"In 2004, Department of Homeland Security officials became fearful that terrorists might start using accidental dig-ups as a road map for deliberate attacks, and convinced the FCC to begin locking up previously public data on outages. In a commission filing, DHS argued successfully that revealing the details..." --MORE-- http://wired.com/news/technology/0,70040-0.html?tw=wn_tophead_1 -Dennis
On Thu, Jan 19, 2006 at 10:05:57AM -0600, Dennis Dayman wrote:
"In 2004, Department of Homeland Security officials became fearful that terrorists might start using accidental dig-ups as a road map for deliberate attacks, and convinced the FCC to begin locking up previously public data on outages. In a commission filing, DHS argued successfully that revealing the details..."
--MORE--
http://wired.com/news/technology/0,70040-0.html?tw=wn_tophead_1
-Dennis
My observation is that attempts to wield backhoes in a correct manner yield enough of a cyberthreat [the "Serbian Backhoe Brothers" team has visited us enough times for us to be justifiably paranoid]. On the other hand, it's quite possible that attempts to deliberately cut fiber might be exactly as successful as attempts to avoid fiber, and we have nothing to worry about in terms of deliberate sabotage. -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
[subject change since this is a change of subject, was "Re: The Backhoe: A Real Cyberthreat?"] The biggest threat to Cyber security is stupidity, followed only by indifference. Period. There. Someone was bound to say it, so I said it first. Now, in an attempt to get my NANOG "Header to Content" size ratio to 1, I'll rant on a little for your entertainment, enjoyment, annoyance, or hatred. :-) Terrorists want to kill people. Did anyone die when those two fibers were cut? Did it cripple the US Economy? Did it close the stock markets? When the markets opened the next day, did stock prices fall across the board for weeks and months on end? Not exactly. Will people put bumper stickers on their cars that say "Remember 1/9?" or "Remember Buckeye and Reno Junction" No. Not one person will do that. [most] Religious extremists tend to site religious verses saying things along the lines of it being acceptable to kill those who do not belive or who oppose their religion. [just like Christianity during the crusades] I'm pretty sure there's nothing in the Koran that says anything about "taking away their internet and cell phones, and knocking out their power." [so they can live like we do] This is something that the DHS knows, but doesn't want to admit too loudly. Why? Because it's easy to say "We're doing more to prevent cyber attacks. See? We took away the fiber maps! We accomplished something! This is bound to help out!" [now give us more money so we can afford to do more things like that] They say that, to throw us [the public, and Congress that pays for their department to exist] a bone every now and again. It's nearly impossible for them to say "you're safer today than you were yesterday!" Well, they could say it, but it would be laughed at by the majority of the population. [more so than they are now] How are they supposed to calm people's fears? With a statement like: "See? You aren't being attacked by terrorists today! We must be doing our job!" The graphic in the Wired story from FortiusOne showing fiber optic backbones and how they clump also shows just how many other fiber routes exist. It also shows where terrorists should go looking for fiber to cut. Look at THAT map. Go look for, and follow the signs. Failing that, make a few phone calls, and have the stuff marked so it can be found to cut it. It's really that easy. But why even do that? We already cut enough of it without any help from terrorists. Just in case no one was paying attention, the score is: Lack of information + guy on backhoe = 675,000 cuts per year: Terrorists = ZERO. It's up to carriers to either diversify or feel the wrath of the backhoe. Fortunately [for carriers that have an outage] and unfortunately [for long term reliability], the general population is forgiving and forgetful enough that when outages do occur and their life is back to 'normal' they just don't care enough to want to pay higher prices for that extra infrastructure. The part that wasn't mentioned, is something I'm most interested in. How much did the outage cost Sprint? And is it worthwhile for them to use install or lease different fiber routes to prevent that type of revenue loss in the future? [My guess would be.... "No"] Marketing will make up for lost customers, and trying to convince people to forget that it ever happened, and rate increases and/or insurance will make up for any lost revenue. -Jerry
Dennis Dayman wrote:
"In 2004, Department of Homeland Security officials became fearful that terrorists might start using accidental dig-ups as a road map for deliberate attacks, and convinced the FCC to begin locking up previously public data on outages. In a commission filing, DHS argued successfully that revealing the details..."
