Study Casts Doubt on Doomsayers

mid stories of major financial loss and elaborate hacker break-ins, some people have quietly begun to say the Internet is well on its way to becoming a safe harbor for business.

"Once encryption and authentication are woven into applications, Internet users will have secure private links between business partners or between retailers and consumers that no cracker can tap," said Paul Callahan, who recently completed a study on Internet security for Forrester Research Inc., Cambridge, Mass.

Contrary to current opinion, the study claims the Internet will be safe for general commerce in the next 18 months.

Of course, safety is a relative term.

Forrester estimates that businesses should expect to lose $1 for every $1,000 of transactions on Internet. Not bad, compared to the $1.41 lost in MasterCard fraud, the $16 in toll call fraud, and the nearly $20 companies now lose for every $1,000 of transactions due to cellular phone fraud, the study said.

Taming the Internet beast involves the use of encryption, which scrambles information into unreadable nonsense as it travels through cyberspace; firewalls, which keep Internet neighbors out of your business; and authentication, which proves a person or machine's identity. Companies have also built software that can attack networks to find their weak spots -- sort of like pulling a rubber band to see where it will break.

In the meantime, the Internet will continue to be more secure as users become better educated. While it may sound simple, a big step is getting people to protect their passwords, said Scott Charney, chief of the computer crime unit at the Justice Department.

One example of an emerging technology is Sprint's new telecommunications network, introduced last month, that promises voice, data, image and video service without interruption, even if a gopher chews through a cable. Sprint's SONET system uses interconnected rings of fiber optic cable to reroute communication around problems in 60 milliseconds -- literally the time it takes to blink an eye.

Another will be introduced this August from Raptor Systems Inc., Waltham, Mass., which will roll out the first firewall system designed for mobile computer users. EagleNomad secures communication for the growing number of business travelers, telecommuters and other computer users on the go. "We're giving 50 million U.S. nomadic users the ability to send [information] in an incredibly secure way," said Michael Grandinetti, director of marketing at Raptor.

Other businesses have formed alliances to better compete in the race to secure the Internet, making for some unlikely bedfellows. Last month, Visa International and MasterCard International Inc., longtime arch rivals, formed a partnership to make credit card transactions safer in cyberspace. The two companies, which together have 42,000 member banks and 677 million credit and debit cards internationally, will undoubtedly set the standard for credit card transactions over the Internet.

Yet another sign that Internet security is becoming more of a reality is the growing involvement of the government. Congress has started to address the problem of computer crime by introducing a bill this summer titled "The National Information Infrastructure Protection Act of 1995." And last week the National Security Agency announced it would be devoting more resources to developing an industrial base of information security strategies for intelligence and Department of Defense use. Such ideas and products could eventually migrate to the private sector. The plan, which involves merging two NSA groups, "will contribute significantly to the new group's ability to ensure timely, quality, cost-effective 'Infosec' solutions and enable products to be brought to market," said an agency statement.

Although most agree the Internet will inevitably become safer, some argue that it is still a world of data pirates and information kidnappers.

"While I see that in 18 months market forces could end up with unified standards, I don't see in 18 months that no one would break in to the Internet," said John Wack, a computer scientist with the National Institute of Standards in Technology.

A group of crackers recently illustrated that by collecting 20,000 secret passwords over the Internet in one week, said Peter Tippett, president of the National Computer Security Association. The group did not identify its members, and didn't do anything with the information, but they certainly scared a lot of people, he said.

In fact, computers owned by companies that use the Internet are eight times as likely to be illegally broken into than those that don't use the Internet, according to a recent study published by Open Computing.

Nevertheless, Tippett admits that encryption and firewalls will, for the most part, protect commercial transactions.

Two exceptions, he said, are commerce with other countries, which might have different protocols that wouldn't mesh with the United States, and banking, which involves high-volume transactions and therefore a potential for greater loss.

Bankers are taking that possibility to heart. While the Internet might be fine for small stuff, such as buying flowers for Mother's Day, it will never replace the closed networks that financial institutions use for bank-to-bank traffic, said Kawika Daguio, federal representative at the American Bankers Association. When it comes to the Internet, "You start running into problems that scare bankers to death," Daguio said.

That fear is based on basic economics and human behavior, he said. "Nobody would put a truck with $5 billion on an open highway," Daguio said.

Banks will however, use the Internet in other, less risky ways. Some have already set up World Wide Web pages where customers can get interest rates and other information. Others may use the Internet to transfer loan applications between branches. While those applications would still be encrypted to protect the customers' privacy, there would be little risk for monetary loss.

For all businesses, the next big challenge may be convincing the public that the Internet is a safe way to buy a toaster, make a payment or tell a colleague something important.

"Even if it's just buying flowers, I don't feel comfortable doing it on the Internet," admitted NIST computer security expert Wack.

Staff Writer Neil Munro contributed to this article