What would be your reaction to the Government declaring "Martial Law" on the Internet?

[ScottMac]

I've been reading a book: "Information Warfare" by Michael Erbschloe. A great book that looks at the various kind of cyber attacks by various kind of "Information Warriors," from both the "Good Guys" side, and the "Bad Guys" side.

One of the conclusions in the book is that ultimately the government(s) will likely want/need to control the Internet access to their country, so that in the event of an all-out cyber war / massive cyber attack, they can close inbound access at the soonest possible instant .... basically "Martial Law" gets declared on the Internet (on a per-country basis).

The attack scenarios mentioned by the author involve globally-dispersed teams, such that just "pulling the plug" on one or two countries would not be sufficient to block a coordinated focused attack.

I'm thinking there are maybe a few holes in that thinking. For example, if that attack was decided and planned, what would keep a terrorist organization from buying a few store-front "businesses" and setting up some point-to-point lines between other storefront business around the world ...basically a private distribution system for whatever attack mechanism they choose to implement.

The only way absolute way to prevent this (as far as I can figure) would be a total and complete shutdown of ALL Internet traffic (in the USA / wherever), and perhaps ALL WAN / MAN traffic as well.

SO, whaddya think? How should the US (or any nation) handle the possibility of a massive, coordinated cyber war? How would you / your business handle restricted Internet access (or no Internet access at all)? Does the company you work for have some contingincy for no Internet / no WAN access between sites?

Do you think that if the government positioned itself to have possesion of "The Big Red Button" that turns off the Internet, should they also have some kind of assistance / insurance to cover the Online businesses that would almost certainly go bankrupt?

If you think about it, something like this almost seems inevitable, doesn't it? There are already some instances of "cyber terror" on the books; isn't it likely that it will become one of the weapons-of-choice sometime in the future?

Opinions anyone?

Scott

 

[mcveigh]

small tactical nukes on all ISP's should do the trick

actually I think a large international compnay poses more of a threat than a single country. but the government could target some of the main choke points like MAE east and west. (actually I don't even know if they are still active or as important as tehy used to be)

I'd like to hear others ideas...

 

[kylef]

First of all, isn't shutting down the entire Internet to prevent cyberterrorism somewhat extreme and counterproductive? If it were possible to do so, wouldn't such an enormous breach in our country's communication infrastructure case more harm than the so-called cyberterrorist attacks themselves?

And I do not believe that the US Government (or any government for that matter) has the capability of shutting down the Internet, even if they wanted to. Even if the US were to disconnect all primary and secondary intercontinental fibers and satellite links, I estimate that about 80% of our Internet traffic would still reach its destination (somewhere in the United States) unimpeded.

If the government were ever to attempt to shut down major trunk lines within the US, they would quickly find that the Internet was designed to be extremely resilient to such attempts. There are so vastly many BGP peering points beetween small, medium, and large ISPs around this country that there is no way for our government to know about them all. Moreover, many of these peering agreements are kept confidential for business reasons and we have no reason to believe that the government can track which fibers are carrying which traffic and what the backup routes are in case the line were to fail.

Aside from these problems, our officials would also face an irate populace that elects its legislative and executive branches of government. From my experience, American citizens are extremely protective of their right to speak to each other, privately, about whatever they see fit. I believe that they would equate any official Internet infrastructure shutdown with an affront to their freedom of speech.

 

[Thor86]

I don't know about shutting the "internet" down per se, but, I do know that eventually, everyone will be required to "authenticate" themselves in order to use the internet in the future.

As with physical border controls, my citizenship and photo id "authenticates" who I am whenever travelling to other states, so eventually the cyber traffic will fall to the same security checks. Sure, this allows you to tracked, but I have nothing to hide, or no mis-doings that would warrant any type of "watchdog-ing".

Now privacy, that's a whole new can of worms...which I always believed is "non-existant" whenever you use the internet. With this approach, I know what I can, and can't do on the internet, and be able to use the internet safely.

Education is the hardest part, where most everyday people still haven't grasped the idea behind this technology, and think that AOL will take care of their needs...LOL.

