Among the e-mails I have recently received on “The Dark Net” and the “Black Internet” was one from Professor John Walker. He has given me permission to reproduce it as a guest blog. My own thoughts are at the end:
“One of the major considerations for any organisation considering adoption of a Cloud, or Extended Perimeter Solution is to understand their dependencies on the Internet Backbone and to arrive at a critical conclusion which will:
a) Consider their appetite and tolerance for downtime
b) Consider their option for Mitigations, and Risk Reductions
Given there are scientific studies by Pastor-Satorra & Vespignani (Evolution and Structure of the Internet – A Statistical Physics Approach) where they introduce the SIR Model of Virus Propagation, it is very clear that there is an Achilles Heel within the Internet which needs to be understood and appreciated in order to accommodate pragmatic Reductions of Risk.
Another reference to the fragility of the Intranet, and its missing elements of Governance is documents in historical texts quoted by Jack Goldsmith & Tim Wu in Who Controls the Internet (Illusions of a Borderless World). One of the forgotten facts today is that relating to John Postel, who way back was concerned about the way in which the very root of the Internet was managed.
And last but not least in the positive we may reflect on the paper originated by Clinton, Gore, and Bangermann which considered the need for Information Superhighways that supported business, and home – possibly the precursor of Cloud thinking.
In respect of Gov Cloud I have spent some time with them in isolation on a basis of Academic Research, and it would seem that the fragmentation of Government and Individual Department needs has a number of gaps – which need to be closed with some collected collaborative thinking.
I have spent the last two years researching this subject, and whilst my words to date have fallen on deaf ears, I am afraid that Internet Resilience will be one key area which will bite very hard unless considered in a position of importance, commensurate to its expected support, and resilience capabilities to underpin Users, Business, and Governments alike – its wires are key!
So I would wish to go on record to say, the facets of Internet Dependencies, Service Levels, Durability, and Governance are key parts of a large Jig Saw Puzzle which must be understood, and articulated to understand the potentials, or not, of Continuity of Service and Operations.
We are at a juncture at which we are very dependent on an unmanaged Infrastructures to deliver and underpin critical SCADA Systems, Multi-Million $ Transactions, and to Support Government – the time is now also here to drive what the Security & Governance of such an open world of communications should look like.
Remember Dan Kaminsky and his find – this was not the first of its kind, and will not be the last.
So if interested, what do we do?”
John Walker, www.secure-bastion.co.uk
P.S. My own answers include:
1) buy a standby generator and keep at least 14 days food and water in the house, a supply of fuel in the garden shed and don’t tell the neighbours
2) do not connect any business critical SCADA systems to the mainstream Internet other than via 18 inches of clear space and a manual cut-out.
3) Read the Information Society Alliance report on “Security by Design” when it is published on 27th October. The main points are summarised on the website but the body of the reports is in the members’ area. See how to join for details.
P.S. I was with a Parliamentary Group at AT&T Basking Ridge for a demonstration of full mtion video over the Internet on the day of the first great “brown down” in 1995. The problems that day were never properly resolved. My blog on The Day the Internet Stopped appeared in February 2008. The South Park episode on The Day the Internet Stood Still reached a rather wider audience in April 2008. But only now are the issues beginning to be taken seriously. The European Union has proposed an Internet Treaty at Vilnius last week and eNum (the second largest domain name registry) has apparently agreed to a routine for checking supposed on-line pharmacies those lciensed to do business in teh USA.