NNSquad - Network Neutrality Squad
[ NNSquad ] "Plan D" - How To Disrupt the U.S.A.'s Internet
"Plan D" - How To Disrupt the U.S.A.'s Internet
http://lauren.vortex.com/archive/000804.html
Greetings. In Stanley Kubrick's 1964 dark comedic film masterpiece
"Dr. Strangelove," misuse of Top Secret attack "Plan R" ultimately
triggers a global nuclear catastrophe ( http://bit.ly/fGfzaH [YouTube] ).
Egypt's government may have had its own doomsday plan of sorts, at
least as relates to the Internet, as demonstrated by its ability to
almost entirely terminate Internet communications internationally (and
according to some reports, domestically as well) in what appears to
have been a highly coordinated manner. Various telephone-related
communications in Egypt have also apparently been affected.
Various observers have now somewhat glibly asserted that similar broad
Internet shutdowns would be "impossible" in the U.S., that only the
concentration of associated Internet resources in countries like Egypt
permitted the government's actions against their Internet services to
be effective.
I have serious doubts that such confidence in the Internet's ability
to withstand such actions here in the U.S.A. is necessarily warranted.
Let's leave aside for the moment the federal push for centralized
"cyber security" operations controlled by military and intelligence
agency entities and operatives. We can even skip for now the calls
for what many would consider to be mandated U.S. Internet "kill
switches" under government control, with the possibility that much of
the Internet would ultimately be declared to be "critical
infrastructure" subject to their purview ( http://bit.ly/gfofDJ [Wired] ).
How well might a theoretical "Plan D" -- "D" for "Disrupt the
Internet" -- work here in the U.S., today, right now?
For the sake of the argument, let's assume that major Internet firms
will obey the federal government's edicts when "Plan D" is invoked
under a claim of "national emergency."
Now, you're the national CSSC - Cyber Security Super Czar. Who do you
call to shut down the Internet in the United States?
Since the overwhelmingly vast majority of U.S. Internet users have
their Internet access through a handful of giant telephone and cable
operators, the initial call list is relatively short.
Hello AT&T! Comcast! Verizon! Time Warner! Charter! Qwest! - "Plan D
is declared! Shut down all Internet customers not previously
designated as National Security Critical (NSC). Thank you for your
cooperation!"
There are more calls to make of course, to cover most other "major"
Internet ISPs of significant size, but you're finished with the first
round within an hour. Minutes later, millions of Internet users find
their connectivity is dead.
Next step -- invoke Plan D over Google, AOL, Microsoft, and a handful
of other major U.S.-based operations. "National security emergency!
Shut down all services not designated NSC!"
Now the major Internet backbone operators - "Plan D! Emergency!"
Major peering points - "Plan D! By order of the President!"
And of course the domestic DNS registries and U.S.-operated DNS root
servers - "Plan D! No questions, just do it!"
"Sir, Plan D implementation complete -- three hours and fourteen
minutes execution time ... Thank you, sir. Just doing my duty."
- - -
Now of course, this has all been merely a thought experiment. We, uh,
all know that there is no real "Plan D" -- or similar action plans to
disrupt or otherwise declare the equivalent of digital marshal law on
the Internet. After all, this is the United States, not Egypt. Of
course.
In any case, the point of this little fantasy is simple enough. It
might be wise to at least consider the extent to which our Internet
infrastructure -- even in the U.S. -- may be vulnerable to
significantly encompassing shutdown orders that -- even if not 100%
effective -- would still serve to drastically curtail individual and
corporate communications within a matter of a few hours.
In fact, it might not even require mass shutdowns at the subscriber
levels to achieve such ends to a major degree, since the termination
of a significant percentage of Internet backbone, peering, and DNS
services alone would trigger a broad Internet data "traffic jam" --
that would make L.A. freeway commuting look like a walk in the park by
comparison. You might still in theory have your local Internet
access, but its usefulness would likely be something similar to
carrier pigeon communications.
In "Dr. Strangelove," the Plan R recall code "OPE" -- an anagram
for "Purity of Essence" or "Peace on Earth" -- almost (but not quite)
avoided a global nuclear doomsday.
Unfortunately, the often laudable, but still misguided sensibilities
that seem to be leading us into the world of an Internet "Plan D" --
either by design or by continued reliance on our relatively
concentrated Internet resources, are not subject to any three-letter
recall solutions.
To assume that the Internet here in the United States is invulnerable
to a scenario significantly similar in major ways to that now playing
out in Egypt may be comforting, but does not seem to reflect the
reality of our Internet infrastructure.
Would such an "Internet shutdown" be more difficult to accomplish here
than in Egypt? Yes. Would it be impossible to accomplish to a degree
that would be considered successful? I doubt it. Quite possibly the
process would take more than three hours, but I don't believe it is by
any means out of the question.
Would major Internet services challenge government edicts of these
sorts, delaying their own shutdowns while court proceedings were
engaged? There are many factors to consider, but assumptions that the
U.S. Internet infrastructure is so robust that directed Internet
"blackout" scenarios are inconceivable strike me as naive at best.
Peace on Earth? Purity of Essence? As usual, the decisions about how
to move forward are up to us.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
- PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz
Quora: http://www.quora.com/Lauren-Weinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com