Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Ruh-oh. Cybersecurity Act would give president power to 'shut down' Internet

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU
 
BigBearJohn Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:03 PM
Original message
Ruh-oh. Cybersecurity Act would give president power to 'shut down' Internet
A recently proposed but little-noticed Senate bill would allow the federal government to shut down the Internet in times of declared emergency, and enables unprecedented federal oversight of private network administration.

The bill's draft states that "the president may order a cybersecurity emergency and order the limitation or shutdown of Internet traffic" and would give the government ongoing access to "all relevant data concerning (critical infrastructure) networks without regard to any provision of law, regulation, rule, or policy restricting such access."

Authored by Democratic Sen. Jay Rockefeller of West Virginia and Republican Olympia Snowe of Maine, the Cybersecurity Act of 2009 seeks to create a Cybersecurity Czar to centralize power now held by the Pentagon, National Security Agency, Department of Commerce and the Department of Homeland Security.

While the White House has not officially endorsed the draft, it did have a hand in its language, according to The Washington Post.

Proponents of the measure stress the need to centralize cybersecurity of the private sector. "People say this is a military or intelligence concern," says Rockefeller, "but it is a lot more than that. It suddenly gets into the realm of traffic lights and rail networks and water and electricity."

http://rawstory.com/news/2008/Cybersecurity_Act_seeks_b...
Printer Friendly | Permalink |  | Top
Xipe Totec Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:10 PM
Response to Original message
1. Mmm, yea, good luck with that...
The internet was designed for redundancy and resiliency from the start.

It is supposed to withstand major disruptions from nuclear strikes.

Shutting it down, is not that easy...

Printer Friendly | Permalink |  | Top
 
HughMoran Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:12 PM
Response to Reply #1
3. Yeah, unless you know where the master Off switch is
I know, but I can't tell you ;)
Printer Friendly | Permalink |  | Top
 
Xipe Totec Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:14 PM
Response to Reply #3
5. I could tell you where the master Off switch is
but then I would have to kill you...

:evilgrin:
Printer Friendly | Permalink |  | Top
 
napoleon_in_rags Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:17 PM
Response to Reply #1
6. But that design can be tampered with, and has been.
Edited on Mon Apr-13-09 10:18 PM by napoleon_in_rags
If you want to, you can create a network topology which runs every request on the Internet through one master computer. Its just a really, really bad idea.

The Internet was built so that it CAN be resilient to attack, it doesn't have to be.
Printer Friendly | Permalink |  | Top
 
Xipe Totec Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:21 PM
Response to Reply #6
8. And that master computer would have to have multi teraByte bandwidth
The hardware just does not exist.

And besides, routers are self managed and can detect and disable bad routes.

even if you could route traffic through a master computer for analysis, as soon as you tried to disrrupt the traffic you would be shunted.

Google for peering agreements.


Printer Friendly | Permalink |  | Top
 
Xipe Totec Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:25 PM
Response to Reply #8
9. Did I say TeraByte? I meant PetaByte...
:hi:
Printer Friendly | Permalink |  | Top
 
napoleon_in_rags Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:29 PM
Response to Reply #8
12. What I am talking about is real.
Do you remember the whole NSA spying scandal, where the NSA was in 1 room with backbone access at AT&T which gave them vast access? I remember running a traceroute to ping my college which was blocks away from me when I was off campus, and I noted that the request passed through Qwest offices in Denver (I am in Washington State), and finding out that this was not uncommon. The behavior of routers is not set in stone, they will reflect any policy that they are commanded to.
Printer Friendly | Permalink |  | Top
 
Xipe Totec Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:32 PM
Response to Reply #12
13. They can do it as long as they are passive
Edited on Mon Apr-13-09 10:32 PM by Xipe Totec
As soon as they try to disrupt traffic, it will re-route around them.

That's the way the internet was designed.

They can block for an hour or two tops, after that, the net will isolate and ignore them.



