Pages

Saturday, September 24, 2016

Webocide?

Is somebody trying to figure out how to take down the Internet?

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

That "critical pieces" of the Internet is important, I think.

We like to think of the Internet as a diffused network designed to provide communications despite the damage of a nuclear attack.

But that Internet doesn't exist anymore. One, surviving for email doesn't begin to cover what the Internet is now with its massive bandwidth and speed appetite.

And for commerce, efficiency is prized more than redundancy. So rather than being diffused with easy ways to rout around blockage, there are now "critical pieces" of the Internet that make the Internet more vulnerable.

In 2007, I wondered if the potential for cyber-attacks had not reached the level that high explosives could achieve, so that question was whether the Internet could be physically attacked and taken down given that just 13 critical locations needed to be destroyed.

Later, the answer seemed to be no, but it could be damaged. But some of the assumptions seemed questionable.

And certainly, specific geographic locations at the ends of single points of Internet access can be knocked down.

More recently, I posted about Russian efforts to reach the underwater cables that account for 99% of transoceanic digital traffic.

Nine years after I first asked the question, is redundancy even less important than efficiency? How many critical pieces of the Internet are there?

And are cyber-tools so advanced that physically attacking the web isn't a potentially easier method of taking down the Internet?