Imagine, for a moment, that the Internet were to suddenly disappear.
No email. No social media. No online banking or payments. No news. No teleconferencing or IP-based phone calls.
If this sounds like a 21st Century version of doomsday, it is: There is little doubt that even a relatively short mass Internet outage would inflict major economic damage worldwide as well as undermine people's overall confidence levels for quite some time.
But, is such an outage truly just far-fetched plot fodder for a science-fiction film, or could we actually experience such a technological calamity somewhere down the line?
When I spoke with information-security pioneer, Eugene Kaspersky, several months ago in New York, he mentioned that he believes that terrorists–who have seen the great successes of cyber crooks at exploiting the capabilities of the Internet–are likely to attempt to carry out a mass cyber attack in the not-so-distant future. I have also heard similar sentiments expressed by a senior member of the AT&T security team.
Will such an attack take the form of an attempt to disrupt Internet communications?
It is certainly possible–and the surveillance and intelligence gathering phase may have already begun. Just a few weeks ago it was reported that the FBI is investigating multiple recent incidents of people cutting high-capacity Internet cables not far from Silicon Valley. These attacks are by no means the first–or even the first in 2015; tens of thousands of Arizona residents lost Internet service earlier this year when someone severed underground cables. Nobody has claimed responsibility for these attacks–and nobody has been arrested either.
Which brings us to the question–what actually holds the Internet together, what does it take to break it, and how do we protect it from attack?
People and business connect to the Internet via Internet Service Providers (ISPs). An attack at an ISP could knock out service for many people and temporarily lead to flooding of other ISPs with bogus traffic slowing down service for others, but because many people use more than one provider for Internet connectivity (for example, one provider for smartphone-based Internet access and another for broadband at home) the impact would likely be far short of devastating.
Other attacks may be far more problematic.
Internet Service Providers connect to one another in various ways--the most important being Internet Exchange Points (IXPs). These massive connection points are the hub of Internet activity; they are where major providers such as Comcast and AT&T exchange their traffic. Some content providers may also hook directly into IXPs.
There are only a few hundred IXPs in the world; significant Internet outages could result from even a single IXP failing, and the simultaneous failure of several IXPs could cause massive regional outages. Traffic would not be able to flow between providers in an efficient manner, and, in some cases, communication between millions of users and businesses may be disrupted altogether. Obviously, ensuring physical and electronic security at IXPs is, therefore, of great importance.
Underwater cables are another essential element of Internet connectivity--and a major vulnerability. Over half-a-million miles of cables that line the ocean floor carry almost all international data transmissions.
These lines, however, remain at risk of being damaged by earthquakes and ship’s anchors, or by human sabotage ("Wire tapping" underwater cables has been a modus operandi of nation states since at least the Cold War). Sharks have even been known to attack underwater cables--they are apparently attracted to the electromagnetic field created by fiber-optics which incorrectly appears to them as indicating the presence of prey; sharks are enough of a problem that Google now wraps its underwater cable in a Kevlar-like material.
Of course, cables on land--or underground--are also vulnerable, as many people in California have learned over the past year. Clearly, we must better protect all of our cables from both natural and human threats.
While physical vulnerabilities remain a problem, cyber attacks are also a concern. Attacks targeting the Internet's Root Servers--the systems that manage and distribute the list of where the authoritative servers are for resolving top level domains (e.g., ".com")--could prove devastating, but these systems are well protected, are implemented as highly redundant clusters, and utilize different technical platforms that are distributed throughout the world, so a successful takedown of the root system would be exceedingly difficult to carry out.
Some devastating cyberattacks, however, may not be so difficult to execute. Distributed Denial of Service (DDoS) attacks--attacks in which some party overloads connections and servers with large numbers of otherwise legitimate-looking electronic requests (typically emanating from large numbers of computers infected by malware all over the world)--can overwhelm the infrastructure of most organizations and cause disruptions of service. While there are various technological defenses against DDoS attacks, a well-orchestrated, mass-scale DDoS attack could potentially overcome them and cripple Internet service to significant numbers of users and businesses.
Has the Internet ever been broken?
Several months ago, Kim Kardashian claimed that she would "break the internet" with online photos of herself that were supposed to be so interesting to so many folks that a mass audience of people would overwhelm the technology delivering the pictures to viewers. Of course, this did not happen. But the Internet has been broken before.
In 1988, Robert Morris, then a graduate student, wrote and released a piece of code now known as the Morris Worm; due to a programming mistake, code intended to measure the size of the Internet ended up taking out approximately 10% of all online computers and forcing administrators to partition the Internet for several days. In 1988 the total number of Internet connected devices was less than the number that today are in a single New York City office tower, and in 1988 essentially no commercial activity took place online, so the macro-economic and geopolitical impacts of the Morris Worm were minimal.
27 years later, however, the damage from a similarly scaled outage would be utterly catastrophic.
The Morris Worm taught us decades ago that the Internet can be broken, and how important cybersecurity can be. In our era of reliance on the Internet for so many aspects of our lives, we should not forget that lesson.
For more information on how the Internet works, and what it would take to break it, please see the attached infographic.