Mitigating Net risks: 'More needs to be done'

The model of relationships and trust that had accompanied the early stages of Internet development is now lacking as users and content on the Web increase, according to the Asia-Pacific Network Information Centre.

"At its most fundamental level, the Internet relies on network relationships between networks that operate on a system of mutual trust," an APNIC spokesperson explained in an e-mail interview. "This trust model was sufficient in the early stages of Internet development, but is increasingly open to potential abuse and attack as the network encompasses a very much larger and very much more diverse population of users and service providers."

Securing the Internet began more than a decade ago, the spokesperson added. However, as the Web has today become "a critical piece of infrastructure", the need to ensure the security and stability of the network has grown and "more needs to be done to mitigate the risks".

To better secure the Internet, the APNIC, which provides registration services to support Internet addressing, and a supporter of technology and standardization efforts within the region, is working on a two-prong approach. First, it is urging the global Internet community to adopt DNSSEC technology--encrypted protocol extensions to better protect the Internet. In September 2008, the organization announced it had formally written to urge the Internet Corporation for Assigned Names and Numbers (ICANN), to press ahead with its plans to use DNSSEC technology to digitally sign the root of the DNS "as soon as is realistically possible".

"APNIC is pressing ahead with its own initiatives to secure the DNS root by embarking on DNSSEC deployment for zones administered by APNIC, but this work will be more effective once the chain of parent zones up to the root of the DNS are digitally signed," the spokesperson noted.

On another front, the APNIC is taking steps to secure Internet routing, notably with the rollout of its Resource Certification service, which allows Internet resources such as IP address blocks and Autonomous System numbers to be digitally signed.

"The unauthorized use of addresses can subvert all other network functions, including traffic inspection as well as masquerading, denial-of-service and selective corruption of services," APNIC's chief scientist Geoff Huston said in a document detailing frequently asked questions. "It can cause corruption of security services, subvert the operation of other secure services, disrupt virtual private networks and support a wide set of consequent attacks on the integrity of the network itself. Certification can help you control what addresses are routed via your infrastructure, or an ISP could prevent the use of their addresses once they no longer have a financial relationship with their customer."

The APNIC is not the only organization to voice out on the security of Internet infrastructure in recent months. Last November, a VeriSign executive pointed out that some countries have put in significant funds to harden Internet infrastructure, but others, such as "Third World countries, smaller Eastern European countries and some Asian countries" have not.

In response to e-mail queries from ZDNet Asia, Singapore's Infocomm Development Authority (IDA) said the country recognized the pervasive use of infocomm technology by the public and private sectors as well as its people--all of whom are stakeholders in protecting against cyberattacks.

The IDA first unveiled a three-year Infocomm Security Masterplan in 2005 and followed up with the second masterplan last year, which will see the government pump in S$70 million (US$47 million) over five years to boost the country's cyber defenses. A strategic thrust of this masterplan is to strengthen the country's infocomm infrastructure and services.

Another thrust of the current masterplan is international collaboration. According to an IDA spokesperson, Singapore will work "even more closely" with other countries to fortify Asia's Internet infrastructure.

"Already, Singapore is an active member of the international community through our participation in collaborative and information sharing initiatives," the spokesperson added. "Such foray include regional groupings in Asean and Asia-Pacific, as well as worldwide groupings such as the Meridian Process."