Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

‘Internet Kill Switch’ – Is this Technically Feasible in the US?

Is an Internet Kill Switch Possible in the United States?

Is an Internet Kill Switch Possible in the United States?

InternetWith the recent events in Egypt and the debate over proposed legislation, “Cyber Security and American Competitiveness Act of 2011”, the term “Internet Kill Switch” has flashed into popular discussion. So what does the term mean, what does it look like, and can it be really be done?

Last week, Wired reported that the “Kill Switch” bill will introduce legislation that would give the US government power to limit Internet traffic in the event of cyber-security emergency. The intent of the bill is to provide a mechanism for the government to work with the private sector to respond swiftly to a significant threat. It is not a mandate to be able to shut down the entire Internet but rather authorizes the president to order access to “critical infrastructure” be turned-off.

Internet Kill SwitchOur interest here is to look at just one dimension of the issue – the technical feasibility; the political and policy aspects, we’ll leave to others.

To recap recent events in Egypt, public political protests reached critical mass on January 25th. As in Iran, the use of social media contributed to the visibility and tempo of the situation. On January 27th, Internet connectivity and access across the region began plummeting ultimately leading to a five-day blackout. Service resumed February 2nd, but not before inflicting major losses to the Egyptian economy.

The 60-day monitor and tracking chart below clearly demonstrates the pattern of performance and impact to one of Egypt’s 91 autonomous systems. Note the period of instability before the end of the month, then the sharp spike in ‘CIDR deletions’, which effectively removed these IP blocks from the routing tables used by ISPs, thereby rendering them unreachable.

CIDR Announcement for Internet Kill Switch

Egypt’s actions follow other recent government ordered blackouts as seen in Myanmar and Iran. In each case, an autocratic government could assert control over a relatively small number of major ISPs (ASNs – Autonomous System Numbers). Flipping the switch was achieved by changes to the routing tables (CIDR deletions) used by the ISPs.

The question remains….. could the same approach be taken in the US? The ubiquitous and interconnected nature of the United States ISPs, and the reliance of the critical infrastructure sectors within the U.S. on those ISPs coupled with the lack of overall visibility present enormous technical challenges. Below are three to consider:

1) Master complete visibility and understanding of the Internet – In order to control, direct, or limit routing, which is essentially what would be required, the government would have to have visibility and a solid understanding of all Internet assets and their routing commands. When considering the global Internet, you must have the ability to view it, map it, and track it from multiple perspectives and vantage points. If this is not achieved, you could never be sure closing access in one area would not open access via another, nor could you be sure to maintain operations of those assets you wish not to impact.

2) Overcome the size and scale of the countries Internet presence – The table below, generated from a routing database, gives an appreciation for the difference in scale between the US and these other countries.

Advertisement. Scroll to continue reading.

ASNs and CIDRs by Country

When one considers the difference in scale of ownership and governance between the US government infrastructure and these other countries, it is hard to infer that the US government could induce a blackout to the same effect as these other cases.

3) Own the ability to take action – An effective surgical response requires sensing and validating the cyber-emergency from multiple sources, sharing the appropriate notice and responsibility with critical infrastructure partners and relevant agencies, and managing a distributed means to synchronize, execute, and monitor the shut down activity.

Until these challenges are overcome, a technical solution will be out of reach – even if a political solution is enacted.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture