Monday, October 3, 2011

The Internet Kill Switch

Some recent interest in the so-called “Internet Kill Switch,” that supposedly grants the President of the United States the authority to take “…unlimited and absolute control over all internet functions” as he sees fit due to an emergency situation.  Cutting off the internet as a means of protection against outside attack has been a holy grail for some time. Some years ago, while I was stationed in the Pentagon working in the C4I section, an experiment was conducted by the military to see if they could separate the unclassified military internet from the public internet. (See copy of proposed bill here.)

Short answer? The test failed due to various installations and bases having built in "back door" internet connections to enhance their access to the public internet in order to conduct required business. The military internet that was impacted, however, was the version upon which no classified information is stored.

Well, wait a minute, you may ask? I thought there were all these stories about hackers breaking into the Pentagon and compromising all sorts of classified information.  Not really.  Actually, the hackers got into sensitive information and perhaps some “For Official Use Only” material, but no information that was classified as CONFIDENTIAL or higher (SECRET or TOP SECRET) was ever compromised in that manner.

To explain, the government/military actually has at least three internets.

The unclassified internet, generally known as the NIPRNet (Non-secure Internet Protocol Router Network) is connected to the public internet by various routers. The domains are usually .mil or .gov. This network is the one that can be accessed from the outside or public internet.  If all is done correctly (and it apparently is not), all the government has to do is close the switches in those routers and the NIPRNet is cut off from the outside internet.  I am sure work is being done to tighten those connections, but I suspect there are uncontrolled points of access.

The second internet is the SIPRNet (Secret Internet Protocol Router Network) is the classified level internet, involving material up to SECRET. This network introduces a second level of domain such as .sgov or .smil. This network operates with a combination of software and hardware encryption. It is considered to be a strongly encrypted network and cannot be accessed from the outside unless the one attempting access has both the hardware and the software encryption.

The third level internet is JWICS (Joint Worldwide Intelligence Communications System), sometimes referred to as HIGH SIDE, is the TOP SECRET level internet. Separate from NIPRNet and SIPRNet, it is unreachable from either level, and also contains Sensitive Compartmented Information (SCI) of various classifications.

Access to SIPRNet or JWICS must be from the inside. The recent controversy over Bradley Manning and the State Department cables was one of inside access, not hacking in from the outside.

The NIPRNet, however, is a different case. The government and military must be able to access the public internet to do business, track cargo, and generally deal with the non-military public. Here is where network hacking/cracking goes on. Classified material, other than For Official Use Only, is not permitted on the network. While perhaps sensitive, it is not highly classified.

So, the lesson of this long story is that while shutting down the internet may be an interesting thought, due to the very decentralized nature of the beast, and uncontrolled internet service providers, it likely cannot be shut down entirely. While shutting down the major carriers will probably put a damper on it, I suspect there will always be holes that are not easily found or controlled. That is, indeed, why the internet project was developed in the first place...to enable communications to survive nuclear attack.
Enhanced by Zemanta