Expect the worst

Didja notice? Betcha didn't. Starting at 5 p.m. Eastern time last Monday afternoon, when the Internet's root servers were hit by what's been called the biggest denial-of-service attack in history, you probably didn't see any difference. That's partly because roughly a third of the 13 servers that hand out information on domain names kept working through the data storm. But mostly it's because -- let's face it -- we don't expect much from the Internet. And that's as it should be. Contrary to folklore, the Internet was never designed to withstand nuclear attack. It was cobbled together from a bunch of existing networks that were reasonably reliable for their time -- the early 1970s -- but weren't really anything special when it came to security or robustness.

So, though it was a shock in 1988 when Cornell University graduate student Robert Morris released a worm that brought the then-much-smaller Internet to its knees, much of the amazement was that one guy could create such a mess that took so long to clean up.

Systems administrators back then knew that the Internet's systems weren't particularly secure, that hardware broke down and software was buggy and phone lines went flooey sometimes. Did e-mail get delayed? Did connections become impossible? OK, that happened all the time. When the Morris worm hit, it just happened a lot, all at once.

That was half the Internet's lifetime ago. Fourteen years later, the Internet has gotten much faster, bigger and more important to business. Web-based companies depend on it completely, but everyone else counts on getting e-mail and connecting with suppliers and serving customers through the Internet, too.

But who really trusts the Internet? Not those businesses, which shell out for redundant T1 lines in case the primaries go down, and for firewalls and monitoring software for when the bad guys come knocking.

Not service providers, which cache domain names and Web page contents to reduce traffic, speed up data delivery and dodge the effects of those annoying breakdowns.

And certainly not users, who have grown accustomed to Web sites that show up slowly or not at all, e-mail that vanishes for days and services that inexplicably crap out and then return.

We all expect that old, familiar "information superhighway" to run about as smoothly as a freeway at rush hour. So many things can go wrong, and regularly do, that we've already made adjustments for most of them -- with redundancy and patience and, sometimes, a simple willingness to do without the Internet right now and try again later.

And that's the Internet's biggest advantage against attacks like the one on Monday. We treat it like a rickety system always on the verge of collapse. As much as we need it, we don't trust it to be fast or reliable or even to work at all -- at least at any particular moment.

The result? Even a massive attack doesn't much bother us.

That's worth keeping in mind as IT budgets slowly loosen up and the opportunities for new Internet-based systems return.

We don't want to depend on the Internet. To use it, sure -- but never to trust it. And as long as we don't take it for granted -- as long as we keep piling on the redundant connections and backup systems -- the Internet will continue to be a valuable tool for us.

Of course, that doesn't mean we don't need to keep working to build a more secure, robust Internet, from the root servers and the network backbones on down to Web browsers on PCs. We need to close holes, filter more effectively and monitor more closely.

Because there's one thing about the Internet we can take for granted: The bad guys will keep attacking, in more complicated and clever ways.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments