Risk of Internet Collapse

Discussion in 'other security issues & news' started by Scotcov, Nov 27, 2002.

Thread Status:
Not open for further replies.
  1. Scotcov

    Scotcov Guest

    Quote from article:

    "Risk of internet collapse rising

    Simulated attacks on key internet hubs have shown how vulnerable the worldwide network is to disruption by disaster or terrorist action.
    If an attack or disaster destroyed the major nodes of the internet, the network itself could begin to unravel, warn the scientists who carried out the simulations.
    The virtual attacks showed that the net would keep going in major cities, but outlying areas and smaller towns would gradually be cut off.
    The researchers warn that the net has become more vulnerable as it has become more commercialised and key net cables are concentrated in the hands of fewer organisations.

    The simulations were carried out by a trio of scientists from Ohio State University led by Tony Grubesic, Assistant Professor of Geography at the University of Cincinnati."

    Full article at: http://news.bbc.co.uk/2/hi/technology/2514651.stm
  2. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    Interesting article, but, just how much destruction are we talking about in order to really have a sizable effect on Internet access world-wide? And, how much time would it take to bypass the destroyed parts and get things working again? It would be put together again because we humans are very good at fixing damage when we have to.

    The analogy I'd use would be what happens with power lines during a bad storm. Some areas get knocked out, if they are big enough, workers come from all surrounding regions to help in getting everything fixed. Life goes on and people start telling stories about what they saw during the "big storm of '02".

    Hmm, I guess I'm an optimist after all. ;)
  3. luv2bsecure

    luv2bsecure Infrequent Poster

    Feb 9, 2002
    Well, I wish I could be as optimistic on this subject.

    I have always had a great amount of respect for Bruce Schneier. He puts it pretty simply here for a mass audience, but it's very good:

    I have gone back and pulled some information I wrote after the Sector5 conference in Washington back in August. One thing that resonated to all that were there is the physical danger to the Internet is every bit as frightening (if not more so) than a massive cyber attack, which everyone focuses on. And try this one: a well-coordinated simultaneous physical/cyber attack. Here is a bit of what I wrote after the conference:

    The possibility of a simultaneous cyber attack with physical attacks on one or more of the 13 root name servers is very frightening. The robust root server operated by NSI is officially said to be in Herndon, Virginia (everyone knows the "official" location does not have the hardware) but the actual location is super-secret known only by a few and known only to be somewhere in the Virginia hills. It has long been known that the location would love to be discovered by potential terrrorists. One seminar at Sector5 dealt strictly with the physical protection of these locations and the dominant belief was that air defense should be utilized immediately to protect the root servers. The thought of an Internet calamity is scary considering that (against all advice from IT Security specialists) parts of the USA power grid now communicate solely through the Internet. Hopefully, other countries haven't been as reckless.

    I end this post with a must-read article, but here are some other resources/scenarios that I hope some will take the time to read.

    The Sector5 conference in August sounded the warning that the time is nearing. You might want to read this summary of the dangers to major business interests:

    A classic document can be found all over the web and can be read here:

    Good information from the Center For Strategic and International Studies - who have conducted serious studies into politically motivated cyber attacks.

    Another excellent report on the threat titled, "Cyberterrorism Concerns IT Pros" can be read here:

    A portion of the above is worth posting here -
    "...several studies have shown that critical infrastructures are potentially vulnerable to cyberterrorist attack. Eligible Receiver, a "no notice" exercise conducted by the Department of Defense in 1997 with support from NSA red teams, found the power grid and emergency 911 systems had weaknesses that could be exploited by an adversary using only publicly available tools on the Internet. Although neither of these systems were actually attacked, study members concluded that service on these systems could be disrupted. Also in 1997, the President's Commission on Critical Infrastructure Protection issued its report warning that through mutual dependencies and interconnectedness, critical infrastructures could be vulnerable in new ways, and that vulnerabilities were steadily increasing, while the costs of attack were decreasing." And nothing has changed that improve the prospects.

    An excellent short FAQ here:

    Cyberterrorism Is Everyone's War

    The consequences of a successful Internet Doomsday is enormous. Not only would it be a huge blow economically all over the world, but many of us don't think about how many things rely on the Internet: many power grids, hospital-hospital communications, 9-11 systems, the list is staggering. I believe the risk is very real and like some very big names, I also believe it threatens life as we know it. Reconstruction after a massive coordinated attack (physical/data) would not be fast enough to save many businesses (and not just small ones) and some believe the attack could actually be used to attempt to bring down governments. The prospects are frightening.

    Finally, I will end this with an article that is a must-read that you probably shouldn't read if you are faint of heart :doubt:

    You probably noticed many of these articles came from PC WORLD a division of IDG.net. Kudos to them for following these stories and events for the mass audience. You sure don't see that from their main competitor, Ziff-Davis Publications. I think it's important that this info not only be found in IT, security, etc. newsletters and magazines, but that it be presented for the masses in ways that make it easy for anyone to understand these threats.

    Let's hope we can get the people of the U.S. and the world to pay serious attention and demand that the recommendations from groups like Sector5 be implemented immediately.

Thread Status:
Not open for further replies.