Vulnerbilities of Interconnection

The question is what if someone was gunning for your fiber. To date
cuts have been unintentional. Obviously the risk level is much higher
doing a phyisical attack, but the bad guys in this scenario are not
teenage hackers in the parents basement.

There is a good foundation of knowledge on the implications of cyber
attacks, but the what-if of an intentional physical attack is an
important question I believe. The context in this discussion has been
very valuable and many thanks to everyone that has offered opinions.

In our open western society a determined group of people can cause a lot
of problems if they just want to. Most fiber and electrical connections
are very easy to hit because either they are very visable (power lines) or
they go along few stretches of way (usually along train rails or roads).
Getting information where the infrastructure is located is not very hard,
especially if you're in the industry already.

I don't know about the US, but cutting Sweden in half power- and
fiber-wise would involve 1-2 weeks of work for 2-3 people with explosives.
This would cause huge problems, especially with telecommunications.

I would guess that the situation is the same in the US, there aren't that
many different east/west fiberstretches that you need to cut to generate a
lot of problems for everybody. Imagine all the problems caused by backhoes
and extrapolate this into something done by someone actually wanting to
cause as much trouble as possible.

It's not easy to do anything about this, our society is based on
cooperation, law and order. If this starts to break down we're all very
vulnerable.

Think about it:

- how many fiber paths are there that cross the deserts or mountains
  between the densely populated areas in the US?
- how hard would it be to take out enough so the remaining phone and IP
  capacity gets massively congested?
- how hard would it be to slow down repair efforts?

Safeguarding an interconnect location is a lot easier than safeguarding a
cross-continental fiber.

And generally, when a pure interconnect location goes down, the impact is
farly minimal: usually only mild congestion for some destinations. Just
the networks that were stupid enough to have their transit run through the
exchange location have a real problem. (And some people are cheap enough
to do this.) The real problems start when the problem is bigger and
colocation facilities go down. Then authentication services can get wiped
out which hurts entire classes of users.

Engineering an IP network that can survive partial outages isn't all that
hard. Finding someone to pay for it all is harder. But engineering
services that store large amounts of data that can survive partial outages
isn't an easy thing to do.

:The question is what if someone was gunning for your fiber. To date
:cuts have been unintentional. Obviously the risk level is much higher
:doing a phyisical attack, but the bad guys in this scenario are not
:teenage hackers in the parents basement.

This happened recently in Quebec where there is a labour
dispute with Videotron and one of the unions representing its workers.
The dispute has been exaserbated by the sabotage of the companies fiber
lines.

Now, while this may affect Videotrons bottom line, it only becomes a
critical infrastructure issue when it becomes a Hydro Quebec issue,
or it interferes with the provinces ability to deliver services.

Honestly, if a few million people can't get their porn streams, the
world isn't going to end. If 911 operators, or ambulance services
can't direct emergency crews for 10 people, then you have a serious
problem.

:There is a good foundation of knowledge on the implications of cyber
:attacks, but the what-if of an intentional physical attack is an
:important question I believe. The context in this discussion has been
:very valuable and many thanks to everyone that has offered opinions.

The What-If questions have to be sorted from a particular view, and
it will be the legislators view which will ultimately matter. You
can bluesky, whiteboard, game and scheme all you like, but there are
only a few opinions that matter when it comes to deciding what
is of importance to national security, and until we hear from them,
we can be as paranoid and imaginative as we want, and it won't help
the infrastructure become more secure.

So, as for Nasdaq, vs Google, vs the GSA vs Agriculture vs CNN,
until we have the correct order in which to place these entities,
we can't provide a useful or accurate model of how vulnerable the
infrastructure is.

You mentioned that you thought Nasdaq would be the most important
asset to protect, but what happens if some Internet
traders on AOL can't make their trades because of a fiber cut, vs
not being able to get their infotainment from CNN, vs weather
and crop data data not getting to farmers on time. It's a relative
and ultimately political discussion.

Quick summary for those not familiar with this story
http://therecord.com/business/technology/z083017A.html

Its an interesting to contemplate how this event was presented in the media and perceived by the public at large. Consider the end result in the above story and consider two different motives. a) Angry union or union sympathizers cut fibre optic lines to put pressure on company, or corporate strike busters cut cable to make union look bad.... vs. b) International terrorists cut fibre optic lines....

With a) its a filler news item to be displaced by Shark Attacks and Gary Condit. b) Two words: media frenzy. Same end result, but two totally different reactions because of who the terrorists are/were...

How about network operators ? Would you be any more or less pissed and react differently at the motives as to why someone attacked your network ? On a day to day basis, I see far more attacks from the "usual suspects" than from anything media frenzy worthy. I mean, how many code red and MS-SQL worm attacks do you see on a day to day basis.... Its so much, that I explain to customers its like cosmic background radiation when they turn on their firewalls for the first time and see connect attempts to port 1433 from international IP addresses

         ---Mike

:How about network operators ? Would you be any more or less pissed and
:react differently at the motives as to why someone attacked your network
:?

To a network technician, it doesn't matter whether it's terrorists or cow
tipping teenagers causing outages, as the depth of analysis required to
fix the problem doesn't involve speculating about the identities and
motives of the perpetrators.

Even as a network operator, you have to respond to incidents based on
what you can do about them, which with a few exceptions, is seperate
from who caused the incident, or why they did it.

The "Why's" of network outages have more to do with "why didn't it
fail over and how can be make sure it does next time?", than "are
cow tipping terrorists rampaging through my network?".

There is a human tendency to react to situations using
information from the very edge of our knowledge and understanding,
("It must be something to do with superstrings! Just let me do some
reasearch and I'll get back to you about the *real* cause of these
network problems..") and this is something we have to take into
account when working on problems so we don't get sidetracked from
solving the problem at hand.

Cheers,

Actually, it does. If it's a cable cut caused by a backhoe or a cow-tipping
teenager, I can probably safely send out a tech with a splicing kit. If
it's a terrorist attack, I may want to think for a bit whether I can re-route
around it and let authorities secure the area before I even THINK of sending
in a tech with a splicing kit.

It's the rare backhoe or bovine that presents a threat of boobytraps,
chemical/biological weapons, snipers, etc....

It does matter. A cow might fall over and break a line card, but a savvy
attacker could give you a linecard that kills chassis such that they make
linecards that kill chassis.. When every piece of gear you have in a
reagon is dead due to poor failure containment, you'll be wishing you had
only suffered a chance failure.