According to experts at a meeting here this week sponsored by the Global Internet Project and the Cross-Industry Working Team, the reliability issue lends itself to market-driven technology solutions. However, network security on a future Internet carrying everything from voice to video raises difficult architectural and policy questions that will take longer to resolve.

One measure of reliability is whether the next-generation Internet should be as bulletproof as today's public-switched telephone network. Some planners think it will have to approach that level of reliability to offer new services like voice-over-Internet Protocol and video distribution. Ultimately, the level of reliability may depend on service providers and how much their customers are willing to pay for uninterrupted service, Internet experts said.

When new voice services are added along with a host of new wireless devices linked to the Internet, "it starts to fall apart," said Robert Hinden, chief technology officer for Nokia IPRG (Mountain View, Calif.) and a member of the Internet Engineering Task Force (IETF). Proposed solutions like the Internet Protocol version 6 will add more address space to the Internet, but it also makes it "more fragile," Hinden added.

'End circuit' breakdowns

Many at the engineering conference agreed that reliability problems tend to be at the edges of the network, in PCs and operating systems, rather than with servers, routers or other parts of the infrastructure. Scott Bradner, co-director of IETF's transport group, said most network breakdowns are "end-circuit" rather than component failures.

But Vinton Cerf, co-designer of the TCP/IP protocols that helped launch the Internet, said he "lives in fear" of undetected bugs in routers that he said could bring down the Internet.

Protecting that infrastructure and thereby ensuring reliability is also taking center stage in the debate over how to build a secure next-generation Internet. The security issue has gained prominence as more non-PC and wireless devices access the Internet, more critical functions like power-grid management shift to the Web, and attacks mount on service providers and network infrastructure.

"Security [on the Internet] today is woefully inadequate," said George Samenuk, chief executive and president of Internet security specialists Network Associates Inc. (Santa Clara, Calif.). He predicted security concerns would grow as mobile computing expands.

Making matters worse, a government audit released Tuesday (May 22) found that a national center established in 1998 to protect against cyberattacks lacks the resources to fulfill its mission. The U.S. General Accounting Office report found that the National Infrastructure Protection Center "does not yet have adequate staff and technical expertise," and its "roles and responsibilities have not been fully defined."

The debate over how to ensure Internet security is about to heat up as the Bush administration begins rewriting a national plan to protect critical Web-based networks.

Richard Clarke, the administration's point man on cyberterrorism, pledged at the conference to work with industry to develop the plan this summer.

"We need cooperation on an architecture to defend the Internet because it needs defending," Clarke said.

Many in the Internet industry say the government's proper role in ensuring network security is to fund research and enforce laws against crime on the Internet. A touchier issue is how government and industry can share intelligence on network threats. "The government should be a facilitator for information sharing," said Ron Dick, an FBI official and director of the U.S. National Infrastructure Protection Center.

Sharing information

"We are sharing information," added Howard Schmidt, Microsoft's chief security officer and chairman of a government-industry group on information security.

Once security and reliability requirements are established for an expanded Internet, a research road map will emerge, predicted Ken Watson, president and chairman of the Partnership for Critical Infrastructure Security and manager of critical infrastructure protection at Cisco Systems Inc.