Ruh-oh. Cybersecurity Act would give president power to 'shut down' Internet

A recently proposed but little-noticed Senate bill would allow the federal government to shut down the Internet in times of declared emergency, and enables unprecedented federal oversight of private network administration.

The bill's draft states that "the president may order a cybersecurity emergency and order the limitation or shutdown of Internet traffic" and would give the government ongoing access to "all relevant data concerning (critical infrastructure) networks without regard to any provision of law, regulation, rule, or policy restricting such access."

Authored by Democratic Sen. Jay Rockefeller of West Virginia and Republican Olympia Snowe of Maine, the Cybersecurity Act of 2009 seeks to create a Cybersecurity Czar to centralize power now held by the Pentagon, National Security Agency, Department of Commerce and the Department of Homeland Security.

While the White House has not officially endorsed the draft, it did have a hand in its language, according to The Washington Post.

Proponents of the measure stress the need to centralize cybersecurity of the private sector. "People say this is a military or intelligence concern," says Rockefeller, "but it is a lot more than that. It suddenly gets into the realm of traffic lights and rail networks and water and electricity."

http://rawstory.com/news/2008/Cybersecurity_Act_seeks_broad_powers_0413.html

The internet was designed for redundancy and resiliency from the start.

It is supposed to withstand major disruptions from nuclear strikes.

Shutting it down, is not that easy...

I know, but I can't tell you ;)

but then I would have to kill you...

:evilgrin:

If you want to, you can create a network topology which runs every request on the Internet through one master computer. Its just a really, really bad idea.

The Internet was built so that it CAN be resilient to attack, it doesn't have to be.

The hardware just does not exist.

And besides, routers are self managed and can detect and disable bad routes.

even if you could route traffic through a master computer for analysis, as soon as you tried to disrrupt the traffic you would be shunted.

Google for peering agreements.

:hi:

Do you remember the whole NSA spying scandal, where the NSA was in 1 room with backbone access at AT&T which gave them vast access? I remember running a traceroute to ping my college which was blocks away from me when I was off campus, and I noted that the request passed through Qwest offices in Denver (I am in Washington State), and finding out that this was not uncommon. The behavior of routers is not set in stone, they will reflect any policy that they are commanded to.

As soon as they try to disrupt traffic, it will re-route around them.

That's the way the internet was designed.

They can block for an hour or two tops, after that, the net will isolate and ignore them.

About being able to shut down the net. This would mean that they are mandating routers behave differently, and enforce routes they can control. And I think this is possible, but it would be a TERRIBLE thing to do for the network. I mean I used the "one computer" statement as a metaphor, (I didn't know you knew computers) but the idea is the same: placing constraints on the network that would be really, really bad for it in general.

Do we want the federal government controlling traffic lights for chrissakes?

I don't want Obama to have that much power, let alone some bush like cretin that could possibly be elected some time in the future. Would you like Sarah Palin to determine whether your water gets turned off or not?

This is a real stupid idea. What they should introduce is a bill abolishing the Department of Fatherland Security.

And the execution has been horrible since day 1. There have been no positive results to justify keeping it. It should get shut down. The agencies that went into its creation should be separated and restored.

that if you put such a mechanism in place, it won't end up being used by someone with malicious intent?

Two network structures: 1), computers connect through the shortest network route to each other, through a distributed net like structure. 2) Computers connect to each other through a distant node that can be shut down, disabling the Internet.

Scenario: Earthquakes and volcanic activity in Hawaii, major cable under the Ocean cut by seismic movement. Result of network 1: Critical communications infrastructure remains standing, people can make calls and find out if they are alright, though calls to off the island are disabled. Result of network 2: The underwater fiber connecting Hawaii with mainland US is cut, so all requests to neighbors on the island is also cut, and everybody is in the dark as to whether their friends and loved ones are alive.

This is simplistic, but there is NO way to do this without shutting off communications between neighbors.

is that they'd demand the ability for the network routers to blackhole traffic from a designated network range, it's the simplest and easiest way to implement what they propose.

But if they do so, it is only a matter of time before someone ELSE gives the command.

I mean, how far down does that go? Does it apply to routers in a company? So they can control what departments of a company talk to each other? Its either that they're talking about about putting restraints on network topology physically, saying company 1 cannot run an ethernet cord to company 2 without letting the government control it, or their talking about controlling EVERY little router. And that's where we get into what you are talking about, somebody ELSE giving the command. If the government controlled routers are diverse enough, cheap enough, and widespread enough to be in every company, everybody and their dog is going to be able to open them up and examine them to find out exactly how they are shut down.

its built right into BGP (the routing protocol that Internet uses)

In fact its regularly done for certain network ranges

would be an NSA override to force that behavior from the routers, whether the owners of said routers desired it or not.

router BGP #### (where #### is the NSA's ASN number)
network 216.158.28.199


route 216.158.28.199 0.0.0.0 any null0

----

Those 3 lines of code above blackhole DU off the Internet and directs all requests to DU directly to the NSA to boot. Takes about 30 seconds to configure on an off the shelf router and that router is then peered on a tier 1 one provider.

There's a few other nits, but thats 99% of it right there and it can be done today.

Only thing that is a missing a law that requires all ISP peers to accept NSA routes without filtering (but this would get all but the most diligent). Of course the law wouldn't need to be so specific. Just a law granting them authority would suffice instead of technical details.

Pass that law this morning, and the NSA could have the above in place by the afternoon.

The myth is the Internet is amazing resilient. Well it is unless you know how it works and have access to the guts. Then it is amazingly fragile.

http://www.popsci.com/scitech/article/2009-03/who-protects-intrnet

"Scale-Free Networks

Terremark and the other exchanges scattered across the country (Chicago, New York and Los Angeles are just a few of the other locations) are so vital because the Internet is a "scale-free network." In a scale-free network, connections are not randomly or evenly distributed. Some points have relatively few connections to other points (a single server in the basement of a small business, for example), and some points—known as hubs—have a relatively huge number of connections to other points (Terremark). This ratio of very connected hubs to less-connected points remains roughly the same no matter the network’s size (hence "scale-free"). The hubs are both a strength and a weakness. If one hub fails, the others can take up the slack. If several hubs go out of service, however, whole sections of the network can become isolated.

"The main feature of a scale-free network is that a few highly connected hubs hold the network together," says Albert-Laszlo Barabasi, director of the Center for Complex Network Research at Northeastern University, who did some of the earliest studies of scale-free networks. "If you remove one hub, the network will not fall apart; the smaller hubs will maintain it. But if you knock down a sufficient number of hubs, there will be quite a lot of damage.""

___________snip________________

Networking has always bored me a bit, so I don't know as much about the actual internet infrastructure as I probably should. I was wondering what the results would be if the US govt acquired the ability to shut down the root servers themselves. Is that truly possible, and if so what would the result be?

The root servers are operated by different organizations around the world under something of a "if you feel like it" contract to IANA.

instead of out in the streets rioting.

if a Commander in Chief feels threatened.

People can always communicate by letter and government will keep us informed and protect us.

We know our government is cozy with the Telecoms (immunity for FISA violations).

What would happen if the major Telecoms and ISPs were told to "Shut it down"?
Are there ways for private citizens to gain access without an ISP?
Seriously.