--MORE--
http://wired.com/news/technology/0,70040-0.html?tw=wn_tophead_1
-Dennis
This is really stupid. Assuming the terrorist actually have the dozens of backhoes needed to completely erase meaningfull internet connectivity in north america, they would probably prefer to use them to smash cars and kill people on the interstate highways or something. Terrorist inflict terror by killing people, not by forcing internet explorer to display "page cannot be displayed". Let us not assume that murderous terrorist are as dumb as people in DHS.
At 12:01 PM 1/19/2006, you wrote: This is really stupid. Assuming the terrorist actually have the dozens of backhoes needed to completely erase meaningfull internet connectivity in north america, they would probably prefer to use them to smash cars and kill people on the interstate highways or something.
Terrorist inflict terror by killing people, not by forcing internet explorer to display "page cannot be displayed".
Let us not assume that murderous terrorist are as dumb as people in DHS.
Agreed. However, if you disappear now, we'll know why! :P -Robert Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Franklin
"Inflict[ing] terror by killing people" is not the only tactic terrorists use. Attacks can be anything from a SPAM flood to a DDoS attack to taking down dozens of servers or routers utilizing known vulnerabilities. Targets can be bridges, buildings, etc. and don't necessarily result in loss of life. Disrupting communications channels is a common tactic used to attack the "enemy", so keeping a close eye on and protecting key communications infrastructure is a valid goal. Further, It doesn't take "dozens" of backhoes nor dozens of sites to cause a significant disruption. Imagine if 60 Hudson and 111 8th were to go down at the same time? Finding means to mitigate this threat is not frivolously spending the taxpayer's money, IMO; although perhaps removing fiber maps is not the best way to address this. -- rsw. On Thu, Jan 19, 2006 at 12:51:00PM -0500, Robert Boyle <robert@tellurian.com> wrote:
At 12:01 PM 1/19/2006, you wrote: This is really stupid. Assuming the terrorist actually have the dozens of backhoes needed to completely erase meaningfull internet connectivity in north america, they would probably prefer to use them to smash cars and kill people on the interstate highways or something.
Terrorist inflict terror by killing people, not by forcing internet explorer to display "page cannot be displayed".
Let us not assume that murderous terrorist are as dumb as people in DHS.
Agreed. However, if you disappear now, we'll know why! :P
-Robert
Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Franklin
Imagine if 60 Hudson and 111 8th were to go down at the same time? Finding means to mitigate this threat is not frivolously spending the taxpayer's money, IMO; although perhaps removing fiber maps is not the best way to address this.
No, removing fiber maps will not address this problem now that you have pinpointed the addresses that they should attack. Separacy is the key to addressing this problem. Separate circuits along separate routes connecting separate routers in separate PoPs. Separacy should be the mantra, not obscurity. End-to-end separation of circuits is how SFTI and other financial industry networks deal with the issue of continuity in the face of terrorism and other disasters. In fact, now that trading is mediated by networked computers, the physical location of the exchange is less vulnerable to terrorists because the real action takes place in redundant data centers connected by diverse separate networks. Since 9-11 was a direct attack on the financial services industry, people within the industry worldwide, have been applying the lessons learned in New York. Another 9-11 is simply not possible today. --Michael Dillon
As you mentioned before this is largely because the customer (SIAC) was savvy enough to set the reuirements and had the money to do it. A lot of that saviness came from lessons learned from 9/11 and fund transfer. Similar measures were taken with DoD's GIG-BE, again because the customer was knowlegable and had the financial clout to enforce the requirements and demand the information. My argument simply is if this kind of awareness can be made more broadly available you end up with a more resilient infrastructure overall. An anonymous data pool is just one suggestion of a market based mechanism to do it. ----- Original Message ----- From: Michael.Dillon@btradianz.com Date: Friday, January 20, 2006 5:37 am Subject: Re: The Backhoe: A Real Cyberthreat?
Imagine if 60 Hudson and 111 8th were to go down at the same time? Finding means to mitigate this threat is not frivolously spending the taxpayer's money, IMO; although perhaps removing fiber maps is not the best way to address this.
No, removing fiber maps will not address this problem now that you have pinpointed the addresses that they should attack.
Separacy is the key to addressing this problem. Separate circuits along separate routes connecting separate routers in separate PoPs. Separacy should be the mantra, not obscurity.
End-to-end separation of circuits is how SFTI and other financial industry networks deal with the issue of continuity in the face of terrorism and other disasters. In fact, now that trading is mediated by networked computers, the physical location of the exchange is less vulnerable to terrorists because the real action takes place in redundant data centers connected by diverse separate networks. Since 9-11 was a direct attack on the financial services industry, people within the industry worldwide, have been applying the lessons learned in New York. Another 9-11 is simply not possible today.
