Slashdot Mirror
Preparing for the Worst in IT
mplex writes "How vulnerable is the internet to terrorist attack? Is it robust enough to handle an outage on a massive scale? Should the commercial infrastructure that powers the internet be kept secret? These are the sorts of questions raised by Mark Gibbs in his latest column in Network World. 'There is an alternate route available for nearly all services through Las Vegas or Northern California serving all facilities-based carriers in Los Angeles -- all interconnected at numerous L.A. and L.A.-area fiber-optic terminals supporting both metro and long-distance cable.' Given that the internet thrives on open networks, it's hard to imagine keeping them a secret. At best, we must be prepared to deal with the worst."
Link in article broken, nice job editors!
Why, not only do the editors not read the stories anymore, they don't even read the submissions!
Why is terrorism "the worst" now? I'm much more afraid of a high-magnitude earthquake hitting the west coast of the US, or a major hurricane veering further north than usual on the east coast, than I am of some random bomb going off somewhere.
Just in the last year we've seen how a single earthquake in Taiwan can bring connectivity between Asia and the rest of the world nearly to a halt. Natural disasters like that are a sure thing and it makes much more sense to me to worry about that than about the latest episode of "24" coming true.
Which isn't to say that we should dismiss any possible threat entirely, of course -- but we should also prioritize our efforts. It's not possible to fully prepare for every possible problem.
Ironically, TFA actually claims that we are pretty well prepared.
here is a good link for the lazy http://www.networkworld.com/columnists/2007/041607 backspin.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
XXX#######
I moused over the whole summary, but I couldn't find a link anywhere in there...
This guy's the limit!
It might be hackneyed, but please remember the internet was designed to withstand hundreds of nuclear warheads. Half of any class of nodes can go down and the rest keep running.
Dear Zonk, your posts to Slashdot are uninformative, full of errors, and not relevant to anyone's interests. Please go away.
Also, anyone who agrees with me, please tag this article "zonkism".
Isn't an isolated terrorist attack subsumed by the design parameters for the 'net? To my recollection, the protocols and mechanisms were built to be able to automatically re-route around damage caused by a large-scale nuclear attack...?
I've been reading this site for years, and yet I'm constantly impressed by the quality exhibited.
For instance, in a story about how resistant the Internet is to attack, the editors apparently decided to demonstrate what a possible attack might look like.
Take a look!
Bravo!
Comment of the year
In this reply to a thread on security breaches, I said businesses need to have a plan for disasters of various sizes.
This goes for infrastructures as well. Those who manage them must be prepared for everything from a cable cut to a planet-smashing asteroid.
"Prepared" doesn't always mean being able to fix the problem. It may just mean declaring in advance that the problem won't be fixed and moving on with life. Or in the case of a disaster guaranteed to be fatal, accepting that this is the end.
If the citizens of New Orleans had been properly prepared for Katrina, they would have known that "If a flood destroys our home and our neighborhood and it looks like it will be years before city services are restored, then we will just move away."
As for the Internet:
I don't expect the Internet as we know it to survive an all-out, late-1970s-scare-scenario WWIII. But I do expect it to mostly survive if a handful of key locations and a few dozen cities without key infrastructure components are destroyed by nukes on the same day. The same goes for the phone company and the electric grid.
I would also expect governments to mandate civilian usage limits to make the remaining tubes available for government and emergency-management use.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why in the world are we dependent on the Internet in the first place? Relying so much on such a uncontrollable beast is a recipe for disaster anyway, even without terrorists.
"eggs in one basket"
---- Booth was a patriot ----
There actually is several secret links in case of catastrophic failure. :)
I guess if an invading army decided to hit all your NAPS you're SOL (all your NAP are belong to us) but a greater threat might be a chip embargo during a war or a period of instability. Open up your box lately? The Asian Tigers have our peckers in their pockets. I fully expect this to occur downstream and it's a greater threat to "national security" than most want to admit.
"He's using a quantum encryption scheme! That'll take hours to break!"
One should worry about that first of all. Remember NYC say four/five years ago?
Just in case. No Internet w/o electric current I guess.
Pedro.
