Biggest threat to Internet could be a massive virtual blackout

The most serious threat to the Internet infrastructure in the 21st century is a massive virtual blackout known as a "distributed denial of service attack," an outspoken board member for the group that administers Internet addresses said Thursday at a Hudson Institute briefing.

This type of high-tech ambush, which occurs when multiple compromised systems flood the bandwidth or resources of a targeted server to make Web pages unavailable, could be devastating for global online communication, said Susan Crawford of the Internet Corporation for Names and Numbers.

The most significant attack in recent years came on Feb. 6, when six of 13 root-zone servers were slammed by an army of "zombie computers," which were compromised by hackers, the Cardozo Law School professor said at the think tank event.

While the average Internet user's experience was not affected by the attack, the incident underscored the fact that there is no real oversight of those servers, whose components are backed up by other machines around the world, Crawford said.

Prevention of DDOS attacks will eventually mean "having fewer zombies out there," she said. "People are turning millions of PCs into weapons... and we don't have a lot of data about what is happening. Researchers are often operating in the dark," Crawford said.

The U.S. Computer Emergency Readiness Team and its facilitator, the Homeland Security Department, are largely reactive in their approach. "From the outside, it looks as if [DHS] doesn't really know what it's doing," she said. "They're trying, but many of their efforts lack timeframes for completion."

DHS also suffers from a high turnover rate among senior officials, but the agency now has Greg Garcia as its cyber-security czar, who is attempting to address the problem, Crawford said. He was previously vice president at the Information Technology Association of America.

Garcia has talked about the need for legislation but Crawford said she is "not convinced" that a new U.S. law can offer a cure for denial of service attacks because congressional action "is too local for the networked age."

Crawford advocated turning more attention and money to focus on prospective global educational efforts. A new multi-stakeholder entity "with a new, friendly acronym" might be the best solution, she said.

"None of the existing institutions will work," Crawford said. ICANN cannot do the job because its power is contractually based and too narrow, and the recently launched Internet Governance Forum is "highly political" and "not necessarily the best forum for a technical discussion of best practices," she contended.

Crawford added that improvements in routing security, which is "how packets go from one place to another," are also needed. A hacker could inject phony paths into a routing algorithm in order to intercept packets or trigger a DDOS attack. The susceptibility for such an assault grows as the size of so-called "routing tables" increases to accommodate the next-generation Internet known as IPv6, she said.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.