The networked and decentralized nature of the Internet requires new and innovative solutions to ensure that it is a safe and secure method of communication and commerce. Effective solutions will require a working relationship between industry and governments that is grounded in a respect for, and better understanding of, each other's needs and capabilities. It will require vigilance to protect individual rights, civil liberties and the confidentiality of legitimate communications. Ultimately, it will require solutions that are global, flexible and readily adaptable to rapid technological change.
The Internet is a vital resource that is changing the way many organizations and individuals communicate and do business. However, the Internet suffers from significant and widespread security problems. Many agencies and organizations have been attacked or probed by intruders, with resultant losses to productivity and reputation. In some cases, organizations have had to disconnect from the Internet temporarily, and have invested significant resources in correcting problems with system and network configurations. Sites that are unaware of or ignorant of these problems face a risk that network intruders will attack them. Even sites that do observe good security practices face problems with new vulnerabilities in networking software and the persistence of some intruders.
The US National Infrastructure Protection Center anticipated the kind of massive denial-of-service attacks that crippled a number of commercial electronic commerce sites in January 2000 and offered a free software tool to help detect the software "demons or zombies" used to carry out those attacks. The tool enables system administrators to detect demons or zombies that hackers surreptitiously insert into network servers and then remotely triggered to launch the attacks.
The beginning of any computer or information security program starts with the basics of protecting the physical environment. With the integration of workstations, laptops, and telecommuting, the ability to provide adequate physical security has become a major challenge.
No corner of the Internet, however remote, is a completely safe haven. No computer on the Internet is entirely secure from all possible forms of attack.