I often follow the blog of security guru Bruce Schneier and a recent entry particularly caught my eye.
He pointed to a story, originally published on AOL.com News, which claimed that there was a bill (text here) that could give the President the authority to shut down all or portions of the internet in the event of an emergency.
Schneier claimed that this was not a new idea, Senators Jay Rockefeller and Olympia Snowe proposed the same thing last year, and some argue that the President can already do something like this. However if this or a similar bill ever passes, the details will change considerably and repeatedly.
Looking at the concept of an internet kill switch though, Schneier said that it was a bad idea as 'security is always a trade-off of costs versus benefits'. He said: “So the first question to ask is what are the benefits? There is only one possible use of this sort of capability, and that is in the face of a warfare-calibre enemy attack.
“It's the primary reason lawmakers are considering giving the president a kill switch. They know that shutting off the internet, or even isolating the US from the rest of the world, would cause damage, but they envision a scenario where not doing so would cause even more.”
He pointed to several flaws in the plan, primarily that while international connectivity can be cut off; there are still plenty of ways to get online, such as with satellite phones, obscure ISPs in Canada and Mexico and via long-distance phone calls to Asia. Also even if all packets coming in from one nation were to be blocked, it would not work as you cannot figure out what packets do just by looking at them. “If you could, defending against worms and viruses would be much easier,” he said.
“Packets that come with return addresses are easy to spoof. Remember the cyber attack on 4th July, 2009, that probably came from North Korea, but might have come from England, or maybe Florida? On the internet, disguising traffic is easy. Foreign cyber attackers could always have dial-up accounts via US phone numbers and make long-distance calls to do their misdeeds.”
He also claimed that as the internet is the most complex machine mankind has ever built, shutting down portions of it would have all sorts of unforeseen ancillary effects – such as its effect on ATMs, stock markets and infrastructure.
He said: “Even worse, these effects would spill over internationally. The internet is international in complex and surprising ways, and it would be impossible to ensure that the effects of a shutdown stayed domestic and didn't cause similar disasters in countries that we are friendly with.”
He further claimed that this would not be able to be built securely, as ‘an enormous security vulnerability' would have been created. “We would make the job of any would-be terrorist intent on bringing down the internet much easier,” said Schneier.
“Computer and network security is hard, and every internet system we have ever created has security vulnerabilities. It would be folly to think this one wouldn't as well, and given how unlikely the risk is, any actual shutdown would be far more likely to be a result of an unfortunate error or a malicious hacker than of a presidential order.”
He concluded by saying that the main problem with an internet kill switch is that it's ‘too coarse a hammer', as good guys far outnumber the bad guys and shutting the internet down, either the whole thing or just a part of it, even in the face of a foreign military attack, would do far more damage than it could possibly prevent.
Schneier said: “For years we've been bombarded with scare stories about terrorists wanting to shut the internet down. They're mostly fairy tales, but they're scary precisely because the internet is so critical to so many things.
“Why would we want to terrorise our own population by doing exactly what we don't want anyone else to do? A national emergency is precisely the worst time to do it. Just implementing the capability would be very expensive; I would rather see that money going toward securing our nation's critical infrastructure from attack.”
I wanted to highlight this opinion because I thought it presented an interesting global perspective on a questionable solution that IT managers face. In the event of a major incident in an organisation, the possibility of blocking internet access is available, but what Schneier suggested presents a different aspect. If you have ultimate power, is it your right to use it?