Critical Infrastructure Research paper

Ch6.pdf

Home >Government homework help >Critical Infrastructure Research paper

111

Internet

The Internet uses the communication sector to link computers, cellular telephones, and tablets; transportation systems; water and power systems; and industrial control systems together. It extends the communication sector to applications such as the World Wide Web (WWW), email, video streaming, and face-to-face conferencing. A more precise technical defini- tion defines the Internet as a global network that uses Transmission Control Protocol/Internet Protocol (TCP/IP). While the Internet has been around for nearly 50 years, it began to spread like an epidemic only after TCP/IP was created and adopted by the U.S. Department of Advanced Research Projects Agency (ARPA and later Defense Advanced Research Projects Agency (DARPA)). TCP/IP is the lingua franca of global communications and the basic “building block of the Internet’s DNA.”

The Internet started as an idea on paper and grew into one of the largest man-made machines in the world. Experts fully expect that all 7 billion inhabitants of the globe will eventually be on the Internet—perhaps by the mid-2020s. But the spread of TCP/IP goes beyond the population of the planet. Billions more machines communicate via the Internet from automobiles, factories, power grids, gas and oil pipe- lines, water systems, and everyday products. The Internet will eventually connect more machines together than people— perhaps as many as 100 billion machines and 7 billion people will be linked via TCP/IP in the near future.

The global spread of TCP/IP and the confluence of com- puting and communicating is such an enormous topic that we devote an entire chapter to it. First, we briefly review the history of the Internet to prepare for following chapters on network and computer security. One of the most significant

aspects of the Internet is the way it came into existence and the culture that currently surrounds it. Curiously, the Internet has no centralized governing body. Instead, it is an open community of globally distributed users that govern them- selves. The sociology of this self-organized community is as interesting as the technology itself. But, how long will this culture exist as the Internet succumbs to the competitive exclusion principle?

It is necessary to understand the basic communication principles of the Internet before embarking on the subject of cybersecurity. However, if the reader has already mastered these basics, he or she may skip this chapter.

This chapter covers the following topics:

• Internet Age: Even though the Internet is much older than the personal computer (PC), it was not commer- cialized until 1992–1998. After that, it coevolved with the adoption of the consumer PC. Without the PC, the Internet may not have been as significant as it is today, and conversely, without the Internet, the PC might not have become as ubiquitous as it has. This coevolution propelled global societies into an Internet Age character- ized by extremely high connectivity, short time intervals between events, adaptability and flexibility, and global epidemics of ideas, political and social movements, as well as movement of products.

• Nonsecure: PCs and the Internet are inherently vulner- able: the hardware and software of PCs are the first link in information technology security. A breach of software security in one computer can spread, like an epidemic, to millions of other information systems—all through

Lewis, T. G., & Lewis, T. G. (2014). Critical infrastructure protection in homeland security : Defending a networked nation. ProQuest Ebook Central <a onclick=window.open('http://ebookcentral.proquest.com','_blank') href='http://ebookcentral.proquest.com' target='_blank' style='cursor: pointer;'>http://ebookcentral.proquest.com</a> Created from apus on 2020-12-10 18:55:14.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

112 INTERNET

the global connectivity provided by the Internet. While the Internet was designed to be redundant, it was not designed to be secure. And neither were the gateways to the Internet—the household PC, cell phones, tablets, industrial control systems, transportation systems, and other infrastructure that depends on the Internet.

• TCP/IP defines the Internet: The Internet is equivalent to the TCP/IP standard: networks that communicate in TCP/IP are considered “the Internet,” and conversely, the Internet is considered as any network that requires the use of TCP/IP. TCP/IP is rapidly becoming the universal protocol for electronic communication.

• The Internet is not new: The Internet grew out of ARPANet, which was a product of the Cold War: In 1969, the ARPA began a project that created the first “Internet” called ARPANet; ARPANet begat NSFNet and then merged back with NSFNet. The National Science Foundation (NSF), which ran the NSFNet for a time, was directed by the U.S. Congress to commer- cialize the NSFNet, in 1992. “The Internet” has become the consumer name of commercial NSFNet.

• Packet switching: The biggest idea regarding the Internet is that data should be packet switched rather than circuit switched as it had been for over 100 years in the telephone network. Packets are blocks of data that contain their destination and return addresses so they can travel through the Internet on their own. Packet switching is much more flexible and efficient than circuit switching.

• Pioneers: The Internet was invented by many people: Licklider (the visionary); Taylor (the manager); Baran, Davies, and Kleinrock (packet switching); Postel (names and addresses of users); Cerf and Kahn (TCP); Tomlinson and Roberts (email); Crocker (governance); Metcalfe (Ethernet IP); Postel, Mockapetris, and Partridge (domain name system (DNS)); and Berners-Lee (WWW).

• Redundant but not secure: The Internet was designed to be redundant: there are many alternate routes; packets are retransmitted when an error occurs; the global network rebuilds itself every day by updating a tree- structured network of DNS servers; TCP is a protocol that automatically routes packets around broken lines and reorders packets when necessary; and the Internet has its own built-in supervisory control and data acqui- sition (SCADA) system, called system network management protocol (SNMP), for monitoring the devices on the Internet. However, the Internet was not designed to be secure.

• Graphical browsers made it popular: The killer applica- tions that ignited explosive growth of the Internet are email and the World Wide Web (WWW). Marc Andreessen and Eric Bina created the first graphical user interface

WWW browser in 1993, called Mosaic, which set off consumer demand for WWW products and services throughout the world.

• Digital convergence: The Internet has unified the cod- ing of all forms of digital information. Email follows the higher-order rules of simple mail transport protocol (SMTP), and documents disseminated by the WWW follow the rules of hypertext markup language (HTML), hypertext transport protocol (HTTP), and extensible markup language (XML)—universal standards for the encoding and transmission of text, pictures, sound, motion pictures, and animations.

• An unregulated infrastructure: The Internet is not owned by anyone or regulated by any single govern- ment. Rather, it is operated and governed by its users— corporations and volunteers who exert influence through an open process called the Request for Comment (RFC). Most decisions regarding Internet policies and stan- dards are vetted through the Internet Society (ISOC) and its affiliated working groups such as the Internet Engineering Task Force (IETF) and World Wide Web Consortium (W3C).

• The Internet’s backbone has hubs: The WWW is vul- nerable to attacks on its hubs—primarily through the so-called tier-1 Internet service providers (ISPs), root servers, global top-level domain (gTLD) servers, and highly connected e-commerce servers. These are col- lectively called autonomous systems (AS). Almost all of the traffic passes through these AS. Therefore, even though there are billions of nodes in the global Internet, fewer than several hundred AS matter as far as security is concerned.

• The AS network is percolated: A network analysis of the top 500, 1000, and 2000 AS reveals a very high level of self-organization—the Internet’s spectral radius is high. As the number of AS considered rises from 500 to 2000, the spectral radius also rises, suggesting a high level of percolation. This means the Internet’s AS network has a very low tolerance for the spread of malicious software. The Internet is fragile due to percolation.

• A monoculture: The next step in Internet evolution is the “semantic web”—a WWW with meaning. XML displaced HTML—the original language of the web— because XML encodes meaning as well as syntax. The syntactic and semantic network, and its pervasive TCP/IP packet-switching protocol, is destined to unify all forms of communication including broadcast radio and TV, motion pictures, and telephony. This move to a universal and global standard is driving digital con- vergence—the consolidation of all forms of communi- cation into one monoculture. Monocultures are prone to extinctions.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

INTERNET AS A DISRUPTIVE TECHNOLOgy 113

6.1 Internet as a DIsruptIve technology

It should be noted that the Internet is the sum total of all TCP/IP networks that connect to one another. The WWW, on the other hand, is an application that runs on the Internet. These separate Internet ecosystems coexist in a symbiotic relationship, but the two are not to be confused, one for the other. WWW and web are synonyms, but the web and Internet are separate entities. The Internet—physical switches and nonphysical software protocols—consists of the hardware and software infrastructure upon which applications like the web operate. Think of the Internet and TCP/IP as the operating system and the web as one application running on top of the Internet operating system. High-order applications such as google’s search engine, Apple’s iTunes, Facebook’s social network, and Amazon’s online store are other applica- tions that also run on the TCP/IP platform. Together, they form yet another ecosystem that is dependent on both the Internet and web technology.