Before the '90s that was true.
.mil separated off, and lots of other things happened so routing is no longer "oh that link is broken I'll try this one."
In the '90s things went commercial,
Now it's "oh that link is broken let's see if I'm contractually allowed to use any of the other available links."
In the event of war, I wouldn't count on the "contractually allowed" list to be reset to "everyone" in a timely manner.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Wrecking the US's communications systems would require a significant industrial expense and commitment, this doesn't come from terrorists.
Under the influence of Post-Cyberpunk Gonzo Journalism
Anybody else see the irony of a malformed HTML link href="http://www.foo.com/links/malformed.html"> in an article about the "worst in IT ?" Almost made my head implode.
To be fair, I like his video game articles, generally, although I sometimes disagree with his ratings.
Comment of the year
Yes in theory. Remember it was designed to survive global thermonuclear war.
No in practice. Because it is cheaper not to. Those multiple routes and connections are more expensive than a simple, single one which works just fine on a clear sunny day.
The reality is somewhere in between.
The internet is not vulnerable to attacks of terrorists.
Next Question.
I can still hand sketch and draw and communicate with construction personnel just fine. Although sophisticated hardware and software are helpful they are by no means required. Most people in front of monitors these days are space-fillers that satisfy a salary budget and not much more.
The goal of doofus management is to place as many people/layers between themselves and firing time. That's why we know have vice-presidents of every imagineable sort. Anyone with a brain will note that this phenomenon started when the boomers reached 40 or so.
"I own a $500,00 house, aren't I special?"
Assuming the bulk of the internet was down for a few hours, would it really matter. Sure, we can calculate a dollar loss by estimating potential sales per hour, but at the end of the week,end of the month, would it make a significant difference?
Most of our loss form 9/11 was due to emotional knee-jerk reaction. However, if you read the comments and blogs, internet users claim to be more rational and intelligent that the average person. Under those conditions we would take the internet outage as welcome break to go stand outside with our coworkers and gossip about someone's clothes.
Or worse, we could finally pick up the phone again and call our business transactions in like we did for decades.
I get alot of problems with slashdot not rendering properly using IE on windows (thats the only approved browser and OS at work).
it works great using firefox on slackware so I always thought it was just errors in IE. oh ya, DO NOT turn on the new commenting system if you only have IE. you will stuck with a scrambled slashdot and no way to turn it off.
Power supply is the key. In case of a massive power outage the Internet infrastructure running on current hardware is dead.
Solar powered, highly energy efficent hardware should create the backbone of an alternative, emergency WIFI internet, which runs on renewable energy and is not relying on copper/fiber infrastructure.
Widespread adoption of Microsoft Vista won't happen for at least another couple of years.
We all know the planet is too crowded. No one wants to volunteer to rectify the problem via their own demise... Have a heart.
The premise of Internet interuption is probably much more likely to occur as a result of natural disasters. A serious earthquake near Taiwan on Dec. 27th 2006 DID shut down most of the Internet for China, Hong Kong, Taiwan, Korea and Japan. See http://news.bbc.co.uk/2/hi/asia-pacific/6211451.st m I was IN China at the time and it was ... horrible. The major telcos in Beijing, China Netcom, was not so great at recovering from it. China Telecom in Shanghai did a much better job. Japan, Korea and Taiwan recovered much quicker because their ISPs were willing to spend money on alternate Internet paths via satellite. China Netcom was just too cheap and screwed over their customers.
The Internet never actually went completely down, but you were not able to surf the Internet. Email was problematic, but IM and VoIP still worked. Most of the problem was that port 80 requests far exceeded the available bandwidth, so everything just ground to a hault. MSN and Skype still worked like a charm. I had friends IM me web page content so that I could 'surf' pages I desperately needed to read. I also used proxies in Australia to gain access to the USA Internet and this worked quite well.
I think the idea of a terrorist organization trying to bring down Internet infrastructure is completely ludicrous. Terrorists want to take lives, and bringing down the Internet is not going to take (that many) lives. This is just another sad example of the sorry state of paranoya we live in under the Bush administration post 911. Just as there will NEVER be another successful hijacking of an airplane in the USA again, not because of the stupid security we have to go through at airports, but because normal every day airplane passengers will kill the terrorists rather than let terrorists take over an airplane again, ever.
