Is internet armageddon just a matter of time?

Mitchell: What fall-back do we have if we lose the internet?

The predecessor of the internet – Arpanet – was designed to survive an atomic war. As such, the prime directive of any internet-connected computer is to respond with a “yes” to any enquiry from another computer asking the question “are you still operational?”.

This very response mechanism has since been exploited by hackers pinging internet addresses with the hope of getting a response from another computer. Knowing that a computer is online presents them with the opportunity of either subverting it or launching a denial of service attack against it.

As the internet is a network of networks that consists of millions of private, public, academic, business and government networks that are linked by a broad array of electronic and optical networking technologies, it stands to reason that international co-operation is required to protect the service. But what if a sovereign government decides to remove another country from the internet?

Responsibility for protecting the UK infrastructure rests with the Centre for the Protection of National Infrastructure (CPNI). This is a government agency that provides protective security advice to businesses and organisations across the national infrastructure.

Note the use of the word advice. It is up to the recipient of the advice to take the relevant action. In many cases the decision is likely to be taken on commercial considerations (even not-for-profit organisations have budgets), along the lines of “will implementing this advice cost me more than I am likely to lose as a result of any disruption?” So what is in the interests of UK plc may not make commercial sense to a single company.

Most organisations are selfish, rather than altruistic, so the message has to be that we are all in the same boat so let’s share the cost in order to reduce the pain. However, the issue is now muddied by the growth of outsourcing, off-shoring and cloud computing.

On whose infrastructure is your critical application running? It is possible that the critical infrastructure you rely on is hosted in another country over which the UK has no control. Do they have the equivalent of a CPNI? Where is your data? Who manages your email? Where is the origin of the attack? Do we have jurisdiction in that area?

It has often been said that the next war will be won by the side with the fastest computers. This makes sense as the faster the computer, the quicker it can both attack other devices and defend itself against countermeasures. Military aircraft still have old-fashioned, mechanically based, inertia guidance systems in case the state-of-the-art GPS satellite navigation system is disrupted. That’s true business continuity planning. What fall-back do we have if we lose the internet? Precious little, is the answer.

John Mitchell is a member of the BCS