CRIM 3460 Introduction to Critical Infrastructure Protection Fall 2016

Chapter 6 –

School of Criminology and Justice Studies University of Massachusetts Lowell  Historical Timeline 1957 - 2003  The human organizations behind the Internet?  Legislation leading to Commercialization  Who governs the Internet, today?  Invention . ARPA - Advanced Research Projects Agency . NSF – National Science Foundation . IETF – Internet Engineering Task Force . W3C – World Wide Web Consortium . ICANN - Internet Corporation for Assigned Names and Numbers created to sell blocks of names

 The Internet is a network that runs TCP/IP . A network of networks . A generic term used in the 1970s in reference to the ARPANet network . Internet is a network that links computer networks all over the world by satellite and telephone, connecting users with service networks such as e-mail and the World Wide Web.1

1Encarta® World English Dictionary © 1999 Microsoft Corporation  1957 - USSR launches Sputnik and USA responds with creation of ARPA = Advanced Research Projects Agency  1962 - Licklider of MIT proposes “Intergalactic Computer Network” as head of ARPA’s command and control program  Joseph Carl Robnett "Lick" Licklider developed the idea of a universal network, spread his vision throughout the IPTO, and inspired his successors to realize his dream by creation of the ARPANET.  (Robert) Taylor’s “Terminal Problem” . How to connect one terminal to 2 or more computers  1968 - ARPA contracts BBN to build packet switched ARPANet

Back-of-Envelope Sketch: Back-of-Envelop Sketch: A Server (Sigma7) … 4 Computers located in UCLA, … and a Switch (IMP) SRI (Palo Alto), UCSB, Utah  1969 - starts list of users - eventually becomes DNS - for ARPA - he runs IANA for 30 years  DNS (Domain Name Server); “Telephone Book” of Internet.  DNS translates: http://www.myname.tld into 120.131.200.41  The RFC Process . of UCLA creates RFC = Request For Comment - major tool of Internet evolution

Cluster of Servers on East and West Coast  1973 - Vinton Cerf of Stanford and Robert Kahn of DARPA (Defense Acquisition Research Projects Agency) invent TCP for interoperability and reliability across a network of networks = the “Internet” protocol. . First use of the term, “Internet” . Bob Metcalf invents Ethernet for LANs = Local Area Networks = to become dominant LAN protocol  1976 - DARPA requires use of TCP in ARPANet

 1978 - Vinton Cerf, Jon Postel, Danny Cohen divide TCP into 2 parts: TCP and IP - thus TCP/IP is born  1979 - ARPANet Internet exceeds 100 users . Bellovin of UNC invents USENET news group network  1981 - NSF creates CSNet for non-ARPANet university use  1982 - Jon Postel creates SMTP (Simple Mail Transport Protocol) thus standardizing e-mail

ARPANET at 1,000 users - research centers: Stanford/XPARC, USC/ISI, Triangle Park, MIT  1988 - discovers the Internet – NRC report chaired by Kleinrock suggests the commercialization of the Internet - attracts Gore’s attention  1989 - Tim Berners-Lee (CERN) invents the World Wide Web: . HTML . Hyper-linked documents

 1992 - Congress gives NSF permission to commercialize the Internet (NSFNet) . Number of users exceeds 1 million  1993 - NSF creates InterNIC to support Internet . AT&T contracted to maintain DNS structure . NSF awards 5-year contract to to sell domain names for $50/year subscription . Number users exceeds 2 million

 Mosaic - First graphical browser . Turned web into a visual web . Made it easy to use . Ran on low-cost PCs  1995 - After spending $200M from 1986-1995 NSF out-sources the Internet to 4 companies via Department of Commerce  1997 - Clinton administration directs Secretary of Commerce to privatize the DNS to increase competition and International participation

 Department of Commerce National Telecom and Information Admininistration (NTIA) produces “Green Paper” on governance of Internet and DNS in a private ownership world  ICANN created to sell blocks of names  Internet Assigned Numbers Authority (IANA) is responsible for coordination of DNS root and IP addressing/other resources

http://www.internetassignednu mbersauthority.org/

 Non-profit, LLC formed IT sector members as a forum for managing risks to IT infrastructure and corporations.  Members participate in national and homeland security efforts to strengthen IT infrastructure through cyber information sharing and analysis  Members help improve incident response via collaboration, analysis and coordination, which drives cybersecurity policy, incident response and information sharing  Current officers and board members are with Cargill, Oracle, Intel, AT&T, BAE Systems and HP.

Figure 6-1 (in Text). Internet age versus classical industrial age Figure 6-2 (in Text). AS500 network: the most-connected 500 autonomous systems in the global Internet Figure 6-3 (in Text). Core autonomous systems of the Internet  Simulation . Spread virus in AS500 Internet with vulnerability of 5%. . Spread virus in AS500 Internet with vulnerability of 10%. . Spread virus in AS2000 Internet with vulnerability of 5%. . Spread virus in AS2000 Internet with vulnerability of 10%.

 Simulations illustrates the relationship between Internet structure and node vulnerability under stress.  Assume a virus starts spreading from a node chosen at random. What is the risk that it will spread to other nodes? . AS500 with a 5% probability of spreading (vulnerability) produces a low-risk (exceedence and risk profile) . AS500 with a 10% probability produces a modest risk due to the increase in vulnerability . AS2000 (less resilient to cascades) with a 5% probability produces a higher risk than AS500 due to less resiliency . AS2000 with a 10% probability produces a catastrophic risk network due to the increase in vulnerability

Figure 6-4 (in Text). DNS structure of the global Internet

Figure 6-5 (in Text). The ISO-OSI protocol stack.

Figure 6-6 (in Text). Governance of the Internet is mostly a collection of voluntary groups.

Figure 6-7 (in Text). Example of sending an email via TCP/IP protocol  Internet = TCP/IP . Any device that understands TCP/IP is on the Internet  Internet’s webgraph has a high spectral radius . Vulnerable to the spread of viruses  Logical DNS structure is a tree . DNS is the “telephone book” . Updated frequently . Controls who is on the Internet  is voluntary; so far

 What is “Internet Security”?  Properties of Sand Piles; Internet  SOC at the physical, virtual levels  Cyber Exploits: Real or Hype? . Vulnerabilities . Consequences . Black Swans . Reality Check . Einstein on Offense

 Internet as Biology . The Internet Ecosystem . Predator-Prey Systems . Limit cycles and extinction . Gause’s Law . Paradox of Enrichment . The Internet monoculture  Policy Options . Traditional . Radical

Biology Internet DNA TCP/IP Alphabet Messenger RNA Internet Routing Cisco Router Mutation Innovation Unix > MacOS Extinction Creative Destruction DEC, CDC, Multics Co-evolution Co-evolution 3G : iPhones Food Network Supply Chain ARM > Apple > iPad Predators Users, Hackers, e-Commerce RussianBusinessNet Prey Hardware, Software Windows, MS Office

 Vulnerabilities constantly change . Some go up, some go down Malware . Insiders . Stolen laptop . Denial of service (DOS) . Financial fraud (phishing) . Password sniffing . Open wireless access

 Regulation : Should the Internet be regulated? Will it kill it?  What is legitimate regulation? Larry Lessig’s 4 Codes: . East Coast Code: Internet laws cannot oppose existing laws o Fraud, Theft, Pornography, subject to same rules . West Coast Code: Rules of Internet operation driven by ‘Internet culture’ o TCP/IP, WWW, media, other standards drive the culture . Social Norms: Internet law/regulation follow social norms o Censorship, free speech, privacy, civil behavior . Markets and Commerce: information supply and demand = classical economics