On June 24, 2019, millions of users across the world were unable to access a big portion of the web. Why? All because a small internet service provider (ISP) in Pennsylvania went offline. The root cause was an outage that was suffered by Cloudflare – one of the Internet’s biggest content hosts on which the affected websites relied.
Cloudflare ended up tracing the problem back to a regional ISP in Pennsylvania that had accidentally advertised to the rest of the Internet that the best available routes to Cloudflare were going through their small network. This led to a huge amount of global traffic going through the ISP and overwhelming their limited capacity, thus halting Cloudflare’s access to the rest of the Internet. In words of Cloudflare, it was the Internet equivalent of routing a complete freeway through a neighborhood street.
The incident has brought to limelight the vulnerability of the Internet. There were about 14,000 such incidents in 2017 only. This brings us to the question; shouldn’t Internet be designed so that it is capable of surviving not only minor setbacks but also the major catastrophes? Governing bodies, including the EU Agency for Network and Information Security (ENISA), have been warning against such incidents for quite some time.
Just like road networks, the Internet has its own intersections and highways that are comprised of cables and routers. The navigation system that is responsible for managing the flow of data around this network is known as the Border Gateway Protocol (BGP). The problem? The BGP was designed as a temporary fix solution when the Internet underwent rapid growth in the late 1980s. It was good enough to handle the expansion and soon became a part of the every backbone router that is used for the flow of data down the Internet’s principal pathways. However, it was not built with security as a primary factor. Furthermore, mechanisms for making sure that the paths BGP sends data down are valid were never added. This means that routing mistakes generally go undetected until they end in outages or congestion.
Then there are the issues of intentional-malice. Such issues have been known ever since 1998 when a group of hackers showed the US Congress how convenient was it to compromise internet communications. Despite that, very little has changed. Implementing the required solutions is as hard as changing the engines of a plane while it was in flight. The Internet has no centralized authority since different portions of the infrastructure are owned and operated by various entities. The most practical solution would be to come up with security protocols that do not require global coordination.
Nonetheless, it remains true that the Internet is currently a cyber Wild West. However, with the attempts that are being made, there is a high chance that we might soon change that.