What if the Internet collapsed?

A vulnerability in SNMP could have horrendous implications for us all

A vulnerability in SNMP could have horrendous implications for us all

Is the Internet working today, or is it dead as a doornail? If it is working, will it still work tomorrow or the day after?

A decade ago, "Internet dead: pictures at 11" stories were common online, but not of any interest to the rest of the world. Now that most businesses depend on e-mail and Web sites for information and services, its collapse would have a huge economic impact.

Nothing less than collapse was threatened last week, when an advisory was released by Internet security monitor Cert about a hole in the Simple Network Management Protocol (SNMP), which is used in most of the devices that make the Internet work.

At the time of writing, there was no evidence that the hole had been exploited. However, there is no reason to suppose it won't be. You cannot expect the "black hats" to have a sudden change of heart, and you would be a fool to bank on it.

So what it really boils down to is whether the techies who keep contemporary society running - this may well mean you - manage to patch SNMP systems in time, if, indeed, all the necessary patches are available.

Considering the number of systems still afflicted by viruses for which patches were available more than a year ago, this seems unlikely.

In addition, the mainstream UK press has so far failed to play a part in reporting the vulnerability. It might be useful to whip up a bit of hysteria - something to get board members out of bed to ask whether appropriate actions are being taken. But, again, that is unlikely to happen until someone takes out eBay and Amazon - the Twin Towers of Internet commerce.

The best we can hope for is that everyday life will continue as normal, as happened after the Y2K century date change scare. However, as with Y2K, the flaw will cost money to fix, and therefore leave the world somewhat worse off than it was before.

There is also a significant difference from Y2K: there is no guarantee that further holes will not be found in the Internet's software infrastructure. It could happen again next week, next month or next year.

Microsoft may be only peripherally involved with the SNMP scare, but Bill Gates' sudden and belated conversion to the cause of Trustworthy Computing could strike a chord. The ubiquity of the Internet, like the ubiquity of Windows, is both a benefit and a danger. Universal use means universal vulnerability.

And if the Internet goes down, you cannot switch to an alternative. There isn't one.

Jack Schofield is computer editor at the Guardian

www.cert.org/advisories/CA-2002-03.html

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close