Insecurity in cyberspace

[Commentary] Because of the way the Internet is designed and the poor general state of computer security, it is extremely difficult to pinpoint an attack's origin. Attackers are far ahead of our ability to track them. One good way to discourage cyber mayhem is ensuring that anyone who perpetrates it suffers consequences, so being able to place blame properly is important. But that's not so easy. Part of the problem is the very nature of the Internet, which was designed to allow any user to easily reach out and touch any other user. But that touch can be a caress or a punch. Most machines on the Internet are susceptible to attack from the outside, and when it happens, there are usually few fingerprints to identify the source. A complete solution is likely to be beyond our technical capabilities at this point, and the "fingerprint" problem makes it difficult to establish treaties mandating proper behavior in cyber warfare. But we should nevertheless seek ways of establishing better cooperation between nations, including protocols for handling known compromised machines.

[Reiher is an adjunct professor of computer science at the UCLA Henry Samueli School of Engineering and Applied Science]