ESSAY – When computers were first connected to a network named ARPANET in 1969, no one imagined what this network could become, decades later. Funded by the U.S. Defense Department, ARPANET was a very exclusive network that used telephone lines to interconnect a few computers belonging to research institutes. Contrary to what some people imagined, ARPANET’s purpose was more academic than military. The idea was to facilitate sharing of research-related information. But as we moved into the 70s, new protocols like TCP/IP were developed to connect networks to networks — and the Internet was born. So TCP/IP was infused into ARPANET and by 1983 the Department of Defense made it standard for all military computer networking. But it was not until the 1990s that the Internet became commercial. The invention of the World Wide Web by Tim Berners-Lee in 1989 and the web browsers that followed (notably Netscape and Internet Explorer) led to massive use of the Internet. As we moved further into the 1990s it seemed like every business had to have a website. Meanwhile, governments were also connecting their computers to the Internet. And with the emergence of mobile phones a decade later, more people were connecting to the Internet, many of them bypassing personal computers and using their phones to access the Internet. Today, the Internet has expanded to such an extent, that it includes systems from governments, organizations, and billions of devices. It may be time to split the Internet, and I’ll explain why in this essay.
Two Worlds
Looking back, we see that there were two worlds — the analog world that emerged from the industrial revolution. And the digital world, enabled by the Internet.
The analog world of industrial control systems is a mechanical world with analog gauges, gears, levers, pumps, motors, hydraulics, pipes, cables, nuts, bolts, and anything physical conceived by engineers. It is governed by the laws of physics that have been known to mankind for decades — governed by the principles of light, heat, sound, atoms, molecules, and of course — thermodynamics, the physical properties of matter.
The digital world, is based on numbers. Just two of them, actually, zero and one. Or two states: On and Off. The “plumbing” comprises billions of transistors that act as switches, flip-flopping between the two states to form “gates” that control the flow of electrons — all this on a sliver of silicon within a microchip or microprocessor, or semiconductor (different names for chips). The digital world is powered by billions of microchips that are embedded in everything from computers, smartphones and home appliances to automobiles, planes, trains and spaceships. And these are all interconnected through — you guessed it — the Internet.
In that sense, there is a merger of the analogous and digital worlds. The merger of Operational Technology (OT) that governs the analog world, and Information Technology (IT) that governs the Digital world.
We will revisit this discussion on the merger of OT and IT later in the article, in the section on hyper-connectivity.
Today, the “plumbing” on the internet comprises a smorgasbord of routers, switches, servers, satellites, submarine cables, terrestrial lines, and phone networks. It’s wired and wireless.
All this is very convenient and good for us. The world is a smaller place as we can communicate with anyone, anywhere in the world for a fraction of what it would cost us to do so, say twenty or more years ago (remember trunk calls?). This is also enriching our digital experiences and we have access to information and services through apps and websites. We can do so many things without stepping out of our homes — shopping, paying bills, transferring funds, paying our taxes, entertainment, and even travel bookings.
Today, institutions like hospitals, banks, schools, and government agencies are connected to the internet. Signaling systems on highways and train lines use the Internet. And utilities like electric grids, gas supply chains, and water are also connected to the Internet.
Beyond viruses…
As the Internet evolved over the years, people began to misuse its infrastructure. In the early days of the commercial internet, the underworld misused it for activities like money laundering, illegal wire transfers, communication between gangs and drug cartels. But as more businesses started using the Internet for transactions, and business data was transmitted over the public Internet, hackers saw an opportunity. Businesses embraced digitalization, digitized records, and stored them in databases connected to networks. Hackers turned their attention to stealing intellectual property, business data, customer data, and financial records. To do that, they had to acquire logins and passwords to servers, and escalate the access to higher levels of authority — giving them more privileges to access exclusive data and systems.
New types of attacks emerged, like Denial of Service, phishing attacks, business email compromise, phishing, and ransomware. The attack vectors became more sophisticated. Hackers also launched attacks on business websites, injecting code into web pages (SQL Injection and Cross-Site Scripting), to steal customer login data and credit card details.
Then it began to get worse.
Is hyper-connectivity good?
After business systems were connected to the internet, it was a natural progression for various service and utility providers to connect their industrialized systems from the analog world as well. There was a development happening to preempt this — the merger of operational technology or OT from analog systems and Information Technology from digitalized systems. Sensors and microprocessors were mounted on traditional infrastructures such as machinery used in factories, oil rigs, fuel pumps, industrial control systems, water storage systems, agriculture and irrigation systems, traffic controls systems, health care equipment, logistics systems, and even consumer appliances like IP cameras, fridges, doorbells, and washing machines. These sensors recorded operational parameters to gauge the performance of these devices and systems. But this data had to be sent back to a server (on the cloud) for processing. So internet connectivity is essential. They call this Edge Computing — where data gathering and minimal processing occurs on the end device and more processing happens on the cloud with aggregated data.
IoT and edge computing are leading to a hyper-connected world — one in which almost everything is connected. While that presents opportunities like improved efficiencies, innovative customer services, and new revenue streams, it has a flip side too.
