Well-intentioned plans to provide travellers waiting on London Underground platforms with Wi-Fi access could unravel without robust ways of coping with the peak loads.
The announcement that Wi-Fi access will be available at 80 stations on the London Underground created a buzz, but this connectivity could have a greater impact on Transport for London's employees than on travellers.
In 2009-2010, excess journey time averaged only 6.4 minutes according to Transport for London's Travel in London report. Those minutes, probably spent waiting in stations, may not seem a lot of time to hook up to the internet and shop, grab email, or send yet another "I'm on the Tube" tweet.
Yet in terms of digital time, 6.4 minutes is forever and may lead to some unintended consequences given the volume of people who use the Tube every day, particularly in the morning peak hours between 7am and 10am.
Because the Wi-Fi service will only be available at stations it is likely to involve bursts of access to services, as travellers attempt to grab the latest news or download their latest email to keep them occupied on the next stage of their journey. These bursts can be problematic, especially if organisations and services are unprepared.
Unintended attack profile
The Travel in London report estimates that 379,000 people use the Underground during morning peak hours — a far cry from the roughly three million daily passengers, but still a non-trivial number.
Plans for Wi-Fi on the London Underground are welcome, but the 'bursty' nature of rush-hour requests will be hard to address.
Assuming some percentage of these peak passengers will certainly be taking advantage of wireless access during their average 6.4 minutes of excess journey time there is a very real possibility that the burst of connections suddenly emanating from London Underground stations could be seen as a DDoS attack.
Consider that if even four percent of those travellers accessed the same service at the same time, those 15,000 connection attempts would rival 2010's largest DDoS attack — measured at 15,000 connections per second.
Many services simply cannot handle that kind of load at one time, potentially resulting in a loss of service, as infrastructure and applications melt down in the face of overwhelming traffic.
While individual organisations are unlikely to see this level of activity coming from the Underground, they are likely to see daily spikes in access to email or secure remote access solutions as employees take advantage of the time to prepare before they arrive at work for the day.
These bursts in demand may have the same impact as an attack because...