Washington — When it comes to cybersecurity, one of the fathers of the Internet has a lot to say. And topping his list: “We need more of it.”
Hackings make headlines for major companies, corporations, and governments worldwide. Passwords get stolen every day. Even Google was hacked in 2010. No one is completely impenetrable, according to Google’s Chief Internet Evangelist Vint Cerf. But that doesn’t mean protection isn’t worth the effort.
“What is really needed is to take steps to improve the safety and security of the Internet,” Mr. Cerf says. “We know how to do that, and I mean we as the Internet community. We just have to keep busy and really do it.”
Speaking about the growth of Internet connected devices at a National Press Club in Washington on Monday, Cerf said that although freedom of expression is a fundamental right, there are two more equally essential freedoms he wants to preserve: freedom of access and freedom from harm. “Unless people feel that they are safe in using the Internet, than they will not use it.”
“It’s essential that we do everything we can to protect people” from cyber threats, said Cerf, who is considered a founder of the Internet for his work on ARPANet, the Pentagon’s early version of the Internet. He helped turn the Internet “on,” on Jan. 1, 1983.
“We are all for responsible for improving the safety and security of the Internet. Your own choices, your practices [and] the practices of Internet service providers are all part of the fabric that we have to maintain,” Cerf said. “The things that you do to protect your own safety and security and privacy affect me, too, because if you don’t do a good job of it, you become an avenue through which phishing attacks can be made.”
He recommends two-factor authentication as a strategy for ensuring that even if a password is stolen or uncovered, access can be restricted. It works by requiring a secondary real-time password or code for entry, either generated by a small device, or sent to a mobile phone. “It means that [even] if somebody got your username and password, they can’t gain entry,” Cerf said.
He also advocates strict encryption protocols. “Your laptop should be encrypted, your disk drive should be encrypted, your mobile should be encrypted.”
Another recommendation: Using HTTPS for Web browsing. “The purpose behind it is to encrypt the traffic between you – your desktop, laptop, mobile, tablet – and the server on the other end. Google, in my case,” Cerf said. “And so the idea here is that everyone should be making use of this, so that while you’re using Web-based applications, the information is kept in encrypted form.”
But protection at one level does not solve the problem. Internet protocol addresses can be faked so that something looks like it’s coming from one place when it’s really coming from another. E-mail can be compromised. “We have to put prevention into various layers of the system, using various … technologies,” Cerf says. “And each layer and each provider of service at those layers has a responsibility, just as we do at Google.”
Expecting the government to be able to build policy that’s functionally appropriate is not practical, he said. “I am a strong believer that the government should step away from this special responsibility or authority and return it to the community which has created and operated the Internet since its inception.”
The private sector, tech community, academic community, and governments should share in the task, he said: “Our job as technologists is to try to be helpful, to provide clear enough explanations for how this stuff works so that when the policy gets developed, it actually is implementable and makes sense.”