Many commentators have noticed that the large market share of Microsoft’s operating system products creates a software “mono-culture” that raises concerns about security and reliability since a single piece of destructive code can affect hundreds of millions of the computers connected to the Internet. But few have recognized the fact that Cisco’s pervasive IOS is even more essential to the basic operation of the Internet, thus presenting a vast but seldom-noticed security risk to the entire global network.
Digital information, whether voice, data or video, travels across the Internet as collections of bits, called “packets.” Each and every packet includes the address of the source computer and the destination computer. Packets are thus self-contained; they do not depend on the packets sent before or after. Packets are like single-car trains—they can be routed along a variety of different paths in the network and yet arrive at the same destination address. If a particular path is blocked, some packets may be lost, but subsequent packets will “route around” damaged network nodes once adjacent routers recognize that a particular route is no longer working. Thus, physical destruction of network components would have to be widespread to significantly impede communications.
But software vulnerability is another matter. The software that controls the globally dispersed Internet hardware infrastructure represents an entry point for catastrophic network failure, an Achilles’ heel potentially exploitable by thrill-seeking hackers and also by cyber-savvy terrorists. Because routers, by definition, must accept and forward all traffic, they cannot be protected by firewalls or other screening and filtering devices. While the administrative side of the router network often is not publicly accessible, any errors in the software accessible from the public network would permit cyber-attacks that could crash the Internet.
Hackers and other assorted vandals traditionally have avoided targeting Internet routers. They have preferred to target high-profile institutions like Microsoft or the Pentagon. In order for hackers to continue to enjoy their worldwide “playground,” the Internet’s routing system must be left intact. And as most user hardware runs general-purpose operating system and application software such as Windows, Macintosh OS, or Linux, most computer viruses are written to target computers running it.
But terrorists have no stake in maintaining the underlying network. To the contrary, the most damaging attack that cyber-terrorists could launch would be one that crashed the global Internet. While crashing Internet routers might seem to be akin to sawing off the limb upon which one is sitting, cyber-terrorists can take advantage of a technique already perfected by hackers called a “distributed denial of service attack.” Terrorists would first use standard “software worm” techniques to infect hundreds of thousands of computers around the world with robotic attack software, and then trigger the attacks on the router infrastructure from thousands of attack vectors more or less simultaneously.
Even a 48-hour disruption of half the Internet would inflict immense economic and social disruption. Hundreds of millions of computers and users, every major corporation in developed countries and many elsewhere as well, depend upon daily Internet connectivity. Hacker attacks have already caused an estimated $10 billion damage in lost connectivity and expenditure of time and money to restore computers and network links. The economic impact of a successful cyber-takedown of Internet routers could be vastly greater. And the social disruption caused by loss of confidence on assured connectivity of vital network assets will linger long after network access is restored.
In the medium and longer term, Cisco’s compromised IOS software can be made more modular to minimize consequences of penetration, and other providers could deploy newer, more secure systems. Yet in the short-run these measures cannot foreclose potential vulnerability. Contingency planning by public and private institutions, as was done with the Y2K problem, could mitigate the impact.
An attack against Internet router software is the online equivalent of a “cyber-weapon of mass destruction.” If far less lethal than a physical WMD strike, a cyber-attack taking down the Internet would be a devastating economic event, one we must prevent from happening. Achilles’ mother was a goddess, yet even divine protection did not save him; routers built by mere mortals are even less secure.
John C. Wohlstetter and Mark Ryland are Senior Fellows in the Technology & Democracy Project of Seattle-based Discovery Institute.