Internet Kill Switch: Addressing Cyber Threats or Expanding Federal Power?

[jreelawg]

A bill is being introduced in the U.S. Congress aimed at addressing Cyber threats. The bill, dubbed, "Protecting Cyber Space as a National Asset" or PCNAA, gives authority to the executive branch over the internet. A popular tag for this bill, is the "Internet Kill Switch", for the power it would give to the president to shut down the internet in an emergency.

Obviously this is going to cause controversy. Perhaps may be seen as a large expanse of federal power.

My thoughts are that, there are probably always cyber security attacks every day. What is to stop the powers granted under this pretense from being abused?

Any thoughts on this bill?

http://newsfeed.time.com/2010/06/18/does-the-internet-need-a-kill-switch/

http://www.opencongress.org/bill/111-s3480/text

 

[DaveC426913]

Strange. The entire creation and existence of the internet is predicated on the concept that it is distributed and therefore effectively invulnerable to system-wide disruption.

I guess DARPA built it too well, and now realize they have created a monster that can double back on itself and bite them.

 

[Evo]

A bill is being introduced in the U.S. Congress aimed at addressing Cyber threats. The bill, dubbed, "Protecting Cyber Space as a National Asset" or PCNAA, gives authority to the executive branch over the internet. A popular tag for this bill, is the "Internet Kill Switch", for the power it would give to the president to shut down the internet in an emergency.

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

I guess DARPA built it too well, and now realize they have created a monster that can double back on itself and bite them.

Uhm, no.

 

[rootX]

That reminds me of recent US-China crisis over google ... I have not read the news but all the content looks like full of BS.

 

[ThomasT]

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

While I don't know enough to doubt that what you're saying is true (especially the last sentence), it's nevertheless kind of scary that people like Lieberman are proposing this sort of thing, and that it will therefore get a lot of attention, and therefore actually be considered as a viable option by who knows how many people who just can't seem to get enough 'protection'. Isn't he due to retire?

 

[mgb_phys]

They need to change the warning on cartoons - this program is not suitable for elected officials, voter discretion is advised.

http://www.keineintritt.com/wp-content/uploads/screen-grabs-linksys-internet.jpg

 

[Evo]

While I don't know enough to doubt that what you're saying is true (especially the last sentence), it's nevertheless kind of scary that people like Lieberman are proposing this sort of thing, and that it will therefore get a lot of attention, and therefore actually be considered as a viable option by who knows how many people who just can't seem to get enough 'protection'. Isn't he due to retire?

It's not possible, that's not how the internet works.

My specialty is the internet. I work for one of the largest backbone providers in the country, and worked for 27 years for the one that invented it with the US Government. I sell backbone access to ISP's.

 

[TheStatutoryApe]

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

I imagine that the government has some level of control over the infrastructure. I'm sure that you are right though that it would be a logistical nightmare to try to accomplish it. Some people have been watching too much 24 I think.

 

[mgb_phys]

It's not possible, that's not how the internet works.

But it's not always as distributed and redundant as you would hope.
A lot of cables go through the US, even in Asia a lot of traffic involves a trip to Seattle and back.
It could be good for the fiber laying business if china decides it needs a link to it's customers that doesn't rely on US goodwill or Russia decides to link Europe to Asia through the artic.

There is also quite a lot the US can do to poison top level DNS since it has control of ICANN ultimately it can invalidate anyone else's registry (as it did with Iraq before GW-II)

 

[jreelawg]

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

Uhm, no.

They don't control thousands of individually owned companies, and that is the point of the bill.

Protecting the Internet as a National Asset Act. The penalty for non-compliance would be a fine.

 

[Evo]

But it's not always as distributed and redundant as you would hope.
A lot of cables go through the US, even in Asia a lot of traffic involves a trip to Seattle and back.
It could be good for the fiber laying business if china decides it needs a link to it's customers that doesn't rely on US goodwill or Russia decides to link Europe to Asia through the artic.

There is also quite a lot the US can do to poison top level DNS since it has control of ICANN ultimately it can invalidate anyone else's registry (as it did with Iraq before GW-II)

There are 3 major carriers that control the bulk of internet traffic in the US. Years ago internet traffic was severely hampered when a turn up of Cisco routers by AT&T ended up looping. A few years before that a similar problem was caused by LDDS which had UUNET (as part of Ebber's aquisitions), started dumping traffic onto AT&T's network.

So could they cripple the internet traffic, yes, kill it, no.

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point? An assinine bill by ignorant politicians.

 

[jreelawg]

"The bill requires that U.S.-based companies such as Google and Yahoo, as well as broadband providers and software firms, comply with any and all measures that the government sees fit in an emergency."

http://newsfeed.time.com/2010/06/18/does-the-internet-need-a-kill-switch/

 

[TheStatutoryApe]

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point? An assinine bill by ignorant politicians.

