The law has been less than successful so far. Ask any CIO about what keeps her up at night and the general answer is security. Since 2003, the number of security threats has skyrocketed, with the typical suspects being viruses, spam, phishing scams and spyware. The new kid on the block, the DDoS attack, complicates matters even more. In this scenario, hackers use computer worms to take over vulnerable computers on corporate networks around the world. Then they tie the computers together through an Internet relay chat (IRC) server called a botnet. Unified as one, the rogues (or zombies, as they’re sometimes called) set their sights on one particular corporate Web server, and simultaneously bombard it with data requests until the burden brings it down. These networks are responsible for 50 percent to 80 percent of all denial of service spam, according to various estimates.

Even among CIOs who spend millions on security, actions to prevent these threats breed nervousness. How do you know your firewall is equipped with the latest intrusion prevention signatures? How do you stop other threats such as viruses and spam? Most important, how do you protect yourself against spyware programs that infect vulnerable endpoints and turn them into zombie computers that launch DDoS attacks upon command? Just when CIOs think they’ve got everything under control, the hackers outsmart them and devise new ways to compromise a network’s security.

"We are constantly bombarded," says Dewitt Latimer, deputy CIO at Notre Dame University, where the challenges of an inherently open academic network have him constantly on edge. "I find myself wishing that ISPs would help us out a little bit, if for no other reason than to eliminate a fraction of the security problems we worry about on a day-to-day basis."

Latimer adds that he assumes anything that is not on a private network is insecure. But what if some of these issues were resolved before traffic ever arrived at the network door? Since all external traffic must, at some point, be transported over the Internet, many CIOs say there’s no better way to secure it than by securing the pipes themselves. Because ISPs serve as the conduit for all traffic into and out of a network, CIOs say these providers should be scanning subscriber computers for viruses, monitoring traffic for active hack attacks, and shutting down suspected network users immediately to protect the safety and sanctity of the connection for everyone else.