in from the beginning.
DCK: The proliferation of mobile devices represents a major security challenge for data center managers. What do you see as the most important strategies for managing mobile security?
Schwartau: Today there are close to 2 billion laptops, 2 billion mobile devices of varying degrees and types, and by end of the decade there will be 20 mobile devices as part of the Internet of Things. The problem that organizations face today is that they have no idea what mobile devices are even connected, who is using them and what they are doing on the networks. The best security advice for business facilities is to turn it all off and then develop a security policy, a mobile security infrastructure, and only allow those devices on your network that meet appropriate levels of security and compliance.
DCK: A long-standing challenge in many data centers is a structure in which the facilities and IT departments are separate organizations. What are the implications of this approach on the security front?
Schwartau: Stove piping is a manifestation of management insecurity, not a technical problem. Technical groups should have a mechanism to communicate the management and business needs as well as the technical infrastructure needed to accomplish those goals. The same thing is true with the government. Corporations should do better as they are profit driven. Chief information officers and chief technology officers and management boards should instruct varies technology departments to stop the child-like bickering and get to work.
DCK: Several recent data center industry conferences have examined the potential for solar storms (coronal mass ejections) to disrupt communications and utility power grids. You’ve said that CMEs represent a threat that could disrupt the global power grid and send IT “back to the stone age.” What makes you believe this is such a profound threat?
Schwartau: I grew up an analog engineer during the cold war. The Soviet Union used vacuum tube technology for fighter aircrafts so they could still function in a nuclear war atmosphere. Back in the 80s I worked with HERF (High Energy Radio Frequency) and EMP (ElectroMagnetic Pulse) detonation technologies. If a solar flare or CME on the level that some astronomers are saying is a real possibility occurs, we have a small window of opportunity to save the planet. We have the technology to monitor solar storms, turn the planet off (and I mean turn everything off) and let the CME hit us. The damage will be less than if we keep the planet on. Not enough people believe it can happen, but I have lots of tuna fish and oatmeal in my garage.
For more information and registration, visit the AFCOM Data Center World 2012 website. For Data Center Knowledge readers, the discount code is DFA12DK111.