A disruptive technology displaces an existing or incum- bent technology and creates new markets and value chains. The Internet and applications like the web, Facebook, etc. have disrupted many industries because of the Internet’s global reach, low cost, and ubiquity. Much has been written about the disruptive nature of the Internet—a topic beyond the scope of this book. However, Table 6.1 is a short summary of many factors that impact society and critical infrastructure due to the disruptive nature of the Internet.

The leftmost column of Table 6.1 lists some typical classical ways of viewing the world prior to the Internet Age. It is characterized by physical assets such as buildings, force, energy, and planned futures. In the classical world, time and distance matter because they consume resources. Products and services consume energy, take up space, and take time to design, build, and distribute. The classical world is limited by energy, distance, and time but not so the Internet Age.

In contrast, the Internet Age disrupts the classical view of the world by supplanting many of its physical limitations with virtual products and services on a global scale. Online social networks dominate; entire populations of people are subject to waves of changing sentiment, which sometimes turn into epidemics—even pandemics. Flash mobs form, spread, and collapse after brief periods of popularity. The

rapid rise and fall of the Arab Spring, Occupy Wall Street movement, and fashion products such as cellular telephones come and go as fast as weekend box-office movies.

But the Internet culture is also adaptive and quickly changes when conditions dictate. Plans no longer work out, because the situation changes daily. Instead, society is con- stantly adjusting to a new reality. A striking example of the shifting landscape was demonstrated in 2011 when the first report of the bin Laden attack and assassination came from an observer—not the classical TV news channel:

Sohaib Athar, a 33-year-old Senior Partner at Algotrek Technology Consulting in Abbottabad often retreats into the Mountains with his laptops and Twitter account to get away from life’s cacophony in Pakistan. Early one Sunday morn- ing in May 2011, while enjoying the peace and quite [quiet] of the night, he heard a “window-shaking boom” a few miles away. He tweeted, using his Twitter alias ReallyVirtual, “I hope it’s not the start of something nasty” …. The bump in the night was one of four helicopters crashing moments before the assassination of public enemy number one— Osama bin Laden.

Athar was the first “reporter” to witness the raid on Osama bin Laden’s compound, and the first to tell the rest of the world … . Soon he had 61,829 Twitter followers—and even worse—fame… Athar published the top-secret raid 10 hours before anyone in the media even knew what was going on. [1]

The Internet is viral—it spreads to every part of modern life because TCP/IP is open and free and barriers to entry are nearly zero. In most countries, the cost of Internet regis- tration is less than the price of a meal, and yet the Internet provides instant access to the world. But, it has its downside: the Internet is embarrassingly open and nonsecure. It is alarmingly a monoculture, and it is highly percolated. Disruption works both ways—bad people can use it to disrupt the lives of good people as easily as good people can use it to improve people’s lives. Unfortunately, the Internet was designed to be easy to use but also easy to hack. Why?

The basic DNA of the Internet is a protocol called TCP/ IP. TCP/IP was never designed to be secure; hence, the first vulnerability of significance is in TCP/IP itself. TCP/IP is a simple protocol. Information is packaged in chunks called packets with a source and destination header. By default, the source and destination addresses—such as www.DHS.gov or www.Amazon.com—are in the clear, meaning they can be hacked. For example, a malicious user of the Internet can alter the contents of a packet to make it look like email was sent from www.Whitehouse.gov instead of www.TedsSteakHouse. com. This is called spoofing and allows online fraud.

The TCP/IP uses a very simple handshake to establish a communication link between two computers. When com- puter A wants to communicate with computer B, it must

table 6.1 the disruptive power of the Internet is shifting society from a classical to an Internet age

Classical Internet Age Example

Buildings, dollars Information google search Force, energy Messages, epidemics Sentiment Planned Adaptive Flash mobs Distance matters global Arab Spring Time matters Instantaneous Bin Laden attack

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

114 INTERNET

send a request. When computer B receives the request, it puts it in a list and returns a reply that says, “OK, send your data to me, now,” and then waits for the data to arrive. Meanwhile, computer A is supposed to start sending data to B. But what happens if the message never arrives? Furthermore, what if 10 million computers do the same thing to computer B? Computer B is required to save each of the 10 million requests in its memory and wait for messages that never arrive. Ultimately, this causes computer B to run out of memory and shut down. The SYN flood exploit is one of the oldest denial-of-service (DoS) attacks known in computing.

The Internet is fragile at the very lowest level of its infra- structure. The code for simple spoofing and DoS attacks can be downloaded from the Internet itself and used to damage it. These weaknesses are in the design of TCP/IP, itself. It is as if the human DNA was wired to accept cancer without an immune system to block the malicious cells.

Higher-order structures like email and the WWW are lay- ered on top of TCP/IP. Each of these layers has their own weaknesses, which add to the list of Internet vulnerabilities. At the highest layer, the Internet is composed of major com- ponents called AS or tier-1 ISPs that carry most of the traffic and hence pose a high-level network-wide vulnerability.1 Analysis of major AS suggests that the Internet is moving toward a self-organized criticality because of competitive exclusion and preferential attachment. The Internet is a scale-free network with very large hubs and critical links that accelerate the spread of malicious software such as viruses and worms.

The combination of an underlying monoculture (TCP/IP and other standards) that is driving convergence—the movement toward this single monoculture for all forms of communication—and the highly percolated AS network is making the Internet more fragile as its self-organized criti- cality rises exponentially. We know from biological systems that monocultures, self-organized organisms, and highly percolated complex systems are headed toward major col- lapse. Thus, the Internet Age is also an age of black swans with chaotic aftershocks.

6.2 the autonomous system network

The highest level of the Internet is organized into owner/ operator service providers called AS’s. An AS is roughly defined as a collection of Internet routers, switches, and servers under a single administrative control. A single AS may con- tain a single server or thousands of servers. It may connect to the Internet through one or thousands of connections. AS’s are numbered from 1 to over 4 million. To locate an AS, simply search on its number, for example, “AS1 or AS174.”

AS’s are major hubs in a hub-and-spoke architecture that forms a dense network. The nodes of this network are the AS service providers and the links are the peering routes connecting to other AS providers. These links may be uploads or downloads or both. We will not be concerned with the direction of the links, however. generally, all regions of the Internet are highly percolated, which suggests that the Internet is highly self-organized. This is illustrated by the fol- lowing study of the top AS nodes in the global Internet.

6.2.1 the as500 network

Figure 6.1 shows the network formed by linking the 500 largest AS’s in the Internet with their peers through 4564 routes. This is the so-called route list available through Cooperative Association for Internet Data Analysis (CAIDA) circa 2004. Overall, the CAIDA route list contained 42,000 AS and over 121,000 routes in 2004.2 An analysis of all 42,000 nodes is beyond the scope of this book. However, the fragility of the Internet relative to the spread of malicious software is easily revealed by a study of the 500, 1000, and 2000 most connected AS nodes.

The most connected nodes of the AS’s network shown in Figure 6.1 were created by searching all 42,000 known AS and deleting the least connected nodes. In this way, the remaining 500 nodes and 4564 links form an Internet back- bone, sufficient to study its resilience. The mean degree of the 500-node AS network is 3.42 connections, but its spectral radius is 14.9. This says the AS network is modestly dense

FIgure 6.1 The top 500 autonomous system servers in the Internet, circa 2004, arranged here according to their degree. High- degreed nodes are placed in the center, and low-degreed nodes are placed around the circumference.

1An AS is a collection of Internet routers, switches, and servers under a single administrative control, such as an ISP. 2http://www.caida.org

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

THE AUTONOMOUS SySTEM NETWORK 115

but highly structured. Accordingly, it is perched on the edge of self-organized criticality.

The top 10 AS nodes in Figure 6.1, and their degree, are:

AS701: Verizon—91

AS721: DOD—79

AS1239: Sprint—55

AS1: Level 3—50

AS209: Qwest—48

AS286: KPN—40 (Trans-Atlantic)

AS293: ESNet—40 (Energy Sciences Network—U.S. Nat’l Labs)

AS702: Verizon—33

AS2516: KDDI—29 (Japan)

AS1913: DOD—28

Similarly, the largest betweener routes are:

AS701 → AS715 AS701 → AS721 AS701 → AS702 AS721 → AS765 AS701 → AS714 AS721 → AS745

The largest betweener—AS701—has 91,552 paths running through it. Clearly, the competitive exclusion principle is at work in this sector. The largest AS operators, known as tier-1 ISPs, dominate the Internet. In 2013, there were only six tier-1 ISPs: Level 3 Communications, CenturyLink, Cable & Wireless Worldwide, UUNet, Sprint, AT&T Corporation, and genuity.3 A decade earlier, there were more than 100. gause’s law runs rampant on the Internet, because it is subject to very little regulation.