--Michael Dillon
While it is always fun to call the government stupid, or anyone else for that matter, there is a little more to the story. - For one you do not need a backhoe to cut fiber - Two, fiber carries a lot more than Internet traffic - cell phone, 911, financial tranactions, etc. etc. - Three, while it is very unlikely terrorists would only attack telecom infrastructure, a case can be made for a telecom attack that amplifies a primary conventional attack. The loss of communications would complicate things quite a bit. I'll agree it is very far fethced you could hatch an attack plan from FCC outage reports, but I would not call worrying about attacks on telecommunications infrastructure stupid. Enough sobriety though, please return to the flaming. ----- Original Message ----- From: Joe Maimon <jmaimon@ttec.com> Date: Thursday, January 19, 2006 12:01 pm Subject: Re: The Backhoe: A Real Cyberthreat?
Dennis Dayman wrote:
"In 2004, Department of Homeland Security officials became fearful that terrorists might start using accidental dig-ups as a road map for deliberate attacks, and convinced the FCC to begin locking up previously public data on outages. In a commission filing, DHS argued successfully that revealing the details..."
--MORE--
http://wired.com/news/technology/0,70040-0.html?tw=wn_tophead_1
-Dennis
This is really stupid. Assuming the terrorist actually have the dozens of backhoes needed to completely erase meaningfull internet connectivity in north america, they would probably prefer to use them to smash cars and kill people on the interstate highways or something.
Terrorist inflict terror by killing people, not by forcing internet explorer to display "page cannot be displayed".
Let us not assume that murderous terrorist are as dumb as people in DHS.
----- Original Message ----- From: <sgorman1@gmu.edu> Cc: <nanog@nanog.org> Sent: Thursday, January 19, 2006 12:00 PM Subject: Re: The Backhoe: A Real Cyberthreat?
While it is always fun to call the government stupid, or anyone else for that matter, there is a little more to the story.
- For one you do not need a backhoe to cut fiber - Two, fiber carries a lot more than Internet traffic - cell phone, 911, financial tranactions, etc. etc. - Three, while it is very unlikely terrorists would only attack telecom infrastructure, a case can be made for a telecom attack that amplifies a primary conventional attack. The loss of communications would complicate things quite a bit.
I'll agree it is very far fethced you could hatch an attack plan from FCC outage reports, but I would not call worrying about attacks on telecommunications infrastructure stupid. Enough sobriety though, please return to the flaming.
I would tend to disagree on that depending on how detailed those reports are. For example, if they indicate that junction X will hinder / disable communications to sector/grid Y, then yes, it could be a serious threat if you have police, fire, hospitals, etc on that section of the grid. Mike P.
While it is always fun to call the government stupid, or anyone else for that matter, there is a little more to the story.
- For one you do not need a backhoe to cut fiber - Two, fiber carries a lot more than Internet traffic - cell phone, 911, financial tranactions, etc. etc. - Three, while it is very unlikely terrorists would only attack telecom infrastructure, a case can be made for a telecom attack that amplifies a primary conventional attack. The loss of communications would complicate things quite a bit.
I'll agree it is very far fethced you could hatch an attack plan from FCC outage reports, but I would not call worrying about attacks on telecommunications infrastructure stupid. Enough sobriety though, please return to the flaming.
I agree with you on all points except the one you didn't make. :-) The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works.
Jerry Pasker wrote:
While it is always fun to call the government stupid, or anyone else for that matter, there is a little more to the story.
- For one you do not need a backhoe to cut fiber - Two, fiber carries a lot more than Internet traffic - cell phone, 911, financial tranactions, etc. etc. - Three, while it is very unlikely terrorists would only attack telecom infrastructure, a case can be made for a telecom attack that amplifies a primary conventional attack. The loss of communications would complicate things quite a bit.
I'll agree it is very far fethced you could hatch an attack plan from FCC outage reports, but I would not call worrying about attacks on telecommunications infrastructure stupid. Enough sobriety though, please return to the flaming.
I agree with you on all points except the one you didn't make. :-)
The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works.