 

[n0cmonkey]

China has their big firewall. Im sure they could block most of the crap that comes from other countries. Personally, I think the internet needs to be redesigned under the original thoughts. Redundancy is key. Take a look at the grc.com site. There is a graphic on there (you can find it, Im lazy right now ) that shows a cracker could take out a relatively small number of routers and effectively segregate the net. That should be looked at before islanding should be considered.

 

[ScottMac]

I agree that pulling the plug on the Internet is not likely to happen, though, several "white papers" and discussions if read do not rule it out as a possibility in extreme situations. The scope and nature of future attacks is just too broad to rule it out.

I believe that if we are attacked, physically or virtually, with something of the magnatude of September 11th, we'll start seeing some serious action on a National ID system, including some flavor of personal certificates for Internet use (including certificates for "foreign" users needed to enter the US systems).

Of course , the issue of who will "own" the system, who will run the system, and how it will be managed is a whole 'nuther ball of wax (or tar, if you prefer). Maybe it'd give the UN something to do, maybe NATO; I'm sure it'll be the ultimate political nightmare, with all the efficiency of a committee-run process.

This presentation from The Institute For Security Studies before a House committee seems to indicate that the bigger threat comes from malicious code that quietly corrupts critical databases. Following that, some physical attack followed by distributed denial of service attacks focused on key government, utility, and corporate sites.

They also make a point that since the "majority of the Internet's routers" are running IOS, it's conceivable that some vulnerability in IOS could be exploited, with the obviously ugly consequences.

Whatever - it's probably much better to think about it before something happens, than trying to get yer sh!t in one sock afterwards...

FWIW

Scott

 

[sml]

Strategically speaking, with the right physical resources [bombs and geographical locations] it would not be hard to *disable* the internet from an end-user perspective; the location of many of the GTLD root-servers is published and well known; several buildings demolished and various exchange points disabled would render large portions of the routed internet inaccessible. Taking out DNS root servers obviously wouldn't take out the backbone of large chunks of the net, but if joe schmoe can't get to www.ebay.com == the internet is 'down' for him. As entries began to time out of local DNS cache, things could get catastrophic. The internet is one of the few man-made devices that is probably capable of surviving events such as nuclear attacks, and as such the redundancy of many networks would not be affected. As for your original question regarding 'martial law' the internet can not be censored, controlled, or overseen by any central body from any government. The open nature of the network allows this, with exceptions of government controlled border routers and filtering put in place by countries like China. Of course, most of us filter them right back diue to spam problems As for a coordinated cyber-war attack, a few people performing a DDoS attack against whitehouse.gov is not really going to affect the nation's infrastructure. Everything critical on the classified government networks [SIPRNET et al] is run through separate circuits, separate exchange points and is usually heavily guarded and has classified locations. An attack against this infrastructure would have to be a physical one, unless you can find some point that someone has bridged the two networks, which I believe the US government has strong policies about

 

[n0cmonkey]

Originally posted by: sml
Strategically speaking, with the right physical resources [bombs and geographical locations] it would not be hard to *disable* the internet from an end-user perspective; the location of many of the GTLD root-servers is published and well known; several buildings demolished and various exchange points disabled would render large portions of the routed internet inaccessible. Taking out DNS root servers obviously wouldn't take out the backbone of large chunks of the net, but if joe schmoe can't get to www.ebay.com == the internet is 'down' for him. As entries began to time out of local DNS cache, things could get catastrophic. The internet is one of the few man-made devices that is probably capable of surviving events such as nuclear attacks, and as such the redundancy of many networks would not be affected. As for your original question regarding 'martial law' the internet can not be censored, controlled, or overseen by any central body from any government. The open nature of the network allows this, with exceptions of government controlled border routers and filtering put in place by countries like China. Of course, most of us filter them right back diue to spam problems As for a coordinated cyber-war attack, a few people performing a DDoS attack against whitehouse.gov is not really going to affect the nation's infrastructure. Everything critical on the classified government networks [SIPRNET et al] is run through separate circuits, separate exchange points and is usually heavily guarded and has classified locations. An attack against this infrastructure would have to be a physical one, unless you can find some point that someone has bridged the two networks, which I believe the US government has strong policies about

I dont think it would require physical attacks. With the right systems you could take down root name servers, major routes, and entire links for long periods of time.

