Report: Internet Weaknesses Must Be Fixed

Internet vulnerabilities that became apparent in the aftermath of Sept. 11, 2001, still need to be shored up, a comprehensive report underscored this week.

While the Internet suffered minimal damage on the day of the terrorist attacks, the potential for extreme damage in a future attack still looms, said the report by an arm of the National Academy of Sciences and National Academy of Engineering.

The Sept. 11 attacks weren't on the Internet itself, and therefore the Internet's resilience doesn't indicate how it might be affected by an attack that targeted the network. However, the events do point up possible vulnerabilities.

For example, "A New York City hospital learned that its doctors had come to rely on wireless handheld computers fed through an external Internet connection. When this link was briefly broken by the collapse of the towers, doctors had trouble accessing medical information. Contingency plans, more coordination with local authorities, and a means of restoring service remotely also are needed to better deal with electrical power failures," the report said

While the Internet experienced only a small loss of overall connectivity and data loss, other telecommunications systems didn't get off as lightly as the Internet did, according to the report. Telephone service was disrupted in parts of lower Manhattan, and cell-phone service suffered more widespread congestion problems.

The study was prepared by the National Academies' National Research Council, sponsored by the Association for Computing Machinery's Special Interest Group on Data Communications, IBM, and the Vadasz Family Foundation.

"An awful lot of Internet traffic ran through a Verizon hub down on Wall Street that was within a stone's throw of the towers," said Eric Hemmendinger, security analyst with the Aberdeen Group. "The place was wiped out. Everyone who went through that hub as a primary connection was offline. Firms have realized that you need to have a backup alternative, and you need to make sure that you're not going to be subject to any kind of physical disaster in one location."

While vendors say they have a heightened awareness of Internet security, that awareness hasn't sparked new spending, Hemmendinger said.

Security vendors were seeing 8.5% to 9% annual growth prior to Sept. 11, and they've continued to grow at the same rate since. The lack of acceleration is attributable to slow reaction time; for instance, the U.S. Department of Homeland Security was just created this week, 14 months after the attacks, and spending to create a Homeland Security infrastructure won't start for several more months.

Moreover, while IT security awareness is growing, spending is not.

Says Hemmendinger, "It's a higher priority, but in a smaller pie."