Networks and Security

To talk about network security in any detail, one must explain how networks have evolved in the last 50 years. With the invention of the telephone, people were able to communicate over long distances in real-time. Unfortunately, telephones were only useful if there was another telephone at the end of the link, as well someone to answer that telephone. Therefore, the world of telephones created a “switch” based world where one had to initiate (or “push“) and receive to complete a call. This switch based push world was valued at about the number of phones in the network (2N). With the advent of the internet, distinct packets of digital 1’s and 0’s data were packaged and transmitted over the network and stored in various remote locations. In this scheme, data is now “pulled” asynchronously from anywhere at anytime, and the value of the network is now square of the connections (N^2). It is worth noting that this is where the world is changing from an “atom” based world to an “electron” (or photon) based one. Therefore, given all these changes in physics, paradigm and scale, a different approach and type of security is needed.

In the world today, there are several network types that are suited for different applications.

  • 1-to-N = Broadcast communications such as TV and radio
  • 1-to-1 = Two-way interactive communication best suited for telephone, faxing and e-mail
  • N-to-N = Random asynchronous communication best for facilitating community networks, such as P2P and SNS
  • N-to-1 = Communication best suited for many people finding and communicating with something unique. Search is a good example here.

Today, network growth can be linked to CPU power doubling about every 18 months (Moore’s law), the number of networked computers increasing by 50% per year and bandwidth growing 3x faster (Gilder’s Law) than computing power. With these assumptions, the computing power of the internet doubles about every 10 months. Compounded by the fact that most consumers replace their computers about every 4 years, most of this growth will come from nontechnical, ordinary consumers who are not security aware.

Obviously, networks are becoming pervasive and ubiquitous in everyone’s daily lives. Unfortunately, networks also enable:

  • Anonymous attacks
  • Attacks from anywhere
  • Attacks at any time
  • Automated attacks
  • Technique propagation / reproducibility
  • Hostile code
  • Hostile hosts

With the popularity of cloud based computing and storage, things will become increasingly networked and increasingly vulnerable. Thus, internet security has started to change from a “Nice to have” (want) to a “Must have” (need) where the “Must haves” are characterized by a reliability constraint. Specifically, society cannot rely on that which is fragile and unpredictable. The internet, the ultimate network, is based on the cooperation of many components working together in sync. Furthermore, everything we do on the internet requires some security. Thus, your security is dependent on the security of many many others. Therefore, I believe security is the fundamental enabling technology of the internet; it’s what transforms it from an academic experiment into a serious business tool.

“The limitations of security = Limitations of the Internet = Limits of its business usefulness”

Security is actually a simple, single problem – Keep “them” away from “our” assets. Basically, we want to ensure our assets are properly guarded and maintained. This is true for all types of security – not just network security. What ends up making security complicated is that it has multiple realms based on the physical environment, technology, people, legal, fail over, etc., which are usually independent of one another and have different responsibilities, skill sets and reporting paths.

In the 1950s, American bank robber Willie Sutton was asked why he robbed banks. He said he robbed banks because “That’s where the money is.” Today, the money is in Cyberspace. The internet provides criminals two capabilities most required for the conduct of criminal activities: Anonymity & Mobility. If network security does not keep up with the growth of the internet, more and more criminals will target this relatively easy repository.

William Saito
Special Advisor at Cabinet Office (Govt. of Japan)
Named by Nikkei as one of the “100 Most Influential People for Japan,” Saito began software programming at an early age and started his own company in high school. By the time he was named Entrepreneur of the Year in 1998 (by Ernst & Young, NASDAQ and USA Today), he was recognized as one of the world’s leading authorities on encryption, biometric authentication and cyber security.

After selling his business to Microsoft, he moved to Tokyo in 2005 and founded InTecur, a venture capital firm and consultancy that identifies innovative technologies, develops global talent and helps entrepreneurs become successful. In 2013, Saito was appointed a Special Advisor to the Cabinet Office for the Government of Japan.

Similarly, in 2012 he served as a council member on national strategy for the Cabinet-level National Policy Unit, and prior to that, was named as the Chief Technology Officer for the Fukushima Nuclear Accident Independent Investigation Commission (NAIIC). He is a Foundation Board Member at the World Economic Forum (WEF), and has been named by the WEF as both a Young Global Leader and Global Agenda Council member.

Saito also advises several national governments around the globe. In Japan, he has also served as an advisor to METI, MIC, MEXT, MLIT, AIST, IPA and the Japan Society for the Promotion of Science (JSPS), among others.

He teaches at multiple universities, serves on several corporate boards, appears as a commentator on national TV and is the author of numerous publications in addition to writing a weekly column for a prominent Japanese business newspaper. His best-selling management book, The Team: Solving the Biggest Problem in Japan, was published by Nikkei BP in 2012, his follow-on book, Is Your Thinking up to Global Standards?, was published by Daiwa Shobo in late 2013 and his autobiography, An Unprogrammed Life: Adventures of an Incurable Entrepreneur, was published in 2011 by John Wiley & Sons.

Posted by whsaito

Leave a Reply

Your email address will not be published. Required fields are marked *