Aug 31 2009
Just wanted to dash off a quick post on a topic of much handwringing today – the supposed take over of the internet by the White House.
This fire storm was lit by a poorly written, slightly hyperventilating article in CNET News. The offensive ‘reporting’ is in how the article explained cyber threats and actions required to squelch these threats.
I don’t have time for a full blown tutorial this morning, but one common mode to disrupt the internet is to flood it with garbage, pushing elements beyond their capacities and basically clogging up the pipes (and processors) for legitimate traffic. One excellent method for producing this flood of garbage message traffic is to secretly load viral programs on numerous computer systems timed to begin their broadcast flood at a single point in time.
To stop the flood and clear the pipes of the internet requires turning off the faucets of garbage – which means shutting down computers and taking them off the network.
This is done every day of the year as systems detect and abort attacks. We here have to do it a lot (reboot the server) when we get slammed with this type of attack (whether unintentional or otherwise).
The need to pull garbage spewing elements off the network is not in question to stop these denial of service attacks. The need for the authorities to order these compromised systems offline if the operators resist is also not much in question.
What is a bit dodgy is why this is such a big deal, and why would the government ‘seize control’ in the first place. The reason I say this is most critical systems in this nation are not on the ‘public’ internet in the first place. Government and key private industry systems are on their own private systems, protected against most attacks and isolated from each other.
In the same way a ship has flood doors to compartmentalize any leak and isolate the flood to only a limited sector, so to are communication architectures set up as isolated compartments. If designed right, there is NO NEED to seize anything. What you do is isolate systems running amok – turn off their access (close the flood doors).
I don’t think the language of the bill is technically correct or current (I have yet to find anyone on Capitol Hill who could understand even the introductory levels of modern communication systems), and I think the reporting is primarily alarmists with little to no context. In other words, we are not being served by the news media or the law makers (as usual).
We need to establish protective communication architectures that isolate key information systems both in the public and private sector. We need guidelines and process to coordinate the isolation of cyber attacks with response times of a few minutes. We need hotlines and isolated networks for key personnel to notify each other and respond en masse to attacks.
We don’t need government seizure, we need government to lead a coordinated response (and pay for the extra security). We need trained professionals, but licensing people to know a technology is not the answer. We need innovation – which rules out dictates from government and means we need the private sector to develop coherent solutions that get government blessing (not authorization). And we need to build bridges between private and government run systems so that one side is not fighting an attack while the other has not clue what is happening.
I think most people are trying to do the right thing here, sadly there are not a lot of good people who know what needs to be done in the loop right now. Right problem, wrong solution, wrong architects of a sound solution.