Whenever a technology revolution like this occurs, the bad guys notice, and then make plans to leverage it for financial gain. But it is not just enterprising hackers and hacking groups who are involved. Governments and military intelligence in nations are conniving with APT Groups in Russia, China, N. Korea, Israel, Vietnam, Uzbekistan, United States, and Iran. These groups employ sophisticated techniques to launch attacks on the critical infrastructure of their adversaries, to cause disruption. For instance, power plants in India have been targeted by Chinese hacking groups. And nuclear installations in Iran have been attacked too. The U.S. has faced several attacks from Russian APT groups, particularly during elections. Today, these groups are now turning their attention to stealing data related to vaccine research.
Attacks on critical infrastructure
The attacks on industrial control systems (ICS) have been increasing. A report from industrial cybersecurity firm Claroty suggested that around 70% of the ICS vulnerabilities discovered in the first half of 2020 could be exploited remotely.
Let’s take the example of the intrusion attempt in the city of Oldsmar’s water supply.
On the morning of February 5, around 8 a.m., an employee of Oldsmar city’s water treatment plant observed his cursor moving around the screen. This did not raise any eyebrows since his supervisor usually accessed his system remotely using TeamViewer software for routine maintenance work. The random cursor movement stopped in some time. However, nearly five hours later, the cursor started moving again and, this time, he could see someone remotely accessing the software, which controlled the chemicals used in treating the water before it is supplied to the entire city.
The employee saw the intruder changing the sodium hydroxide levels of the water supply from 100 parts per million to more than 11,100 parts per million. Sodium hydroxide is a chemical compound (also known as lye), which, if used in lower concentrations, regulates the acidity or the pH level of water, making it potable for domestic use and drinking. However, this compound needs to be controlled and regulated since its higher concentration can even damage human tissues permanently, within minutes.
However, the alert employee quickly took control of the system and brought the sodium hydroxide level back to 100 parts per million. The entire episode lasted a mere 3-5 minutes. Thankfully, it did not harm lives.
The poisoned water would not have reached the city taps of 15,000+ residents and local businesses before 24 hours. Meanwhile, the pH sensors of the water supply plant would have triggered some alarms that keep a check on such scenarios.
However, this example serves as a stern warning about the dangers of hyperconnected industrial control systems — and how someone could take control and cause widespread damage and loss of lives.
RELATED STORY
The World Faced These Cyber Threats in 2020: Group-IB
What needs to be done
Attacks on critical infrastructure will never stop unless countries sign treaties never to attack each other’s infrastructure while engaging in cyber warfare. The increased involvement of APT groups who engage in cyber warfare would make it extremely difficult to contain ransomware attacks. This was on the agenda for discussion during the June meeting between President Biden and Russian leader Vladimir Putin. There were similar discussions at the recent G7 meet in the U.K.
Nations view cyber warfare as another form of war without the loss of thousands or millions of lives — and definitely a huge saving on ammunition, fuel, and military expenses. And because these attacks employ sophisticated and stealthy techniques to cover digital footprints, it is not easy to attribute these attacks back to specific governments or military outfits.
So I think the only way to stop these attacks is to pull the plug on the Internet.
Remember the days of ARPANET in the late 1960s, where only a few institutions had exclusive access to the Internet?
Why split the Internet?
DNS Root Servers are the foundation of the Internet, and there are 370 in all, spread around the world. These are the most critical components of Internet infrastructure. The Internet would be unusable if these root servers went down. Because of heavy dependence on Internet connectivity, business operations would freeze; customers would be denied digital services; economies and stock markets would crash. That’s a single point of failure. What kind of redundancy do we have for root servers? You can read more on DNS root servers here.
Hence, the Internet needs to be segregated, with separate networks for government infrastructure, the military, hospitals, services, and utilities like energy and water. They do not need to be connected to the public internet.
A separate network for hospitals within a state, perhaps. And another for universities, energy, and transportation. Security needs to be built into the plumbing that interconnects critical systems — routers, switches, DNS servers etc.
Let me give you an analogy.
In a hydraulic system, there are valves that control the flow of fluids. We need a new security component that is the equivalent of a valve — to check the flow of data in either direction on the network. You might say a Next-Generation Firewall accomplishes that task, as it “inspects” the packets of data flowing through internet pipes. But hackers and malware can slip through firewalls, so clearly there are some inadequacies there.
Layered security on a network will tackle attacks that use multiple attack vectors.
Artificial intelligence and machine learning can also be applied here but should be done with due diligence. What can be done to prevent hackers from indulging in “data poisoning” to manipulate or game the algorithms?
But all this goes beyond technology.
A unified, global effort
Ransomware needs to be tackled on a global stage, with the involvement of governments, and organizations like Interpol, Europol, NIST, CERT, ACSC (Australia), National Cybersecurity Center (U.K.), and others.
It might take years for that to happen, but we need to make a start.
The Internet has grown too far and wide, and our infrastructure is too interconnected. Unless we segregate critical infrastructure and systems from the public internet, we will continue to witness more attacks and cyber warfare.
And that is why it is time to split the Internet.
This is an original essay and it may not be republished in part or full, without permission from the author.
