LAGUNA BEACH, Calif.—Not too many people would know or remember this, but Vint Cerf is one who does: May 2014 marks the 40th anniversary of the first publication of the description of what we know today as the Internet.
In September 1973, Cerf and a colleague, Robert Kahn, wrote a paper, “A Protocol for Packet Network Intercommunication,” for the May 1974 edition of IEEE Transactions on Communications. The dissertation described how packets of digital data would be able to move from one computer node to another, then to another, then to many others, using new protocols and standard phone networks.
One of those protocols, designed and written that same year, was TCP/IP, short for Transmission Control Protocol/Internet Protocol. It remains the key data movement protocol of the Internet; in 1983, it became a standard. Another of those protocols, FTP, or File Transfer Protocol, enables users to log on to a remote computer, list the files on that computer and download files from that computer.
Vinton Gray Cerf, 70, now serves as vice president and chief Internet evangelist for Google. He was there when the Internet was turned on using TCP/IP and FTP in 1983, and is one of the fathers of the network because he helped code it and was influential in many of the biggest milestones in its history.
Security Was an Issue From the Very Beginning
“It started out as a bunch of geeks who basically thought it would be really cool if every network in the world, every computer in the world, would be interconnected in some very informed way, and wouldn’t that be amazing if they could share information in a very fluid and flexible way?” Cerf said in an interview at the 12th annual FiRE 2014 conference here on May 21.
“For a very long time, it was the property of the scientific and military community, but in about 1989, the commercial services came along, and not very long after that, Tim Berners-Lee’s invention [of the World Wide Web] becomes visible, then Marc Andreessen and Eric Bina with Mosaic [the first graphical browser in 1994], suddenly, the general public comes onto the net. At that point, we have a sea change.”
Why Vint Cerf Thinks Net Security Should Go Back to the Future
It was then, right at the outset, that the security of the public network posed a thorny, lasting problem.
“At this point, you have the general public involved. This means that not only do you get a lot of good guys using the net, but you get a lot of bad guys, as well,” Cerf said. “And although there may not be that many bad guys, there are enough of them to cause a lot of trouble. They’re out there to take advantage of other people.”
Firewalls Weren’t in Original Plan
Perimeter defenses—or firewalls—of Internet-connected computers was not part of the original design of the net, Cerf said.
“The original design was that computers had to defend themselves and validate the parties that wanted to communicate with them, and [which computers] they themselves wanted to communicate with,” Cerf said. “And if they couldn’t validate that, they shouldn’t allow that communication. This firewall notion sort of popped up as a response to an enterprise desire. Perimeter defense is not stupid, but it is inadequate.”
Cerf suggested that perhaps enterprises, governments and individuals should look to the origins of the Internet to reinvent security of personal and business information in the network for the future.
“It’s very important for us to seriously revisit the ability of operating systems to defend themselves,” Cerf said, “to revisit the use of strong authentication, two-factor authentication and the like [and] to revisit mechanisms for applying cryptographic methods in order to defend every single computer from everything. And, of course, it’s getting more important to do that because some of the things that are joining this network are not only desktops and laptops and pads and mobiles but now appliances in the machine-to-machine world.
“I am very worried about the headline that says: ‘One Hundred Million Refrigerators Attack Bank of America.’ We can laugh at that, but it could happen. Even if you don’t use it [the network] for more than very simple kinds of control—like a refrigerator or the heating and ventilation of a building—the actual platform is quite powerful and can be overtaken, and it will be used by people who will use it as a launching platform for distributed denial-of-service attacks or other malicious things.
“This is why enterprises and the academic community have to refocus on what it takes to make the hardware and software a lot more resistant to penetration.”
People should all be very conscious of the fact that the Internet is “a fundamental infrastructure that is neutral and is subject to both use and abuse,” Cerf said. “We don’t have to tolerate it, but we have to accept that there will be abuse on the net.”
The Internet: Golden Goose of Commerce
“Even though we have a broad range of bad stuff happening on the Internet, in some sense threatening to its historical openness and freedom, the reason I feel very strongly that we need to find ways to preserve that freedom is that as you try to shut the net down and prevent bad things from happening, you also wind up destroying the golden goose,” Cerf said. “The freedom and ease of access to the net is what has generated so many businesses now operating in the world.”
Why Vint Cerf Thinks Net Security Should Go Back to the Future
Cerf, big on net neutrality, is a highly vocal proponent for as little regulation as possible in the cyber-world.
“I can assure you that Larry Page and Sergey Brin did not have to do a negotiation with every single ISP in the world in order for them to bring up Backrub, which became Google,” he said. “‘Permissionless innovation’ is a term I like very much, meaning that one doesn’t have to get permission in order to innovate. It is a very powerful tool. I think it is important to preserve that notion that what other people know may be useful to you, and vice versa.
“I have to say that the most astonishing effect of the arrival of the World Wide Web was the enormous avalanche of content that flowed in because people just wanted to share what they knew, on the possibility that it would be useful to someone else. I think that intention is still there, although this is a big tent, and all business models are welcome.”
Ultimately, the Internet needs to continue to adapt to changing security problems and figure out new ways to defend the free transmission of information.
“As the Internet becomes more and more penetrant and more things are connected to it, we’re going to have to learn what social conventions we need to adopt, in addition to legal structures and technical mechanisms, in order to make the net a safer place to be,” Cerf said. “And it does have to become a safer place to be because, if it does not, it will fail.
“We have a big challenge ahead of us, with a number of different tools, to respond. But we’re just at the beginning of a lot of that response.”
A True Cyber-Space Pioneer
In the 1960s and ’70s, Cerf was a program manager for the U.S. Department of Defense Advanced Research Projects Agency (DARPA), funding various groups to develop TCP/IP. When the Internet began to transition to a commercial opportunity in the late 1980s, Cerf moved to MCI, where he was instrumental in the development of the first commercial email system (MCI Mail).
Cerf was instrumental in the funding and formation of Internet Corporation for Assigned Names and Numbers (ICANN), the private sector, nonprofit organization created in 1998 to assume responsibility for the Domain Name System from the start. He waited in the wings for a year before he stepped forward to join the ICANN board, eventually becoming chairman. He was elected president of the Association for Computing Machinery in May 2012, and in August 2013, he joined the Council on CyberSecurity’s Board of Advisors.
About the FiRE Conference
The FiRE Conference, in its 12th year, is an elite international meeting of about 250 business executives. The event, held May 20 to 23 at the Montage resort in Laguna Beach, is conducted by Mark Anderson’s Strategic News Service, a Seattle-based research consultancy that describes itself as “the most accurate predictive newsletter covering the computing and communications industries.” Members include IT leaders such as Cerf, Michael Dell, Bill Gates, Paul Jacobs, Justin Rattner, Steve Ballmer, Paul Ricci, Bill Janeway and other global intellectual, policy and business leaders.
Photo of Vint Cerf courtesy of Creative Commons/Wikimedia.org.