The overlooked risk to the internet

While security pros and academics disagree about what poses the biggest threat to data, they are both blasé about physical network attacks, says researcher Andreas Mauthe
Written by Tom Espiner, Contributor

Large-scale malicious campaigns by LulzSec, nation states and fraud gangs have underlined the risk to networks, as groups turn to online attacks for political, campaigning or criminal ends.

The typical methods used in these attacks rely either on social engineering, where attempts are made to dupe users into divulging information, or on network penetration, which use denial-of-service attempts and other approaches to get into service and application infrastructures.

However, there is also a risk from weaknesses in the physical infrastructure — such as cables — that underlie the internet, according to Andreas Mauthe, a senior lecturer at Lancaster University.

Mauthe, along with academics from the University of Ulster and ITT Madras, is conducting a study into the attitude of security professionals to different threats to data. The research group questioned chief information security officers at network operators, Cabinet Office employees and others to get a picture of how they view threats. Mauthe talked to ZDNet UK to discuss the initial findings of the study.

Q. When you questioned IT professionals about threats, which ones were they most worried about?
A. There was a significant difference in the perception of threats between industry and research. Industry experts ranked social-engineering attacks in first place, and research experts ranked malicious network attacks, such as denial-of-service attacks, in first place.

One threat we covered was targeted attacks on certain hubs and exchanges. [We also looked at] threats that come in through new devices like the iPad and new applications like the iPlayer, which caused a bit of an issue because of the usage of bandwidth.

Another was security in the cloud, because we don't exactly know what the cloud infrastructure is like. Communications links are being used, and there could be resilience and security threats through those.

In the cloud-computing area, industry experts ranked this slightly higher [as a threat] than research experts.

Surely those are valid worries? After all, social-engineering attacks are relatively easy to perpetrate.
It's clearly a valid worry. However, what struck us was that people were relatively complacent [about physical attacks]. Only nine percent of all participants think that attacks against physical infrastructures are a problem or will be a problem in the future.

The internet was created as a very resilient infrastructure originally, on the protocol level. On the network layer and the transport layer, the internet is resilient, clearly. But sometimes, as far as the physical infrastructure is concerned, we might not know exactly where the weaknesses are.

Only nine percent of all participants think that attacks against physical infrastructures are a problem or will be a problem in the future.

We're doing some work with the University of Kansas [to study] resilience measures on the physical network side. For example, there was a fire in a tunnel in Baltimore, and during the fire the physical network infrastructure was damaged. Many [of the affected] companies had different service providers in order to have backup and a resilient infrastructure.

Unfortunately all the service providers used the same network infrastructure going through this tunnel. When the fire happened, despite the fact [the companies] had backup links, their network access was down because all their network providers went through one physical bottleneck, which was damaged.

The question is: does the internet have those bottlenecks, and can we prove or disprove that they're there?

The internet is often characterised as a network of networks. Surely if one side of the network goes down, another part of the network will stay up, unless there's a catastrophic event like a ship's anchor slicing through fibre-optic undersea cables?
That is exactly the kind of event that might happen. On the one hand, it's a network of networks, it is very resilient. But the question is, are there actually weak points somewhere in the network?

For ISPs or network providers in general, it might not be much of a concern because they can use different networks or peering points. But we consider the internet more and more as part of the critical national infrastructure. So it probably would be worthwhile to reassess [internet infrastructure] and see if we are really free of single weak points that could be taken out, and whether an entire part of the communication network could be taken out of the equation.

Are there any particular weak points that you were thinking of studying?
We want to apply this to different network structures. Our colleagues in Kansas are looking at network maps from the US. Once we've concluded their measures of resilience are useful, we want to apply them to the UK.

There are certain points in the infrastructure where major cables come across from the Atlantic, or where there are a number of peering points which are close together covering a large area. That would be points to look at here — physical locations of major peering points.

For instance, in London there are three major peering points. What would happen if they were taken out? Also, we want to look at effects on the internet, as service levels would go down as traffic is rerouted. Is there a combination that could happen with different types of events? If you've got a very sophisticated attack strategy taking out some of the physical infrastructure, with network traffic attacks somewhere else, what would happen in that case?

There have been cable thefts as well, which have caused outages and problems...
Exactly that point came up recently with one of our industry partners. That was mentioned as one of their biggest problems — cable theft, basically taken to sell as scrap metal.

Editorial standards