Forty-five -year-old Internet protocols which date back to the US Defence Department's (ARPANET) from 1969 were never designed for cyber attacks and need to be changed, urged Verizon's US national security policy vice president, Marcus Sachs.
Speaking at AusCERT on the Gold Coast today, Sachs told delegates that the ARPANET researchers could not imagine that the network they designed would one day be under threat from online attackers. "ARPANET is gone but the Internet is still standing. Can we reprogram the simulation?" he asked.
"In terms of Internet protocols, hundreds have been proposed but there are only two that dominate- transmission control protocol [TCP] and user datagram protocol [UDP]," he said.
"We have built this beautiful thing called the Internet and we are only using it for two primary protocols, what a shame."
According to Sachs, this has created a "perfect opportunity" for cyber criminals as they are using lesser known protocols such as file transfer protocol (FTP) to cause problems.
"Can we re-program the Internet? It may take another 40 years to do this. We could change the rules and build a new Internet or perhaps live within the rules [of Internet protocols] and find creative ways to use the rules that we have."
Sachs added that he hoped in 40 years' time people were not relying on TCP and UDP protocols to use the Web.
"We still support the ARPANET reference model. It is still fundamental to how the Internet works but we now have an almost monoculture of operating systems made up of Microsoft, Apple and Linux."
Sachs shared a diagram (see image two) which showed that Windows made up 90 per cent of desktop operating systems while Apple and Unix made up the remaining 10 per cent.
Turning to mobile OS, Android had an 80 per cent share, Apple 15 per cent and others, such as Windows Mobile and BlackBerry, made up the remaining 5 per cent.
Server operating systems were made up of Unix (60 per cent) and Windows (40 per cent).
Hamish Barwick attended the AusCERT conference as a guest of AusCERT
Sign up for CIO Asia eNewsletters.