Printer Friendly | Permalink |  | Top
 
napoleon_in_rags Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:44 PM
Response to Reply #13
16. Right, I agree, but the scary thing is that they are having that conversation.
About being able to shut down the net. This would mean that they are mandating routers behave differently, and enforce routes they can control. And I think this is possible, but it would be a TERRIBLE thing to do for the network. I mean I used the "one computer" statement as a metaphor, (I didn't know you knew computers) but the idea is the same: placing constraints on the network that would be really, really bad for it in general.
Printer Friendly | Permalink |  | Top
 
tularetom Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:12 PM
Response to Original message
2. Rockefeller makes the best argument for why this bill should never be passed
Do we want the federal government controlling traffic lights for chrissakes?

I don't want Obama to have that much power, let alone some bush like cretin that could possibly be elected some time in the future. Would you like Sarah Palin to determine whether your water gets turned off or not?

This is a real stupid idea. What they should introduce is a bill abolishing the Department of Fatherland Security.
Printer Friendly | Permalink |  | Top
 
BuyingThyme Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:13 PM
Response to Reply #2
4. Mee to.
Printer Friendly | Permalink |  | Top
 
ThomCat Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:29 PM
Response to Reply #2
11. Exactly. The Department of Fatherland Security was a bad idea from the start.
And the execution has been horrible since day 1. There have been no positive results to justify keeping it. It should get shut down. The agencies that went into its creation should be separated and restored.
Printer Friendly | Permalink |  | Top
 
glitch Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 11:11 PM
Response to Reply #2
19. Absolutely agreed. nt
Printer Friendly | Permalink |  | Top
 
notesdev Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:18 PM
Response to Original message
7. Who's to say
that if you put such a mechanism in place, it won't end up being used by someone with malicious intent?
Printer Friendly | Permalink |  | Top
 
napoleon_in_rags Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:25 PM
Response to Reply #7
10. Exactly, the real question is HOW is this done.
Two network structures: 1), computers connect through the shortest network route to each other, through a distributed net like structure. 2) Computers connect to each other through a distant node that can be shut down, disabling the Internet.

Scenario: Earthquakes and volcanic activity in Hawaii, major cable under the Ocean cut by seismic movement. Result of network 1: Critical communications infrastructure remains standing, people can make calls and find out if they are alright, though calls to off the island are disabled. Result of network 2: The underwater fiber connecting Hawaii with mainland US is cut, so all requests to neighbors on the island is also cut, and everybody is in the dark as to whether their friends and loved ones are alive.

This is simplistic, but there is NO way to do this without shutting off communications between neighbors.
Printer Friendly | Permalink |  | Top
 
notesdev Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:42 PM
Response to Reply #10
15. I'm thinking the way it would work
is that they'd demand the ability for the network routers to blackhole traffic from a designated network range, it's the simplest and easiest way to implement what they propose.

But if they do so, it is only a matter of time before someone ELSE gives the command.
Printer Friendly | Permalink |  | Top
 
napoleon_in_rags Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:51 PM
Response to Reply #15
17. Yeah, that too is really strange.
I mean, how far down does that go? Does it apply to routers in a company? So they can control what departments of a company talk to each other? Its either that they're talking about about putting restraints on network topology physically, saying company 1 cannot run an ethernet cord to company 2 without letting the government control it, or their talking about controlling EVERY little router. And that's where we get into what you are talking about, somebody ELSE giving the command. If the government controlled routers are diverse enough, cheap enough, and widespread enough to be in every company, everybody and their dog is going to be able to open them up and examine them to find out exactly how they are shut down.
Printer Friendly | Permalink |  | Top
 
yodoobo Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 11:32 PM
Response to Reply #15
20. That capability exists now.
its built right into BGP (the routing protocol that Internet uses)

