[iwar] [fc:A.Battle-Ready.Net?]

From: Fred Cohen (fc@all.net)
Date: 2001-10-04 20:21:13
Next message: Fred Cohen: "[iwar] [fc:Bracing.for.cyberwar]"
Previous message: Fred Cohen: "[iwar] [fc:Blair's.evidence.against.bin.Laden.and.Taliban]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200110050321.UAA02796@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Thu, 4 Oct 2001 20:21:13 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:A.Battle-Ready.Net?]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

A Battle-Ready Net?
It's not there yet. Plenty needs to be done to safeguard it against either a
physical assault or a cyber attack
By Alex Salkever, Business Week
Oct 2 2001 3:48PM PT

As anyone who tried calling into or out of New York City on Sept.  11
can attest, phone service there fell apart that day -- and for several
days after the terrorist attack that downed the World Trade Center.  The
flood of calls on both wireless and traditional networks made it hard to
reach out and touch anybody -- except via e-mail and instant messages on
the Web.  Tech-savvy surfers even used the Net to make voice calls.  All
in all, as was frequently noted in the week after the tragedy, the
Internet earned a passing grade. 

While the attack showed that, under certain circumstances, the Net may
be more resilient than the phone system, it's also true that it did so
well because no one tried to take it out.  What if the terrorists had
taken direct aim at the U.S.  portion of the Internet as part of a
broader coordinated attack -- one that no longer seems far-fetched?
Although today's Net is clearly much more reliable than that of a few
years ago, it still has major failure points that need to be shored up
before it's battle-ready. 

Weak Links Consider the vulnerability of "telecommunications hotels" --
specially constructed buildings that house key switching and routing
equipment and are owned by one or more companies.  Also known as peering
points, network access points, or neutral exchanges, these hotels are
where major Internet service and telecom providers link their networks. 
On the coasts, they also serve as interconnection points for dozens of
transoceanic fiber-optic cables.  If they aren't the backbone of the
Net, they're at least a vertebra. 

Most of these hotels are built to withstand major bomb blasts.  Yet the
very concentration of key equipment in these facilities makes them
potential weak links.  "If you hit 60 Hudson St.  and 111 8th Ave.  in
New York City, you take out most of our Atlantic connectivity for the
entire Internet," says Stefan Savage, the chief scientist for Asta
Networks, a Seattle company that helps ISPs fight off malicious
assaults. 

While a coordinated physical attack could create such problems,
concentrated cyber terrorism aimed at the backbone routers in these
hotels could prove even more devastating.  "The real risk isn't from
traditional terrorism that we saw on Sept.  11," says Brian Fink, senior
vice-president at telecom and fiber provider Global Crossing.  The rapid
spread of the Code Red worm in July and the Nimda worm/virus two months
later showed how easy it remains to quickly distribute damaging software
around the Net. 

Digital Gridlock Those infections contaminated hundreds of thousands of
systems, according to security experts -- and the damage could have been
worse.  Although Nimda and Code Red clogged networks and defaced Web
pages, they weren't designed to do permanent damage. 

With some relatively simple modifications to their computer code,
however, these digital pathogens could have taken down the Internet for
an extended period.  How? By commanding thousands of compromised
machines to direct heaps of traffic at the backbone routers that serve
as air-traffic controllers for the Web.  Such so-called
denial-of-service attacks have already proved devastating to individual
companies -- they blocked access to key Microsoft sites last January,
for instance -- though they've never brought down the entire Net. 

Not yet, anyway.  But the proliferation of broadband connectivity in
homes makes such an attack more possible than ever.  In part, because of
the speed at which broadband moves data, "...if you get Code Red-style
penetration, you are talking about taking over enough machines to
produce multiterabit request traffic," explains Savage, whose company
builds equipment to attempt to fend off such attacks.  "You can shut
down anyone's backbone with that."

Router Mavens Brute force may not be the only way to subvert the Net. 
Should hackers find a hole in the software that runs these systems, they
could feed the Web's backbone routers incorrect information and
misdirect data traffic.  Impossible? Until recently, it seemed so. 
Router technology was relatively obscure and hard to use.  And the
number of people with knowledge of the specialized operating systems and
software that runs these machines was relatively small. 

That's changing, and not necessarily for the better.  Thanks to
six-figure programmer salaries and a plethora of public instructional
materials from router heavyweights Cisco Systems and Juniper Networks, a
lot more people now know the workings of these data traffic cops.  "We
have been focusing on viruses that relate to the public Internet, but
you also have secure communications systems that are more secure than
the Internet but are not completely sheltered," says Mark Wilson, a
vice-president for corporate strategy at telecommunications equipment
maker Ericsson. 

Another example of the Net's vulnerability showed up last July -- in, of
all places, a Civil War-era train tunnel beneath Baltimore.  A fire
there melted a number of key fiber-optic cables and noticeably slowed
traffic on the Net for several days.  If the blaze had occurred five
years ago, when railroad right-of-ways were a primary path for data
carriers, the Internet might have slowed even more. 

Insufficient Backup Fiber routes now follow not just railroads but also
highways, power grids, and gas pipelines.  While few single points of
failure remain, the impact of multiple failures at bridges, tunnels, or
pipelines is anybody's guess.  That has spurred demand for better
redundancy than simply having two cables running out of a building
instead of one.  "Diversity is important.  Customers are more aware of
carriers' physical routing of fiber than they were five years ago.  Now,
customers really want to see where you're located," says Jack Waters,
chief technology officer at telecom and data transport company Level 3. 

A final place where the physical safety of the Internet falls short is
in metropolitan areas.  In most cities, the Baby Bells still control
huge chunks of fiber linkages that have insufficient backup systems,
according to industry experts.  While failures in one city rarely affect
the entire country, they could be a nuisance for millions of people and
thousands of businesses. 

Disruptions of that size also can cause much wider ripples for the Net
-- as the World Trade Center disaster nearly did.  Only through quick
action did several ISPs and data-intensive companies in lower Manhattan
find alternate locations -- and survive the disabling of Verizon's
operations center there. 

Hard Questions Because of that near miss, many companies are now
expressing renewed interest in wireless data-backup systems that might
improve Net resilience in local areas.  Those could include technologies
that might shoot data from rooftop to rooftop using laser beams or
broadcast it over portions of the radio spectrum.  "Then, if you were
ever to physically lose the cable, you'd have a backup technology that
enables you to continue to run your business," says Global Crossing's
Fink. 

Mitigating potential threats to the Net is no easy task.  In fact,
absolute prevention of cyber attacks would require far greater insight
into the architecture and traffic patterns of the Web than anyone now
has.  Moreover, building additional fiber networks to augment the Net's
redundancy is something the capital markets won't support right now,
given telecom's overcapacity and economic woes. 

Still, companies dependent on the Net have started to ask hard questions
that may spur broader efforts to improve reliability.  "What the
industry promised for the last year or two was almost 100% uptime," says
Jay Adelson, chief technology office of Equinix, a company that provides
neutral exchanges.  "That was a magical number.  After this incident,
folks are going back and looking again to prove to themselves the
reliability is there."

That's a smart move in a world where coordinated attacks have become a
harsh reality and the inconceivable has become plausible. 

Copyright 2001, by The McGraw-Hill Companies Inc.  All rights reserved. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Bracing.for.cyberwar]"
Previous message: Fred Cohen: "[iwar] [fc:Blair's.evidence.against.bin.Laden.and.Taliban]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST