Issue link: http://www.e-digitaleditions.com/i/59881
I think, as security technology providers, we can create great products and services the digital threat. What's likely to emerge are blended attacks that will have physical and digital implications. The real goal of NSTAC is to make sure that the private- sector companies that operate much of the critical infrastruc- ture are both prepared for national security events and capa- ble of supporting the first-response initiatives for federal, state, and local governments. We have to make sure we're as resilient against attack as we can be by sharing information— and then, when there is an attack, make sure we can provide a reliable backbone for communications so that emergency responders can do their work. Extending the issue of security to the university cam- pus, you might know that many business schools now require laptops and offer wireless connectivity. What would be the likeliest threats to such large, multiuser educational wireless networks, and how can schools protect their students and themselves? I think that in general we are a society, particularly in the U.S., that will always choose ease of use and convenience over better security. That's true in what we do in an airport—it's true when we give our credit card to a waiter—and it's true when we take our laptops and hook up to wireless networks. There's an obligation in the security industry not to force end users to choose security over convenience. That said, we have to begin building services and technologies that are as easy to use or as invisible to the user as they can be. We need to have ubiquitous wireless networks with good security. So what could happen on a campus? The same thing that happens at an enterprise. A user goes home, hooks up to his broadband supplier, is Web surfing on personal time, and unknowingly gets a virus or a worm downloaded onto his computer. He comes back in tomorrow and plugs into the corporate or campus network, then all of a sudden that virus is everywhere. In the new genre of security threats, much of what we're seeing is that the penetration occurs from a friendly device that comes back into the network to contam- inate it. That's very different from two or three years ago, when all the threats were coming in the front door. The new state-of-the-art in security is what's called "vul- nerability assessment in management." The idea is, instead of waiting for an attack, why don't we proactively look at all the machines in our network, highlight what the vulnerabilities could be, and then begin isolating or patching them? It's somewhat like inoculation against some disease. Vulner - ability management offers early warning systems, as opposed to threat detection and response. I do think there is a longer term issue and opportunity 22 BizEd JANUARY/FEBRUARY 2005 here. My generation didn't grow up with the Internet. We kind of had it thrust upon us midway through our matura- tion. My children are growing up with both wireless services and the Internet as a part of life, and they're not as sensitive about security on these networks as they need to be. The next generation is the one that I hope will grow up with an education system that tries to establish a culture of security. Their attitude will be, "It's good to get on the network. It's better to get on the network safely." I think, as security technology providers, we can create great products and services that will make people secure, but they only work if people use them. The next generation has to grow up using them and taking them for granted. I want to turn the conversation toward the future. You have a 100-year vision for VeriSign. Can you describe it? We don't call it the VeriSign Vision. We call it the VeriSign Journey. A hundred years from now, how would we want the history books to describe what we contributed to technolo- gy and society in general? We want to build the infrastruc- tures that accelerate the next wave of economic activity—the way the railroads did, the way the electric power company and the air transportation industry did. And that's a lofty goal that our employee base has rallied around. Backing it up from that hundred-year-out journey, we ask, "What does that mean we have to be 25 years from now? Five years from now? And how do we stay on course by achieving certain milestones this year?" If we want to leave a legacy, then we want to be the most influential company of this century— the way that GE or IBM or Microsoft were last century. We've already got e-mail, e-banking, e-commerce, and wireless data access, and we're heading toward smart appliances. What else is coming? I have a slide in one of my presentations that shows the prover- bial hype curve. It says when a technology is first announced or introduced, the hype is like a rocket ship. But adoption rates are slower than anticipated, so we go into the trough of disil- lusionment. That lasts for some period of time. And then very quietly, without a lot of fanfare, adoption kicks in. Much of what you're going to see in the next five to ten years is the adoption of the technology and the infrastructures that were overhyped during the Internet bubble and given up for dead two years ago. Those include using voice-over IP, taking telephony from the traditional networks into IP- backed phones, reducing the costs of technology, and increas- ing the types of services you can get. Those might be wireless