The AS network is highly percolated and structured, as indicated by its spectral radius that is many times larger than the mean degree in AS500, as well as larger versions of the AS network. For example, the spectral radius and fundamental resilience equations for 500-, 1000-, and 2000- node AS networks are:

500 14 9 0 97 0 48

1000 29 7 1

nodes

: . log . .

: . log .

ρ γρ ρ = ( )= − = ( )=

q 220 0 51

2000 63 9 1 11 0 79

− = ( )= −

: . log . .

γρ ρ γρnodes q

The critical vulnerability of each network is obtained by substituting spectral radius into the resilience equations above:

500 13 6

1000 7 9

2000 2 2

nodes

: . %

γ γ γ

= = =

Note how critical vulnerability decreases as the network increases in size. This suggests a linear increase in self- organized criticality as the size of the AS network grows. If the linear trend is projected to an AS network containing 40,000 nodes, critical vulnerability decreases to 0.15%. In other words, the Internet is vulnerable to malicious software exploits such as viruses or worms with infectiousness of only 0.15%.

The reason for such high-risk of infection in the global Internet is shown graphically in Figure 6.2. This core net- work was reproduced from the largest hubs and betweeners extracted from Figure 6.1. Local network neighborhoods are characterized by hubs with relatively high degree and betweener links connecting these high-degreed hubs. It is easy to infect the Internet, because hubs are superspreaders of viruses and worms.

Resilience against the spread of viruses can be achieved by reducing the size of these hubs or by hardening them against malicious software attacks. The likelihood of a malicious exploit passing through a hub or betweener link is much higher than average. Therefore, blocking the spread of such exploits at the hubs and betweeners is more effective than blocking at the desktop or handset level. Protection of

831 715

714

724

286174

702

704

701

Qwest

209

293

1239

2516

765

721

1451

745

DOD

Verizon

FIgure 6.2 Core of the AS500 Internet circa 2004 contains the highest-degreed nodes and the largest betweenness links.3https://en.wikipedia.org/wiki/Internet_backbone

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

116 INTERNET

individual PCs, cell phones, and tablets is far less effective than protection at the large AS hubs and links.

Similar conclusions can be drawn from an analysis of robustness. The Internet is extremely robust against link and node depercolation. For the AS500 network with a mean degree of 3.42 and spectral radius of 14.9, we can expect link and node robustness to be relatively high:

κ λ κ ρ

= − = = − =

1 2 42

1 1 93

/ %

An attacker would have to remove 0.42(4564) = 1917 links and select one of the 0.07(500) = 35 critical nodes to separate the AS500 Internet into islands. Which links are critical? The only way to determine this is by trial and error. On the other hand, the most connected nodes are the most likely to separate the Internet into disjoint components. Therefore, major hubs are the most critical nodes and the most easily identified targets.

6.3 orIgIns oF tcp/Ip

TCP/IP is the Internet and the Internet is TCP/IP. The story of how TCP/IP became the fundamental protocol of global information dissemination is a long and colorful one, but we will step through it lightly [2]. The purpose of this historical review is to prepare the reader for what comes later. If the reader is already familiar with the inner workings of the Internet, he or she may want to skip this section.

The Internet is another consequence of the Cold War between the former USSR and the West. The ARPA was formed by the U.S. government in response to the launch of Sputnik in 1957. The “missile gap” helped elect John F. Kennedy to the Presidency, and soon afterward, the United States launched the space program that put the first men on the moon. But there was one smaller step taken on the journey to the moon in 1969 that may have been just as important. What was to become the Internet was “invented” by employees of the ARPA and funded academics who built the first experimental Internet called ARPANet.

ARPA was, and still is, created for taking giant leaps forward to keep the United States technically ahead of its opponents. ARPA later became DARPA and initiated other forward-thinking ideas that would alter the world, but in its earliest days, it was focused on how to beat the Russians into space. The United States needed advanced computing capabilities—among other things—to make space explora- tion happen. The public relations similarity between the formation of ARPA and the formation in 2003 of the Department of Homeland Security is undeniable:

All eyes were on ARPA when it opened its doors with a $520 million appropriation and a $2 billion budget plan. It was

given direction over all US space programs and all advanced strategic missile research. (Page 20 in Ref. [2])

In 1962, J. C. R. Licklider moved from MIT to head the command and control program at ARPA. Licklider surrounded himself with colleagues from Stanford University, MIT, UC– Berkeley, and UCLA—whom he dubbed as the “Intergalactic Computer Network” group. In a memo to the Intergalactic Computer Network group 6 months after his arrival, Licklider expressed frustration with the lack of interoperability and standards among computer centers:

Consider the situation in which several centers are netted together, each center being highly individualistic and having its own special language and its own special way of doing things… is it not desirable or even necessary for all of the centers to agree upon some language, or at least, upon some conventions for asking questions as “What language do you speak?” (Page 38 in Ref. [2])

Thus was born the idea of networked computers. But it would be Licklider’s successor, Robert Taylor, who took the next important step. Taylor was frustrated with having to log in to three different computers from three different computer terminals—the so-called terminal problem. Instead of using separate terminals for different computers, why not link all computers together through a network and access each one from a single terminal? Computers should be just as easy to access as it is to call home through the telephone network.

Taylor convinced his ARPA boss to fund his project, arguing that his project would save money by solving the “terminal problem.” A nationwide university network would make it possible for researchers all over the country to share expensive mainframe computers. In 1965, computers cost millions of dollars—a price barrier that prevented many academics from using them. But if a few expensive mainframes were made accessible via a network, then thou- sands of researchers could share the limited number of expen- sive machines. In 1968, ARPA contracted Bolt Beranek and Newman (BBN) to build ARPANet—the first version of what would become the Internet.

Meanwhile, others were thinking similar thoughts. One of the most profound ideas occurred to two people at about the same time. Paul Baran and an Englishman named Donald Davies both came up with the concept of a packet—“message blocks” of data that could travel through a network on their own rather than be harnessed to a single circuit. Telephone networks were circuit switched, which meant that they communicated by connecting the sender and receiver together via a dedicated electronic circuit. The entire circuit was consumed for the entire conversation. And only one pair of users could use the circuit-switched connection at a time. This is very inefficient.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

ORIgINS OF TCP/IP 117

Instead, a packet-switched network can share its wires or radio waves with packets from many users—all at the same time. Packets find their own way through a network and are extremely efficient and flexible as compared to circuits, because multiple packets—all going to different destina- tions—can share a single circuit. This form of multiplexing made existing wires thousands of times more efficient.

Packets are “smart,” because they contain their own source and destination addresses, much like a letter that is sent through the U.S. Postal System. At each branch in the net- work, routing tables provide directions for where each packet should go next. Even if a portion of the physical network fails, an alternate path can be found and the packet rerouted. A simple algorithm was employed, called Open Shortest Path First (OSPF), which worked exactly as its name implies—by sending packets along the shortest, least congested paths. In this way, data communication becomes robust—a failure in one part of the network cannot disable the entire network.

While at UCLA working on an ARPA contract, Leonard Kleinrock not only conceived of packets, but he proved packet switching to be superior to circuit switching. His theoretical analysis reinforced the intuition of Baran and Davies. Not only was packet switching a good idea, but it was now theoretically sound. The stage was set for a rev- olution in data communications. But change takes time, so the obscure ARPANet would take a few more decades to realize its potential.

By 1969, the ARPANet consisted of four computers located at UCLA, SRI (Palo Alto), UCSB, and Utah. While extremely modest in terms of today’s Internet, this was enough to get a small group of pioneers to start thinking about governance and a user’s group. So, in 1969, Jon Postel started a list of ARPANet users, which eventually became the telephone directory of the Internet—the DNS.4 If you wanted to use the ARPANet, you had to ask Postel for a name and

address in cyberspace. Once your name and address were entered into the DNS, you became “known” to everyone on the network. Postel’s handwritten DNS was soon automated and is now the heart of the Internet.

