Is an 'Internet Kill Switch' Feasible in the U.S.?
With the myriad of recent uprisings in the Middle East, those foreign governments have been attempting to stem the tide of revolution by cutting off internet access for millions of its citizens. Hypothetically, if it ever wanted to, could the U.S. government have a reasonable capability to implement a similar "internet kill switch"?
The short answer is no, although it might try.
Currently, there is legislation in the works sponsored by Senator Susan Collins, titled the "Cyber Security and American Competitiveness Act of 2011", which would authorize the president to shut down the nation's critical digital infrastructure in the event of a cybersecurity emergency. This bill would not condone the complete shutdown or censorship of the internet for citizens, as those foreign despots have done, however many critics are nevertheless concerned about the opportunities for abuse.
But would the type of complete shutdown that critics fear even be possible on a technical level?
Security Week posted a terrific article citing three main reasons why it would NOT be possible...
- "In order to control, direct, or limit routing, which is essentially what would be required, the government would have to have visibility and a solid understanding of all Internet assets and their routing commands. When considering the global Internet, you must have the ability to view it, map it, and track it from multiple perspectives and vantage points". Quite simply, this is not the case.
- The U.S. operates on a completely different scale than those Middle Eastern countries in terms of both ownership and governance of its cyber assets. The same rules of control do not apply.
- "An effective surgical response requires sensing and validating the cyber-emergency from multiple sources, sharing the appropriate notice and responsibility with critical infrastructure partners and relevant agencies, and managing a distributed means to synchronize, execute, and monitor the shut down activity". Granted, U.S. national cybersecurity policy has a bare-bones system of coordination in place to react to emergencies, however most experts agree that it isn't quite yet up to the monumental challenges for which it is tasked.
The internet is a decentralized collection of privately owned and operated networks, and as such the U.S. government is extremely limited in its control over all of its component assets. This isn't always the case with despotic regimes overseas, which maintain stricter controls on ISPs, if not outright ownership in the form of state-controlled monopolies. So the lesson here is not to draw any conclusions about how, if the president of Libya can flip an internet kill switch for its citizens, then the same possibility exists here at home too. It doesn't. It's like comparing apples and oranges.