tagged w/ Internet Security Alliance
-
-
-
-
-
(CNN) -- It seemed so easy for Egypt. Just order a shutdown of the country's internet connections and -- bam -- it happens.
But is such an authoritarian action transferable? Could the U.S. government shut down American internet connections? And is it possible for the global internet to be toppled?
Technically, yes, internet experts said Wednesday, shortly after Egypt's government restored internet connections there as violent political protests continued. But it's highly unlikely.
"Could you break the internet? Yeah. Can you shut it down? No. Shutting down the entire internet would be pretty much impossible at this point," said Jim Cowie, co-founder of Renesys, an worldwide internet tracker.
Cowie spoke of the internet as if it were a giant, adaptable worm.
"The funny thing about the internet is even if you break it in half, the two halves will function as [separate] internets," he said.
How Egypt shut down the internet
Understanding what happened in Egypt helps frame the discussion about what could happen to the internet in the United States or around the globe.
According to internet traffic monitors and experts, Egypt's government likely called the country's five main internet service providers -- like on the phone -- late last week and ordered them to barricade online traffic.
That's sort of like calling all of the post offices in the country and telling them to throw the mail away instead of delivering it, said Robert Faris, research director at Harvard's Berkman Center for Internet & Society.
Google connects Egyptians to Twitter Egyptians cut off from internet
RELATED TOPICS
Egypt
Internet
Government and Politics
Technology
But instead of shredding paper mail, the Egyptian internet providers altered their Border Gateway Protocols, the software that routes online information.
"There's not an on-off switch," Faris said. "What it is, it's a list of IP addresses that route information between nodes on the internet. And what they did (in Egypt) is they changed all the software and the list in there to something called null routing. So all the traffic going in and out was essentially thrown away."
Faris called these measures extreme. They have been carried out in only two other instances, he said: In Myanmar during 2007 protests; and in Nepal in 2005, when the king seized power.
Iran and China filter the internet instead of blocking it, he said.
Could the United States do the same?
Technically, the United States could do the same thing Egypt did to block internet access, Faris said.
The government would have to call four or five top internet providers and order them to disrupt Border Gateway Protocols in a way that shut down the majority of American internet traffic, he said. Others said the government would have to deal with the country's thousands of internet providers in order to fully clamp down on internet access, which would be logistically difficult.
But that's unlikely to happen here, experts said.
For one thing, the internet in the U.S. is bigger. There are more companies involved, more data at play and more locations where the internet comes in and out of the country.
Moreover, U.S. law would prevent such an authoritarian shutdown.
"The internet is a network of networks," said Andrew Blum, a correspondent for CNN content partner Wired magazine and author of an upcoming book on internet infrastructure, "and they're all commercially operated.
"They're all businesses. Their autonomy is sort of their bread and butter. And they're mostly unregulated. So the idea of having to comply fully with any government order to shut them off is pretty extreme. It's as if there were a government order to close every McDonald's -- all at once."
A country's legal framework, not its technical infrastructure, determines whether it is able to shut down its citizens' access to the internet, said Cowie.
"It really comes down to the fact that somebody has to have the legal authority to go to a company that runs a large part of the internet in the United States and say, 'Turn off your connection to the outside world.' "
However, as CNET reports, three U.S. senators have submitted legislation to give the president emergency powers over the internet in the event of a cyberattack or other disaster scenario.
On Wednesday, the bill's authors tried to distance themselves from what's happened in Egypt, issuing a statement:
"Our bill already contains protections to prevent the president from denying Americans access to the Internet -- even as it provides ample authority to ensure that those most critical services that rely on the Internet are protected."
What about elsewhere?
Shutting down the global internet would be more of a trick, requiring a level of global coordination that would be extremely unlikely if not impossible, the experts said.
"If you really wanted to turn off the global internet, you'd have to seek out people on every continent and every country," said Cowie from Renesys. "The internet is so decentralized that there is no kill switch."
"No you can't do that," said Harvard's Faris. "The internet is designed to be robust. Certain links break and then other links are opened."
In Egypt, for example, people who couldn't access the broadband internet were able to place international phone calls to Europe to log on to dial-up internet service, he said, which, of course, operates on phone lines.
Google even announced a service that would let people in Egypt use landline telephones to post to Twitter using voice messages.
"Communication continues and people revert to other modes," he said. "You can shut the internet down but it's not the end of organization. People are still there in the square, and they're figuring out how to do it."(CNN) -- It seemed so easy for Egypt. Just order a shutdown of the country's... more
-
-
-
For the average information technology professional, the concept of marketing & selling is an alien skill set; like under-water bagpipe playing. In the eye of the IT pro, this skill is composed mostly of excessive hair-gel, pointless presentations and flim-flam.
