The famed internet “kill switch” is a bit of a misnomer, perpetuated because it makes for a good clickbait headline, but with little bearing on the real world.
The simple truth is that there’s no big red button that can bring down the internet, nor any significant part of it.
It’s one thing for backbone providers to have the ability to shut down all traffic moving through them if needed, and it’s quite another for arbitrary threat actors to be able to shut down the internet via any single “switch.”
Spread across the entire globe, the internet is unfathomably large and complex, but also enormously strong.
Its fault points, of which there are many, are very widely distributed, thus ensuring that the infrastructure as a whole is very resilient.
>See also: 4 new areas of security vulnerability created by the Internet of Things
As such, it’s highly unlikely that informed hackers would even search for, let alone find, a single point of failure.
What’s more likely is that campaigns to disrupt the internet are made up of dozens, or even hundreds, of targets. These might include backbone providers, DNS providers, certificate infrastructure, or any number of other services that affect the normal function of the internet.
The likely strategy – for any actor with sufficient patience, resources, and skill – would be to compile lists of these critical providers and attempt to map the dependencies between them.
From there, determining which groups of them—if taken offline—could cause a cascading fault that affects as much of the internet as possible.
If you think of the internet as a city, shutting down targeted transport networks and infrastructure would be enough to disrupt designated areas – which may have a strong bearing on how the city operates (e.g. power stations, government buildings, hospitals, etc.).
There is no single kill switch. Rather, an interlinked set of dependencies, which, if pushed in just the right way, could cause a significant outage.
As you would imagine, this is not a trivial effort.
>See also: Consolidation in the security market
The resources required to research such an attack, let alone launch it, are considerable and arguably only within the capabilities of state actors.
That’s not to say it couldn’t or won’t happen though. In fact, we have already seen signs that it is may be taking place already. Bruce Schneier, a world-renowned cyber security expert, recently described large, sustained DDoS attacks that seem to be systematic probes to determine how the targets can respond to such attacks.
A troubling read, but this is exactly what we might expect to see if such research and preparation was being carried out today.
As for who might be doing such a thing, and to what end, the odds are again in favour of state actors or extremely well-funded organisations.
The goals of such an attack are harder to predict, and will vary, but chances are that they’d be used as part of a larger campaign that would benefit from the addition of blindness, confusion, and disorganisation.
Potential scenarios include military action, critical elections, and magnifying panic after a terrorist event, to name but a few.
>See also: The top 5 enterprise data security priorities for 2016
As for the question of whether we should build an internet kill switch, for the purpose of protection, the issues are very similar to the encryption backdoor debate.
The internet was designed to be highly resilient and it achieved this through its decentralised design. The moment you start engineering single points of failure, and then rigging them with kill switches, you open the question of “what would happen if someone you didn’t like got access to that switch”.
That’s the thing about backdoors and kill switches—they are there to be used.
Once created, there is no guarantee they will only be used by people who the majority agree with. In which case, the harm may very well be larger than the potential gain.
Sourced by Daniel Miessler, practice director of advisory services, IOActive
