Verisign CEO says security is proactive

FRAMINGHAM (10/17/2003) - This week was a busy one for Verisign Inc., as it launched new services designed to grow its security portfolio well beyond its core authentication technologies. The company delivered the first of a series of quarterly reports on the state of global Internet security. It sold its Network Solutions business, which provides Internet domain name registrations, to Pivotal Private Equity for approximately US$100 million. And it was busy fending off continued criticism of its recent Site Finder service. Here's what VeriSign Chief Executive Officer (CEO) Stratton Sclavos had to say about this week's developments:

What prompted your decision to sell Network Solutions? We believe we can be the best in the world at delivering critical network services for voice and data. Network Solutions, as it exists today, is more focused on Web presence services for consumers and small business. It is not a critical-infrastructure service. The transaction allows VeriSign to pursue its core mission while giving Network Solutions the flexibility to determine its own destiny.

Why should your customers care about the Security Intelligence and Control Services offering that Verisign announced this week? We are trying to take the idea of security and turn it from a defensive posture into an offensive posture. [It's about] creating an early warning system and tools that our customers can use to ... do things before they are attacked rather than after they are attacked.

How will you do that? With VeriSign's unique infrastructure for handling many of the critical services for the Internet -- the .com and the .net, DNS (domain name system), transaction processing for 25 percent of North American e-commerce -- we have a very large amount of data that can be analyzed. We can use that intelligence to understand what attacks are occurring, where they are coming from and what their most likely targets are. We are going to use that intelligence to not only provide network security services but also a combination of application services and commerce services.

But others have been delivering similar services for some time. What's VeriSign's value-add? On the DNS system, we see 10 billion interactions a day. Our nearest competitor would claim to have 10,000 or 20,000 probes out at their customer sites that they are watching to get this intelligence. So the amount of information that we have to do this is far beyond what [others have].

What is the status of your Atlas project to redesign the DNS? I'm glad you asked. We started out in the summer of 2000, as we had acquired Network Solutions and this back-end domain registry. The idea was to build a new infrastructure capable of scaling with the network interactions we were expecting to see. When we bought Network Solutions ... we were handling approximately 1 billion lookups per day. Three years later, we are handling 10 billion per day. Atlas has been fully deployed as of this summer. Its design goal was to handle 100 billion lookups per day. We believe it can handle twice that much and maybe more.

As a member of the president's U.S. National Security Telecommunications Advisory Committee (NSTAC), what are some of your core concerns and observations regarding the state of Internet security today? Since 9/11, there has been, of course, a tremendous focus on physical security and protecting critical infrastructures against physical attacks. A great deal of NSTAC's time has been spent on really looking at the issues that revolve around collocation of facilities and the physical security around that. A lot has been done with routing network wires where there are single points of potential attack and failure. So, much of it has been dealing with the physical diversity we will need [so] that a 9/11 attack in future will not disrupt telecommunications. I think the area of concern and new focus for NSTAC has got to be [about] logical security. What about the fact that there is so much data traveling over these same lines now, and how are we going to protect from cyberattacks? It is an area where Microsoft and Verisign, as t

wo of the more nontraditional members of NSTAC, can bring new insight and experience.

Were you surprised at the criticism that your Site Finder service evoked? I think we are surprised at the reaction. I do think the noise is highly concentrated in a very vocal technical minority who is really against change. The claim that we have destabilized the Internet is really false. It is more data and anecdotal evidence, so I think the outcry has surprised us. I think one of the lessons learned is to be more open and forthcoming about how we plan to roll out these new services. I don't expect we will be ever able to satisfy the technical minority, [who think] they speak for the Internet user at large, when it is very clear they don't.

But ICANN (Internet Corporation for Assigned Names and Numbers) raised some technical concerns about it. They have raised alleged technical concerns. We have asked them half a dozen times to present us with some data, and as late as [Wednesday] afternoon, we were told again they have no data. It really is quite a bit of rumor and innuendo being fed by technical and political zealots.

What do you think is motivating this? I think there is group in the community who believes that no one should be able to change the behavior of these networks at the core. Some of the leading advisers to ICANN have said in recent public forums that innovation should not occur at the core but at the edge. That to me would tend to go against the history of innovation.

Join the newsletter!

Error: Please check your email address.

More about ICANNInternet Corporation for Assigned Names and NumbersLogicalMicrosoftVeriSign Australia

Show Comments