6.3.1 Dns basics

On top of the physical structure of the Internet as defined by routers, switches, servers, and AS hubs and spokes, the Internet has a virtual structure defined by its addressing conven- tions. An Internet address—called a universal resource locator (URL)—is entered into the DNS, where everyone on the net- work can find it. Every device connected to the Internet has an address—its IP address. Furthermore, addresses are expressed as both a name and a number. Names have evolved into the familiar format of http://www.myname.tld, where http is shorthand for “hypertext transport protocol”, www means “World Wide Web,” and tlD means “top-level domain.” These names must be converted into a number before the Internet’s software can locate a device. For example, www.Amazon.com must be converted into an IP number such as 120.131.200.41.5 The Internet switches and servers use 120.131.200.41 like a postman uses your house address to locate your home.

DNS at various levels of the DNS convert every URL known to the Internet into an IP number (see Fig. 6.3). Name resolution takes place from the bottom up to the top of the hierarchy in Figure 6.3. For example, an email message sent to myfriend@earthlink.com must be converted by a DNS into a number such as 120.131.200.41. A local DNS attempts to convert the URL to its IP number. If a local lookup fails, the search moves up the hierarchy of DNS from local to regional and eventually to the root DNS server until the name is found in a DNS directory. If the name does not exist in the root DNS, then it is an invalid address. Invalid addresses are like bad phone numbers—they are ignored.

4Paul Mockapetris of USC/ISI invents DNS with the help of Jon Postel and Craig Partridge in 1983.

Root DNSs

gTLD DNSs

Local DNSs

nps.navy.mil orst.edu amazon.com ...whitehouse.gov

.gov ....mil.edu.com

Root DNS servers

FIgure 6.3 The DNS is a tree-shaped network of Internet user names and numbers.

5An IP number corresponds to the network and specific machine that is connected to the network.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

118 INTERNET

Over time, the DNS organization has become almost identical to the structure of the Internet, itself. DNS servers are organized in a hierarchical (tree) structure as shown in Figure 6.3 even though the physical structure of the Internet is a messy graph. In terms of emergence theory, the Internet’s addressing system has evolved into a virtual network with hierarchical structure.6 Initially somewhat random, the Internet is logically organized as a tree with named servers and devices stored in the DNS. At the top of this tree are 13 root DNS. Hence, the Internet has 13 hubs at its highest level—the most critical nodes in the network.

The exact location of the root DNS computers is classi- fied, because of their criticality. In the next chapter, we will examine an attack on the DNS root servers made in 2002, which led to their relocation to secret facilities. Their physical locations may be hidden, but their cyber locations are known. By convention, the 13 root servers are located in cyberspace at x.root-servers.net, where x is A, C, E, F, g, I, J, K, L, or M.

An additional 13 gTLD servers manage the “telephone directories” of the familiar .com, .gov, .edu, and other gTLD users of the Internet. Below these in the hierarchy are the millions of servers that connect desktop, laptop, cell phone, and tablet users to the Internet. Think of the DNS structure as a postal address where the zip code is equivalent to the gTLD and the street address is equivalent to the name of an organi- zation’s server. Therefore, myname@myserver.gtld is the address of a desktop computer connected to the Internet through a server named “myserver.”

The structure of the DNS is dynamic. Names and addresses are constantly being added and changed. Thus, the DNS “telephone book” is published several times a day, keeping the Internet current. This is one of the strengths of the Internet—it essentially rebuilds itself every few hours. Because the hierarchical tree-structured collection of DNS machines that maintain the DNS is constantly being updated, there is some redundancy in the network. Lower-level DNS server replicate the root server DNS information. This redundancy adds to the physical and logical resilience of the Internet, but detracts from its ability to withstand a cyber exploit, because it increases the likelihood of a malicious exploit spreading to adjacent systems. Oddly, redundancy makes computer viruses spread faster and further.

Registration of your name and address with Jon Postel became a tradition—and eventually a business—called Internet Assigned Names and Addresses (IANA). Postel was at the pinnacle of the IANA organization for 30 years until his death in 1998.7 He put the dot in “dot-com” and contributed to many other standards between 1969 and 1998. His name is associated with many Internet innovations as described in the following text.

6.4 Internet stanDarDs

Internet standardization started appearing very early in the history of the Internet. Steve Crocker of UCLA created a public process called Request for Comment (RFC), which became the major tool of Internet self-organization and decision-making. RFC 1 was issued by Steve Crocker on April 7, 1969, and describes the first Internet switch—called Interface Message Processor (IMP). All modifications to the Internet are vetted through an RFC. For example, RFC 688 documented a new standard for email in 1975. By 2004, there were over 3700 RFCs on record.8

6.4.1 email

All major steps in the evolution of the Internet are documented and assigned an RFC number. The major decisions governing the Internet today started with an RFC.

For example, in 1971–1972, Ray Tomlinson invented what we now know of as email, and Larry Roberts quickly improved on it. Tomlinson started using the “@” character to separate user name from computer and domain name in his email headers, for example, name@machine.com. This convention soon became the standard method of addressing email.

The first message was sent between two machines that were literally side by side. The only physical connection they had (aside from the floor they sat on) was through the ARPANET. I sent a number of test messages to myself from one machine to the other. The test messages were entirely forgettable and I have, therefore, forgotten them. Most likely the first mes- sage was QWERTyUIOP or something similar. [3]

Today’s email system is more complicated because it includes the ability to embed pictures and sound, and it handles attach- ments, which increase the vulnerability of the Internet to hacking. Originally RFC 822 (1982), the email standard was replaced by RFC 2822 in 2001.

6.4.2 tcp/Ip

A seminal event took place in 1973 that marks the technical beginning of the modern Internet. Vinton Cerf of Stanford and Robert Kahn of DARPA invented TCP—the protocol that defines how messages are formatted and sent across the network. TCP standardizes packet-based communications and goes even further—it defined how messages are sent reliably. Today, any network that uses TCP is part of the Internet. But in the period of time, 1973–1976, the term “Internet” was just beginning to be used by advocates of TCP. By 1976, DARPA required the use of TCP in ARPANet. Today’s TCP/IP is defined by RFC 791 (1981) and explained in a tutorial given by RFC 1180.6Virtual means logically related versus physical, which means physically

connected. 7http://www.postel.org/postel.html 8http://www.rfc-archive.org/

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

TOWARD COMMERCIALIzATION 119

TCP is the sequencing half of the TCP/IP. Its job is to reassemble packets after they arrive at their destination. An email message, for example, might consist of thousands of packets. Each packet may take a different route from source to destination and therefore arrive out of order. TCP puts them back in order and checks to make sure there are no errors. (If an error is found, TCP insists on a retransmission.)

Also during this period, Robert Metcalfe at Xerox PARC was working on a protocol for connecting computers together over a local area network (LAN). His solution led to the invention of Ethernet for LANs. This “LAN protocol” became the dominant LAN protocol and IEEE 802.3 stan- dard. Eventually, the novel ideas in Ethernet became the basis for IP—the other half of TCP/IP.

Ethernet was a significant advance because it overcame a limitation of TCP. When two or more computers attempt to send a message at the same time, an electronic collision occurs. Both messages are garbled because only one mes- sage can be transmitted at a time. Metcalfe proposed an ele- gant solution. Whenever a collision occurs, both computers try transmitting again after waiting a random length of time. Because the probability of the two computers waiting the same random length of time approaches zero as the number of retries increases, both computers eventually succeed in sending their messages.9

TCP wasn’t perfect—and still isn’t. But even as early as 1978, Vinton Cerf, Jon Postel, and Danny Cohen realized that TCP was trying to do too much. It was too big. So they decided to divide TCP into two parts: TCP and IP—thus TCP/IP was born. As the protocol took on more function- ality, it became necessary to further divide it and put differ- ent functions into different layers. TCP and IP are two of the seven layers that define the IP today (see Fig. 6.4).

The first layer of the IP (Layer 1: Physical) consists of a wire, optical cable, or some other physical device. The sec- ond layer (Layer 2: Data Link) defines the packet format and how to deal with collisions. Layer 2 is essentially Ethernet. The third layer (Layer 3: IP) is the “IP” part of TCP/IP and defines how packets are routed from sender to receiver. Inside of every Internet switch is a routing table that tells each IP packet where to go next. The next layer controls how IP packets are recovered at the other end. Layer 4 (Transport) can be implemented as one of two protocols: TCP or User Datagram Protocol (UDP). TCP guarantees delivery of all packets and reorders any packet that arrives out of order. It keeps track of the packet delivery order and the packets that must be resent. UDP is faster but less reliable as it does not guarantee delivery and does not bother to reorder packets. UDP can lose packets.

