Home Project Title Page Introduction Background Potential Benefits Further Required Research Conclusion References

researcher thinking of possible solutions
Further Required Research

Many people have suggestions as to what to focus on to make the internet more secure. Schneier suggests that “the government needs to secure its own networks. This will take money, and it will take coordination. We need a cybersecurity coordinator, and he needs to have budgetary authority. This should be done openly, with commercial products, and not behind classified doors. Despite what the NSA might say, we should not weaken security by building systems to facilitate eavesdropping. We're all safer if information technology is more secure, even though the bad guys can use it, too. And the NSA should not be in charge of this in any case these are common problems with common solutions, and secrecy doesn't help. Secondly, the government should use its immense buying power to improve the security of commercial products and services. Most of the cost of these products is in development rather than production. Think software: the first copy costs millions to develop, but subsequent copies are essentially free. Additionally, the government has to buy computers for all its employees, and secure all its networks. It should consolidate those contracts, and include explicit security requirements. This will motivate vendors to make serious security improvements in the products and services they sell to the government, and everyone else will benefit because vendors will include those improvements in the same products and services they sell commercially.

Also, we need smart legislation to improve security in places where critical infrastructure is in private hands. We shouldn't make the mistake of thinking the market will magically solve Internet security. There are lots of areas in security where externalities cause security failures. For example, software companies that sell insecure products are exploiting an externality just as much as chemical plants that dump waste into the river. Good laws regulate results, not methodologies. A law requiring companies to secure personal data is good; a law specifying what technologies they should use to do so is not. Mandating liabilities for software vulnerabilities is good; detailing how to avoid them is not. The government should legislate for the results it wants and implement the appropriate penalties, then step back and let the market figure out how to achieve those results. That's what markets are good at.