As EU leaders prepare for the debate on Europe’s digital direction until 2030, we received a severe warning about the risks of the digital world. Facebook, WhatsApp, and Instagram downtime on October 4, 2021, was one of the biggest. The outage even generates conversations about the fragmentation of communications service companies. In Europe, many expectations have been placed on the development of digitalization. The root cause of the outage and a possible solution must be considered a little more broadly.
The situation concerning the Internet is serious but not hopeless.
“The Internet” is an outstandingly successful creation. Its success has exceeded even more optimistic expectations, ending as the most critical platform for the digital world and economic growth. Today, the Internet is an integral part of our society and economy. At the same time, success has created a global dependency. These are not just communications or social media platforms but numerous B2B and B2C networks paralyzed by unintentional or intentional network disruptions. It is essential to understand that the Internet and its TCP / IP protocol were not initially designed for such large boots in the 1980s.
What is the real threat to the Internet?
When talking about Internet security, the discussion has focused on blackmail malware, viruses, spam and scam messages, ATP attacks, and the security vulnerabilities of IoT devices. In reality, these are not Internet threats. They are mainly security threats to terminals.
The primary function of the Internet is to transfer data using the TCP / IP protocol. Its fundamental security threat and risk are related to destabilizing the accessibility of network services. Attackers block traffic by routing system corruption, spoofing IP addresses, and a DDoS denial of service attack. Although the Facebook case was not an attack but a human configuration error in the DNS name service and BGP routing, the traces were the exact origin.
Origin – corrected with the letter S.
The Internet and TCP / IP are about 30 years old. As early as the mid-1980s, it was clear that the protocol contained several fundamental and architectural security challenges. In the mid-90s, we knew that the primary routing protocol of the Internet, BGP, is prone to many instabilities. From the mid-2000s, Distributed Denial of Service (DDoS) was already a “feature” of the Internet. It has not prevented the success of the Internet.
Internet network defects have been regularly repaired over the past decades. The fix has always been a “patch” for a problem that disturbs the market too much. The patch appears as a combination of Sec or S added to the Internet Protocol for IT professionals. DNS / DNSsec, DNS over TLS, BGP / BGPsec, HTTP / HTTPS, SMTP / SMTPS, etc. It has taken at least a decade and sometimes longer to implement each enhanced protocol. There are many reasons for this:
- The Internet is an independent and decentralized service network. Services are considered downward compatible, or communication ends with too many organizations.
- Unless the situation is intolerable or dangerous, key players will not make significant and radical changes (investments) in the network. Payer not found.
- Trade policy and patents. There is an excellent shift in standardization forums to choose a competitor’s technology or a competing continent as a common standard.
Three examples:
Internet browser encryption. (Competition between companies)
Netscape developed SSLv2 encryption for its browser in 1995. At the same time, Microsoft created the PCT protocol as a competing solution that failed. The enhanced version of Netscape SSLv3 was suitable for the IETF platform as the basis for the standard. Microsoft teased the forum and refused to support the security standard without a name change. Forum named it TLS v1.0, which was Netscape SSLv3.1. This decision is still confusing today.
Internet traffic hijacking (weakness of the BGP protocol)
In 2020, SC Rostelecom made a large-scale BGP hijacking that included 8,000 large IP networks (prefixes), including Google, Facebook, Akamai, Cloudflare, and Amazon. Intercepted Internet traffic routed via Russia. Some telecom operators used the BGPSec (RPKI) protocol and avoided hijacking. Too many had BGP (without Sec) at their disposal with fatal consequences. The Cisco article describes the case well, but BGPsec / RPKI is just a patch for BGP flow failure.
Network outages (BGP features and skills)
The major outages of operators that emerged in the last ten years have often been a routing problem. They are explained as a “router device” failure by an operator, but that is not the whole truth. The Routing Protocol (BGP) ensures that a new route is found in the event of a single device failure or fiber network outage. If this does not happen, the routing protocol is incorrectly configured. It doesn’t matter how many physical devices or wireless connections there are if IP routing doesn’t work correctly in a hardware failure. This challenge also applies to private networks (MPLS, Private 5G, SD-WAN, etc.).
The architecture patched with S-patches, the protocol jungle, the constant network changes, the Internet network expansion, and the requirement for compatibility in different directions is challenging for even the most experienced group of experts. Few experts understand this whole. In the absence of a digital twin (automatic and accurate documentation/visualization), perceiving the whole and assessing the effects of change is very challenging, even impossible, for a person.
Sufficient problem to be solved (security)
As the use of the Internet expands, more and more severe data security problems have emerged. Both organized crime and nation-states have carried out massive attacks for economic or political gain. We have still seen many large companies “rise” despite the enormous investment in information security and management. The security industry is unable to resolve protocol casting failures. It mainly builds different products on top of casting defects. This challenge will be determined if and when the situation becomes intolerable. The security industry may not find interest in solving or even promoting the root cause.
Sufficiently large problem solved (5G and 6G vision)
The vision of a 5G and 6G network for very low transmission delay (URLLC) combined with the extreme reliability of services in a mobile destination is unresolved. Although the radio (RF) transmission delay is shorter and the 5G architecture more reliable, a fundamental problem remains. Fiber optic and mobile radio network is a lower layer (OSI) infrastructure. The Internet world with its applications still works on top of the TCP / IP protocol. 5G industry is now looking for solutions, however, many key players already abandoned the 5G low latency application future.
Northeast Route (New Fiber Optic Route from Europe to Asia)
The Earth’s Internet highway is divided into an eastern and a western (fiber optic) route. Finland has envisioned a new northeastern route from Europe to Asia via the Arctic. The significance of the new route would be non-existent, as there would be no massive traffic to the Internet. The BGP routing protocol is a single-path protocol. The third route and its full utilization require the replacement of the Multipath routing protocol.
Next Generation Internet routing as a basis for digitalization
There are six fundamental casting errors in the BGP protocol. I will not go into them in more detail due to the difficulty of terminology and the challenge of translating into Finnish. What is essential for society is that BGP has a replacement solution, the “Next Generation Routing Protocol”. Technology and references are available on all three continents: China, Europe, and the United States.
Suppose we want to take that significant step and reshape the Internet to withstand the Industrial Revolution 5.0 and realize visions for expanding digitalization. In that case, BGP must be replaced by a more advanced protocol for the Internet (operators and large service providers). A more advanced protocol for change management would also have provided risk-free change management for Facebook.
The EU’s digital base is built on clay feet, whose security and reliability are in question. Officials and politicians now need to be awake. For their part, they must ensure the development of the Internet for the next generation.
The big players, including Facebook, have the capabilities to implement the new routing protocol quickly. Someone has to show direction and put pressure on the market. They, like all significant SaaS players, have an interest in solving the root cause. The splitting of a company hardly improves the chances of achieving the desired result, i.e., a secure and reliable Internet network.
Hannu Rokka, Senior Advisor
5Feet Networks Oy