TCP is used for email and most Internet transmissions, and UDP is used for streaming media such as video and

audio, where a missing packet or two will not be noticed. UDP is fast because it does not have to reorder or retransmit packets. But UDP is less reliable.

The four-layer TCP/IP described earlier defines the modern Internet. In 1988, the International Standards Organization (ISO) released Open Systems Interconnect (OSI) standard—a competitor to TCP/IP. OSI defines three more layers: Layer 5 (Session), Layer 6 (Presentation), and Layer 7 (Application). Figure 6.4 shows all layers of the ISO/OSI standard. While ISO/OSI is the international standard, the popularity of PCs running TCP/IP, and the fact that most of the servers on the Internet run TCP/IP, means that the Internet is for all practical purposes, identical to the four-layer TCP/IP.

TCP/IP is the basic infrastructure upon which the entire Internet and WWW depends on. It is at the heart of the Internet’s DNA. Unfortunately, it is extremely vulnerable to many exploits ranging from simple DoS to malicious code disguised as an email attachment. TCP/IP was never designed to be secure, and in fact the opposite is true—it was designed to be simple and open. The lingua franca of the Internet is the first weak link in the global communication network we call the Internet.

6.5 towarD commercIalIzatIon

In 1981, the NSF established a research network based on TCP/IP called CSNet. It was aimed at serving the non- ARPANet users in the broader academic research community. Business was so good that CSNet was “outsourced” to MCI and renamed NSFNet. Then in 1990, ARPANet merged back with NSFNet! Once again, the Internet was whole—and interoperable with anyone that adhered to the TCP/IP.10

Application

Presentation

Session

Transport

Application protocol

Presentation protocol

Session protocol

Transport protocol

Communication subnet boundary

Application

Presentation

Session

Transport

Network

Data link

Network

Data link

Physical Physical

Network

Data link

Physical

Network

Data link

Physical

Layer

FIgure 6.4 The ISO/OSI standard protocol stack for the Internet consists of eight layers.

9This is called CSMA/CD or Carrier Sense Multiple Access/Collision Detection.

10Cisco Systems, one of the most successful companies to commercialize TCP/IP equipment, was founded in 1984 by Leonard Bosack and Sandra Lerner, who later sold their interests in the company for $170 million.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

120 INTERNET

Meanwhile, the Internet was increasing in value and popularity. Over 1 million users were paying subscribers by 1992. A National Research Council report chaired by Leonard Kleinrock suggested that the Internet be commer- cialized (at this time it was still the responsibility of the NSF). His report attracted the attention of Vice President Albert gore, and in 1999, the Vice President of the United States claimed parentage of the Internet in an effort to get elected President.11 In 1992, the U.S. Congress gave the NSF permission to commercialize the Internet. This began a 5-year process of transition that ended with the privatization— indeed the globalization—of the Internet.

A year later (1993), the number of subscribers had doubled to 2 million. The NSF created InterNIC to support the rapidly growing Internet and contracted with AT&T to maintain the DNS structure. In addition, the NSF awarded a 5-year contract to Network Solutions Inc. to sell domain names for $50/year. During this period, millions of people became subscribers—fueling the Internet Bubble that even- tually burst in March 2000.12

After spending $200 million from 1986 to 1995, the NSF outsourced the Internet DNS to four companies and turned the business of doing Internet business over to the U.S. Department of Commerce. In 1997, the Clinton administration directed the Secretary of Commerce to privatize the DNS, “in a manner that increases competition and International partic- ipation.” True to the Internet culture as Steve Crocker defined it, an RFC-like “White Paper” was circulated by the U.S. Department of Commerce. In 1998, the Internet was set free.

The rapid growth of the Internet since 1998 has been nothing but phenomenal. Metcalfe’s law explains the Internet’s explosive growth in terms of a network effect: the value of a communication network is proportional to the square of the number of connected users. given a network with n nodes, it is possible to connect every node to every other node through n(n − 1)/2 links. Rounding off, this means a network magnifies connections among users and devices by a factor of n2. Does Metcalfe’s law explain the rapid growth of the world’s largest communication system?

6.6 the www

Progress continued at a rapid rate throughout the 1980s and 1990s as the Internet coevolved with the rise of the PC. In 1979, there were 100 users of ARPANet. In 1984, the number had grown by a factor of 10–1,000 users, and another factor

of 10 brought the total to 100,000 users by 1990! But the number of Internet users would never rival that of radio or TV unless the Internet offered something more than connec- tivity. What the infant network needed was applications— or, better yet, the killer application.

In 1982, when Jon Postel established SMTP (RFC 821 and now RFC 2821) as the standard for doing email, the killer application of the Internet seemed to be email, because most of the data traveling over the Internet were email mes- sages. Even the defense, research, and university commu- nities used the Internet mainly for email. (This was a curious outcome, since the original purpose of the Internet was to share large centrally managed mainframes.)

The killer application for the Internet—the application that would ignite mainstream adoptions of networking— was invented by Tim Berners-Lee while he was working for the world’s largest particle physics research laboratory, Center for European Nuclear Research (CERN). In 1989, Berners-Lee invented the WWW—a network of hyperlinked documents accessible via the Internet. Then, he built the first browser and invented hypertext markup language (HTML) to support the sharing of hyperlinked documents across the Internet. His goal was to simplify the publication of research papers so that any physicist could disseminate his or her research electronically. What if an author could simply imbed a hypertext URL in any text document, so that another document could be selected and retrieved merely by clicking on the embedded hyperlink? This would simplify the retrieval of referenced papers, regard- less of where they were stored. One document could come from machine A, another document from machine B, and another document from machine C. Regardless of where the document lived, the collection of documents would pop up on the user’s screen as if it were part of one large collection.

The hyperlinked document idea was not new. Even so, Berners-Lee had to overcome the mind-set of the Internet, which was that networking was designed to connect com- puters to users and users to computers. The bigger the computer, the more users needed the network connection. But Berners-Lee had a better idea. Why not connect users to documents, regardless of where they were? Users wanted information, not connectivity to hardware. This was obvious in hindsight, but at the time, it was a contrarian’s view of what the Internet was good for.

Berners-Lee called his software a browser–editor, because it combined a text editor with a web of hyperlinked docu- ments. It provided a powerful tool for scientists, but it lacked the ease of use that consumers accustomed to a graphical user interface expected. What the WWW needed was a browser that worked like the graphical user interface on a Macintosh PC. If an ordinary consumer can use a PC, he or she should be able to use the WWW—and this required a simpler interface.

11During a March 1999 CNN interview, while trying to differentiate himself from rival Bill Bradley, gore boasted: “During my service in the United States Congress, I took the initiative in creating the Internet.” 12The Internet Bubble (1995–2000) was a period of economic excess where billions of dollars were invested in “dot-com” start-ups attempting to com- mercialize the Internet. A few of these start-ups survived, for example, Amazon.com, yahoo.com, and Ebay.com, but most of them went out of business, leaving many stock market speculators stunned.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

INTERNET gOVERNANCE 121

Marc Andreessen and Eric Bina developed the first graphical browser for the WWW while students at the University of Illinois—Urbana. Mosaic was a better mouse- trap, because it simplified the user interface. Originally developed on the NeXT workstation, the two students quickly ported it to the Macintosh and Windows PC. The WWW experienced explosive growth when Mosaic became available for Macintosh and PC computers.

Andreessen and Bina’s invention was more than an easier-to-use browser–editor. It enhanced the hypertext language invented by Berners-Lee in several important ways. According to Andreessen:

Especially important was the inclusion of the “image” tag which allowed to include images on web pages. Earlier browsers allowed the viewing of pictures, but only as sepa- rate files. Mosaic made it possible for images and text to appear on the same page. Mosaic also sported a graphical interface with clickable buttons that let users navigate easily and controls that let users scroll through text with ease. Another innovative feature was the hyper-link. In earlier browsers hypertext links had reference numbers that the user typed in to navigate to the linked document. Hyper-links allowed the user to simply click on a link to retrieve a document.13

Andreessen and Bina moved to California, cofounded Netscape Communications Corporation with money from Jim Clark, rewrote Mosaic, and called it Netscape Navigator. The trio built the first Internet Age company on top of the Internet infrastructure—Netscape Communications Company. The highly successful enterprise was sold to AOL in 1999, but for a brief time, it was the fastest-growing company in America.14 Even more significant, Netscape ignited the commercial Internet. At the time of its public offering in 1995, Netscape claimed 35 million users. Five years later, the Internet had over 250 million users—and 75% of them used Netscape’s browser.

