How would you counter this type of denial of service attack?
In response to civil unrest, the Egyptian government appears to have ordered service providers to shut down all international connections to the Internet. According to the blog post at the link just above, Egypt’s four main ISPs have cut off their connections to the outside world. Specifically, their “BGP routes were withdrawn.” The Border Gateway Protocol is what most Internet service providers use to establish routing between one another, so that Internet traffic flows among them.
An attack on BGP is one of few potential sources of global shock cited by an OECD report I noted here the other day. The report almost certainly imagined a technical attack by rogue actors but, assuming current reporting to be true, the source of this attack is a government exercising coercion over Internet service providers within its jursidiction. Nothing I pick up suggests that Egypt’s attack on its own Internet will have spillover effects, but it does suggest some important policy concerns.
The U.S. government has proposed both directly and indirectly to centralize control over U.S. Internet service providers. C|Net’s Declan McCullagh reports that an “Internet kill switch” proposal championed by by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) will be reintroduced in the new Congress very soon. The idea is to give “kill switch” authority to the government for use in responding to some kind of “cyberemergency.”
We see here that a government with use “kill switch” power will use it when the “emergency” is a challenge to its authority. When done in good faith, flipping an Internet “kill switch” would be stupid and self-destructive, tantamount to an auto-immune reaction that compounds the damage from a cybersecurity incident. The more likely use of “kill switch” authority would be bad faith, as the Egyptian government illustrates, to suppress speech and assembly rights.
In the person of the Federal Communications Commission, the U.S. government has also proposed to bring Internet service providers under a regulatory umbrella that it could then use for censorship or protest suppression in the future. On the TechLiberationFront blog, Larry Downes has recently completed a five-part analysis of the government’s regulatory plan (1, 2, 3, 4, 5). The intention of its proponents is in no way to give the government this kind of authority, but government power is not always used as intended, and there is plenty of scholarship to show that government agencies use their power to achieve goals that are non-statutory and even unconstitutional.