Vint Cerf: The past, present and future of the internet


[MUSIC] So I wanted to ask you,
when you first started the project to think about the communications, that
really have become the Internet, right? What were your goals? What were you all hoping
to achieve at that point?>>At that point, remember, we had a fair amount of experience
with something called the ARPANET, which was the predecessor network
>>It demonstrated the utility and effectiveness of packet switching, in a heterogeneous environment where
multiple computers with different operating systems were able to
communicate over a homogeneous network. The internet was a step beyond that to include heterogeneous packet
switching networks, radio based, satellite based optical fiber based,
and that came later and so on. Then the question was can we build this
arbitrarily large network of networks, linking a whole bunch of
heterogeneous systems together. And so that was our initial objective, we
knew that this was going to be useful for commandment control. And so we incorporated into our
thinking the need for mobile operation, for voice and video, and for security. So that was all part of
the general framework in which this development took place.>>When you were first building
did you imagine something as big as what we call the internet today? Well one argument is yes, because they
were worried about the address space for one thing. And we did a calculation and
we came to the conclusion, in 1973 that we needed 4.3 billion
terminations on this network. Now for a small scale experiment with
only three of four network at that time, that was a pretty ambitious goal,
but we wanted this to be expandable. We knew it had to operate
on a global scale, because the military has to
operate on a global scale.>>So
when you were thinking about security, what kinds of conversations
occurred at that time?>>So
we have this military context in mind, And we know that we’re going to have to
secure the communications end to end. Because we’re gonna be going
through a variety of networks, some of which might not be
internally secured at all. So end to end, crypto is important. The ability to route
traffic arbitrarily through networks that might not
be secured is important. So we knew all of that, and when we had
this other problem which is packet crypto.>>Which didn’t exist at the time.>>Right.>>Continuous line encrypting was common,
but packet crytpo where you have to
essentially decrypt things out of order, was a new thing and that caused
all kinds of hard work to happen. We had a whole program for
developing packet cryptography. So that was all part of our model. The other part of the model though, was that every device that was on
the internet would have to defend itself. We didn’t have any notion of perimeter. We didn’t really have
a notion of firewall, every device was out on it’s own. That meant,
if it received traffic it had to decide, am I gonna respond to this or not?>>And so we had to have strong
authentication as a part of notion in design of the system.>>The internet and
innovation are really synonymous. You were thinking back in the 70’s,
about the break in the scale with the architecture and the design,
and people to be able to work on it. Where do you see innovation today? Where do you see not just
the Internet going, but where do you see innovations going
that have an affect on the Internet?>>Well, lets start with the Internet
environment just as an example. In the case of Internet, one thing we very
carefully thought our way through was that the Internet protocol layer has the characteristic that the packets
don’t know how they’re being carried.>>Right.
>>That was an important ignorance. And then don’t know what they’re carrying. It’s kind of like postcards. They don’t know how they were transported,
and they don’t know what’s written on them. This stupidity, this ignorance,
turns out to be the key to innovation as new transmission technology came along,
the packets could be carried on anything. So when optical fiber became common we
would just put the packet switching system on top of that. Similarly, when people have new ideas for applications all they had to
do was to put them on the net. We didn’t change the network,
because all of the network it was switching packets around,
containing opaque content. So that ignites opportunity for
innovation. But there’s more to it than that,
especially if you go out into the private sector,
innovation generally requires taking risk. That could be a start up which is risky,
or it could be an established company trying
something out that might not work. Unless you have an environment where
you’re permitted to try things out and fail. You have no likelihood of true innovation. So innovation is happening
all around the world. The Internet contributes to it in part,
because of its architecture but it requires, I would say, a business
attitude of willingness to takes risks. That’s why Silicon Valley is so
innovative, because the venture capital guys
are willing to take risks, and they known that some 80% of
their investments may fail. So that’s part of the story,
you have to let people try stuff out, and the higher they shoot the better. They may not get to that target, but who wants a 10% increase when
you can probably get 50, 60, 10x.>>So as your as, you’re thinking
about those kinds of innovation and the great platform of the Internet
to build on, and as that kind of creative tool that allows you to think
out, where do you see things going?>>Well one thing we can see is
new platforms keep coming along, let’s take mobile as an example. Martin Cooper developed
the handheld mobile in 1973. It didn’t see the light of day until 1983. Ironically that’s exactly the decade when
Bob Khan and I started the internet, and it got turned on in January of 83. But those two technologies didn’t
quite join each other until 2007. When Steve Jobs came along with the
iPhone, and caught everybody’s attention. Now two things happened there, both of these technologies
became mutually reinforcing. The mobile gave you access to the internet instead of having to be in a fixed