I've been watching the old episodes of 24 lately. Never watched the show before. Several times in the show "hackers" found "backdoors", or what have you, into government protected systems and the government were supposedly helpless do to anything about it apparently because of the awesome uncontrolled power of the internets! I think that now that we are coming to an age where "cyber attacks" are much more likely and much more sophisticated we are perhaps seeing a bit of a rehash of the hacker hysteria of the 80s and 90s back when Kevin Mitnick had a court order placed against him having access to any electronic equipment since, according to the prosecution, he could supposedly launch a nuke from his cellphone. I doubt people are much more educated about computers now than they were then.

 

[ThomasT]

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point?

Control? TV and radio (and newspapers?) are pretty much already controlled by big business, and hence, governments. The internet is a bastion of freedom of speech. It's a means of developing popular mass movements relatively quickly, as well as a vast repository for various perspectives and accounts of objective reality that governments would prefer to 'inform and educate' their constituents about in certain ways, and so a threat to the status quo. It follows that governments would want to control it.

 

[GRB 080319B]

... for the power it would give to the president to shut down the internet in an emergency.

Strange. The entire creation and existence of the internet is predicated on the concept that it is distributed and therefore effectively invulnerable to system-wide disruption.

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen.

I imagine that the government has some level of control over the infrastructure. I'm sure that you are right though that it would be a logistical nightmare to try to accomplish it.

So could they cripple the internet traffic, yes, kill it, no.

Theoretically, couldn't the internet (of a target region) be "stopped" near-instantaneously by an http://en.wikipedia.org/wiki/Electromagnetic_pulse#Weapon_altitude"?

 

[turbo]

Can the US government kill the Internet? Probably not. Can they cripple Internet traffic? Probably, but to what effect? There would be unintended consequences that the morons in DC have never considered, nor have been briefed on by their equally clueless staffers.

 

[nismaratwork]

Having been on the wrong side of the fence, I would bet on the citizenry before the government when it comes to intranational traffic. This is just laughable, except that some lawmakers are considering this. They should sign a bill giving them super-strength and the power of unpowered flight while they're at it. :rofl:

 

[mgb_phys]

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point?

SCADA networks control just about everything from the AC in the whitehouse to electricity grid and airport radar. To save money on cabling you just connect remote units to the internet, or to the same internal lan that is also connected to the internet.
Since these are cheap dumb little micros with no security, or are protected by being on the same LAN as 1000s of Windows boxes it's pretty easy to think of a number, telnet in and type help to get the instructions to shut down major infrastructure.
It's the equivalent of hospitals having a 'turn off life support' button on the sidewalk - unfortunately the governments response is naturally to ban sidewalks!
Instead they are going to turn off internet connections to naughty countries after an attack has started - which is rather like preventing another 911 by banning direct flights from Afgahnistan.

And that's just the non-paranoid, stupidity rather than malice assumption.

 

[Proton Soup]

could it be related to this?
http://blog.washingtonpost.com/spy-talk/2010/06/new_wikileaks_massacre_video_i.html

Authorities are interested in locating Assange following reports that an Army intelligence analyst, Bradley Manning, recently transferred a huge volume of classified files to Wikileaks. Manning is now in military custody.

 

[jreelawg]

In the bill, the term cyberspace actually is defined as,

"(3) CYBERSPACE.—The term ‘‘cyberspace’’
means the interdependent network of information in-
13
frastructure, and includes the Internet, tele-
14
communications networks, computer systems, and
15
embedded processors and controllers in critical in-
16
dustries.
17"

and information infrastructure as,

"(8) INFORMATION INFRASTRUCTURE.—The
term ‘‘information infrastructure’’ means the under-
12
lying framework that information systems and assets
13
rely on to process, transmit, receive, or store infor-
14
mation electronically, including programmable elec-
15
tronic devices and communications networks and any
16
associated hardware, software, or data.
17"

http://www.opencongress.org/bill/111-s3480/text

So it seams, correct me if I'm wrong, that when they say cyberspace, they mean, everything from television, to radio, to telephones, ipads, to video cameras, memory cards, to thermostats etc.

 

[Evo]

This is a perfect example of how ignorant and irresponsible politicians can be dangerous. They are venturing into territory that they know nothing about.

The US government has a safe intranet that has no access to the public internet.


Many companies and ALL large companies have the same setup, private intranets with no access to the internet.

The difference between internet and intranet is the limitation to access. In reality, intranets are the internet, with connection limits.

 

[Proton Soup]

i think mgb_phys has the right idea here about what they are after. broad authority to take steps to limit access to any site by executive fiat.

 

[GeorginaS]

I confess to not knowing a whole bunch about how this Internets business works, but your politicians know that people other than the US have it too, right?

 

[Evo]

I confess to not knowing a whole bunch about how this Internets business works, but your politicians know that people other than the US have it too, right?

You assume too much.

 

[mheslep]

But it's not always as distributed and redundant as you would hope.
A lot of cables go through the US, even in Asia a lot of traffic involves a trip to Seattle and back.
It could be good for the fiber laying business if china decides it needs a link to it's customers that doesn't rely on US goodwill or Russia decides to link Europe to Asia through the artic.

There is also quite a lot the US can do to poison top level DNS since it has control of ICANN ultimately it can invalidate anyone else's registry (as it did with Iraq before GW-II)

Yes I would have thought it would be possible to kill all the transatlantic cables in/out of the US (at least) The idea seems to be to have some kind of response to stop foreign countries, the Chinese in particular, from executing some kind of large cyber attack in the event of a crisis or limited war.

 

[mgb_phys]

Yes I would have thought it would be possible to kill all the transatlantic cables in/out of the US (at least) The idea seems to be to have some kind of response to stop foreign countries, the Chinese in particular, from executing some kind of large cyber attack in the event of a crisis or limited war.

Or after somebody does launch a DoS attack against some infrastructure from 1000s of compromised machines in the US you can cut off international links to N. Korea and probably Cuba (or Canada depending on how well the DHS experts can spell)

May I suggest we call it "Operation shutting the stable door" ?

 

[Moonbear]

I don't know enough about this to know what they actually think they're going to shut down or not shut down, but taking it at face value, they're going to have a big wall of first amendment rights to get past before they could decide to restrict the internet to citizens considering how many media sources use the internet for publishing.

If they're concerned about their own networks, there's always the foolproof method of pulling the ethernet jack out of the computer, or taking a server or router offline if it's compromised.

Unfortunately, this is the type of topic that I don't trust the media to understand any more than I trust Congress to understand, so until I see an actual bill in writing, there's no telling what this really means.

 

[mheslep]

Or after somebody does launch a DoS attack against some infrastructure from 1000s of compromised machines in the US you can cut off international links to N. Korea and probably Cuba (or Canada depending on how well the DHS experts can spell)

May I suggest we call it "Operation shutting the stable door" ?

Yes, no doubt everyone realizes that locally compromised machines are an issue preventing an instantaneous remedy in the event of an attack, but it none the less allows a remedy by attrition (fixing/walling off infected machines) to be put in place, whereas leaving the the transnational pipes open does not. That is, the better analogy is a quarantine of the infected, not the empty barn.

I mention the above because I can see the argument for the kill switch, not because I'm persuaded by it.

 

[turbo]

Welcome to the world of unintended consequences! If international traffic was cut off from US infrastructure, there will be some surprises and some not-so-surprises. Multinational corporations (especially those who have out-sourced manufacturing, tech support, etc) would find it very difficult to cope with that, as would research organizations, universities, etc. The world is a very interconnected place thanks to the Internet and modern telecommunications. If the US government is truly concerned about the integrity of their networks, they should avoid the "fire-ax" approach and simply isolate their servers and routers so that their intranets are less accessible to attackers.

 

[DaveC426913]

...they're going to have a big wall of first amendment rights to get past before they could decide to restrict the internet to citizens considering how many media sources use the internet for publishing...

Do First Amendment Rights trump War Measures and Security in Times of National Emergency?

 

[Evo]

Do First Amendment Rights trump War Measures and Security in Times of National Emergency?

The Government won't be infected, they have a private network. Are they concerned about you and me getting infected?

I can forsee any company afraid of cyber terror to go back to good old fashion private lines, and only have a website connected to nothing with access to the public. Private lines can go anywhere in the world. That was how the original "internet" was made. No MPLS.

 

[turbo]

The government's worst threats rest in human engineering and sneaker-net. Disaffected employees on the inside are in the position to do the worst damage. We have seen in the past that some US citizens have been happy to pass classified information to foreign intelligence services, so their ability to compromise the intranets used by their offices and labs should be a focus of the security folks.

Having consulted for companies that engage in the production and distribution of electrical power, I can see how someone with access to equipment that controls parts of the grid, including load-balancing software, etc, could create a big problem. When I was a kid, I used to visit the large hydro-dam in our town, and I knew the people who worked there. Gradually, they were phased out in favor of remote controls until there was hardly anybody there anymore, apart from maintenance people.

 

[Office_Shredder]

Gradually, they were phased out in favor of remote controls until there was hardly anybody there anymore, apart from maintenance people.

And nobody bothers to do a background check on the maintenance man

(Yes, I know people do background checks on maintenance men)

EDIT TO ADD:

They should sign a bill giving them super-strength and the power of unpowered flight while they're at it. :rofl:

http://totallytruemedia.webs.com/BBCSuperpowers.htm"

 

[mheslep]

The Government won't be infected, they have a private network. Are they concerned about you and me getting infected?

They're not concerned about their private (Secret, SCI) networks regards this topic. They're concerned about the majority of the government that is on the public net, and power companies and the like - that's per a talking head on the Sunday shows yesterday.

 

[Office_Shredder]

and power companies.

This sounds like something out of the latest Die Hard... was that actually feasible?