Tuesday, December 12, 2017

Internet vulnerabilities...

Internet vulnerabilities...  Over my career I've been responsible for running several Internet-facing datacenters.  These all ran businesses that were utterly dependent on the Internet, so we paid a lot of attention to failure modes – ways that things could go wrong that would result in a business interruption.  We eventually waded through enough data on actual failures that we could identify three primary concerns.  Together these accounted for all but a tiny percentage of outages actually experienced by real datacenters.  In order, these were (ten years ago; things may have changed):
  1. Backhoes.  Most datacenters are connected to the Internet by just one or two fiber-optic connections.  The most common cause of an Internet outage in a datacenter is a backhoe cutting through one or both of these connections.  Often the failover to the backup connection is inadequately tested, and cutting one cable results in an outage.  Also, all too commonly both connections run in the same underground route, and a single backhoe swipe can sever them both.
  2. Undersea or buried backhaul connections.  That's what this article is all about, focusing on undersea cables.  Buried cables on land are, if anything, even more vulnerable – there are hundreds of miles of them running along Interstate highways and railroad right-of-ways that have nobody guarding them.  A bad actor with a backhoe could sever one in minutes.  A single cable cut wouldn't severely impact the Internet – but cut several carefully chosen cables at once and you could.  This sort of attack is within the capability of any but the most feeble American adversaries, and requires minimal cleverness.  Detailed information like this is readily available to anyone.
  3. NAPs and MAEs.  Network Access Points and Metropolitan Area Exchanges are a largely American phenomenon.  These are the places where major customers connect to the Internet, and where various Internet carriers interconnect with each other.  There are a relatively small number of these, and while they have some security they are not secure against a determined military attack – and certainly not against an artillery or rocket attack.  If you were a well-funded adversary to America, and you wanted to maximize your impact on American commerce and communications ... these would be obvious targets.  
Having pointed out the vulnerabilities, I'd also like to point out something else: the Internet, with all it's redundancies, is not a trivial thing to damage.  You'd have to make quite a few breaks in the system to seriously and broadly impact Internet connectivity in the U.S.  Damaging a particular customer or geographic area is somewhat less difficult.  However, it could be done by a determined (and sufficiently funded) adversary – and I don't immediately see how to defend against such an attack other than by increasing the amount of redundancies and diluting the points of concentration (meaning, mainly, MAEs and NAPs) by making more and smaller interconnections.  The latter is challenging because the economics greatly favor fewer and larger interconnection points...

No comments:

Post a Comment