location you could be anywhere. And the second thing is, the mobile had
access to all the computing power and content of the internet. So these two things
are mutually reinforcing. The second thing is, the mobile worked this in a way similar
to why the Internet protocol layer does. This API, this Application Programming
Interface and the mobile means, if you’re running an application, you don’t actually
have to know how mobile part works. All you have to know is, if you need this interface then
your application should work. It sends and receives data from
the assets of the Internet. So this platform like idea and this layering of protocols induces
a great deal of creativity. The World Wide Web being
a perfect example of that. The Internet is this platform. The World Wide Web is some more layers
of protocol HTTP, HTML and so on. People have been building
all kinds of applications, on top of that infrastructure. And so you can see this repeat over,
and over again of invention, where new platforms come along inviting
people to try out new applications.>>Where do you see the big
security challenges, and how are they being addressed?>>So it’s not just security. When you think about
the devices that we’re using, when we hear this phrase Internet of
things, appliances at the house, and the office, and the car, and that we carry
on our persons, or even in our persons. So, let’s imagine all these
appliances everywhere, full of software, we want them to be,
A reliable, B safe, three secure, four private [INAUDIBLE] operable
>>And resilient.>>Yes, resilient all of those things. So, this, we’re really talking about
software reliability and resilience, and safety, and everything else, cuz what
animates all these devices is software. The hardware is there, cuz you have
to have it to execute software. But it’s the animation part that’s
important, and that’s the thing which is the most troubling, because in
the 70 years or so where we have been programming, we haven’t figured out how
to write software that doesn’t have bugs. We don’t even have environments for software creation that reduces
the level at which we make mistakes. So that’s the most serious concern I have. Security is part of that,
because bugs get exploited. And, the system gets penetrated and
some bad thing happens, that’s insecure. But there’s more to it than just security,
it’s all the other reliabilities and things that we should worry about. So we should be really
concerned about this because our world is going to be filled
with software running all the time.>>How do we improve software quality
which, is a fundamental question to. We can’t afford to play whack-a-mole
with vulnerabilities, so how do we create an environment where
we do have quality in software, that’s a requirement and expectation.>>So they’re pieces of the problem. I’m not sure I can press it completely. One of them is creation of
software that has fewer bugs. Another one is detecting bugs when they
happen and finding ways to fix them. A third one is trying to deal
with the fact that software even when it works correctly
it may not work all the time.>>Right.>>There are situations where
the software didn’t know what to, encounters a state that
it wasn’t expecting. You could call that a bug, but the idea here is that we need
resilience in these systems. We need backup, we need the ability of the system to
operate even when things are broken. You almost want something kind
of sitting on your shoulder, watching while you’re writing the code,
saying, excuse me, but you just created a buffer overflow
there, or you might want to be able say to the environment that’s
supporting your software work. Can you find any places where I’ve used
a variable that hasn’t already been set? So, otherwise I’m getting
a random value and branching off into Cyberspace somewhere.>>What kind of advice would you give somebody who’s just
coming into this field?>>The thing that I would want kids to
understand is as early as possible, is that when they’re trying to design
software, they have to cover all the cases that they can possible think of That,
that software might be confronted by. What that means is deliberate attack,
which by the way we didn’t pay a lot of attention to
in the original Internet design. We were all a bunch of engineers. And our job was to get the system to work,
not to wreck it. So we were focused mostly on
how do we get this to work. Now of course,
because of the broad deployment there are bad guys out there that
want to interfere with the system. They want to charm you or somebody else. So we have to think our
way through all of that. So these kids have got to know how to
write software, which means they have to learn how to breakdown problems and
solve, smaller pieces and then put the pieces back together
in an architecture that works. But we also have to expect them
to deliberately ask themselves, how would I attack this system? How would I destroy its integrity? How would I interfere with its operation.>>Right.>>And some people don’t agree with me,
but I think kids should learn how to write malware, how to write it not just
to study it but actually how to write it. They should experience what the bad guy
does in order to interfere with secure operation or safe operation, and until
you have thought your way through how you would attack the system you don’t really
understand how you’re gonna defend it. And so some people say well you
creating a bunch of hackers and my reaction to that is no I’m creating a
bunch of people who know how hackers work. And so that’s part of the story, I think, if we want software in the future to
be more reliable than it is today.>>What changes do you see
in the networking space?>>Well, there is a security issue here,
which I think is of some interest. For a period of time, we actually used hardware as part
of the security infrastructure.>>And then we sort of got distracted
into the software space, and focused mostly on software and
its resilience. The thing is that we can use hardware
to reinforce software security.>>Yes.
