Danny Hillis On ZPR
This is the first of what we expect will be many “Subscriber Posts.” The idea is that News Items has an extraordinarily interesting and influential subscriber base, with interesting and important things to say. So why not let them (you) say it? The first of the “Subscriber Posts” series concerns ZPR, which you’ve probably never heard of. The author is Danny Hillis.
Part one is a bit of background on Mr. Hillis. Part two is his post.
Danny Hillis has been advancing computers since the early 1980s when, as a doctoral student at MIT, he designed what he called the Connection Machine, the first commercial supercomputer for Artificial Intelligence. It was a radical departure from the conventional computer architecture of the time, which relied on a single, powerful processor to perform calculations one after the other. The Connection Machine was instead modeled on the structure of the human brain, distributing data over tens of thousands of simple, 1-bit processors, which could perform their calculations simultaneously. It was fast, thanks to internal structures for communication and data transfer that could change as needed, depending on the nature of the problem to be solved. That’s why he called it the Connection Machine: because the connections between the processors were more important than the processors themselves. It was hugely influential.
Since then, he’s founded and co-founded a number of technology companies, including Thinking Machines Corp., Applied Minds, Metaweb Technologies, Applied Proteomics, and Applied Invention. He has more than 300 patents and has written two books, The Pattern on the Stone and The Connection Machine.
We were happy to hear that he’s turned his attention to internet security in the last few years. He told us he’d had many meetings with White House and congressional leaders, and finally came to the conclusion that internet security is not a problem the US government is likely to address. So, he put together a team, including former chief technology officers of Goldman Sachs, Bank of America, Cisco, and other networking companies, to think through how the internet might have been designed differently, had modern security technology been available from the outset. “I led that team in developing ZPR,” he said.
“ZPR?” we asked. “Tell us more.”
Which he did, as follows:
You may have noticed there has been a steady escalation of news about cyberattacks: “Chinese Hackers Steal US Government Emails,” “Ransomware Hits British National Health Service,” “ATT Informs 9 Million Customers of Data Leak.” Even the technology creators are not immune. Apparently even Microsoft, Google and the National Security Agency cannot completely secure their own data.
So why is cybersecurity so hard to achieve? The reason is that the Internet was never really designed for security, it was designed for communication. On the Internet, files and data are broken down into smaller units called packets, which flow toward their destinations as inevitably as water flows downhill. Traffic flows unless something stops it, and it is hard for the computer on the receiving end to know which packets to stop.
Most organizations set up security checkpoints, called firewalls, at their borders, to block unwanted communication packets from flowing in or out. Unfortunately, the packets don’t carry identification credentials or travel permits, so there is no way to tell where they really come from. Packets from Moscow can claim they are coming from Norway, and there is no way to tell they are not. So, firewalls must guess, and hackers can generally find ways to fool them. Almost every organization has unauthorized packets leaking in and out of their network.
A solution would be to require every packet to carry a digital passport that proves the identity of the sender and the packet’s permission to travel. This is called Zero-trust Packet Routing or ZPR (Zip’r, to those in the know). A ZPR network can check a packet’s credentials at every step along its path, not just at the border, but also internally, once the packet is inside the firewall. A ZPR network stops and reports any packet that is traveling beyond its permissions.
Once we realized that this approach could be adopted by organizations without modifying their existing hardware and application software, we decided to share the ideas with everyone and make them freely available through ZPR.org. Big tech companies are considering adopting it, but it represents a pretty radical change in the philosophy of what their networks should do, so they have been understandably hesitant to take the first leap.
Oracle, the world’s largest database company, recently announced that it is offering ZPR-based security in its high-security cloud infrastructure. That is important, because Oracle handles some of the world’s most sensitive data for the European Union, the Pentagon, stock exchanges and banks. What is potentially even more significant is that Oracle has committed to working with Applied Invention and others to make ZPR into an open standard. An open, interoperable standard would allow organizations to enforce uniform security policies across all their computers, including their remote clouds. If enough others follow, and ZPR becomes widely adopted as a standard, it will make everyone’s data more secure.
If we look at cybersecurity as a tax on the world’s economy, it is costing us hundreds of billions of dollars per year, and growing. About ten percent of that goes to the criminals, and the rest goes to fighting them off. That cost is significant, but the vulnerability of the world’s economic infrastructure is an even greater problem. It would be much easier to inflict damage on the US, Europe and Japan with cyberattacks than with missiles, tanks and airplanes. If ZPR becomes widely adopted, it would not just make data more secure, it would make the world’s economy more secure. That is a good reason to root for it.
— Danny Hillis, founder, Applied Invention. 9/26/2023.