Don’t ignore this, or you might break the Internet
Contrary to what you hear, there really is no such a thing as “the” Internet.
It is actually a vast network of independent networks that makes up what we so often refer to as “the” Internet. Operators from around the world set up their own infrastructure and agree to employ a shared set of protocols, agreements to transmit data and a common addressing system.
When you want to connect to the rest of the world, whether it’s to send an email or register for SXSW, you’re doing so through your local Internet Service Provider. The network they’ve laid out is one of the tens of thousands of established interconnected networks around the world.
This voluntary, “opt-in” model has been a story of unprecedented success. The Internet continues to grow at an astronomical rate as a scalable, interoperable series of networks, with over three billion users now online. And despite the recent prominence of some troubling downsides (fake news, anyone?), it’s clear that the Internet is having a positive impact on economic growth, innovation, the diffusion of knowledge and human communication.
So imagine what would happen if it all came crashing down.
The fallout would be devastating, but the greatest impact would be felt when, for example, your cloud computing provider or a set of servers running your city’s traffic system are no longer able to connect to the rest of the network. Chaos would ensue.
What could cause such a calamity?
It wouldn’t necessarily be the result of some global takeover by nefarious actors wearing leather trench coats and steel-toed boots. Some of the Internet’s vulnerabilities arise simply from its architecture. The real culprit might turn out to be your IT person.
Remember the addressing system I mentioned earlier? At the heart of the Internet is something called the Domain Name System, or DNS, which helps people and devices find their way around the Internet.
For example, when you want to look at the sessions being held at SXSW, you go to sxsw.com. One of the functions of the DNS is to convert that easy-to-remember URL (made of words) into a much harder to remember IP address (made of numbers or combinations of numbers and letters). It’s similar to the way our smart phones convert the names of our contacts into phone numbers. You don’t dial your mom’s actual telephone number each time you call her; you just hit “mom” in your contact list.
The DNS is one of those standard systems that network operators agree to use when they connect with each other, and therefore, the global Internet. And it’s also sometimes a target for criminals. Those leather-clad villains I mentioned earlier have figured out there’s money to be made by corrupting the DNS and sending you to the wrong place. These crooks are unlikely to change the numbers in your phone’s contact list to pose as your mom when you call her, but they might set up a website posing as your bank, or your favorite charity. You get the idea.
That’s where Domain Name System Security Extensions (DNSSEC) comes in to play. DNSSEC verifies the data in the DNS by providing a digital signature to assure its validity as it gets passed from network to network. It’s like the bouncer at the door checking IDs. DNSSEC assures you that you’re not being sent to the wrong place when you navigate the Internet, but here’s the catch: it relies on network operators enabling it on their systems, and paying attention to updates.
And right now, there’s a pretty big update being made that you and your ISP need to be paying attention to.
On October 11 of this year, the cryptographic keys that DNSSEC relies on are being changed. It’s basically like changing the password for the whole addressing system. This is the first time the keys have been changed since they were first generated in 2010, and it’s a critical step in keeping the DNS safe and secure from bad actors.
So why should you care? Well, to begin with, when the keys to the Internet are changed, you want to be certain you’re not locked out. You’d be stuck playing chess on your Macbook until your ISP or network operator realizes they need to fix the issue.
Before that happens, you can take action. Reach out to your local ISP today to ask them if they’re ready for the key change. Remind them that the Internet isn’t just a fad anymore — people, businesses and governments rely on this one interconnected system. And if they aren’t using DNSSEC, they’re taking a cybersecurity gamble and you are the one who could lose out.
Want to learn about more ways you can break — or save — the Internet? On 10 March 2017, I’ll be moderating a SXSW panel with cybersecurity experts to talk about other threats that are out there. I may even wear my leather trench coat. I hope you’ll check it out.
