News Internet Kill Switch: Addressing Cyber Threats or Expanding Federal Power?

[jreelawg]

A bill is being introduced in the U.S. Congress aimed at addressing Cyber threats. The bill, dubbed, "Protecting Cyber Space as a National Asset" or PCNAA, gives authority to the executive branch over the internet. A popular tag for this bill, is the "Internet Kill Switch", for the power it would give to the president to shut down the internet in an emergency.

Obviously this is going to cause controversy. Perhaps may be seen as a large expanse of federal power.

My thoughts are that, there are probably always cyber security attacks every day. What is to stop the powers granted under this pretense from being abused?

Any thoughts on this bill?

http://newsfeed.time.com/2010/06/18/does-the-internet-need-a-kill-switch/

http://www.opencongress.org/bill/111-s3480/text

 

[DaveC426913]

Strange. The entire creation and existence of the internet is predicated on the concept that it is distributed and therefore effectively invulnerable to system-wide disruption.

I guess DARPA built it too well, and now realize they have created a monster that can double back on itself and bite them.

 

[Evo]

A bill is being introduced in the U.S. Congress aimed at addressing Cyber threats. The bill, dubbed, "Protecting Cyber Space as a National Asset" or PCNAA, gives authority to the executive branch over the internet. A popular tag for this bill, is the "Internet Kill Switch", for the power it would give to the president to shut down the internet in an emergency.

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

I guess DARPA built it too well, and now realize they have created a monster that can double back on itself and bite them.

Uhm, no.

 

[rootX]

That reminds me of recent US-China crisis over google ... I have not read the news but all the content looks like full of BS.

 

[ThomasT]

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

While I don't know enough to doubt that what you're saying is true (especially the last sentence), it's nevertheless kind of scary that people like Lieberman are proposing this sort of thing, and that it will therefore get a lot of attention, and therefore actually be considered as a viable option by who knows how many people who just can't seem to get enough 'protection'. Isn't he due to retire?

 

[mgb_phys]

They need to change the warning on cartoons - this program is not suitable for elected officials, voter discretion is advised.

http://www.keineintritt.com/wp-content/uploads/screen-grabs-linksys-internet.jpg

 

[Evo]

While I don't know enough to doubt that what you're saying is true (especially the last sentence), it's nevertheless kind of scary that people like Lieberman are proposing this sort of thing, and that it will therefore get a lot of attention, and therefore actually be considered as a viable option by who knows how many people who just can't seem to get enough 'protection'. Isn't he due to retire?

It's not possible, that's not how the internet works.

My specialty is the internet. I work for one of the largest backbone providers in the country, and worked for 27 years for the one that invented it with the US Government. I sell backbone access to ISP's.

 

[TheStatutoryApe]

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

I imagine that the government has some level of control over the infrastructure. I'm sure that you are right though that it would be a logistical nightmare to try to accomplish it. Some people have been watching too much 24 I think.

 

[mgb_phys]

It's not possible, that's not how the internet works.

But it's not always as distributed and redundant as you would hope.
A lot of cables go through the US, even in Asia a lot of traffic involves a trip to Seattle and back.
It could be good for the fiber laying business if china decides it needs a link to it's customers that doesn't rely on US goodwill or Russia decides to link Europe to Asia through the artic.

There is also quite a lot the US can do to poison top level DNS since it has control of ICANN ultimately it can invalidate anyone else's registry (as it did with Iraq before GW-II)

 

[jreelawg]

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen. You might be able to talk a few companies into it, but you will never get everyone to. The government does not control thousands of individually owned companies. It's a bit more complicated when you get into peering points, but the bulk of traffic no longer goes through the NAPs. In other words, politicians do not know what they are talking about.

Uhm, no.

They don't control thousands of individually owned companies, and that is the point of the bill.

Protecting the Internet as a National Asset Act. The penalty for non-compliance would be a fine.

 

[Evo]

But it's not always as distributed and redundant as you would hope.
A lot of cables go through the US, even in Asia a lot of traffic involves a trip to Seattle and back.
It could be good for the fiber laying business if china decides it needs a link to it's customers that doesn't rely on US goodwill or Russia decides to link Europe to Asia through the artic.

There is also quite a lot the US can do to poison top level DNS since it has control of ICANN ultimately it can invalidate anyone else's registry (as it did with Iraq before GW-II)

There are 3 major carriers that control the bulk of internet traffic in the US. Years ago internet traffic was severely hampered when a turn up of Cisco routers by AT&T ended up looping. A few years before that a similar problem was caused by LDDS which had UUNET (as part of Ebber's aquisitions), started dumping traffic onto AT&T's network.

So could they cripple the internet traffic, yes, kill it, no.

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point? An assinine bill by ignorant politicians.

 

[jreelawg]

"The bill requires that U.S.-based companies such as Google and Yahoo, as well as broadband providers and software firms, comply with any and all measures that the government sees fit in an emergency."

http://newsfeed.time.com/2010/06/18/does-the-internet-need-a-kill-switch/

 

[TheStatutoryApe]

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point? An assinine bill by ignorant politicians.

I've been watching the old episodes of 24 lately. Never watched the show before. Several times in the show "hackers" found "backdoors", or what have you, into government protected systems and the government were supposedly helpless do to anything about it apparently because of the awesome uncontrolled power of the internets! I think that now that we are coming to an age where "cyber attacks" are much more likely and much more sophisticated we are perhaps seeing a bit of a rehash of the hacker hysteria of the 80s and 90s back when Kevin Mitnick had a court order placed against him having access to any electronic equipment since, according to the prosecution, he could supposedly launch a nuke from his cellphone. I doubt people are much more educated about computers now than they were then.

 

[ThomasT]

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point?

Control? TV and radio (and newspapers?) are pretty much already controlled by big business, and hence, governments. The internet is a bastion of freedom of speech. It's a means of developing popular mass movements relatively quickly, as well as a vast repository for various perspectives and accounts of objective reality that governments would prefer to 'inform and educate' their constituents about in certain ways, and so a threat to the status quo. It follows that governments would want to control it.

 

[GRB 080319B]

... for the power it would give to the president to shut down the internet in an emergency.

Strange. The entire creation and existence of the internet is predicated on the concept that it is distributed and therefore effectively invulnerable to system-wide disruption.

Shut down the internet? The "internet" is not a physical "thing". It is thousands of private *agreements* between thousands of companies in the US alone. Shutting down the internet would be comparable to stopping traffic on roads, public and private. It ain't going to happen.

I imagine that the government has some level of control over the infrastructure. I'm sure that you are right though that it would be a logistical nightmare to try to accomplish it.

So could they cripple the internet traffic, yes, kill it, no.

Theoretically, couldn't the internet (of a target region) be "stopped" near-instantaneously by an http://en.wikipedia.org/wiki/Electromagnetic_pulse#Weapon_altitude"?

 

[turbo]

Can the US government kill the Internet? Probably not. Can they cripple Internet traffic? Probably, but to what effect? There would be unintended consequences that the morons in DC have never considered, nor have been briefed on by their equally clueless staffers.

 

[nismaratwork]

Having been on the wrong side of the fence, I would bet on the citizenry before the government when it comes to intranational traffic. This is just laughable, except that some lawmakers are considering this. They should sign a bill giving them super-strength and the power of unpowered flight while they're at it.

 

[mgb_phys]

I really do not get why they would need to kill the internet. Are they going to kill all tv and radio? What's the point?

SCADA networks control just about everything from the AC in the whitehouse to electricity grid and airport radar. To save money on cabling you just connect remote units to the internet, or to the same internal lan that is also connected to the internet.
Since these are cheap dumb little micros with no security, or are protected by being on the same LAN as 1000s of Windows boxes it's pretty easy to think of a number, telnet in and type help to get the instructions to shut down major infrastructure.
It's the equivalent of hospitals having a 'turn off life support' button on the sidewalk - unfortunately the governments response is naturally to ban sidewalks!
Instead they are going to turn off internet connections to naughty countries after an attack has started - which is rather like preventing another 911 by banning direct flights from Afgahnistan.

And that's just the non-paranoid, stupidity rather than malice assumption.

 

[Proton Soup]

could it be related to this?
http://blog.washingtonpost.com/spy-talk/2010/06/new_wikileaks_massacre_video_i.html

Authorities are interested in locating Assange following reports that an Army intelligence analyst, Bradley Manning, recently transferred a huge volume of classified files to Wikileaks. Manning is now in military custody.

 

[jreelawg]

In the bill, the term cyberspace actually is defined as,

"(3) CYBERSPACE.—The term ‘‘cyberspace’’
means the interdependent network of information in-
13
frastructure, and includes the Internet, tele-
14
communications networks, computer systems, and
15
embedded processors and controllers in critical in-
16
dustries.
17"

and information infrastructure as,

"(8) INFORMATION INFRASTRUCTURE.—The
term ‘‘information infrastructure’’ means the under-
12
lying framework that information systems and assets
13
rely on to process, transmit, receive, or store infor-
14
mation electronically, including programmable elec-
15
tronic devices and communications networks and any
16
associated hardware, software, or data.
17"

http://www.opencongress.org/bill/111-s3480/text

So it seams, correct me if I'm wrong, that when they say cyberspace, they mean, everything from television, to radio, to telephones, ipads, to video cameras, memory cards, to thermostats etc.

 

[Evo]

This is a perfect example of how ignorant and irresponsible politicians can be dangerous. They are venturing into territory that they know nothing about.

The US government has a safe intranet that has no access to the public internet.


Many companies and ALL large companies have the same setup, private intranets with no access to the internet.

The difference between internet and intranet is the limitation to access. In reality, intranets are the internet, with connection limits.

 

[Proton Soup]

i think mgb_phys has the right idea here about what they are after. broad authority to take steps to limit access to any site by executive fiat.

 

[GeorginaS]

I confess to not knowing a whole bunch about how this Internets business works, but your politicians know that people other than the US have it too, right?

 

[Evo]

I confess to not knowing a whole bunch about how this Internets business works, but your politicians know that people other than the US have it too, right?

You assume too much.

 

[mheslep]

But it's not always as distributed and redundant as you would hope.
A lot of cables go through the US, even in Asia a lot of traffic involves a trip to Seattle and back.
It could be good for the fiber laying business if china decides it needs a link to it's customers that doesn't rely on US goodwill or Russia decides to link Europe to Asia through the artic.

There is also quite a lot the US can do to poison top level DNS since it has control of ICANN ultimately it can invalidate anyone else's registry (as it did with Iraq before GW-II)

Yes I would have thought it would be possible to kill all the transatlantic cables in/out of the US (at least) The idea seems to be to have some kind of response to stop foreign countries, the Chinese in particular, from executing some kind of large cyber attack in the event of a crisis or limited war.

 

[mgb_phys]

Yes I would have thought it would be possible to kill all the transatlantic cables in/out of the US (at least) The idea seems to be to have some kind of response to stop foreign countries, the Chinese in particular, from executing some kind of large cyber attack in the event of a crisis or limited war.

Or after somebody does launch a DoS attack against some infrastructure from 1000s of compromised machines in the US you can cut off international links to N. Korea and probably Cuba (or Canada depending on how well the DHS experts can spell)

May I suggest we call it "Operation shutting the stable door" ?

 

[Moonbear]

I don't know enough about this to know what they actually think they're going to shut down or not shut down, but taking it at face value, they're going to have a big wall of first amendment rights to get past before they could decide to restrict the internet to citizens considering how many media sources use the internet for publishing.

If they're concerned about their own networks, there's always the foolproof method of pulling the ethernet jack out of the computer, or taking a server or router offline if it's compromised.

Unfortunately, this is the type of topic that I don't trust the media to understand any more than I trust Congress to understand, so until I see an actual bill in writing, there's no telling what this really means.

 

[mheslep]

Or after somebody does launch a DoS attack against some infrastructure from 1000s of compromised machines in the US you can cut off international links to N. Korea and probably Cuba (or Canada depending on how well the DHS experts can spell)

May I suggest we call it "Operation shutting the stable door" ?

Yes, no doubt everyone realizes that locally compromised machines are an issue preventing an instantaneous remedy in the event of an attack, but it none the less allows a remedy by attrition (fixing/walling off infected machines) to be put in place, whereas leaving the the transnational pipes open does not. That is, the better analogy is a quarantine of the infected, not the empty barn.

I mention the above because I can see the argument for the kill switch, not because I'm persuaded by it.

 

[turbo]

Welcome to the world of unintended consequences! If international traffic was cut off from US infrastructure, there will be some surprises and some not-so-surprises. Multinational corporations (especially those who have out-sourced manufacturing, tech support, etc) would find it very difficult to cope with that, as would research organizations, universities, etc. The world is a very interconnected place thanks to the Internet and modern telecommunications. If the US government is truly concerned about the integrity of their networks, they should avoid the "fire-ax" approach and simply isolate their servers and routers so that their intranets are less accessible to attackers.

 

[DaveC426913]

...they're going to have a big wall of first amendment rights to get past before they could decide to restrict the internet to citizens considering how many media sources use the internet for publishing...

Do First Amendment Rights trump War Measures and Security in Times of National Emergency?

 

[Evo]

Do First Amendment Rights trump War Measures and Security in Times of National Emergency?

The Government won't be infected, they have a private network. Are they concerned about you and me getting infected?

I can forsee any company afraid of cyber terror to go back to good old fashion private lines, and only have a website connected to nothing with access to the public. Private lines can go anywhere in the world. That was how the original "internet" was made. No MPLS.

 

[turbo]

The government's worst threats rest in human engineering and sneaker-net. Disaffected employees on the inside are in the position to do the worst damage. We have seen in the past that some US citizens have been happy to pass classified information to foreign intelligence services, so their ability to compromise the intranets used by their offices and labs should be a focus of the security folks.

Having consulted for companies that engage in the production and distribution of electrical power, I can see how someone with access to equipment that controls parts of the grid, including load-balancing software, etc, could create a big problem. When I was a kid, I used to visit the large hydro-dam in our town, and I knew the people who worked there. Gradually, they were phased out in favor of remote controls until there was hardly anybody there anymore, apart from maintenance people.

 

[Office_Shredder]

Gradually, they were phased out in favor of remote controls until there was hardly anybody there anymore, apart from maintenance people.

And nobody bothers to do a background check on the maintenance man

(Yes, I know people do background checks on maintenance men)

EDIT TO ADD:

They should sign a bill giving them super-strength and the power of unpowered flight while they're at it.

http://totallytruemedia.webs.com/BBCSuperpowers.htm"

 

[mheslep]

The Government won't be infected, they have a private network. Are they concerned about you and me getting infected?

They're not concerned about their private (Secret, SCI) networks regards this topic. They're concerned about the majority of the government that is on the public net, and power companies and the like - that's per a talking head on the Sunday shows yesterday.

 

[Office_Shredder]

and power companies.

This sounds like something out of the latest Die Hard... was that actually feasible?

 

[jreelawg]

To me it seams like they are concerned mainly about 2 things. The first, is getting a control on leaked classified information, and preventing classified information from being disseminated, the second, critical infrastructure of the country including things like utilities, financial services, stock market, etc. So yes, I think they are concerned about more than just government lines. Things included in the discussion as an intent of the bill, is to have a regulatory agency which regulates the private cyberspace industry, including things like requiring certain security protection. The bill goes into detail about enforcing preventative measures. Basically it boils down to protecting information as a nation asset, on all levels.

The thing which isn't clear, as the language may not be specific enough, and authorizes such wide reaching power, is, can this power be used to censor the internet, and restrict certain information.

You can see how this can come into play, when you look at things like the recent Iranian protesting, where both sides, seamed to have relied on things like youtube, and twitter.

I imagine they might wish to make sure that site like youtube for instance are a U.S. asset as opposed to the enemy's as well.

I wonder from the language of the bill, if the above would be authorized. If so, would this mean that a privately ran website based in the U.S. could be legally forced to participate in propaganda, or maybe at least forced to participate in preventing the efficiency of enemy propaganda?

And if all this is so, does this apply to all forms of communication as defined in the bill, and where is the line drawn at?

 

[turbo]

Hard to tell, jreelawg. "Communications" is an awfully slippery word in these times.

 

[turbo]

I should add to a previous post, the prolification of very compact data-storage devices, including thumb drives and super-tiny memory cards can make it very easy to slip mal-ware into otherwise well-isolated intranets. If I was an IT/security guy at a sensitive facility, I would do my best to centralize computing capacity, so users had dumb terminals, seriously reduce the numbers of unsecured stand-alone computers, and make sure that users had no access to USB ports on the network. Tiny memory cards can carry more code than whole hard drives less than a decade ago.

 

[nismaratwork]

And nobody bothers to do a background check on the maintenance man

(Yes, I know people do background checks on maintenance men)

EDIT TO ADD:


http://totallytruemedia.webs.com/BBCSuperpowers.htm"

Wow, well, I'm going to dry heave for a while, thanks for the link! *dies a little inside*

 

[mgb_phys]

critical infrastructure of the country including things like utilities, financial services, stock market, etc. So yes, I think they are concerned about more than just government lines. ... Basically it boils down to protecting information as a nation asset, on all levels.

So given a choice of requiring certain levels of security, which would great a market demand for improved security in Windows and applications which benefits everyone - and simply voting themselves more powers and harsher sentences for 'hackers' which will they pick.

There was a similar story a couple of years ago - on the same day they announced funding for research into a new improved GPS that couldn't be jammed by terrorists, because so many people rely on GPS it would cause chaos.
And that a whole new set of government agencies from the CIA to the Whitehouse librarians bridge club would have the power to shut down GPS in the US in the event of a terrorist attack.

 

[hagopbul]

what is the emergency that need to cut internet communications ?

only in the us or in the world

 

[CAC1001]

What do you guys think of Net Neutrality? On the one hand, I can see the argument about not wanting big cable companies to control the flow of traffic on the Internet, on the other hand, I can also see the argument that creating government regulation of the Internet to "increase fairness" could result in the exact opposite (as regulations can end up doing this).

 

[CAC1001]

This is a perfect example of how ignorant and irresponsible politicians can be dangerous. They are venturing into territory that they know nothing about.

The US government has a safe intranet that has no access to the public internet.

Could it be more that they are responsible, but ignorant...? What I mean is if a politician thinks the government should have some kind of emergency controls for the Internet in case of some kind of national security threat, they might view it as irresponsible not to have anything in place...?

But their ignorance keeps them from understanding how the Internet really works?

 

[jreelawg]

Could it be more that they are responsible, but ignorant...? What I mean is if a politician thinks the government should have some kind of emergency controls for the Internet in case of some kind of national security threat, they might view it as irresponsible not to have anything in place...?

But their ignorance keeps them from understanding how the Internet really works?

Maybe they aren't ignorant, just irresponsible.

 

[nismaratwork]

This is a perfect example of how ignorant and irresponsible politicians can be dangerous. They are venturing into territory that they know nothing about...

That is essentially their job 24/7, as they are generally not qualified to do much more than hold office and run for office. This is why advisers are so crucial, and apparently asleep at the wheel.

 

[ibnsos]

Could it be more that they are responsible, but ignorant...? What I mean is if a politician thinks the government should have some kind of emergency controls for the Internet in case of some kind of national security threat, they might view it as irresponsible not to have anything in place...?

But their ignorance keeps them from understanding how the Internet really works?

If someone remains willfully ignorant about a subject, but proceeds to regulate said subject, how is that not irresponsible?

Would you say a judge that failed to learn any laws beyond his school days was responsible or irresponsible? How bout after he just sentenced you to prison from said ignorance?

 

[nismaratwork]

If someone remains willfully ignorant about a subject, but proceeds to regulate said subject, how is that not irresponsible?

Would you say a judge that failed to learn any laws beyond his school days was responsible or irresponsible? How bout after he just sentenced you to prison from said ignorance?

I think that is both irresponsible, and should be criminal as well.

 

[edward]

Some of you guys need to get serious about a form of national electronic defence that we can live with.

http://www.cnn.com/2009/US/04/21/pentagon.hacked/index.html

The local government closes off streets every time it rains, yet someone thinks that as a nation we are all electronically fine and dandy.

Ironically the first thing a foreign entity may want to do is to shut down our communications.

 

[mgb_phys]

Ironically the first thing a foreign entity may want to do is to shut down our communications.

And now all they have to do is tweet a threat and the government will shut down the internet for them!

 

[Proton Soup]

Some of you guys need to get serious about a form of national electronic defence that we can live with.

http://www.cnn.com/2009/US/04/21/pentagon.hacked/index.html

The local government closes off streets every time it rains, yet someone thinks that as a nation we are all electronically fine and dandy.

Ironically the first thing a foreign entity may want to do is to shut down our communications.

that is really a matter of the data shouldn't have been sitting out there for anyone to access in the first place. but you know Congress, they don't like to pay for anything. end result? we got exactly the sort of data security we paid for.