We do NOT need to worry about things that will never happen, and terrorists trying to shut down the Internet by blowing up infrastructure? It is just NOT going to happen. A bomb would be better used where there is a high concentration of people. Maybe the Internet will be compromised through a virus or malware or bots - these are things we should worry about, but NEVER by physical force.
We really need to STOP giving attention to these fear mongers who promote these stupid ideas.
How much critical/central points have Internet for an effective phisical attack? Something that could do a big phisical harm to it probably could do a more effective one against population.
In virtual wold the attacks are currently under way, maybe not that for religious or political reasons (?) but mainly for economical ones. Spam, botnets, trojans, exploiting vulnerabities, etc, are the "bombs" in internet, and, with a bit of luck, the people that do/run them could eventually be processed as terrorists too
The perception of terrorism created by mass media is big deal, however, since that's what keeps the viewers glued to tv sets. How often do you get to watch people jump out of the buildings over 400 meters tall? The cost of lives lost is immeasurable to the immediate families, but on the national level, it was a relatively small bump (six times as many people have died in car accidents the same year). Far more damage to the country resulted not directly from terrorist attacks, but from the policies our own government has put into place: insane air travel restrictions, the PATRIOT act, the second gulf war, etc. Mass appeal madness is the one thing we do very well.
I've lived in northern California since 1976. In 1989 we suffered the only significant damaging earthquake and it wasn't a big deal in the scheme of things. The 1906 earthquake didnt damage San Francisco much, rather it was fire and lack of building code.
In CA an earthquake is no more eventful than daily tide risings.
Terrorism, on the hand, has targeted Americans more than 20 times since the 1970s. 9/11 hurt the US economically more than the 1989 earthquake or the 1994 earthquake in Los Angeles combined.
...in space...
Great new book on Evolution: The Greatest Show on Earth by Richard Dawkins
Just bomb second lifes datacenter
like the internet, that are publicly under attack by thousands of malcontents a day are not necessarily secure, but have become hardened over time. And that is why they are still around today. If the internet was a fragile creature it would have been killed long ago. Although we have seen viruses that travel through the internet, we have yet to encounter a virus that attacks the infrastructure itself. Although there is always the possibility that this is related in part to random chance, I like to think that anything that has survived in a hostile environment for a period of time has proven itself simply by continuing to exist and function.
If anything is going to threaten the internet it would be a lack of variety in the model of routers used around on the backbone. I don't have any numbers to lok at, but I hope they are using a wide variety of manufacturers and models, so that a virus capable of subverting a model of router would not make it very far.
Right now the biggest threat to the functionality of the internet appears to be Windows. Highly successful viruses like Code Red showed that vulnerabilities in Windows combined with its popularity can lead to a severe performance hit on the internet as a whole until the problem is cleaned up. In that case the internet was hit as a side-effect, and the traffic of the virus trying to propogate was what caused the impact. If the virus had been written to say, 10 minutes after infection to stop trying to propogate and start DDOSing its nearest router, we could have had a very serious problem.
I work for the Department of Redundancy Department.
Fixed at last! Fixed at last! Thank Neal almighty, it's fixed at last!
With apologies to Dr. Martin Luther King.
Ironic considering that a design goal of the Arpanet (the predecessor of the Internet) was to be robust in the event of network component / communications line failures.
[Insert pithy quote here]
A better comparison would be the Kobe, Japan quake of 1995, which killed over 5,000 people, made 300,000 people homeless - some for years, and caused about $100B in damages.
Hurricane Katrina is also in that ballpark, with over 1800 deaths and over 700 missing, hundreds of thousands left homeless, and economic losses in the 9 figures.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The whole basis for the article is old news. One Wilshire has already been made a target and been completely evacuated more then once, but plans for the building were found in Afghanistan after the US invasion. But it's not only One Wilshire, it's also 111 8th Avenue, 60 Hudson and Metroplex all in the NY metro area. People need to wise up, it would be extremely easy to take down a large portion of the telecom infrastructure in a metro area, with a very few well placed attacks.
