'GovNet' idea gaining new momentum after Sept. 11 attacks

Computerworld - WASHINGTON -- The idea of a multibillion-dollar, secure, government-only Internet was bandied about during the Clinton administration, but industry officials and others in government at the time thought it impractical.

Now, however, in the aftermath of the Sept. 11 terrorist attacks on the U.S. and with new threats on the horizon, the proposal for a secure government network that would be separate from the public Internet is getting serious attention from the Bush administration.

On only his second day as the president's new principal adviser for cyberspace security and the nation's de facto cybersecurity czar, Richard Clarke reinvigorated the call for what has been dubbed GovNet as one way to help defend critical government operations from hackers and terrorists (see story).

GovNet would be one of possibly a series of virtual private networks (VPN) that could insulate critical national services, such as those provided by the Federal Aviation Administration and the finance industry, from hackers and distributed denial-of-service attacks.

Jeffrey Hunker, the former senior director for critical infrastructure protection at the National Security Council under Clarke, raised the idea last December at a conference on security sponsored by Fortune magazine. At the time, Hunker said he believed that "we must decide to bifurcate cyberspace" into an open system on one side and a secure system supporting e-commerce and critical government functions on the other.

Hunker, now dean of the H. John Heinz II School of Public Policy and Management at Carnegie Mellon University in Pittsburgh, said in an interview this week that the idea deserves "careful study and consideration."

"There are no good indications that widely accepted best-practice security practices are going to emerge as a community standard," said Hunker. "This proposal is exactly the sort of big idea that launched the Internet as [Arpanet]. I think it deserves careful review."

Tim Atkin, director of critical infrastructure protection at Fairfax, Va.-based SRA International Inc. and a member of the private-sector group Partnership for Critical Infrastructure Security, said Clarke is doing the right thing by opening a dialogue on the idea.

"There are, without a doubt, several critical internal government communication systems that must remain intact in emergencies," said Atkin. "There also happens to be excess capacity today in fiber, and we ought to be exploring whether we can effectively and efficiently take advantage of that to improve government's ability to function in a crisis."

Under Clarke's plan, the bifurcation of the Internet wouldn't cut off all government services from the public but would focus on those critical elements that the