CyberSecurity Act of 2009

This image was selected as a picture of the we...

(Photo credit: Wikipedia)

I’m still not worried about such things as the CyberSecurity Act of 2009. It’s not an issue of the Liberty movement. If it were, we’d already be dead or completely under control. The article and the bill have pretty much exactly the same elements we discussed last year that I said would make them impossible to implement.

Franck Journoud, a policy analyst with the Business Software Alliancetold in April:

But many in the technology sector believe it’s a job the government is ill-equipped to handle. Simply put, who has the expertise? It’s the industry, not the government. We have a responsibility to increase and improve security. That responsibility cannot be captured in a government standard.

Wow, that was polite. I would have simply asked, “Other than DARPA (small-scale research), what large-scale network has the government ever engineered and maintained?” All of its networks are designed, engineered built and maintained, except for portions of DoD, by civilian companies. Even in DARPA, most of the researchers and engineers are hired contractors from the private sector. However, even the hired guns would find this task daunting.

Plus the fact that the technique involved to “shut it down” would have to be a bludgeon. There is no way the government, or even a consortium of the larger commerical carriers, could discriminate out all the various virtual traffic flows embedded in the digital streams at the bottom layers of the NTI.

Therefore, it has to be just what they a call it; a “kill switch,” meaning they shut it down at the SONET (physical layer) up to the Network (TCP) layer. And that would also broadly affect the functioning of State and Federal governments as well. Outside of DoD, and even portions of DoD, state and federal government intermingle their traffic on the same physical network layers as do all the private comms. Separating even that portion out would be the mother of all configuration management projects. Specified and run by the government? HAHAHAHAHAHA! I’d love to be the Cisco, Lucent, Verizon, et al, Chief Engineer that gets handed that one. Job for life with no possibility of success. Hmmmm.

They couldn’t switch all the government traffic to DoD networks. DoD doesn’t have the capacity and DoD would not know how or have any desire to handle the security problems of having all that “civilian” government traffic running on their networks.

None of that even speaks to the problem of the global traffic that passes through the NTI and primary switches in the North American Switch Fabric to reach their destinations. Millions upon millions of virtual sessions transgress north america every day that neither originate or terminate here (~60% of all global internet traffic that originates and terminates outside of North America passes through our NTI switch fabric). Shutting down the NTI means shutting them down as well. America and the world commerce system, financial, industrial and government would totally freeze up. Now how long do you think that would last?

After a couple of decades of doing large-scale I can’t even conceive of how to capture, on an engineering basis for Configuration Management purposes, the complexity of the NTI between all the carriers and network providers in a way that would enable the developmet of a network plan for managed shut down.

I’ve talked to my friends at Bell Labs and elsewhere for a number of years on this. The typical response I get is a large groan with the statement, “I’d quit before I’d ever join that project.” The number of the most talented industry people such a project would take up, and the cost, would be something to behold. Then it would all be highly likely to end in almost total failure. It would probably require a high degree of AI that doesn’t yet exist. Most timely of all, it would require billions of dollars that simply don’t exist to spend in trying.

The article uses an understandable general analogy, but shutting down the Internet is not like grounding a few thousand aircraft. It shows just how stupid, ignorant and naive they are that they think they could even propose something in law that would be remotely feasible.

This is an interesting subject to think about, but not one I’d lose sleep over. To do something even remotely like this is definitely cutting off their nose to spite their face. Their green-light conferencing on stupid legislation has simply gone into overdrive. I’m sure whoever is whispering in Congress and Administration ears knows this is just “billions for boondoggle.”

Other than targeted DoS and some finely targeted tracing interruption (which will launch thousands of hackers/crackers and subversives of all types into a frenzy of response to circumvent), there is not much to fear from the “kill switch” approach (and would provide a much needed vacation from email, twitter and YouTube!) which is really the only tool they have at this time. When all you have is a hammer everything is a nail.

Even if they pass it, it can’t be implemented. It humorously reminds me of the many conversations where some executive in a corporation would be telling me what the IT or network technology had to do for their new business requirements, without understanding anything about the underlying technology. I would tell them what they were asking was impossible and they’d demand like babies that it be done because it was “already in the new business plan” he or she’d briefed to some higher level executive. I’d respond with, “that’s great, now go back and tell them it can’t be done or I will.” Not every stupid scenario that these Bozos can dream up will come to fruition even if they scream, jump up and down or not.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>