So you really need to ask, how likely is it that terrorists will target the internet, considering all the other things they could target instead? And even that is too vague a question, since it presupposes an attack against "the entire internet". How hard would it be to "bring down the internet" whatever that means, and how much money and technical skill do "they" have, whoever they are?
This post expresses my opinion, not that of my employer. And yes, IAAL.
802.11b Mesh Network covering the entire country.
-jX
Don't you just love politics? It's like a comedy of errors.
Now admittedly i don't know a whole lot about it so perhaps someone would be kind enough to fill in the details, but as far as i know there are only 7 static (ie not distributed) dns root nameservers in the world. Should they be destroyed, would the distributed nameservers be enough to cope until the infrastructure could be rebuilt?
"No, no, no, don't tug on that! You never know what it might be attached to."
The power grid is fragile? On the US's three major grids (west, east, and texas) We've had something like two major outages (65 and 03) in the last 100 years not caused by natural disaster. The power grid SEEMS to be very reliable, fault tolerant, and capable of containing most major problems to a small area. Even the litany of small power outages that occur every day somewhere are repaired promptly.
People who think they know everything really piss off those of us that actually do.
What happens to the Internet when the east coast is flooded due to a super tidal wave, because most of the La Palma volcano has slid into the sea? The people stuck in the traffic jams on the East coast will be dead of course, but how long till we can restart our civilization?
Same question about the erruption of the Yellowstone super volcano?
Could the Internet reroute so that the people still alive could cumunicate?
I think families should move away from the East Coast and leave it to people who want to live fast and die hard. But no one ever listens.
In any case, our civilization should have a plan to survive. How come no one ever asks the Presidential candidates about this? These disasters, are not a question of if, but of when! They will happen! Nobody is arguing that they will not happen someday.
We have to endure the global warning nonsense, even though we are living in a temporary warm period in a glacial age and humanity has historically fared better in the warm periods.
Perhaps it is because these disasters, unlike global warming, can not be used as a pretext for socializing the economy.
Why would you (as a disciple of terror) ruin the one conduit that runs in to millions of businesses and homes?
1 77778
... think people.
This is pre-internet thinking and the road to ruin.
http://slashdot.org/comments.pl?sid=210824&cid=17
Think about the geniuses in WWII and what they (the Axis Powers) had operational (hint: Jets).
(BTW where did those geniuses end up?)
You wouldn't blow up the road to Rome before you used it to conquer IT.
Blow shit up? That's soooo American
Examples:
A coalition of Madmen (using countries as groups)
Axis powers of World War II
http://en.wikipedia.org/wiki/Axis_Powers
A coalition of Madmen (using Al-Qaeda as an umbrella)
http://en.wikipedia.org/wiki/Al-Qaeda
It depends solely on the level of talent and organization.
~hylas
I am not sure we can compare earthquakes in other countries who have different techtonic plates, different physical and economic vulnerabilities, different building codes, and different code enforcement. We are taling about earthquakes in California specifically, as mentioned in the parent comment.
I am not making an opinion on hurricanes.
You only need one electromagnetic bomb to fry all electronics within a mile radius. Put a few of those within striking distance of each major datacenter, and Internet will be pretty much gone overnight. And a datacenter is not something you can easily hide - it can be tracked down by its massive electricity requirements and heat output.
Terrorist may or may not attack the Internet directly. But how vulnerable is the Internet to Government attacks? Can the Internet (i.e. the end-to-end principle) survive all laws passes as a result of Governments using terrorists as an excuse to control it?
...that the worst is not a terrorist attack, it's the users. Stop spreading FUD.
I wouldn't be worried too much about what a terrorist could do, for reasons that have already been mentioned. I'm more concerned about governments deciding to kill/censor/ration the internet...all in the name of "national security", of course. The solution:
Flee with a mirror of all your favorite sites and porn to the middle of nowhere, and run an off-the-grid datacenter. In time people will connect to you, and the free internet will rise again. Wait...that would be ridiculously difficult.
Vista was released months ago
This is immensely overblown. I happen to directly oversee multiple nationwide optical networks of varying layers (1-4) with roughly a half terabit of real data capacity at my fingertips. Situations that could be considered OMG CATASTROPHIC occur semi-frequently, sometimes a few in a day, sometimes a couple weeks without. What most people don't understand is that there are long haul optics hanging right over their head carrying ~96 or more fibers, DWDM OC-192 (10G/s, so that's almost 2Tb capacity right there) that you could shoot down with your remington. And this happens. Or a power failure at a pop. Every time I pass a digging crew on the road, first thought "call before you dig m-f's!".
But terrorism against colo's, pop's, nap's, etc...? As part of network design, you have to take into account catastrophic failure(s). That means if a hurricane could tear through an area with a big colo/pop/nap presence (say atlanta), one's network better be prepared to handle the shift in traffic in case the worst does happen - like a second simultaneous failure elsewhere. It'll hurt, but as they say on the battlefield, acceptable casualties.
Bringing The Internet down by means of physical terrorist attacks is very unlikely (speaking modestly). Example: the verizon colo in the WTC buildings. That was a mess, but it was handleable. Peering and routing changes, move on. Taking down a physical point of presence would require some intense research and much more importantly DESIRE. This is the basic concept of hacking, given time and motivation, there's nothing that can't be toppled. So, take off your sweatin'-it pants, and chill. Do we really need any more paranoia at this point?
If the intarwebs get broken, maybe we can fall back on sneakernet to exchange pr0ns? Or set all our wifis to ad-hoc? It is a terrifying prospect, no matter how well we are prepared.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
Why in the world are we dependent on the _______ in the first place? Relying so much on such a uncontrollable beast is a recipe for disaster anyway, even without terrorists.
1. Internet
2. Electrical grid
3. Interstate Highway system (or your national trasnportation system of choice.)
4. Petroleum infrastructure
5. Microsoft Corp. (Hey, it's Slashdot.)
6. Postal system
7. Telephone network
8. Municipal water supply
The US free market: two halves of a government-granted duopoly are free to set the market price.
Just read Worse than Failure.
Those sound like good ideas, but why take a chance on opaque clothing? Use transparent plastic, and you can even get several uses out of each set of clothing - more if you actually wash it between wearings. And why allow luggage? Checking all that crap for bombs is expensive. Americans are supposed to consume - why can't they just buy everything they need at their destination? That way you can even earn extra revenue by selling tickets to the "steerage" section, formerly the cargo bay.
Terrorism? How about a large solar flare pointed in our direction. That oughta be enough to take down every satellite in on the daylight side of the globe.
Terrorist Attack + Google + Massive Amounts of Dot Com Era Dark Fiber = Google Controlling the flow of information.
:: Grabs Tin Foil, Makes Hat ::
Provided they have massive buildings filled with routers and servers...
Might be a better solution for the lesser of two evils to physically own the back bone.
I guess the Neo-Con's won't like hearing that some one isn't terrified of terrorists, however.
If you know about MAN, the mesh is complicated widespread to a level that can only be managed by machine. The scale of attack that could blackout the network is in national defense level. As a civilian, my only wish is that such thing will never happen. For natural disasters, I would give up the network in exchange for both Hawaii and Alaska to be in walking distance.
Let's go back a few decades and look at how the internet was designed, and why it was laid out that way: The core idea was, no single point of failure (because, then, of a nuclear attack) would lead to the structure's collapse.
Now we're fearing exactly that. Though we switch "nuclear russian" with "terrorist islamic" in the fear context, the rest is pretty much the same. And why? Because we're being cheap and a single line is enough for the "commercial" internet.
That's simply what you get when you commercialize key infrastructure.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
What happens if it gets taken out?
