The Internet Interconnection ‘ecosystem’ - EU Agency ENISA's new report identifies the top risks for resilient interconnection of IT networks.
A new report on the resilience of the Internet interconnection 'ecosystem’ is launched by the EU’s ‘cyber security’ Agency ENISA (the European Network and Information Security Agency). The focus of this report is the complex ‘ecosystem’ of the interconnected network layers that make up the Internet.
The report identifies a number of concerns, for example by unveiling a striking lack of information of the size and shape of the Internet infrastructure. The study also recommends that incidents should be investigated by an independent body in order to understand the nature of success and failures.
The Internet has so far been extremely resilient; even major disasters such as “9/11”, has had only a local impact. But will this last? Now, a systemic failure of the Internet would cause significant problems for several sectors like energy, transport, finance, healthcare and the economy. Intentional, unilateral unavailability of Internet presents a real threat to economic and social welfare and can severely affect the right of citizens to have access to information and services as the recent EU Joint Communication COM(2011)200 highlights.
The Internet has no central Network Operation Centre. The open and decentralised organisation is the very essence of the ecosystem and is essential for the success and resilience of the Internet. Yet, there are a number of concerns;
• The Internet is vulnerable to technical failures, risks, cyber attacks and simultaneous disruptions; service could be substantially disrupted by other failures e.g. in the electricity supply
• There is remarkably little information about the size and shape of the Internet infrastructure or its daily operation.
• Dependability and economics interact in potentially pernicious ways, leading to a potential ‘tragedy of the commons’ for the interconnections ecosystem.
“The stability of the Internet is critical for the economy of modern societies, therefore we must identify if the resilience mechanisms in place today will be effective also in future crises of tomorrow”, says Prof. Udo Helmbrecht, Executive Director of ENISA.
The report examines whether the resilience mechanisms in place will be effective also in the future, and the Agency proposes a number of recommendations to ensure this, e.g.;
• Incidents investigations should be conducted by an independent body in order to understand the nature of success and failures;
• Key research is needed in e.g. inter-domain routing, traffic engineering, traffic redirection and prioritisation, especially during a crisis;
• Good practices should be identified and followed, e.g., diverse service provision (pluralism), auditing practices and independent testing of equipment and protocols.
Related background material:
Critical Information Infrastructure Protection (CIIP) Action Plan
Digital Agenda
European Commission Communication COM (2011) 200 Final
For full paper
For interviews, or further details: Ulf Bergstrom, Spokesman, ENISA, press@enisa.europa.eu, Mobile: + 30 6948 460 143, or Panagiotis Trimintzios, Expert, ENISA, panagiotis.trimintzios Q enisa.europa.eu.