>>And I like this a lot, I like the idea of the boot phase checking
the checksum or the digital signature. To make sure that the software you’re
about to boot up is in fact valid or at least somebody thinks it’s valid. So there’s a partnership that
we should be exploiting, which I think we have not exploited much. And that is an area with
worthy of attention. So now let’s go to try to
answer your other question.>>Sure.
>>Which what’s happening in this space? I think there are trends we can identify,
and they’re pretty obvious. One of them is increasing amounts of
radio based communications, devices that are scattered around in our environment
will use radio rather than wires, for many of their applications. The second one is speed, where you
see increasing amounts of data rate Whether it’s optical fiber or
higher frequencies, and things like that. The third thing in the radio space is an
increased detention through co-habitation in common bands. And this is a good thing, because it allows us to make
better use to the radio resources. But it also puts
challenges in front of us, because there’s potential for
interference. So we have to be smart about
how we modulate the signal and maybe even dynamically do that. So those trends are very clear. The other one, which is pretty obvious,
is the population of sensors and control systems,
that will be part of our daily lives.>>Yes.
>>Whether it’s in the very virtual environment, where you have intelligent
assistants that respond to voice commands. Put this on the calendar, make
a reservation to go to San Francisco, and having the system
actually behave properly, all the way down to things that
are security systems in the house, sensing whether the windows are open or
closed, or controlling the environment. All of those things are going to be
part of our world, and we need for the people who live in that
world to appreciate first, that we don’t know how
to guarantee everything. So, you should anticipate
things might not work. And, second, we have to help people
understand how to make it work better, given this potential complexity of
interaction among these devices that never met each other until
you pull them into your house. Another thing, which I worry about, in
this cyber physical space, is scaling and imagine, just to make this,
sort of in human proportions, you have a house with 100 things in it,
and you’ve carefully configured them so your house is behaving
the way you want it to.>>Do I need an Engineering
degree to do that?>>Well I hope not.>>Or we gonna think about
usability here for the average.>>Well let’s pretend for a moment.>>Okay.
>>That somehow or other.>>It all, it all happened.>>Whether you hired an engineer. No, the house is working and
a 100 devices. Everything’s cool and then you move. And you move into a house that has
another hundred devices in it. Then you bring your other
gadgets with you, and suddenly you’re confronted with getting
all that stuff to configure it properly. You don’t wanna spend the entire week
typing like IPv6 addresses into some control program. You don’t want the 15 year old next door
to notice your in configuration mode, and grab control over your
entertainment system. You don’t wanna accidentally grab control
over your neighbor’s systems as well. This configuration and
management thing is really tough. And finally, think about devices that are gonna be
installed for years, maybe decades.>>Yes.
>>Think about water heaters, and other major appliances. You don’t swap those out at the same rate,
we swap out mobiles. What that means is that if the software
that’s animating, then has a bug, and it needs to be fixed. How do we make sure that A,
we know about that, and B, we get the right update
into that piece of equipment? How does the equipment know,
that it’s a valid update and not a bad guy trying to say wait wait,
you have a bug, here I’ll fix it, ha ha? So all of that stuff adds up to,
this is hard, and that’s why we need folks like you and your team, to make sure that we get it if not exactly right at least more right. [MUSIC]

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *