Like any system, biological or man-made, the Web has the potential to fail
A major solar event could theoretically melt down the whole Internet in moments
Future cyberwarfare will target not only military and industrial targets but Internet connectivity
Almost all global Web traffic is dependent on deep-sea networks of fiber-optic cables
The Internet was designed to be robust, fault-tolerant and distributed, but its technology is still in its infancy.
The fact that the Web has not stopped functioning in its initial decades sometimes encourages us to assume that it never will. But like any system, biological or man-made, the Internet has the potential to fail.
Monday’s “DNSChanger” malware problem, which affected some 200,000 computers, was much hyped and ultimately inconsequential. But here are four maladies that really do have the potential to wipe out Internet access on a massive scale.
1. Space weather
When you think about Web surfing, you probably don’t worry about what’s happening on the surface of the sun 92 million miles away. But you should. Solar flares are one of our most serious threats for our communication systems.
Consider satellite failures. One afternoon in 1998, the Galaxy IV, a $250 million satellite floating 35,000 kilometers above the planet, suddenly spun out of control. The main suspect is a solar flare: the sun was acting up at that time, and several other satellites (owned by Germany, Japan, NASA and Motorola) all failed at the same moment.
The effects were instant and worldwide. Eighty percent of pagers instantly went down. Physicians, managers and drug dealers all across the United States looked down and realized they were no longer receiving pages. NPR, CBS, Direct PC Internet and dozens of other services went down. It is estimated that in recent years at least 12 satellites have been lost due to the effects of space weather.
But it’s not just satellites that we have to worry about. When a massive solar flare erupts on the sun, it can cause geomagnetic storms on the Earth. The largest solar eruption recorded so far was in 1859. Known as the Carrington flare, it sent telegraph wires across Europe and America into a sparking frenzy.
Since that time, the technology blanketing the planet has changed quite a bit. If we were to get another solar flare of that size now, what would happen? The answer is clear to space physicists and electrical engineers: it would blow out transformers and melt down our computer systems. In a small disruption in 1989, an electromagnetic storm arrested power throughout most of Quebec and halted the Toronto stock market for three hours.
A major solar event could theoretically melt down the whole Internet. What earthquakes, bombs, and terrorism cannot do might be accomplished in moments by a solar corona.
Given our dependence on the communication systems of our planet, both satellite- and ground-based, this is not simply a theoretical worry. The next major geomagnetic storms are expected at the peak of the next solar sunspot cycle in mid-2013, so hang on tight.
Wars of the future will be fought less by rugged soldiers in the field and more by smart kids perched in front of computers slamming energy drinks. As our dependence shifts onto the Net, so do our vulnerabilities.
This future can already be detected in the tight relationship between corporeal conflicts and cyber attacks. When one examines the physical conflicts between India and Pakistan, the Israelis and Palestinians or the parties in the collapse of Yugoslavia, the escalation of real-world violence is immediately mirrored by cyber-space warfare.
The main targets in cyberwar are largely military targets, but increasingly large multinational corporations serve just as well. Take one of them down, even temporarily, and you have done more damage to the economy of your enemy than scores of soldier deaths.
Since the beginning of the computer era, the 1960s, there have been computer viruses: programs that latch onto a host system to reproduce themselves and send out new copies. Just as in biology, as computers have evolved in sophistication, so have viruses co-evolved. And the cousins to the viruses, worms, do not even need a host system but can multiply themselves over networks.
Given the defenses in place, are these parasites only a minor theoretical concern? No. Consider the Stuxnet worm that raised its head in 2010. This worm zigzagged its way into Iranian industrial systems, reprogrammed them, hid its tracks and wrecked the factory operations. Seemingly coming from nowhere, Stuxnet introduced itself as a destructive, unstoppable herald of what’s to come.
It will surprise no one that cyberwarfare of the future will involve targeting not only military and industrial targets but Internet connectivity for the general population. If you want to take down your enemy, start by shredding his Net.
3. Political mandate
In the face of the 2010 post-election riots in Iran, the government there shut down the Internet for 45 minutes, presumably to set up filtering of YouTube, Twitter and other sites. Egypt did the same during its revolution of early 2011. China is actively pursuing the capability to shut down its own Internet this way.
But it’s not just countries like Iran and China that think about this kind of control over the Web. On June 24, 2010, a Homeland Security committee in the U.S. Senate approved a bill giving the president authority to wield an “Internet kill switch.” The bill, Protecting Cyberspace as a National Asset Act (PCNAA), proposed to give the president “emergency authority to shut down private sector or government networks in the event of a cyber attack capable of causing massive damage or loss of life.”
The “kill switch” provision was removed from the version of the cybersecurity bill that’s before the current Congress.
It’s probably just as well. Almost unanimously, Internet security analysts feel that shutting down the Web would inevitably do more harm than good, given our predicted level of dependency on it in time of war for news, communication with loved ones and crisis information aggregation.
Security guru Bruce Schneier identifies at least 3 problems with the shutdown idea. First, the hope of building an electronic line of fortifications is flawed because there will always be hundreds of ways for enemies to get around it. No nation or legal decree can plug all the holes.
The second major problem is that we will be entirely unable to predict the effects of such an attempted shutdown. As Schneier puts it: “The Internet is the most complex machine mankind has ever built and shutting down portions of it would have all sorts of unforeseen ancillary effects.”
The third major problem is the security hole it exposes. Once a domestic Internet kill switch has been built, why would a cyberattacker concentrate his efforts on anything else?
Given that the number of people who could use the Internet for good in a crisis situation will presumably outnumber the bad guys, it is probably best to not cut off our heavy dependence on the Web just as things are going bad. Given that a recent survey by Unisys found 61% of Americans approve of the Internet kill-switch concept, this issue will require constant vigilance.
Tell your congressmen: Back away from the switch, slowly.
4. Cable cutting
Although satellites are used for some Internet traffic, more than 99 percent of global Web traffic is dependent on deep-sea networks of fiber-optic cables that blanket the ocean floor like a nervous system. These are a major physical target in wars, especially at special choke-points in the system. And this is not simply a theoretical prediction, the underwater battles are well underway.
As much as three-fourths of the international communications between the Middle East and Europe have been carried by two undersea cables: SeaMeWe-4 and FLAG Telecom’s FLAG Europe-Asia cable. On January 30, 2008, both of these cables were cut, severely disrupting Internet and telephone traffic from India to Egypt.
It is still not clear how the cables were cut, or by whom. And for that matter, it is not clear how many cables were cut: some news reports suggest that there were at least eight. Initial speculations proposed that the cuts came from a ship anchor, but a video analysis soon revealed there were no ships in that region from 12 hours before until 12 hours after the slice.
Those cables were only the beginning. A few days later, on February 1, 2008, an undersea FLAG Falcon cable in the Persian Gulf was cut 55 miles off the coast of Dubai. On February 3rd, a cable between the United Arab Emirates and Qatar was cut. On February 4th, the Khaleej Times reported that not only these cables, but also two more, a Persian Gulf cable near Iran, and a SeaMeWe4 cable off the coast of Malaysia.
These cuts led to widespread outages of the Internet, especially in Iran. Suspicions that this reflected underwater sabotage derived in no small part from the geographical pattern: almost all the cables were cut in Middle Eastern waters near Muslim nations. Who might have done it? No one knows. But it is known that the U.S. Navy has deployed undersea special operations for decades. In Operation Ivy Bells, for example, Navy divers appear to have swum from submarines to tap an undersea cable in the Kuril Islands.
Whatever the truth behind the incident, we see that if a government or organization wants badly enough to sabotage the telecommunications across a wide swath, it is possible. New deep-sea cables are urgently needed to protect the global economy because businesses worldwide are vulnerable to the targeting of “choke points” in underwater communications.
Whether by terrorists, governments or cyber-pirates, these weak points in the chain should be keeping us all up at night.
What to do about it
The Global Seed Vault in Svalbard (a small island in the Arctic) is a secure bank for the future of the world. It holds duplicate samples – that is, spare copies – of seeds held in gene banks worldwide. The seed vault provides insurance in the event of large-scale regional or global crises.
If a nuclear winter, say, were to wipe out all the crops on the planet, future generations could reboot the agricultural system by hoofing it out to Svalbard.
I propose that we need to have a similar backup security plan for the human knowledge that underlies the Internet.
I’m not suggesting something like the Way Back Machine, which takes snapshots of websites through time. I’m instead talking about simple instructions, burned onto physical media, for how to generate electricity, how to build a computer, how to build a router and how to reconstitute the Internet from basic principles.
The Web appears to be the single most important technology that has ever been invented. We have been the generation lucky enough to witness its inception, and we are now the ones responsible for its protection.
The opinions expressed in this commentary are solely those of David Eagleman.