Today, critical services like energy and water systems, mobile banking and transportation systems are dependent on reliable connectivity and secure operation of the internet. Our increased internet dependence has presented a new wave of challenges for network providers and defenders. Disrupted internet connectivity has severe implications for essential aspects of our daily lives, however, we know very little about their causes, mitigation and prevention.
Network/internet-scale disruptive events (NIDEs) may cause a loss or degradation of network (not necessarily internet) service and often follow natural disasters, geo-political events or the mass scale re-routing of internet traffic. The internet’s enormity makes defining, reporting and attributing NIDEs very difficult for network defenders.
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) recently initiated the Predict, Assess Risk, Identify (and Mitigate) Disruptive Internet-scale Network Events (PARIDINE) program. We are funding five organizations to develop innovative technologies that will reveal more about NIDEs.
* Define NIDEs by quantifiable metrics and classifications
* Develop analysis methodologies and techniques to sense and identify NIDEs
* Create NIDE-related documentation for external tools and analysis
* Determine what caused the NIDE, with a measure of how good the attribution is
One example of a NIDE we are studying is Border Gateway Protocol (BGP) hijacking. BGP routes traffic across the internet, and all networks connected to the internet rely on BGP to reach other networks. Researchers will measure BGP and examine connectivity issues caused by BGP hijacking. BGP hijacking occurs when a malicious attacker uses false network routing information to distort the internet’s common routing system. Incidents of these hijackings have blocked or derailed internet access for millions of people at a time.
PARIDINE will generate useful and actionable NIDE information for network operators, emergency management personnel and continuity-of-operations planners using these novel innovative solutions:
* Developing a framework that will perform near real-time NIDEs monitoring
* Identifying NIDES in 9-1-1 and other public safety and emergency communications systems
* Detecting NIDEs within a network or system
* Developing root-cause attribution of NIDEs
* Developing a system for internet-scale monitoring of router-reboots and their impact on BGP routing and reachability
These solutions will enhance the ability to identify and report disruptive events that could potentially harm our nation’s networks and critical systems. Through PARIDINE, we look forward to identifying internet outages faster and determining how they occur. We already has several potential customers including the Federal Communications Commission and the National Protection and Programs Directorate’s Office of Emergency Communications. For more information, please visit PARIDINE’s webpage.