However, several new research studies have identified a sea change, once again, heading for information technology professionals. Recently, eWeek released an article that gave a broad outline of a much more in-depth study by the Corporate Executive Board...
https://www.infosecisland.com/blogview/4347-IT-Marketing-There-is-No-App-for-That.htmlFor the average information technology professional, the concept of marketing &... more
-
-
Last month the German government decided that it needed to take a closer look into Google's data collection methods. Google's Street View cars are equipped with wireless antenna's and pick up any available wireless signal along the way. It was originally thought that the Street view cars were just c...
https://www.infosecisland.com/blogview/4057-Google-was-capturing-your-wireless-packets.htmlLast month the German government decided that it needed to take a closer look into... more
-
-
It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a condition where you can defeat CSRF tokens...
https://www.infosecisland.com/articleview/3256-Using-Parameter-Pollution-and-Clickjacking-to-Aid-Anti-CSRF-Bypass.htmlIt’s been a while since I’ve talked about Clickjacking, with only a few... more
-
-
Once an agency crosses over into social media interactions with other agencies and non-governmental organizations, the guidance gets diluted. The guidelines point to five government agencies, none of which are the definitive resource for social media implementations. These guidelines are a must read for any organization that is considering a foray into the Web 2.0 sphere…
http://information-security-resources.com/2010/02/25/federal-guides-for-social-media-security-pii/Once an agency crosses over into social media interactions with other agencies and... more
-
-
Over a billion people visited social networking sites such as Facebook and Twitter last month so it’s not surprising that hackers have these sites in their cross-hairs. In fact, according to recent research from Breach Security Labs, social networks were the most targeted category in 2009, accounting for 19% of all malicious attacks last year. By using simple data encryption and password protection tools, you can ensure that your personal information and online identities remain secure and private…
http://information-security-resources.com/2010/02/14/how-to-protect-your-social-network-identity/Over a billion people visited social networking sites such as Facebook and Twitter... more
-
-
The Internet Security Alliance presented Melissa Hathaway with its annual award for vision in cyber security Tuesday during an event at the National Press Club. Hathaway, the Obama Administration’s former acting cyber security chief, received the McCurdy Award on the one-year anniversary of when she began her 60-day review of the government’s cyber security program. ISA believes that Hathaway’s work, if implemented, would result in the establishment of a modern partnership between the public and private sectors, which is necessary for an effective and sustainable system of cyber security.
http://information-security-resources.com/2010/02/09/isa-presents-melissa-hathaway-with-award/The Internet Security Alliance presented Melissa Hathaway with its annual award for... more
-
-
Infosec Island, the new online community designed especially for IT and network professionals who manage information security, risk and compliance issues, today announced its new Q1 membership drive promotion. From now until March 31st, anyone who signs up for a free Infosec Island membership will be automatically entered in the Q1 Infosec Port of Call Drawing to win one of three great prizes.
There are lots of good infosec sources out there, but no other community offers infosec pros the unique combination that Infosec Island does:
• Managed services security platform,
• Premium security services,
• Free security tools,
• Direct communication with peers,
• Secure infosec portal, and
• Built-in social network.
Join today - It's Free!
https://www.infosecisland.com/register.html
http://information-security-resources.com/island-membership-drive-over-10k-in-prizes/Infosec Island, the new online community designed especially for IT and network... more
-
-
Recently we have witnessed the emergence of international hactivist and vigilante “The Jester” through his crusade against jihadi and militant Islamic networks, and some third party networks that contain evidence of having been infiltrated by rogue elements. Jester’s activities raise an important question: Where do cyber vigilantes fall on the infosec ethics spectrum?
http://information-security-resources.com/2010/01/27/q-a-with-anti-jihadi-hacker-the-jester/Recently we have witnessed the emergence of international hactivist and vigilante... more
-
-
As the Haitian people fight for subsistence, the world is responding with food and medical assistance. This tragedy wreaked havoc on a victim unsung by the news media – the telecommunications infrastructure. However, there is a ground-swell in the technical community targeting this need. George Moraetes is among those that have used their skills to help.
http://information-security-resources.com/2010/01/21/it-expertise-helping-in-haitian-recovery/As the Haitian people fight for subsistence, the world is responding with food and... more
-
-
A value statement connects a project or investment to the mission and values of the organization and there are cases were value overrides financial ROI. A cogent value statement combined with a best-effort ROI can enhance both the bottom line and the security posture of the company by identifying the operational conditions for success.
http://information-security-resources.com/2009/12/20/roi-and-the-infosec-value-statement/A value statement connects a project or investment to the mission and values of the... more
-
-
If a company wants to have a social media presence, then the people involved in the usage will need to have the training to understand what to and not to post and what is acceptable use (no Facebook apps). The Internet is full of regrettable stories of CEOs and other high-ranking employees discussing inappropriate topics that immediately plunge themselves and their firm into hot water.
http://information-security-resources.com/2009/12/13/exploring-the-social-media-security-quandary/If a company wants to have a social media presence, then the people involved in the... more
-
-
Typically, the economics of cyber security are not readily transparent and they are poorly appreciated. When defensive investment is compromised by factors beyond an organization’s control, the motivation for continued investment is reduced substantially. Effective and sustainable improvements in our collective cyber security posture will stem from a comprehensive understanding of how to effectively motivate all players across our economic landscape to actively engage in proven best-practices in both their business and individual cyber activities.
http://information-security-resources.com/2009/12/03/isalliance-delivers-cyber-security-report/Typically, the economics of cyber security are not readily transparent and they are... more
-
-
During a recent interview Navy CIO Robert Carey stated that cloud computing offered real value to the Navy, iting that both the Navy Next Generation Enterprise Network and Consolidated Afloat Networks and Enterprise Service programs will leverage cloud computing. He envisions a future day when “Grey clouds” within a ship’s hull will transition to clouds within the battle group.
http://information-security-resources.com/2009/11/24/us-navy-successfully-tests-cloud-based-iaas/During a recent interview Navy CIO Robert Carey stated that cloud computing offered... more
-
-
“First, the President is correct in his appreciation of the need to view cyber security as not just a technical and security issue, but as an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other.” ~ Congressional Testimony
http://information-security-resources.com/2009/11/18/isalliance-cyber-security-is-economic-issue/“First, the President is correct in his appreciation of the need to view cyber... more
-
