[CII] Advocatus Diaboli

Security Account (WebDawg) webdawg.security at gmail.com
Tue Dec 1 21:34:06 UTC 2009 

I suppose one answer this question one would have to understand what
percentage of networks depend on other networks.

How much do other countries depend on US's networks for communication and
storage and vise versa?

We are also talking about normal life but think about how much normal life
has changed.

Banks now send copies of checks electronically to clear faster.  Do they
have a backup plan  What about the private networks that they lease or own
for inter business communication?

Are satellite communications down?

Can I still ping my neighbor?

What about TV networks?

I understand the concept of though experiments but when I entertain one
usually I make it as real as possible.  If certain data centers and routing
points in American where destroyed or attacked we would be screwed.

Satellite communications can take over but do you remember how slow that can
get?

If your talking about some type of almost universal software attack that
would somehow destroy the routing capabilities of most of the major internet
routers this is something different.

We should be talking about the types of communications that one needs in a
crisis too.  If the internet goes down what type of panic could spread?  How
much would our news slow down?  What happens if critical news is
misreported?  How badly would this effect the stock market.  Could it cause
riots if someone reports something wrong?

The world is going to end!

Some stock traders have almost direct access to US stock market networks
because of speed.  From what I have read they almost automate trading via
software algorithms.  What could happen if other stock entities did not have
access but this one did?  What type of advantage or danger could this set?

If we are going to talk about things in thought experiments, I think, that
we need to take a more reality based 'reality.'

You mentioned that everything is voice over ip.  But then say that it isnt
and standard copper networks exist that could handle even the daily load of
citizen communication.  Before I think that this is true I would like to
know if it is?  If all voice over ip networks go down can I speak to my
family member in that other state?  If not what kind of plan could possibly
exist or does exist to fix this.

With the level of connectivity gone that you are talking about one would
have to assume that most private networks would be fine.

Its when private networks are routed over public networks that the problem
starts to exist.

Medical
Military
Most News Organizations
Any place that Uses email

I have heard ideas about building private medical networks for safe
transport of information in them.  In my opinion this would not solve the
problem.  I would just need to gain access to the medical network.  In fact
it may be simpler to hack then the modern day internet network with all its
traffic and protective layers.  If we are talking about physical reliability
then why not just add these links to the existing infrastructure?


On Tue, Dec 1, 2009 at 5:37 AM, Felix 'FX' Lindner <fx at recurity-labs.com>wrote:

> Hi list,
>
> since the discussion about CI/CII exploded already into an
> n-dimensional problem space, I would like to approach it from a
> completely different angle and pose the following question as a
> THOUGHT EXPERIMENT for discussion:
>
> ****************
> Which governmental or commercial entity would be unable to recover
> from a global and ongoing Internet outage?
> ****************
>
> As we can define rules for thought experiements, here are the ones for
> this:
>
> 1)
> We shall not know what the reason of the outage is. Simply assume
> whereever you connect to the Internet, it simply doesn't work (no
> routing, no DNS).
>
> 2)
> We shall assume that POTS (Plain Old Telephony System) is still
> functioning. [Note: we all know that POTS cores are all VoIP these
> days, but it's a thought experiment, so just play along]
>
> 4)
> We shall assume that all other types or infrastructure are still
> functioning, including power distribution, water and utilities.
> [Note: we all know the argument that those may fail with Internet
> outages, but it's a thought experiment, so just play along]
>
> 5)
> How much of any localized networks will still work is up to the
> participant of the thought experiment, but you shall reason why
> something still works.
>
> Working hypothesis:
> Any sufficiently important entity will apply creativity, priorization
> and extra effort to get around the operational problems caused by the
> unavailability of the Internet at large. The impact on societies and
> their ability to support and protect human lives will be significantly
> lower than commonly assumed.
>
> Goal of the thought experiment:
> By identifying one or more entities that are unable to recover by any
> means from a global and ongoing Internet outage, we might be able to
> assess criticality of such entity, criticality of Internet components
> as well as mitigation strategies that people would employ if forced to
> using *actual*examples*.
>
> Enjoy,
> FX
>
> --
> Recurity Labs GmbH           | Felix 'FX' Lindner
> http://www.recurity-labs.com | fx at recurity-labs.com
> Wrangelstrasse 4             | Fon: +49 30 69539993-0
> 10997 Berlin                 | PGP: A740 DE51 9891 19DF 0D05
> Germany                      |      13B3 1759 C388 C92D 6BBB
> HRB 105213 B, Amtsgericht Charlottenburg, GF Felix Lindner
> _______________________________________________
> CII mailing list
> CII at isotf.org
> http://isotf.org/mailman/listinfo/cii
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://isotf.org/pipermail/cii/attachments/20091201/7927cdf4/attachment-0001.htm>

More information about the CII mailing list