A large installed base of PC users, an easy-to-use graphical browser, and a cleverly designed WWW all came together in 1995 to propel the Internet into the mainstream. During the 5-year period from 1995 to 2000, adoption of the Internet far exceeded the 30-year adoption rate of cable TV, 20-year adoption rate of the home computer, and the 15-year adoption rate of the VHS/VCR.15 The Internet achieved 50% market penetration in 5 years—an adoption rate that has yet to be beat by most other global products.

By the end of the dot-com bubble in 2000, most of the infrastructure we know of as the Internet was in place. Unfortunately, it is based on a TCP/IP monoculture sus- ceptible to cyber exploits and a highly percolated complex

system far beyond its self-organized criticality. This highly decentralized, self-organizing system has evolved to a highly fragile ecosystem under highly deregulated and open conditions. And yet, it is just as vulnerable and fragile as the overly regulated and highly fragile energy, power, and transportation systems that evolved under radically different conditions. It seems that self-organization is every complex system’s destiny.

6.7 Internet governance

A question often asked is, “Who owns the Internet?” Other infrastructure sectors are owned by corporations or jointly by public–private partnerships. Public utilities (water and power) are often pseudoprivate, meaning they are either heavily regulated monopolies or completely owned and operated by a municipality or metropolitan region. The Internet is different, because for one thing, it is a global orga- nization. Its governance resembles the United Nations (UN) more than Microsoft Corporation or the federal government. The “UN of cyberspace” is actually a loose collection of societies—mainly run by volunteers. Figure 6.5 lists some of the groups that play a major role in Internet standards, design, and ethics. This is a partial list, but it is the sustaining core that keeps the Internet going and evolving.

6.7.1 Iab and IetF

The Internet is an open society of many volunteer organiza- tions simultaneously contributing new ideas and technical recommendations for its evolution. It is a decentralized, free- wheeling society that evolves standards rather than dictates them. One of the earliest of these voluntary organizations was the Internet Architecture Board (IAB) formed by Barry Leiner. According to RFC 1120, the IAB:

1. Sets Internet standards

2. Manages the RFC publication process

3. Reviews the operation of the IETF and IRTF16

4. Performs strategic planning for the Internet, identifying long-range problems and opportunities

5. Acts as a technical policy liaison and representative for the Internet community

6. Resolves technical issues that cannot be treated within the IETF or IRTF frameworks

Perhaps the most significant influence on the Internet has come from the activities of the IETF, formed in 1986. Starting in 1969, technical decisions regarding the Internet were vetted by the user community using the RFC process established by Steve Crocker and the mediation powers of

13http://www.ibiblio.org/pioneers/andreesen.html 14In 1999, AOL paid $10 billion in stock for 5-year-old Netscape. 15It took 67 years for the public telephone to penetrate 50% of the homes in the United States. 16IETF, Internet Engineering Task Force; IRTF, Internet Research Task Force.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

122 INTERNET

Jon Postel. Through the RFC process, any individual or group has a voice in Internet governance. Anyone can propose a modification, which is vetted by the IETF. This process has been formalized by a series of RFCs and is standard operating procedure for the ISOC, IAB, and IETF, today.

This freewheeling approach to management shouldn’t work, but it does—perhaps because all successful RFCs are documented as Best Current Practices (BCP) and catalogued. RFCs are not mandatory, but rather prescribed. If they catch on and become integrated into the operation of the Internet, they are elevated to BCP. Indeed, the open culture of the IETF has permeated the entire Internet culture and has had a profound impact on the way the communication sector has evolved. Excerpts from the RFC 3233 below underscore two key features of Internet governance:

1. Its freewheeling—almost anarchical structure of governance.

2. The culture of the Internet has evolved over 30 years.

According to RFC 3233:

[BCP9], the primary document that describes the Internet standards process, never defines the IETF. As described in BCP11 (“The Organizations Involved in the IETF Standards Process”) [BCP11], the Internet Engineering Task Force (IETF) is an open global community of network designers, operators, vendors, and researchers producing technical spec- ifications for the evolution of the Internet architecture and the smooth operation of the Internet. It is important to note that the IETF is not a corporation: it is an unincorporated, freestanding organization. The IETF is partially supported by the Internet Society (ISOC). ISOC is an international non- profit organization incorporated in the US with thousands

of individual and corporate members throughout the world who pay membership fees to join. The Internet Society pro- vides many services to the IETF, including insurance and some financial and logistical support. As described in BCP11, Internet standardization is an organized activity of the ISOC, with the ISOC Board of Trustees being responsible for rat- ifying the procedures and rules of the Internet standards process. However, the IETF is not a formal subset of ISOC; for example, one does not have to join ISOC to be a member of the IETF. There is no board of directors for the IETF, no formally signed bylaws, no treasurer, and so on.17

As the number and scope of topics handled by the IETF broadened, the Internet Engineering Steering group (IESg) was established by RFC 3710 to manage the expanded number of working groups:

The Internet Engineering Steering group (IESg) is the group responsible for the direct operation of the IETF and for ensuring the quality of work produced by the IETF. The IESg charters and terminates working groups, selects their chairs, monitors their progress and coordinates efforts between them. The IESg performs technical review and approval of working group documents and candidates for the IETF standards track, and reviews other candidates for publication in the RFC series. It also administers IETF logis- tics, including operation of the Internet-Draft document series and the IETF meeting event.18

Most decisions that deeply affect the technical evolution of the Internet come from the IETF, which are ratified by the ISOC and implemented by vendors. It is a remarkably

World Wide Web

W3C web standards www.w3c.org

Commercialization

Internet Governance

ISOC Internet Society

IAB Internet Architecture Board

IESG Internet Eng’r Steering Group

IETF Internet Eng’r Task ForceUS Dept of Commerce

NTIA National Telecom &

Information Administration

ICANN Internet Corp. for Assigned

Names & Numbers

Verisign NSI ... Etc.

FIgure 6.5 The core of Internet governance includes W3C, ISOC, IETF, ICANN, and related agencies, both within the United States and globally.

17http://www.faqs.org/rfcs/rfc3233.html 18http://www.faqs.org/rfcs/rfc3710.html

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

INTERNET gOVERNANCE 123

decentralized and unfettered system that has reinforced the freewheeling culture of individuals, groups, and corporations that collectively comprise Internet governance. Most of the political and international governance of the Internet come from Internet Corporation for Assigned Names and Numbers (ICANN)—the governing body set up by the U.S. government when the Internet was spun out of the NSF in 1998.

6.7.2 Icann wars

The relatively self-governed Internet community does not always run itself without acrimony. In fact, there has been an abundance of disagreement over how the Internet should evolve, especially after it was set free by the U.S. government. Most conspicuously was the so-called ICANN Wars, which raged for years after the commercial Internet was born in 1998.

In June 1998, the U.S. National Telecommunications and Information Administration (NTIA) published the White Paper (Management of Internet Names and Addresses) in response to public comment on the Green Paper—an RFC- like proposal on how to commercialize the Internet. The NTIA proposed formation of a nonprofit corporation—the ICANN, which subsequently assumed responsibility for management of the DNS, allocation of IP address space, specification of protocols, and management of the root server system. ICANN does not register domain names itself. Instead, it delegates that responsibility to national registrars.

19 directors who are broadly representative of the Internet community govern ICANN. Most members are appointed by their supporting organizations, but some are elected by members-at-large. For example, in 2003, the members of the ICANN Board were:

Internet pioneer Vinton Cerf (Chair)

Mexican academic Alejandro Pisanty (Vice-Chair)

European lawyer Amadeu Abril i Abril

California lawyer Karl Auerbach

Brazilian businessman Dr. Ivan Moura

U.S. businessman Lyman Chapin

Canadian lawyer Jonathan Cohen

Mouhamet Diop

Japanese businessman Masanobu Katoh

Netherlands businessman Hans Kraaijenbrink

Korean academic Dr. Sang-Hyon Kyong

Dr. M. Stuart Lynn (ICANN President and CEO)

german journalist Andy Mueller-Maguhn

Japanese academic Dr. Jun Murai

Dr. Nii Narku Quaynor

german businessman Helmut Schink

Francisco A. Jesus Silva

U.S. academic Dr. Linda Wilson

ICANN was envisioned to be more than an “FCC of the Internet” but fall short of “owning the Internet.” But exactly what was the scope of ICANN’s powers? In fact, a number of independent groups had other ideas about ICANN’s power over the Internet. This difference of opinion evoked the ICANN Wars.