SCIREV.NET - fanfics,reviews & more
...must be to stop having 90% of desktop users on a series of operating systems for which the vendor has repeatedly failed miserably at adressing numerous vulnerabilities, causing widespread sabbotage, phishing and data theft costing god knows how much money every year. I mean seriously, can anyone actually come up with anything a terrorist organisation could pull off which is going to have a worse impact on the nets general stability security and performance than Microsoft windows? This is not even taking into consideration the cost of the hardware required to run a system which has between twice to four times the system requirements of the main competition, their repeated efforts to keep other companies of the market, or continued and deliberate breakage of APIs, standards and backwards compatability. I would seriously argue that at least as far as the internet is concerned, Microsoft is a MUCH greater problem than any terrorist organisation will ever be.
Why is it that every time the Internet is mentioned someone brings up that old chestnut of it being built to survive a Nuclear war. Vin Cerf, one of the originators of the Internet has specifically stated that the purpose was to share computers.
was Re:Isn't it ironic?
davecb5620@gmail.com
'The grid (as was shown by the outage on the east coast a couple years ago) is not very redundant'
I AIP_Daily_2003-08-18.pdf
o rm_crashed_ohio_nuke/
t .hearing/index.html
. fri/
- comm/info-notices/2003/in200314.pdf
.. disabled an automatic periodic triggeri ty/recovery/story/0,10801,87400,00.html
Actually the grid used to more redundant until the utility companies stopped building standby generators and connected local systems to a central control station, to save on staff and to save money. They managed this by lobbying in Washington to get the regulations diluted.
The actual blackout was caused by the MS Blaster worm that caused the SCADA units to freeze. These Windows based units are used to provide remote reading of Remote Terminal Units (RTUs). As the operators were unaware that a single generator had tripped out in Ohio, they failed to respond when too much power was been drawn in from a neighboring area. This in turn tripped out other generators in a domino effect. Coincidentally enough ten months previously the SQL worm caused a similar crash of the SCADA units at a nuclear power plant owned by the same company.
Years later a report found (a) Unix to be responsible for the outage and (b) an operator had switched off a key piece of equipment and then went to lunch. This despite the fact that telephone transcripts showed that the operators were fully aware that something was wrong in the minutes preceding the blackout.
XA/21
http://www.nipc.gov/dailyreports/2003/August/DHS_
MS Blaster
http://www.theregister.co.uk/2003/08/20/slammer_w
We have no idea what happened
http://www.cnn.com/2003/ALLPOLITICS/09/04/blackou
transcripts
http://www.cnn.com/2003/fyi/news/09/04/transcript
potential vulnerability of plant computer network to worm infection
http://www.nrc.gov/reading-rm/doc-collections/gen
an engineer
http://www.computerworld.com/securitytopics/secur
RTUs
http://www.securityfocus.com/news/41
was: Re:What about a boogeyman attack?
davecb5620@gmail.com
The problem is control of supply and therefore profit. Specifically, routing.
You'll find that your ISP etc will absolutely not allow routing of other networks across your regular connection. They barely tolerate wireless routers. Essentially they insist you act as a leaf node. If you want to do more, expect it to cost a bundle.
Deleted
Just disable them during rush hour. Pour a couple of boxes of caltrops out the back of a van would pretty much do it.
Deleted
We *ARE* prepared, but against terrorists.
- Because there's some redundancy on the 'net. One small bomb attack can't bring down the whole planet's network.
- Because, even if they could, it would be foolish for them to "shut down the whole internet" as they are using it for communicating too.
- Because, as you point out, natural disasters are much more likely, frequent and deadly/damaging than terrorists, and it would be much more interesting to divert our efforts to something else.
The question is, will we be prepared if an earth quake wipes a small part of a continent ?
(And to address your title : yes the terrorist are the latest bogeyman to the USA.
The whole USA propaganda can be resumed with a series of substitutions :
German Nazis -> Ruskie Commies -> Muslim Terrorists )
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Do you know what the "angle of repose" is? If you don't, here: http://en.wikipedia.org/wiki/Angle_of_repose
Off the coast of California is a pretty deep trench. If you compute the angle of repose from the bottom of the trench to Los Angeles, it intersects rather near the city.
It is possible for a city, or a large fraction of a city, to slide into the sea. It has Historically happened to such cities as Alexandria, Egypt, Lisbon, Portugal, and Port Royal, Jamaica.
And Los Angeles is due for a Big Quake...