And there are projects helping against the great firewall of china and similar setups.

 

[sml]

well, any DDoS attack can be mitigated with filters and if necessary, null routing certain large spaces of network for a period of time 'chop off the arm to save the body' mentality. As I said in my original post, most of the routing infrastructure that holds the internet together does not use DNS, so I don't think that would have as significant of an effect as much as a perceptive one with end-users and smaller networks around the world. And remember, this only applies to the public 'Internet' - even smaller governments have separate private networks for critical infrastructure, and remember the GOVNET proposal from a few months back? Building yet another private government network.

 

[ScottMac]

I would be surprised if, at this point, the government and private organizations making up most/all of the Internet in the USA haven't jointly developed some contingency plans for what they feel are the likliest scenarios for an organized and distributed attack on "important" (visible / conspicuous / critical / not critical but newsworthy, etc) sites in the US.

Of the half dozen or so books / articles / papers I've read recently (this is kind of a new area for me), the recurring theme seems to be that it's likely that whatever the attack is, it's not likely to cause mass casualties (like a physical attack ala WTC-9/11). It's remotely possible (interfere with Air Traffic Control systems, for example) but unlikely.

Much of the stuff I've read mentions things like interfering with BGP routing / peering, since encryption is available for BGP but largely unused once you get beyond the main Internet backbone routes. DNS redirection was mentioned a couple times as a potentially easy way to disrupt the services (as mentioned, it doesn't kill the Internet, but makes it appear down to the less educated end-user).

Certainly, filters can be used, but it's probably going to take some time to do the analysis, formulate a filter, distribute the filter (or the information necessary to create it), and to get it implemented (and to get people to implement it ... thinking of the Red Worm and how long it took to get people to patch their IIS servers).

Other possibilities include the use of inside resources ("moles") to assist with penetration of hardened corporate or ISP resources. Possibly recruitment of sympathizers seems plausible as well.

I believe it would not be necesary to "kill" the Internet to cause severe damage (financial damage at the very least), given the nature of the press and media, all that's necessary would be to whack a few major targets, let loose a few reasonably sophisticated worms/trojans/viruses, and let the press and media amplify it in their own special (uninformed) way to get the public in a near panic. Coupled with a few "conspiracy groups" adding their interpretations ... and things start getting out of control.

Getting back to the "Martial Law" aspects: Would it be possible (or likely in some context) that some event or collection of events could cause the US government to invoke some flavor of "National Security" and take over control of the Internet, or at least the portions controlled by the USA (and possibly shutting it down in whole or major part)?

To me, it seems possible but unlikely, at least for the forseeable future.

FWIW

Scott

 

[sml]

FWIW, BGP sessions are not encrypted, they are only authenticated via encrypted MD5 hashes, in a 'compare the hash one way' methadology. See this link for a good discussion about public Internet vulnerabilities. With all the FUD in the press about computer security, including a recent article I read that had to do with airport runway lights malfunctioning and somebody suggesting the possibility of a hacker doing it to stir up all kinds of hell, I would think that the US government has contacts with a lot of the major carriers to coordinate something in the event of a 'meltdown' but this probably just passed down from levels of authority that don't understand how networks work; however, I'm sure the telcos are more than happy to cooperate and staff a few 'counter cyber terrorism officers'[especially the Chapter 11 filing ones, can you say 'please give me a federal bailout? signed, WCOM ]

 

[Woodie]

In many respects, I would expect the Feds (some branch) to have a plan somewhere for doing something like that.

Based on what happened at certain private companies and one university that I'm aware of, a key role of the Security group is to have a procedure to shut down connectivity to/from the outside world. At the organizations I'm referring to, it's been done in order to protect the enterprise.

From a constitutional perspective, I think the federal government not only has the right, it has the duty to protect the US portions of the Internet, under the "protection of interstate trade" section.