In fact its regularly done for certain network ranges
Printer Friendly | Permalink |  | Top
 
notesdev Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 01:04 AM
Response to Reply #20
22. The added capability
would be an NSA override to force that behavior from the routers, whether the owners of said routers desired it or not.
Printer Friendly | Permalink |  | Top
 
yodoobo Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 08:00 AM
Response to Reply #22
23. Yes. And it doesn't need to be added as a capability. Here's how
Edited on Tue Apr-14-09 08:11 AM by yodoobo
router BGP #### (where #### is the NSA's ASN number)
network 216.158.28.199


route 216.158.28.199 0.0.0.0 any null0

----

Those 3 lines of code above blackhole DU off the Internet and directs all requests to DU directly to the NSA to boot. Takes about 30 seconds to configure on an off the shelf router and that router is then peered on a tier 1 one provider.

There's a few other nits, but thats 99% of it right there and it can be done today.

Only thing that is a missing a law that requires all ISP peers to accept NSA routes without filtering (but this would get all but the most diligent). Of course the law wouldn't need to be so specific. Just a law granting them authority would suffice instead of technical details.

Pass that law this morning, and the NSA could have the above in place by the afternoon.

The myth is the Internet is amazing resilient. Well it is unless you know how it works and have access to the guts. Then it is amazingly fragile.


Printer Friendly | Permalink |  | Top
 
DCKit Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 10:34 PM
Response to Original message
14. I thought this interesting:


http://www.popsci.com/scitech/article/2009-03/who-prote...

"Scale-Free Networks

Terremark and the other exchanges scattered across the country (Chicago, New York and Los Angeles are just a few of the other locations) are so vital because the Internet is a "scale-free network." In a scale-free network, connections are not randomly or evenly distributed. Some points have relatively few connections to other points (a single server in the basement of a small business, for example), and some pointsknown as hubshave a relatively huge number of connections to other points (Terremark). This ratio of very connected hubs to less-connected points remains roughly the same no matter the networks size (hence "scale-free"). The hubs are both a strength and a weakness. If one hub fails, the others can take up the slack. If several hubs go out of service, however, whole sections of the network can become isolated.

"The main feature of a scale-free network is that a few highly connected hubs hold the network together," says Albert-Laszlo Barabasi, director of the Center for Complex Network Research at Northeastern University, who did some of the earliest studies of scale-free networks. "If you remove one hub, the network will not fall apart; the smaller hubs will maintain it. But if you knock down a sufficient number of hubs, there will be quite a lot of damage.""

___________snip________________
Printer Friendly | Permalink |  | Top
 
tkmorris Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 11:06 PM
Response to Original message
18. I've been thinking on this a bit
Networking has always bored me a bit, so I don't know as much about the actual internet infrastructure as I probably should. I was wondering what the results would be if the US govt acquired the ability to shut down the root servers themselves. Is that truly possible, and if so what would the result be?
Printer Friendly | Permalink |  | Top
 
jberryhill Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 09:27 AM
Response to Reply #18
25. Not all 13, no....

The root servers are operated by different organizations around the world under something of a "if you feel like it" contract to IANA.
Printer Friendly | Permalink |  | Top
 
Why Syzygy Donating Member (1000+ posts) Send PM | Profile | Ignore Mon Apr-13-09 11:55 PM
Response to Original message
21. Won't do it. It is what keeps us in our seats
instead of out in the streets rioting.
Printer Friendly | Permalink |  | Top
 
jody Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 08:02 AM
Response to Original message
24. Good way to prevent criminal terrorists from using the Internet, ban it or at least let govt ban it
if a Commander in Chief feels threatened.

People can always communicate by letter and government will keep us informed and protect us.
Printer Friendly | Permalink |  | Top
 
bvar22 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 07:21 PM
Response to Original message
26. I've always connected to the InterNet through an ISP.
We know our government is cozy with the Telecoms (immunity for FISA violations).

What would happen if the major Telecoms and ISPs were told to "Shut it down"?
Are there ways for private citizens to gain access without an ISP?
Seriously.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Fri Aug 29th 2014, 01:07 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC