September 1, 2009  

Defending the new Silk Road

The Internet of today is not the Internet of years past. It is an evolving entity that has a taken on a life of its own. When most Americans refer to the Internet, they refer to a mythic entity that has Web sites such as www.armedforcesjournal.com, applications such as Twitter and wikis, ubiquitous connections to personal computers and handheld devices, and that is searchable by entering terms in a form field. Many articles have covered the basic evolution of the Internet from its origins in ARPANET and academia, and books such as “Fire in the Valley” by Paul Freiberger and Michael Swaine have covered the explosive growth of personal computing. The issuance of “dot” names was once under U.S. government purview, as was the funding of the first browsers and networks, and the first centers with Web sites, but no longer.

This seed planted by the Defense Department, watered by a computer revolution starting in the 1970s, and fed by the fiber-optic network and dot-com bubbles of the 1990s and now the handheld revolution of today, has resulted in a vast and more complex Internet. The common element is Internet Protocol (IP). An IP address is a connected device’s identity on any IP network. If it has batteries or a power cord, it also likely has an IP address: servers, handheld devices, ATMs, cable-TV boxes, credit-card readers, door locks, hospital medical devices, and in some cases, a personal computer.

Government networks are small and nondiverse compared with the Internet, and many government networks are in some way dependent upon the Internet, by design or not, separated or not. Therefore, efforts to secure and protect the cyber-realm must include people with expertise in the larger Internet to protect the global economic infrastructure, and to incorporate that diverse expertise into government networks. This article will explain the complexities and weaknesses of the current Internet, groups that actually control the Internet and its standards, common enemies of Internet and government IP networks, and ways to better secure government and our economic infrastructure.

To understand the Internet and its security needs, without delving into techno-babble, it is best to resort to a scenario from antiquity. A merchant in Beijing needs to deliver cargo regularly to his agent in Rome. To perform these deliveries, the merchant contracts with a local Beijing caravan company. The caravan company can use many routes to Rome and back, each route requiring the company to pay other caravan companies to fulfill the order. The merchant does not care with whom the caravan company contracts; he is only interested in the drop-off point, security, time and cost for delivery. The Beijing caravan company typically contracts with one of several Silk Road caravans to bring the load from the eastern end of the Silk Road, Turfan, to its western end, Constantinople. Every Silk Road caravan company requires standard packaging and addressing on any loads it carries, and has more expertise, and uses the more and stronger camels, than any non-Silk Road caravan company. The Beijing caravan company contracts with one of these Silk Road caravan companies to complete the delivery to and from Rome, to carry not just the Beijing merchant’s goods, but also those of other merchants in the Beijing to Turfan region. Note that the Silk Road caravan does not ever meet the Beijing merchant, nor know the cargo’s contents once packaged. In fact, the Silk Road caravan will bundle loads from many smaller caravans for the long trek across the Silk Road. The Silk Road caravan plans for eventuality, and has agreements among its peers to swap loads to ensure deliveries. Caravan masters, in addition to managing camel traffic on the Road, determine how and when to implement agreed swaps. Further, caravan masters determine which camels are purchased to carry loads, and all camel vendors aspire to provide camels to the Silk Road caravans. At the Silk Road’s terminus in Constantinople, the Silk Road caravan will break up the loads to go to their various destinations, including Rome, using other caravans to complete delivery. Ideally, Silk Road caravans want eastbound and westbound trips to have full loads. In the end, the Beijing merchant doesn’t know exactly how his loads are delivered to Rome, just that they usually arrive, usually on time.

All the dynamics of the Internet can be seen in the Silk Road scenario. The basic principles that constitute the Internet would not have been alien to our ancient merchant. Our “Silk Road” is a fiber-optically connected series of router clusters. Each major city has at least one cluster per backbone ISP. A backbone ISP’s cluster has routers that face other ISPs for load swapping, and a very few that direct traffic inside the backbone ISP. These backbone routers, our “camels,” are specialized supercomputers that direct Internet routes. Each city is a Constantinople or Turfan in our example. Controlling the routes on the Internet is accomplished by controlling a very few of these routers, since the routers share information among themselves and among ISPs. Peering agreements officially define contact points between ISPs. These agreements, combined with the protocols and standards associated with IP and, more importantly, their actual implementation in routes, form the Internet infrastructure. One view of these peering arrangements for the Internet can be found on the Internet Health Report site at www.internetpulse.net.

Strategically, the physical and logical worlds are linked, as with the Silk Road, and physical security is tied to logical security. Key router clusters for most ISPs, backbone or not, are situated in a finite number of shared buildings in major cities. A sprinkler-pipe break in one of these facilities can cause damage resulting in the loss of many thousands of libraries worth of information for many ISPs before redundancy takes over. These buildings are connected using shared fiber-optic bundles that often follow common easements. A typical backbone connection between major cities for one backbone ISP, and there are several connections per route, carries a load equivalent to more than 25,000 novels (five gigabytes) every second. The same can be said of the fiber bundles under the oceans or communications satellites in space. A private network does not escape this physical structure. The underlying routes for private networks, i.e., private and secure from the Internet, also ride this common fiber-optic and facility infrastructure. Just because a “private network” appears on paper to be a physically separated network does not mean the fibers or routes of that network don’t share a conduit with the fiber carrying your publicly IP-routed music download. A sloppy backhoe or undersea earthquake can knock down key routes for many IP networks, to the dismay of millions of users, private or not.

Cybersecurity strategy, government and commercial, must therefore include a detailed understanding of the private and public IP infrastructure, physical and logical, and must include tested processes for securing and documenting it, adopted from industry and government best practice. Continually updated documentation is a key to securing the terrain.

