- By Grant Gross -
Imagine the Internet crashing in a big way, perhaps in a whole region of the United States, or a big chunk of Europe. Imagine at the same time the telephone service being interrupted, perhaps as millions of users overload the phone lines desperately trying to get an Internet connection.
That scenario may sound a bit doomsday-ish, but Internet outages have affected large chunks of real estate, and it's the job of people at the security-minded SANS Institute to wonder about such what-ifs.
A new project at SANS seeks to keep emergency communications working in the event of a large-scale outage, through a network of amateur radio operators. The Emergency Communication Network project, announced last week, is so new it doesn't yet have a Web site, but close to 300 amateur radio operators have expressed interest in working with the project.
Scott F. Conti, network operations manager at the University of Massachusetts and one of the leaders of the project, stresses that the project isn't attempting to replace Internet traffic -- amateur radio couldn't handle it -- but radios could transmit short emergency messages that could, for example, help an Internet service provider recover from a major outage.
"We've already seen several examples of these things happening," he says of the situations the ECN project is trying to protect against. "We certainly know what a distributed denial-of-service attack can do. We're just trying to come up with alternatives."
Stephen Northcutt from SANS, another project coordinator, says the scenario of a loss of Internet and telephone service doesn't seem that far-fetched if attackers become more coordinated.
"It only takes one time connecting to the Internet without protection and you don't even have to download a file to become infected," Northcutt says. "In the past, it was possible to run anti-virus software to clean up your system. Today, we have variations from which you cannot recover, the software equivalent of HIV, if you will. Once you are
infected, the attackers literally own your system and can use it for anything
they want including infecting others, and so the size of the problem gets
bigger and bigger.
"What does any of that have to do with ECN? Well, with enough
compromised systems under the command of attackers you could just about drop the
Internet," he adds. "If the Internet was impacted, would it affect the phone system? We
know that during hurricanes and earthquakes all available circuits have been
used up. This would be compounded by people like me that switch to phone dial-ins when my broadband connectivity fails. In fact, all circuits being busy
has happened during non-emergency times as well. So it isn't all that
likely, but a focused, coordinated attack could take out the Internet and as
a secondary effect, disable the phone system."
Instead of other options -- smoke signals aren't particularly efficient, Northcutt says -- the ECN would use amateur radios to pass along "do this" type of information or even samples of code. Amateur radio operators could also transmit Internet addresses of emergency information sources, or even HTML files. The data doesn't have to be voice -- in the early days of bulletin boards, several amateur radio operators ran entire BBSes on amateur radio networks.
The project leaders are already talking to amateur radio groups such as the Amateur Radio Relay League about the challenges in setting up setting up such a network and the legal issues. The project FAQ tries to head off questions about whether the network is an appropriate use for amateur radio.
"There are many restrictions that have to be considered, but I believe that this could be an
excellent use for Amateur Radio," Conti writes in the FAQ. "Hams have proven over and over that they can operate where and when no other communications service was
functional. As more of our critical infrastructure is connected to the Internet, the potential for disruption of multiple services increases as well. If important information needs to be passed in order to restore emergency services, and amateur radio is the only
way, it is going to be legal. Hams assist now when only cell service
Conti says the project is just getting off the ground, but the coordinators are looking for amateur radio operators to volunteer their services in more than a dozen locations worldwide, including Washington, D.C.; Melbourne, Australia; London; Kuala Lumpur; and San Jose, Calif. Ham radio operators wanting information about the project should send email to email@example.com with "Emergency Communications Network" in the subject line. The project has also established a discussion forum at http://www.sans.org/sansforum/.
Northcutt says he's been impressed with the technical expertise of the volunteers so far. "A lot of them really know computers and information security," he says. "I expect that we will find they aren't just an out-of-band network to connect the analysts that
need to respond to an attack, they will almost certainly be able to help in
the analysis as well."