The patchwork approach draws complaints even from the founder of a business that is essentially an elaborate and ingenious patch for some of the Internet’s shortcomings. Tom Leighton is cofounder and chief scientist of Akamai, a company that ensures that its clients’ Web pages and applications are always available, even if huge numbers of customers try to log on to them or a key fiber-optic cable is severed. Akamai closely monitors network problems, strategically stores copies of a client’s website at servers around the world, and accesses those servers as needed. But while his company makes its money from patching the Net, Leighton says the whole system needs fundamental architectural change. “We are in the mode of trying to plug holes in the dike,” says Leighton, an MIT mathematician who is also a member of the President’s Information Technology Advisory Committee and chair of its Cyber Security Subcommittee. “There are more and more holes, and more resources are going to plugging the holes, and there are less resources being devoted to fundamentally changing the game, to changing the Internet.”
When Leighton says “resources,” he’s talking about billions of dollars. Take Microsoft, for example. Its software mediates between the Internet and the PC. These days, of the $6 billion that Microsoft spends annually on research and development, approximately one-third, or $2 billion, is directly spent on security efforts. “The evolution of the Internet, the development of threats from the Internet that could attempt to intrude on systems – whether Web servers, Web browsers, or e-mail-based threats – really changed the equation,” says Steve Lipner, Microsoft’s director of security strategy and engineering strategy. “Ten years ago, I think people here in the industry were designing software for new features, new performance, ease of use, what have you. Today, we train everybody for security.” Not only does this focus on security siphon resources from other research, but it can even hamper research that does get funded. Some innovations have been kept in the lab, Lipner says, because Microsoft couldn’t be sure they met security standards.
Of course, some would argue that Microsoft is now scrambling to make up for years of selling insecure products. But the Microsoft example has parallels elsewhere. Eric Brewer, director of Intel’s Berkeley, CA, research lab, notes that expenditures on security are like a “tax” and are “costing the nation billions and billions of dollars.” This tax shows up as increased product prices, as companies’ expenditures on security services and damage repair, as the portion of processor speed and storage devoted to running defensive programs, as the network capacity consumed by spam, and as the costs to the average person trying to dodge the online minefield of buying the latest firewalls. “We absolutely can leave things alone. But it has this continuous 30 percent tax, and the tax might go up,” Brewer says. “The penalty for not [fixing] it isn’t immediately fatal. But things will slowly get worse and might get so bad that people won’t use the Internet as much as they might like.”
The existing Internet architecture also stands in the way of new technologies. Networks of intelligent sensors that collectively monitor and interpret things like factory conditions, the weather, or video images could change computing as much as cheap PCs did 20 years ago. But they have entirely different communication requirements. “Future networks aren’t going to be PCs docking to mainframes. It’s going to be about some car contacting the car next to it. All of this is happening in an embedded context. Everything is machine to machine rather than people to people,” says Dipankar Raychaudhuri, director of the Wireless Information Network Laboratory (Winlab) at Rutgers University. With today’s architecture, making such a vision reality would require more and more patches.