The overlooked risk to the internet

The overlooked risk to the internet

Summary: While security pros and academics disagree about what poses the biggest threat to data, they are both blasé about physical network attacks, says researcher Andreas Mauthe

SHARE:
TOPICS: Security
2

Large-scale malicious campaigns by LulzSec, nation states and fraud gangs have underlined the risk to networks, as groups turn to online attacks for political, campaigning or criminal ends.

The typical methods used in these attacks rely either on social engineering, where attempts are made to dupe users into divulging information, or on network penetration, which use denial-of-service attempts and other approaches to get into service and application infrastructures.

However, there is also a risk from weaknesses in the physical infrastructure — such as cables — that underlie the internet, according to Andreas Mauthe, a senior lecturer at Lancaster University.

Mauthe, along with academics from the University of Ulster and ITT Madras, is conducting a study into the attitude of security professionals to different threats to data. The research group questioned chief information security officers at network operators, Cabinet Office employees and others to get a picture of how they view threats. Mauthe talked to ZDNet UK to discuss the initial findings of the study.

Q. When you questioned IT professionals about threats, which ones were they most worried about?
A. There was a significant difference in the perception of threats between industry and research. Industry experts ranked social-engineering attacks in first place, and research experts ranked malicious network attacks, such as denial-of-service attacks, in first place.

Read this

IPv6 security: Plan now and quiz vendors

Surely IPv6, a protocol designed for the internet age, will herald a new era free of many of the old security problems? Not quite, says Rik Ferguson

Read more+

One threat we covered was targeted attacks on certain hubs and exchanges. [We also looked at] threats that come in through new devices like the iPad and new applications like the iPlayer, which caused a bit of an issue because of the usage of bandwidth.

Another was security in the cloud, because we don't exactly know what the cloud infrastructure is like. Communications links are being used, and there could be resilience and security threats through those.

In the cloud-computing area, industry experts ranked this slightly higher [as a threat] than research experts.

Surely those are valid worries? After all, social-engineering attacks are relatively easy to perpetrate.
It's clearly a valid worry. However, what struck us was that people were relatively complacent [about physical attacks]. Only nine percent of all participants think that attacks against physical infrastructures are a problem or will be a problem in the future.

The internet was created as a very resilient infrastructure originally, on the protocol level. On the network layer and the transport layer, the internet is resilient, clearly. But sometimes, as far as the physical infrastructure is concerned, we might not know exactly where the weaknesses are.

Only nine percent of all participants think that attacks against physical infrastructures are a problem or will be a problem in the future.

We're doing some work with the University of Kansas [to study] resilience measures on the physical network side. For example, there was a fire in a tunnel in Baltimore, and during the fire the physical network infrastructure was damaged. Many [of the affected] companies had different service providers in order to have backup and a resilient infrastructure.

Unfortunately all the service providers used the same network infrastructure going through this tunnel. When the fire happened, despite the fact [the companies] had backup links, their network access was down because all their network providers went through one physical bottleneck, which was damaged.

The question is: does the internet have those bottlenecks, and can we prove or disprove that they're there?

The internet is often characterised as a network of networks. Surely if one side of the network goes down, another part of the network will stay up, unless there's a catastrophic event like a ship's anchor slicing through fibre-optic undersea cables?
That is exactly the kind of event that might happen. On the one hand, it's a network of networks, it is very resilient. But the question is, are there actually weak points somewhere in the network?

For ISPs or network providers in general, it might not be much of a concern because they can use different networks or peering points. But we consider the internet more and more as part of the critical national infrastructure. So it probably would be worthwhile to reassess [internet infrastructure] and see if we are really free of single weak points that could be taken out, and whether an entire part of the communication network could be taken out of the equation.

Are there any particular weak points that you were thinking of studying?
We want to apply this to different network structures. Our colleagues in Kansas are looking at network maps from the US. Once we've concluded their measures of resilience are useful, we want to apply them to the UK.

There are certain points in the infrastructure where major cables come across from the Atlantic, or where there are a number of peering points which are close together covering a large area. That would be points to look at here — physical locations of major peering points.

For instance, in London there are three major peering points. What would happen if they were taken out? Also, we want to look at effects on the internet, as service levels would go down as traffic is rerouted. Is there a combination that could happen with different types of events? If you've got a very sophisticated attack strategy taking out some of the physical infrastructure, with network traffic attacks somewhere else, what would happen in that case?

There have been cable thefts as well, which have caused outages and problems...
Exactly that point came up recently with one of our industry partners. That was mentioned as one of their biggest problems — cable theft, basically taken to sell as scrap metal.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Mauthe’s comments raise some interesting points on threats to the internet, particularly around network infrastructure. On a physical level, cables, ducts and equipment can all be at risk of damage or failure. Every week we hear of the increase in copper theft causing days of network downtime for companies who are becoming ever more dependant on the data carried.

    One predominantly copper network has suffered 60 cable thefts in Doncaster alone between April 2011 and August 2011. As optical fibre cables often get damaged or stolen when they are in the same route as copper, the risk of suffering outages due to copper theft is greatly reduced when ducts in a network contain fibre only.
    The engineering and physical placement of duct and cable is also critical to maximising security. Specifiers should require cables to be buried deep underground and not exposed alongside railways for example to avert risks of theft and accidental damage.
    Locating cables within 'Zones of protection' can also be effective at minimising damage. Cables located in close proximity to high voltage electricity cables and high pressure gas mains are far less likely to suffer damage than others.

    The tunnel fire example quoted shows how important it is, when selecting a network for 'diversity' from one another, that they actually are physically separated by adequate distance from one another. In many cases in the UK network infrastructure is extensively shared and co-routed in common duct routes. A detailed study early in the planning cycle is vital to avoid this hidden risk.

    All physical infrastructures are not alike and the most demanding network users specify the characteristics of the physical assets within their networks carefully and commission detailed studies at the planning stage of data centres and other critical network facilities.

    Mike Ainger, Chief Operating Officer - Geo Networks
    Mike_Ainger
  • It's important for security professionals to look to the future and stay ahead of the game. As network attacks (and fears, such as on cloud security) increase, so will network security solutions, and thus network penetration will become less likely and make room for other avenues of attack that are not being paid attention to.
    spacez320