As a network, the Internet is amazingly resilient, mostly. If you are in Philadelphia and accessing a website hosted in New York City, those messages may go directly “up the turnpike,” a distance of about 100 miles. If there is an Internet “accident” around exit 7, the Internet may reroute your traffic through Kansas City, adding about 2,000 miles to the trip. Unless you specifically look, you can’t tell this is happening. That minor detour to Kansas City may add about 90 milliseconds to the round trip (about a tenth of a second).
In the middle, the Internet is highly redundant with the ability to immediately react to load or routing problems. The real availability vulnerability is at the ends: the “last mile” problem.
In your own home, Internet outages are caused by:
- Failures or misconfiguration of your own equipment like your computer, netbook, tablet, or router.
- Your ISP (Internet Service Provider) like the phone company, cable company, or an independent ISP that piggy-backs on some existing connection to your house.
- Your electric company, unless you have a UPS on your modem and other critical equipment.
Most people are not willing to pay for redundancy in these areas. After all, that is why Starbucks and Barnes and Noble exist, right?
These vulnerabilities exist no matter where your “last mile” points are. What if your customers or employees are moving around in places with unreliable connections to the Internet, yet they need a reliable connection to do their job? Some examples:
- A team working in some really out-of-the way place, like searching for a power source in the wilds of Alaska, a new medicinal opportunity in the Amazon region, exploring an ancient city deep in the desert or jungle, exploring caves, or working in mines.
- A team providing aid in a crisis, where the existing infrastructure has been damaged or destroyed. Think of Haiti after the earthquake.
- A situation where for political, military, or competitive reasons, someone is actively out to prevent you from communicating by physically destroying land lines, communication towers, or local data centers; launching cyber attacks; or jamming wireless signals.
The problem can be at the other end also. One example I discussed earlier was Amazon’s Public Cloud offering, Elastic Compute Cloud (EC2). EC2 had a serious service interruption lasting nearly two days in late April. Some customers who chose not pay for one of Amazon’s high availability options were down.
The Internet is a key component of the Cloud. The Cloud does not change any of your availability requirements; it just changes what you might have to do to meet them. Even when you have your own data center, your dependence on the Internet is still significant. You probably use the Internet to communicate with customers, partners, and traveling employees. In some cases, you may be paying for private networks. These are expensive, and in general very reliable; however, they are subject to the same kinds of last mile problems. Going to the Cloud adds one more piece to the puzzle: your Cloud Service Provider (CSP). This is actually a significant benefit, not an additional risk. Many CSPs have redundant power and multiple physical connections to multiple ISPs at each of multiple data centers. For a price, you can pretty much guarantee that the other end is always available. That price will be a lot less than it would cost you to do it by yourself.
The real Cloud vulnerability is the result of the vulnerabilities of the hosts within “your” Cloud. There is a high degree of trust among the hosts within the Cloud infrastructure. This trust tends to magnify problems, allowing any malware that gets into one system to, potentially, quickly propagate to many others. The result is that any vulnerability is multiplied, usually even faster in the Cloud than in normal networked environments. Today’s hosts are very vulnerable. With close attention to keeping them updated with the latest security patches and general security best practices, they can become reasonably secure. However, the Cloud dramatically amplifies any residual vulnerability in the hosts. The defenders have to protect against all vulnerabilities; the attacker only needs to find one.
The Cloud is everywhere – in both the commercial and public sector markets.
The United States government is moving to the Cloud. In November, the Office of Management and Budget (a cabinet-level office within the Executive Office of the President) announced a “cloud-first strategy.” This strategy encourages all federal agencies to consider deploying Cloud Computing solutions for the same reason the commercial world is embracing the Cloud: boost reliability at affordable costs.
In the defense sector, the Defense Information Systems Agency (DISA) is also embracing the Cloud. Dave Mihelcic, the DISA CTO, recently said he wants his organization to provide Cloud Computing services to the US Department of Defense (DoD). He said DISA is “uniquely positioned” to provide the DoDCloud Computing services for both classified and unclassified information. DISA is likely to face stiff competition from the private sector, as Cloud Service Providers make their own bids for military Clouds.
Many DoD systems are controlled by computers, and these computers are rapidly becoming interconnected. General Peter Pace, former chairman of the Joint Chief of Staff, indicated in April that it was critical that the DoD be able to detect when these networks and systems were under attack, and, more importantly, defend these networks and systems without compromising the defense systems that rely on these networks.
General Pace is reporting a real dilemma: the cost of using the Cloud is at least an order of magnitude less than using the legacy DoD networks, but over 250,000 probes hit DoD networks every hour according to General Keith Alexander, a director at the National Security Agency and the commander of the U.S. Cyber Command.
Enter a traditional white knight: DARPA. The DoD Defense Advanced Research Projects Agency recently introduced a new project to create Mission Resilient Clouds. DARPA was created in 1958 as a response to the Soviet Union’s launch of Sputnik. While formed as part of the DoD, from the beginning DARPA’s role was to expand the frontiers of technology beyond the immediate needs of the U.S. military. Many prior DARPA projects have entered the general market. For those of us old enough to remember it, time-sharing, an early form of virtualization, was created as a joint project of Bell Labs, General Electric, and the Massachusetts Institute of Technology (MIT), funded by DARPA. This was followed by ARPANET, the real origin on the Internet.
All joking aside, Vice President Al Gore never said he invented the Internet. What he did say, and actually did as a US Congressman, was actively support a wide range of technology initiatives including those within DARPA that led to the Internet.
DARPA is working on building a Cloud-based network that can support military missions while under cyber-attack: the Mission Resilient Cloud. MRC is a companion program to an existing CRASH project (Clean-slate design of Resilient, Adaptive, Secure Hosts). CRASH aims to limit vulnerabilities within each host with a Cloud. MRC will focus on making the Cloud more resilient, damping down the impact of attacks instead of the existing amplifying effect.
DARPA released the project announcement in June, with proposals due July 25, with initial testing in 2015.
Next time I’ll look at the specific requirements and speculate on how, and when, we should see this capability in the general Cloud environment.
The last word:
One major vulnerability to the Internet is government. As we saw in the “Arab Spring,” some governments thought they could stop the crisis by stopping the Internet. Those attempts proved two things:
- Stopping the Internet at the country level has a huge economic hit on the country. Some leaders decided for that reason that they needed to reopen the Internet. Other leaders decided that if they were out of power they did not care about the country’s economy.
- While shutting down the Internet can reduce people’s ability to communicate, it seemed to be too late. People had learned that when they communicate with each other they can act cohesively and have a huge impact. In many countries the people found other ways to communicate, from using other technologies like cell phones to low tech means like shouting from the tops of buildings.
Many countries, including the United States, are making plans and passing laws to enable them to “legally” shut down the Internet to “protect the people.” It is time to ask who your government is protecting from what.
Keep your sense of humor.