The people who have the problem areas should already know about them and be designing around them. I'm sure that Sprint, for example, knows very well where backhoes have gone through it's fiber. Although it sounds like they may not know where all their fiber is... <sigh> Joe Schmuck down on 2nd Street doesn't need to know about the problem areas and his input would likely be unwelcome. And no security or amount of redundancy is likely to be perfect - and these companies are in business to make money after all. Obscurity is not the entire answer. But it should be part of it. -- Jeff Shultz
Agree that a level of security is required, but the real value is in customers like banks knowing where their fiber is, so when they lease service for a back up provider they know it is not in the same ditch. The article attribute the pro regulation quote to me, but actually it was out of context. I was proposing that you need an anonymous secure data pool that cusomers could qery to see what providers for a set of buildings are diverse. The mathematics to do the diversity optimization are available just an issue of data. ----- Original Message ----- From: Jeff Shultz <jeffshultz@wvi.com> Date: Thursday, January 19, 2006 3:42 pm Subject: Re: The Backhoe: A Real Cyberthreat?
Jerry Pasker wrote:
While it is always fun to call the government stupid, or anyone
for that matter, there is a little more to the story.
- For one you do not need a backhoe to cut fiber - Two, fiber carries a lot more than Internet traffic - cell
911, financial tranactions, etc. etc. - Three, while it is very unlikely terrorists would only attack telecom infrastructure, a case can be made for a telecom attack
amplifies a primary conventional attack. The loss of communications would complicate things quite a bit.
I'll agree it is very far fethced you could hatch an attack
FCC outage reports, but I would not call worrying about attacks on telecommunications infrastructure stupid. Enough sobriety
else phone, that plan from though,
please return to the flaming.
I agree with you on all points except the one you didn't make. :-)
The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works.
The people who have the problem areas should already know about them and be designing around them. I'm sure that Sprint, for example, knows very well where backhoes have gone through it's fiber. Although it sounds like they may not know where all their fiber is... <sigh>
Joe Schmuck down on 2nd Street doesn't need to know about the problem areas and his input would likely be unwelcome.
And no security or amount of redundancy is likely to be perfect - and these companies are in business to make money after all.
Obscurity is not the entire answer. But it should be part of it.
-- Jeff Shultz
On Thu, 19 Jan 2006 sgorman1@gmu.edu wrote:
Agree that a level of security is required, but the real value is in customers like banks knowing where their fiber is, so when they lease service for a back up provider they know it is not in the same ditch.
Does the bank actually need that information? Or does there need to be a way for the two providers to do conflict detection between their design layout groups? You don't need copies of all provider's fiber maps to do conflict detection for a particular group of circuits.
They need to know what the most resilient provider or combination of providers is to light up a set of locations. A data pool would not give you the data just the answer. I do not think the problem is with the design layout groups. They have the ROWs they have - there is little change in that currently. Nor is there much incentive to volunteer the information if it could possibly result in the loss of a potential customer. Currently there is no optimization of the diversity we have because the information is not available to the market to make an informed decision. As a result we have problems like during 9/11 when nobody realized that all the banks where using the same circuit to connect to the Fed for fund transfers. Simply put the customer needs the information to make the best decision. I don't think anybody would rely on the providers to make the best decision for them. Trust me I'll give you the best price I am just not going to tell you what it is or how that compares to anyone elses prices. Substitute diversity for price and you get the point. ----- Original Message ----- From: Sean Donelan <sean@donelan.com> Date: Thursday, January 19, 2006 5:34 pm Subject: cyber-redundancy
On Thu, 19 Jan 2006 sgorman1@gmu.edu wrote:
Agree that a level of security is required, but the real value is in customers like banks knowing where their fiber is, so when they lease> service for a back up provider they know it is not in the same ditch.
Does the bank actually need that information? Or does there need to be a way for the two providers to do conflict detection between their design layout groups? You don't need copies of all provider's fiber maps to do conflict detection for a particular group of circuits.
On Thu, 19 Jan 2006 sgorman1@gmu.edu wrote:
Agree that a level of security is required, but the real value is in customers like banks knowing where their fiber is, so when they lease service for a back up provider they know it is not in the same ditch.
Does the bank actually need that information? Or does there need to be a way for the two providers to do conflict detection between their design layout groups? You don't need copies of all provider's fiber maps to do conflict detection for a particular group of circuits.
I think - as both of you both know, this has little to do with security vs. being a savvy network consumer and asking for what you need to make your purchase. Be careful with the hyperbole, you'll create a new box or something. -M<
Jerry Pasker wrote:
The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works.
Let's look at this from another point of view: Should we remove all keylocks from backhoes so that everyone can have access to them? :-) I'm all for openness, but sometimes some things only need to be accessed and used by the professionals that need those things. I fully trust that the big network operators, the ones that really really do need this data, have all the info they need to plan their network expansions, etc. I don't need to see this data, even though I might want to. -Jim P.
Jim Popovitch <jimpop@yahoo.com> writes:
Jerry Pasker wrote:
The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works.
Let's look at this from another point of view: Should we remove all keylocks from backhoes so that everyone can have access to them? :-)
This analogy is faulty, but illuminating insofar as it illustrates the fallacy of putting up low bars to access that don't actually stop people who're willing to put a little bit of effort into beating it. Keylocks only work when your threat model is drunk fratboys or bored teenagers (which is not necessary a disjoint set). They aren't a significant part of the threat model for intentional fiber cuts. Any John Deere dealer will be able to supply you with a key that operates the vast majority of John Deere equipment of a certain type. Anyone who can plan ahead enough to order from eBay is in like Flynn. http://cgi.ebay.com/12-JD-Keys-3-John-Deere-Equipment-Key-Sets-NEW_W0QQitemZ...
I'm all for openness, but sometimes some things only need to be accessed and used by the professionals that need those things. I fully trust that the big network operators, the ones that really really do need this data, have all the info they need to plan their network expansions, etc. I don't need to see this data, even though I might want to.
Then don't look at it. :) ---Rob
Sean, This is a question of hierarchy of risk and scarce resource allocation. Fiber infrastructure is relatively well protected (by the ground), hard to damage (requires big machines), and has service restoration capabilities (routing protocols, optical ring protection, et al). A large scale (regional) telecom network outage is a big deal and can be economically devastating. However, its tough to pull off, and, more importantly, it takes time to do the damage. Walking into a Boston/NY/Chicago subway station with a vest packed with c4 at rush hour, is another ball of wax. Its easier to pull of 10 simultaneous suicide attacks against public transit than it is to induce a major regional telecom outage through fiber cuts, IMHO. If I was a terrorist, I'd rather try to take out points of fiber concentration, and my tool would not be a backhoe. I won't elaborate, but I think most folks can figure out a few modalities of attack. Too many people know where those points of concentration are and how to crack them open. I don't think restricting government information is going to help much. Scarce DHS resources should be applied elsewhere. - Dan On 1/19/06 1:00 PM, "sgorman1@gmu.edu" <sgorman1@gmu.edu> wrote:
While it is always fun to call the government stupid, or anyone else for that matter, there is a little more to the story.
- For one you do not need a backhoe to cut fiber - Two, fiber carries a lot more than Internet traffic - cell phone, 911, financial tranactions, etc. etc. - Three, while it is very unlikely terrorists would only attack telecom infrastructure, a case can be made for a telecom attack that amplifies a primary conventional attack. The loss of communications would complicate things quite a bit.
I'll agree it is very far fethced you could hatch an attack plan from FCC outage reports, but I would not call worrying about attacks on telecommunications infrastructure stupid. Enough sobriety though, please return to the flaming.
----- Original Message ----- From: Joe Maimon <jmaimon@ttec.com> Date: Thursday, January 19, 2006 12:01 pm Subject: Re: The Backhoe: A Real Cyberthreat?
Dennis Dayman wrote:
"In 2004, Department of Homeland Security officials became fearful that terrorists might start using accidental dig-ups as a road map for deliberate attacks, and convinced the FCC to begin locking up previously public data on outages. In a commission filing, DHS argued successfully that revealing the details..."
--MORE--
http://wired.com/news/technology/0,70040-0.html?tw=wn_tophead_1
-Dennis
This is really stupid. Assuming the terrorist actually have the dozens of backhoes needed to completely erase meaningfull internet connectivity in north america, they would probably prefer to use them to smash cars and kill people on the interstate highways or something.
Terrorist inflict terror by killing people, not by forcing internet explorer to display "page cannot be displayed".
Let us not assume that murderous terrorist are as dumb as people in DHS.
participants (15)
-
Daniel Golding
-
Dennis Dayman
-
Jeff Shultz
-
Jerry Pasker
-
Jim Popovitch
-
Joe Maimon
-
Joseph S D Yao
-
Martin Hannigan
-
Michael.Dillon@btradianz.com
-
Micheal Patterson
-
Randy Whitney
-
Robert Boyle
-
Robert E.Seastrom
-
Sean Donelan
-
sgorman1@gmu.edu