Robert Cook: Drastic measures needed

Watching the dead being hauled from the trains in Spain brings to mind our own vulnerability to faceless murderers. The physical security of the United States has become stronger since the tragic events of Sept. 11, 2001. The federal government reorganized to make homeland security one of its top priorities. Large U.S. cities, such as New York, hold regular safety drills to prepare for any unspeakable act that could be perpetrated in a large metropolitan area.

But in the area of data security and privacy, we've seen little similar action.

Terrorists are becoming increasingly sophisticated, using e-mail for much of their planning and communication. It's not a stretch to believe the reports that al

Qaeda plans to use cyberterrorism as one of its tools.

What is the easy solution? Establish a voluntary national authentication system. Shut down anonymous use of the Internet. Encourage government, businesses and citizens to use secure messaging. If we do so quickly, many problems will be solved at once and exposure to terrorism via the Internet will be reduced. Bombs are cheap and easy to use. It is planning their use that is difficult.

Safeguarding information is good business. It is also a government mandate, and legislators have had a profound impact on making government systems and communication more secure. But the government's cybersecurity response has been piecemeal.

What is needed is a more comprehensive solution — one that protects American consumers and business interests from spam, protects individual privacy, secures communication and business transactions and simultaneously protects and fosters e-business.

E-business correspondence frequently contains confidential information about health, finances, national security and research and development. These messages all require protection in the form of encryption and policy rules and guarantees that senders and recipients can be reliably authenticated.

Legislation that would spur businesses and consumers to use secure e-mail would, virtually single-handedly, eliminate spam and viruses. It would ensure that all personal information included in online transactions remains just that — personal and confidential. It would also create efficiencies of scale as more business and government transactions are handled

electronically.

Secure e-mail would dictate that any communication comes from a known and trusted party, who must be authenticated to send secure communication. The trusted authority that authenticates senders could be

a financial institution or a government entity that already has mechanisms in place to identify customers or constituents. There would be no need for complex infrastructure changes.

The technology to secure electronic communications exists today. It can be done without building isolated networks or monuments to authentication. The impetus to act is clear. We should do all we can to secure the Internet rather than waiting for a massive cyberattack to finally spur us to action.

Cook is chairman and chief executive of Sigaba, a provider of secure messaging solutions. He is also managing director of Royal Wulff Ventures, a venture capital firm that focuses on funding companies in their early stages.