"Shut down" - What I have in mind is: Isolation of the US backbone from other portions of the network. The obvious connection points/bottle-necks would be the undersea cables that connect NA to Hawaii, Asia, Europe, etc... Microwave and Satellite connectivity obviously creates a bit of a problem, to the point that I'm not sure that it can be done anymore.

Most large companies (particularly financial companies) have their own private networks. A generally accepted standard is that any "important" business functions cannot rely on the Internet for connectivity. This for the obvious reason that the Internet doesn't guarantee any SLA for availability or capacity, the way a private network can. For business continuity and Disaster Recovery, most remote locations have at least two network paths to connect to the home office--going through different carrier switches! (for those of you who remember the AT&T fiasco a few years back)--so primary may be Frame Relay, and the backup is ISDN.

Take the preceding paragraph, and make the company a multi-national, like UTC or Citibank. You can bet your paycheck that they have world-wide private networks that exist completely seperately from the Internet. So, how could the US block a UTC employee in Singapore from routing across their private network to get to the US Internet connection to get to a US site?

When I started writing, I was thinking that it could be done...now I'm having real second thoughts. If the carriers are willing to shut down central routers, then vast portions of the (US) internet could certainly be greatly hampered, and certain sites/areas would go down. Would the carriers be willing to do that? Certainly. When the President calls you and says "You need to do this, and here's why" 99% are going to say yes. (Plus: all carriers are subject to government oversight at some level, and most of the large ones have donated money to our elected officials and so will certainly "play ball" with them).

 

[Garion]

Very interesting thread here..

As most of you know, the Internet was originally built by BBN for the US Government as a self-healing infrastructure to provide network communications in case some kind of catastrophy/attack at a major network point. I find it ironic that we're now discussing if the government COULD "take it out"

The answer is, I'm sure, a resounding "yes". In case of a national emergency, it would be relatively easy for the government declare martial law and go to all the big ISP's and MAE's and shut them down. Yes, you'd have a lot of little ISP's out there, but if Genuity, AT&T, Sprint, UUNet/MCI, Verio, PSINet, C&W, etc. all shut down, the Internet in the US would be pretty much done. Isolated pockets would probably still exist but almost every major data center and small ISP relies on connectivity from the top tier of ISP's. If they went away, not much would be left. Combine that with taking down the DNS root servers and it'd be all over.

And.. I work for a big(!) bank and we have totally independant networks with zero reliance on the Internet (except for your online banking). If the Internet went away, you could still get to your money and do business as usual. No worries there. Now, if the government were to go so far as to take down the carrier's frame/ATM/MPLS networks things could get messy. If that happened, however, the US would be in REALLY bad shape. We learned that from the AT&T and MCI outages.

The major vulnerability I see to cyberterrorism is a massive DDOS strike that has been very carefully distributed, hidden in some widely-distributed application. This kind of attack would have to be well hidden so that it didn't get discovered (and fixed) before the release date. They'd have to hit the BGP tables and/or the root servers to do all that much damage, however. Just hitting the government is a big dea, mostly for morale, but taking out any individual component of the Internet (save the BGP/root servers) probably wouldn't have much effect. Even taking out the MAE's wouldn't be that big of a deal anymore, since most peering points between ISP's are now private, not throught the MAE's.

Anyhow, it's something that we all need to pay close attention to - Make sure your servers are patched and your firewalls say "allow X, Y, and Z and deny everything else," not vice versa. I'll watch your back, you watch mine and we'll all be just fine.

- G

 

[ScottMac]

The hypothetical attack scenario PH2 ("Pearl Harbor 2") presented in the "Information Warriors" book made some interesting points about software. Many of the "big software houses" rely on international branches for much of their coding (Like Bangalore India, and Isreal .. others, I'm sure). Among the cast of characters are programmers that hide some "special" code amongst the bloat and patch of the main applications.

If not the creator of the application, how about the consultants frequently hired to tailor the application to the particular business? How can you guarantee that THEY aren't putting poison code into the system?