Dan Schiller—author of Digital Capitalism—called ICANN an “unelected parliament of the Web” [4]. Karl Auerbach—ICANN Board Member in 2003—complained that ICANN was “essentially an organ of the trademark lobby.”19 Others accused ICANN of establishing policies that negatively impacted free expression and favored commercial interests over personal privacy. Milton Mueller lamented that the net’s “role as a site of radical business and technology innovation, and its status as a revolutionary force that dis- rupts existing social and regulatory regimes, is coming to an end” [5]. Criticism was not restricted completely to business. Network Solutions Inc.—the company that received a 5-year contract (1993–1998) to perform ICANN-like services on a temporary basis until the Internet was commercialized— complained in testimony to Congress that ICANN was out to destroy its business.

By the time you read this, ICANN may have been replaced by another international body. More than 200 leaders from government and business attended the global Forum on Internet governance, held in 2004 by the UN Information and Communication Technologies (ICT) Task Force. The purpose of this meeting was “to contribute to worldwide consultations to prepare the ground to a future Working group on Internet governance to be established by Secretary-general Kofi Annan, which is to report to the sec- ond phase of the World Summit on the Information Society.”20 The UN—like so many other industrial age organizations— was slow to understand the significance of the Internet. But once they “got it,” they began to organize their own brand of governance. The UN created the Internet governance Forum (IgF) in 2006 to continue the work of the World Summit on the Information Society (WSIS). The IgF brings together stakeholders from government, industry, and civil society to discuss Internet governance issues at its annual meetings.

6.7.3 Isoc

In 1992, soon after Congress directed the NSF to commer- cialize NSFNet, Cerf and Kahn formed the ISOC, which has evolved into an umbrella organization, embracing social as well as technical issues.21 Some topics of concern to ISOC are:

• Censorship

• Copyright

19http://www.icannwatch.org/ 20http://www.circleid.com/channel/index/C0_1_1/ 21http://www.isoc.org/

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

124 INTERNET

• Digital divide

• DNS

• E-commerce

• Encryption

• Privacy

• Public policy

• Security

• Societal

• Spam

6.7.4 w3c

The startling success of the WWW and commercialization of the Internet prompted Berners-Lee and Al Vezza to form W3C to create WWW technology and standards in 1994. According to the W3C, its charter is to formally nurture the web as the Internet has traditionally been nurtured by volunteers. The Internet is a highway; the web is a transportation system:

The Web is an application built on top of the Internet and, as such, has inherited its fundamental design principles.

1. Interoperability: Specifications for the Web’s languages and protocols must be compatible with one another and allow (any) hardware and software used to access the Web to work together.

2. Evolution: The Web must be able to accommodate future technologies. Design principles such as sim- plicity, modularity, and extensibility will increase the chances that the Web will work with emerging technologies such as mobile Web devices and digital television, as well as others to come.

3. Decentralization: Decentralization is without a doubt the newest principle and most difficult to apply. To allow the Web to “scale” to worldwide proportions while resisting errors and breakdowns, the architecture (like the Internet) must limit or eliminate dependencies on central registries.22

The W3C has more profound objectives than making sure the web is healthy. It seeks to take the web to its next level. The WWW and its underlying HTML provided a standard syntax for information, but it did not define the semantics of the information. A “sentence” in HTML could be syntac- tically correct but meaningless. For example, the English sentence “The four sides of a square are circles” is syntacti- cally correct but meaningless. So, Berners-Lee set about to add meaning to the WWW. In 1996, W3C began working on XML and the “semantic network.”

XML consists of three major parts: a language for encoding information, both as a document and as a message; extensible

style language (XSL) software for rendering the information on a display (browser, printer); and data type definition (DTD), a language for specifying the meaning of the information. Think of XML as a language (English, French, Italian), DTD as a dictionary, and XSL as an interpreter. Whenever an XML message is received, the receiving com- puter looks into a corresponding DTD to find the meaning of the tags in the message and then uses XSL to render the message on the user’s screen. This is like an English-speaking person using an English-to-French dictionary to parse and understand French.

Today, all browsers support XML. In fact, XML is the technology used to solve many homeland security problems such as interoperability between different computer sys- tems, sharing of information among people with different levels of security, and data mining to extract meaning out of databases.

By 1998, the Internet had matured to the point where it could be privatized. The NTIA (within the U.S. Department of Commerce) produced a “green Paper” describing how the Internet should be governed and how to transition the DNS to private ownership and proposing how to add more gTLDs (such as .tv for television), how trademarks should be honored as Internet names, how to reduce the $50 DNS registration fee to $20, and how to set aside 30% of the revenues from DNS registration for the Intellectual Infrastructure Fund (IIF). The green Paper formalized Jon Postel’s operation and created ICANN to sell blocks of names to several authorized resellers.

6.7.5 a Final example

To summarize how the Internet works, suppose we follow an email message with an attachment, as it goes from the sender in the upper left-hand corner to a receiver in the lower right-hand corner of Figure 6.6. This message is formatted according to a number of RFC-defined protocols, chopped into packets, and routed through a variety of switches as each packet finds its way through the network. The packets may arrive in any order at the receiver, where they are put back into order and presented to the recipient.

Step 1: Encoding the message: The email message is converted into plain text, HTML, or XML on the desktop machine, and its attachment is “wrapped” inside of a MIME-formatted message so that it is recognized as an attachment. The SMTP protocol defines how the email is handled as it travels through the network. It is important to tag both message and attachment, because they may contain text, pictures, audio, and video information. Each of these types must be handled differently on the receiving end. Step 2: The desktop sender’s machine is connected to the Internet through an edge router and LAN that communicates in TCP/IP—or UDP if the data is streaming audio or video. So the email and its attachment must be further broken down 22http://www.w3.org/

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

INTERNET gOVERNANCE 125

into packets—TCP/IP or UDP packets. These packets encapsulate the data as well as the source and destination addresses of sender and receiver. But these addresses are in the form of Myname@mymachine.mydomain, instead of an IP address such as 131.200.13.2. So the nearest DNS “tele- phone book” is consulted to translate the symbolic address from Myname@mymachine.mydomain into 131.200.13.2. Now each packet can be given an address and sent out through the edge router to an ISP. Step 3: The ISP provides an onramp to the faster backbone of the Internet. High-speed lines (45 Mbps) and fast switches like Asynchronous Transfer Mode (ATM) route the email as individual packets along the backbone of the Internet. They use the OSPF protocol and Border gateway Protocol (BgP) to select which routes and physical lines to use. The ISP is an AS that manages a group of switches and routers. The email packets must cross borders—from the AS managed by the sender’s ISP to the AS managed by the receiver’s ISP. The BgP rules govern this “border crossing” and routing of the email. In addition, OSPF does exactly what its name implies: using tables stored in the Internet’s ATMs, it selects the shortest available path first. If the shortest route changes in midstream, one packet may take a different path than another. In fact, the packets from the sender’s email message may arrive in different order because they took different paths through the network. If the TCP protocol was used, then TCP puts the out-of-order packets together again at the receiving end. If UDP was used, the out-of-order packets are discarded. In addition, if a packet is lost, TCP demands that it be sent again, which delays the message, but assures that the entire email message arrives intact. Thus, the routing information that essentially defines the network structure of the Internet is established and updated using BgP. Step 4: The packets travel across fast lines and ATM switches as they work their way across the network toward the recip- ient. Switches and transmission lines need to be maintained just like any other physical equipment. But the switches and

routers are manufactured by different companies and may work in different ways. SNMP is an agreement among all manufacturers on how their devices will be managed. SNMP uses UDP to query and modify the behavior of every device in the Internet. SNMP is the Internet’s “in band” SCADA network.23 If something goes wrong, an SNMP agent signals this error condition so that the network operation center can take corrective action. Without SNMP, various devices from miscellaneous vendors would not work together, leading to interoperability chaos. Step 5: The packets arrive at the recipient’s desktop and are assembled into proper order according to the rules of TCP. Then the assembly process works its way up the ISO/OSI “stack.” The SMTP and MIME protocols are worked in reverse order. The TCP packets are grouped into strings of HTML, XML, or pure text. Images and sound are tagged so that an application can recognize them as such. As the email is reconstructed and tagged, it is stored on the recipient’s disk drive as a formatted file. Clicking on it causes the appropriate application to open and read the message in the correct format. Note that the email and its attachment can be anything—data, programs, and attachments contain- ing audio, video, and pictures. In fact, the attachment can be a malicious program designed to exploit your open system.

