Vint Cerf, an early architect of the Internet who is now employed by Google Inc., said in an e-mail exchange that Washington should quickly switch Web-address suffixes such as .com to an existing but more secure version of the Domain Name System, the electronic method for getting people to the right numbered addresses for the Web address names they type.
Cerf also encouraged the government to try to rein in the increased functionality of Web browsers, which can open computers to permanent damage, and to invest more in domestic and international cyber-law enforcement.
Beckstrom, an entrepreneur with little security experience before taking the helm of the National Cyber Security Center, is best known as the co-author of a recent book on the power of decentralized organizations. The nearest he got at Black Hat to faulting the status quo was when he said that a Domain Name System flaw recently discovered by security researcher Dan Kaminsky that had tech giants scrambling for solutions was a "huge problem."
Beckstrom said some effort should be devoted to rethinking the address system and other basics of Internet architecture because they represent a "single point of failure," a weak spot presenting an effective target. Otherwise, he praised the corrective power of the free market.
That's not enough for people like Dixon, who said that companies hold back on computer security because it's expensive and they aren't punished when something goes wrong. Although customers who lose information occasionally sue, few change their buying habits after even well-publicized breaches.
"The biggest thing we've noted is the lack of a guiding Net plan that includes privacy and infrastructure security," Dixon said. "We need an overarching cyber doctrine that's shepherded by the White House."
--
joseph.menn@latimes.com