Our allies

About 300 master backbone network engineers, under various titles, regardless of organization chart, truly control the ebb and flow of traffic on the global Internet. They are the caravan masters of our Silk Road, and are experienced and powerful allies. These same engineers control public and private Internet networks. Like the caravan masters of old, the master network engineers are not executives, but their word becomes law for all other IP engineers and operators. They design in the redundancy, they dictate security, they author standards and they often operate the network directly by commanding the routers. They meet at group conferences to decide the protocols and address policies that rule the Internet. These groups are not familiar to most Internet users but they are:

å The North American Network Operators Group (NANOG), an educational forum for information related to backbone/enterprise networking technologies.

å The Internet Engineering Task Force (IETF), a nonprofit organization that develops and promotes Internet standards.

å The nonprofit International Corporation for Assigned Names and Numbers (ICANN), which manages the assignment of domain names and IP addresses.

å IEEE, a professional association for the advancement of technology.

å The Software Engineering Institute’s CERT, a federally funded cybersecurity organization.

Network engineers communicate continually using instant messaging. In these conversations, they balance the traffic on the Internet by swapping thousands of bundled routes, billions of bytes at a time. Additionally, the caravan masters of the backbone ISPs drop rotten cargo at the roadside quickly. In the cases of child pornography, spam or hacker activity, a call between key backbone ISP network engineers can end all traffic in and out of entire ISPs well before any legal action is taken. The personal bonds of trust between these engineers are forged by working together at various companies, building and maintaining networks, and battling hackers and spammers. Some are military communications veterans or (former) white-hat hackers. All are post-dot-com-bubble survivors. They hold the keys to all major backbone routers and in turn, the keys of the public and the private Internet. These engineers are the key to Internet-wide change and security.

The Internet also has camel breeders and cargo providers, each listening to the caravan masters. Equipment vendors, such as Cisco and Juniper, and application providers, such as Microsoft and Google, have strong influences on the Internet and any IP-using network, but they largely listen to the backbone network engineers. Major equipment vendors on the Internet, who also provide hardware for military networks, listen first to the backbone ISP network engineers, then to anyone else. Why? The master network engineer always strongly influences what hardware, by the thousands of units, a backbone ISP will buy, and in turn what the smaller ISPs such as the Defense Department, will also buy. A vendor must therefore have a presence in at least one backbone to prosper. Application providers act similarly. The backbones are routed to manage major application traffic; network engineers must control the routes this traffic takes to balance their ISP networks. Since the backbone network engineers know the Internet market intimately because of interaction with ISP customers and traffic analysis, these engineers provide priceless feedback to the application providers and equipment vendors. Equipment vendors and application providers, hoping to court favor with the caravan masters, attend the same group conferences as the backbone network engineers.

For our cybersecurity effort, our strategy must include input from a significant sample of the master backbone ISP network engineers, key application providers and equipment vendors. Security policies for the Internet and government networks should include input from, and to, ICANN, IETF, CERT, IEEE and NANOG.

Our enemies shared

U.S. government networks and backbone ISPs share many enemies, some due to contact, most due to villainous desire. Often it is the case that “isolated” government networks share a link to the Internet, by protocol or by connection. The contact point for a government network can also be a warrior’s iPod, a civilian’s USB fob, or a contractor’s wireless adapter. One of the thousands of backbone routers on a major backbone ISP moves trillions of bytes of data hourly, for billions of end users, over hundreds of thousands of routes globally. Each backbone router therefore is an irresistible target, attacked often. Imagine a professional hacker controlling just one of these major routers. Such a miscreant could not only disrupt the economy on a vast scale, just by controlling the routes and populating them to other routers, but could also pull in Internet traffic to sample for sensitive data, or send as a tsunami at any connected server or network. Motivations may differ between backbone ISP assailants and Defense Department-targeting hackers, but both have enemies seeking to weaken infrastructures, to deny access, to obtain information and to sow disorder.

Combined attacks pose a real threat. A savvy foe may decide to combine a physical attack to hit a military unit and, at the same time, launch a logical attack to disable the civil infrastructure, as Russia did in its Georgia campaigns in the summer of 2008. A terrorist could use a small physical attack to gain access to the backbone infrastructure, then connect into military networks, and then launch a logical attack against all other connected military networks. Many nightmares follow.

Our cybersecurity efforts must account for such combined attack scenarios, physical and logical, military network and Internet. Both sides, simultaneously, must be explored. We must also include the lessons learned from defending the Internet infrastructure to date.

The Internet is a vital and ubiquitous entity, ruled by common protocols and experience, from which national cybersecurity efforts must draw. Strategically, we must secure the Internet backbone, our modern Silk Road. Efforts must involve groups and individuals that run networks much larger and more diverse then any government network. As a result, our cybersecurity efforts must:

å Develop a secure repository of current key physical and logical infrastructure documentation, using Web technology and automation. This should include maps, contact lists and processes. We must have strategies to secure physical key points in the event of attack.

å Partner with academia on the creation of cyberarchitecture security and assurance educational programs that grow the expertise and passion that industry and government need — to include cyberfellowship programs to bring together industry and government, i.e., bring in industry-class working network engineers to enhance government security efforts on a rotational basis. Government engineers and decision makers should rotate into the major backbones to learn in the larger Internet.

å Determine the cybersecurity overlaps and separations between the government, industry and the federally funded centers of expertise — so that we can focus our respective expertise in a comprehensive and complementary body of knowledge, skill sets, technologies and approaches.

å Develop combined response exercises and scenarios with industry, especially the backbone ISPs, to deal with national or globally sized attacks against the Internet.

Given these initial steps, our cybersecurity strategy can be placed on the right footing to defend our modern Silk Road.

Bryce L. Meyer is a former Air Force captain who is now a member of the technical staff at the Software Engineering Institute at Carnegie Mellon University, where he is working on the Army team’s acquisition support program.