Another question that come to mind is how well the programmers (and consultants) are screened, and how well their work is checked before release to the buying public or client. What kind of damage could occur if a mainstay application suddenly "turned rogue" and began eating itself (overtly or quietly) or started sending malicious code around the 'Net?

Who would have to call a CIO to convince him/her that the company's critical application(s) (say, SAP, BAHN, or Oracle) had to be shut down "RFN" because it's pumping crap into the Internet or some other business partner's (or the DoD or other Government agency's) network? D'ya figure there's been some "code phrase" arrangement between all of the member parties on the various security discussion/analysis/action committees?

... stuff like this can tie your brain in knots with paranoia if you're not careful. There are so many elements in so many places touched by so many people, you almost have to figure that something's gotten through somewhere. Who do you trust, and how much do you trust'em?

I think Garion's point is probably the best we can hope for: everybody is diligent about keeping their software and security systems up to date, with some internal testing to verify that it's as bulletproof as possible, given the known attack methodologies.

Another point regarding private networks: many/most/all are carried across public/telco lines (or in public/telco trunks, or in some form or fashion, at least partially, through public/telco/ILEC/CLEC equipment). Redundancy through multiple carriers is certainly popular, but, many of the telcos contract the same long-lines carriers for trunk service...right along with many of the Federal agencies. I don't remember the big players anymore...is it Williams? Cable & Wireless? Whoever it is, do you think it possible that a coordinated attack on the diverse paths of the main trunking carriers could cause the kind of outage that would make it an "acceptable" target to the bad guys? Would it be Newsworthy enough? Can the major carriers protect every yard/mile/span of their media?

Path diversity should work; as long as the contracting companies make an effort to ensure that the paths afforded by the various media providers are truely diverse. How many companies know exactly what the path from location "A" to location "B" is, and who's REALLY carrying their traffic? I'm reasonably certain that if the companies queried the media providers for an exact map of their traffic path (and the owners/operators of every chunk of cable along the way), there'd be some surprises about who's contracting what bandwidth from whom.

Compuserve, Tymnet, and Telenet used to be some of the big network players. Telenet is dead (I think), Tymnet is still around (I think), and Compuserve (who (used to) contract long lines / trunking to folks like GM/EDS) is now owned by AOL. If the bad guys decided to whack AOL (physically and/or virtually), d'ya figure Time Warner would think it's news? Would the jillions of AOL users get itchy because their IM and EMAIL isn't working? Would it be enough to cause anything resembling panic / terror?

Thanks to y'all that have contributed to the thread so far, hopefully some of the other network d00ds can check in with their perspectives as well ...


FWIW

Scott

 

[mcveigh]

I think we just took one more step closer to this...

link1


link2

 

[Soybomb]

To those of you who have suggested there will be some sort of forced ID system on the internet, that you will have to provide real proof who you are to use it:

Would you support such a bill? No matter how dumb the general joe public might be, don't you think half their internet thrill is the anonymity of the internet? Just from doing tech support for an ISP, I can say that millions of people's lives would be crushed if they thought people could tell they were surfing porn (not that we can't, but this is acknowledging that a name can be matched with it). I don't see many people supporting this as its central part of what the internet is about.

How about also how this will be enforced? If I start a small ISP will I be forced to participate in this program? Is there a national radius server or what? Even then, assuming it became the case in this country, how about others? Certainly not every country in the world is dumb enough to agree with something like that.

I also don't see the big carriers just pulling the plug because the government asks them too, that puts them out of business effectively.

Nice slashdot link, its always comforting to see our government signing away our rights. How long until wiretapping is just unrestricted for the government?

Thats it, I'm moving

 

[Abzstrak]

Even if you try to declare "martial Law" there is ALWAYS ways around it, just like there are ways around every countries firewalls.

Can the internet be used for good? yes, obviously.... Can it be used for bad things? again, of course..... There is an ancient chinese proverb, "Every man is given a key, this key opens both the gates to heaven, and the gates to hell" So just choose how to use your key, you can't control how others will.

 

[Thor86]

Sun aims new server software at online IDs