The Conflict Of Net Neutrality And DDoS-Attacks!
So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow interfere with what content is sent over that line. It is simply critical from so many aspects.
Equally an ISP could potentially tamper with speeds or quality to charge more or less for other reasons. Like market dominance. Of course having too big of a slice of the pie can lead to similar issues. What if the merger of Comcast and Time Warner passes and one company controls 50% of the broad band market (over 25 mbps as per new FCC definition) in the US – or any other nation? While that monopoly, or best case oligopoly, cheers this case and states it will only be positive for the consumer – we can all see that it could only be good for one party and it certainly is not the consumer. Hopefully the FCC will make an equally sound decision in the case of this merger. Should it go through it would only be a matter of time until the giant would use its size to gain advantage against content providers for one.
Another aspect of net neutrality is a case when we might just want an ISP to step in. Let me explain. As I read how strength of DDoS-attacks have 50 folded over the last 10 years and I see firsthand customers going through various pains when attacked I can only wonder what the end game will be? Let’s take a step back.
Not Banking On It!
So while you can still send a check in the US – in Sweden I can’t get cash from a bank branch office anymore. Actually a bank really does not want to talk to you nor do they want you to come in to any branch office. They want you to use your phone and computer for all services – online. So what happens when I can’t reach my bank via the Internet? What happens when I can’t reach the hospital where they want you to make your appointment? What happens if other critical government agencies “disappear” from the internet for an hour, 10 hours or a week? How long before it is a crisis of greater scale? Not very long.
We have seen so many examples already. The writing is on the wall but what is done to improve the situation? For instance TeliaSonera (one of the few Tier 1 providers) were brought down only a few weeks ago by less than a hundred routers being hijacked and sending traffic in a certain way. Simple, effective and at zero cost and literally thousands of businesses were gone from the Internet for hours. When a Tier 1 provider is that vulnerable – imagine what lies beneath. Almost weekly some critical government services cannot be reached due to attacks. Sometimes brought down by teens having fun. The examples last year were plenty – and it will get worse.
Next Level Protection
As an infrastructure provider we can also see what larger companies are asking for. While the largest DDoS-attack was recorded at some 400 Gbps last year – some now want – or simply feel they need the protection capacity of 4-5 times that. Yes – multiple Terabits per second. Availability is everything and these types of attacks might be the biggest threat to that availability. Not many providers can offer broad protection (meaning both web, email and other services) at that level – if any. Cost for that protection? Unmanageable for the vast majority of companies as well as government agencies! What to do?
Is it even possible to protect? If you run one data center in one city – what is the capacity of that city as a whole? Many times we are not talking Terabits per second being the limitation of the capacity into a city.
Enter the role of the ISP. Sure we do not want ISPs to tamper with any traffic – however they have a great responsibility (and possibilities as well) in this problem which is a threat not just to services uptime but rather to whole economies. It is a matter of national security as well. There are three tasks ISPs should immediately engage in:
- Take responsibility of internal infrastructure
- Cooperation between ISPs and infrastructure providers
- Offer protection that works for a fair price to customers
No we do not necessarily want an ISP to automatically filter traffic –even when they think there is an attack. They do so only in cases when they are protecting their network as a whole. However there is plenty that can be done to improve the situation for their customers and the Internet in general.
By making sure ISPs have full control of internal equipment and customers inside their network – it will limit outgoing traffic that is many times part of attacks. It will secure their own networks and allow them not to tamper with any traffic in transit – yet improve the situation greatly. This goes for all ISPs as well as infrastructure providers.
Key is that ISPs start cooperating and discussing how more holistic solutions and work between ISPs can aid. ISPs need to understand that their own reputation is at stake by simply ignoring this critical path to limiting the potential disasters of these attacks. I also think standards beyond what companies such as Arbor already offer (i.e. signaling between providers) would be of great interest. How to communicate and signal between ISPs in a fully interoperable and automated way. Standardize how we work together.
The caveat here is that these attacks fuels ISPs business as much as it poses a potential risk. It leaves critical infrastructure vulnerable as there is little financial motivation to better the situation. Actually – lots of traffic through networks is a good thing for an ISP, right? I know at City Network we have tripled our spending with ISPs just to make sure attacks do not fill pipes at network entry points. Very positive for those selling pipes. As this is the case for all infrastructure providers – these attacks are hugely profitable for ISPs. Only if the ISP itself is hurt will they act. Customer being hurt is merely an upsell opportunity.
Pressure from Swedish PTS (An FCC like government authority regulating the ISPs) is now emphasizing the need for Swedish ISPs to start talking to limit the effects (after TeliaSonera again was taken down) of attacks in general. In meetings with PTS some Swedish ISPs have agreed to start talking. This is not a city or even national issue though. It is global and needs to be addressed globally. Does it really have to come to a government agency forcing these talks? As there is no financial incentive for the ISPs – I am afraid it could be so. If we do not want governments to be involved – let’s make sure the private sector takes the responsibility. ISPs – step up to the plate and start to engaging and discussing how we best let the Internet continue to thrive and with it – your businesses!
By Johan Christenson