This example illustrates the use of routers and switches. generally, switches (Layer 4: TCP) move packets between routers and switches—typically backbone networks. Routers (Layer 3: IP) move packets between local area routers and switches—typically within a LAN network. Switches are faster and more expensive and so they are used more in backbones. Routers are slower but cheaper, so they are used more in LANs. Routers and switches are managed from a distance, using the SNMP protocol and network operation center software.

23Supervisory Control and Data Acquisition.

Home/office user sends E-mail

Home/office user gets E-mailHome/office user

gets E-mail Home/office user

gets E-mail

EtherNet LAN

Backbone Backbone

Backbone

ISP

Edge router

DSL lineBackbone

Backbone

Edge router

DSL line

ISP

T3 line 45 Mbps

ATM Switch

FIgure 6.6 Example of an email message as it travels through the Internet.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

126 INTERNET

6.8 analysIs

The technical structure of the Internet is a global network containing highly concentrated hubs that are critical to the operation of the entire sector. But understanding the technical structure of the Internet and WWW may be a small challenge compared to understanding the organizational and regulatory challenge posed by this vast infrastructure. The question of Internet ownership remains complex at the time of this writing. It does not belong to anyone or any company. Rather, it operates through a convoluted social network of volunteers, nonprofit organizations, government agencies, and for-profit corporations. It is a global social system—not controlled or augmented by any single government.

On the other hand, the competitive exclusion principle is evolving Internet ownership toward a handful of corpora- tions. This process is governed by gause’s law, which sug- gests that it is inevitable that Internet ownership will eventually fall into the hands of one or a small oligopoly of corporations. This direction is contrary to the open and unincorporated culture of the Internet and its volunteers. Will there eventually be a clash?

The Internet has been called the “information super- highway,” but it is radically different than the federally funded Interstate Highway System. It does not receive subsidies, nor is it considered a natural monopoly, even though the entire U.S. society depends on the Internet as much as it does the Interstate Highway System. Destruction of the Internet would have severe consequences on the national economy. And yet there is no police force, fire department, or security force responsible for the Internet’s safety or security.

The Internet has been called the most significant advance in human communication during the past 500 years.24 And yet the FCC does not regulate it like radio or television, nor is it managed like roads, bridges, or power grids. Analog spectrum for radio and telephone broadcast (and cell phones, too) is sold to the highest bidder for billions of dollars by governments around the world. According to the FCC, the electronic spectrum belongs to the interstate public and thus is subject to federal oversight. The Internet, on the other hand, is not regulated by any federal agency. Anyone can buy broadcasting rights for $20/year. ICANN and its autho- rized resellers literally give away one of the most valuable rights in human history—the right to broadcast to everyone in the world without a license.

The Internet has been compared with a global publishing and printing machine and a global vending machine. It pro- vides merchants a global distribution channel that will soon reach all of humanity—for minimal cost. This has enormous consequences for e-commerce, societal change, and func- tioning nations. So far, no major government has imposed

taxation on the Internet, and only minimal restrictions have been placed on spam, freedom of speech, and pornography. Will the UN react to this unprecedented freedom of expres- sion? Will the Internet be banned in major parts of the world? And if it is, what does that mean to modern societies that are increasingly dependent on the Internet Age?

Like many other technological advances before it, the Internet and WWW have been exploited for both good and evil. The WWW supports human networks consisting of both terrorists and pen pals. It has been a vehicle for positive social change as well as social unrest. The Internet is destined to have a major impact on critical infrastructure sectors ranging from lifeline sectors (water, food, communications, and energy/power) to higher-level sectors such as public health and emergency services—and all the sectors in between.

The Internet is quickly becoming the most fundamental critical infrastructure—as critical as food, water, and power— because digital convergence is merging all communications together. TCP/IP is the fundamental monoculture under- lying these other infrastructure sectors. So whether the infra- structure sector is water, power, energy, emergency services, public health, agriculture, defense industrial base, critical manufacturing, or key resources such as nuclear power plants and government buildings, the Internet has emerged as the most vital component. This heavy reliance on TCP/IP makes the Internet the most critical of all critical infrastructures.

6.9 exercIses

1. What is the Internet? a. Any digital network b. Any packet-switching network c. Any TCP/IP network d. Any Ethernet network e. All of the above

2. What is an Internet Protocol? a. Rule for communication between networked devices b. IEEE 802.11 standard c. ARPANet predecessor to the Internet d. A Microsoft product e. Rules proposed by Al gore, Vice President of the United

States

3. In terms of DNS structure, the Internet is shaped like a: a. Hierarchical tree b. Mesh or grid graph c. Random graph d. Hamiltonian graph e. Complete or full graph

4. Packet-switching networks were studied and invented by: a. Kleinrock b. Baran c. Davies

24One can easily argue that the printing press was the most significant advance in communication prior to the Internet.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

REFERENCES 127

d. All of the above e. None of these people

5. Which of the following is an example of an Internet gTLD? a. .com b. name@earthlink.com c. An email attachment d. An email format e. www.CHDS.us

6. What does a DNS do? a. Registers user names b. Runs the Internet c. Translates a URL into an IP address d. Rebuilds the Internet e. Implements TCP/IP

7. Who invented and sent the first email? a. Ray Bradbury b. Ray Tomlinson c. Larry Roberts d. Ray Robinson e. Jon Postel

8. Which of the following is true? a. Originally, TCP/IP was TCP. b. The ISO/OSI dictates what protocol is used by the

Internet. c. TCP/IP is the same as the ISO/OSI transport layer. d. All Internet routers and switches use HTML. e. UNIX is the operating system of the Internet.

9. How much did the U.S. government spend on the Internet during the period 1986–1995? a. $200 million b. $1 billion c. $1.5 billion d. $5 billion e. Nothing (it was commercialized by then)

10. Which protocol guarantees delivery of packets over the Internet? a. UDP b. TCP c. IP d. DNS e. SNMP

11. Which of the following government agencies commer- cialized the Internet? a. NTIA b. ICANN c. IANA d. IETF e. ISOC

12. Which one of the following is true? a. Internet governance is top-down, from the ISOC to

the IETF. b. Internet governance is up to the U.S. government. c. Internet governance is mainly through international

volunteer organizations. d. Internet is owned by the IT-ISAC. e. Internet operation is regulated by the FCC.

13. Which one of the following is true? a. The WWW and Internet are the same thing. b. The WWW is software. c. W3C and ISOC have overlapping powers. d. XML is an extension of HTML. e. None of the above are true.

14. Three routes exist between the sender and receiver of an email message in Figure 6.6. What happens if parts of one email message are sent along one route and another part is sent along a second route? a. The entire email message is retransmitted. b. The switches and routers use OSPF to correctly route

the pieces. c. TCP flags the error. d. IP flags the error. e. DNS translates myname@myserver.com into 131.

200.13.4.

15. Write an essay on how the Internet compares with: a. The Interstate Highway System b. Broadcast networks like radio and TV c. Mail-order catalogue commerce d. Electric power utilities and the four interconnection

grids of the United States

reFerences

[1] Lewis, T. g. Book of Extremes: Why the 21st Century Isn’t Like the 20th Century, Cham: Copernicus Books, 2014.

[2] Hafner, K. and Lyon, M. Where Wizards Stay Up Late: The Origins of the Internet, New york: Simon & Schuster, 1996, pp. 304.

[3] Tomlinson, R. The First Network Email. Available at http:// openmap.bbn.com/~tomlinso/ray/firstemailframe.html. Accessed June 27, 2014.

[4] Schiller, D. Digital Capitalism Networking the Global Market System, Cambridge: MIT Press, 2000, pp. 320.

[5] Mueller, M. Ruling the Root: Internet Governance and the Taming of Cyberspace, Cambridge: MIT Press, 2004, pp. 328.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed