Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.
That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities. In addition, resources that should not have failed, like the local hospital’s internal computer network, proved to be dependent on external resources, leaving the hospital with a “paper system” for the day.
Read the full article for details. What struck me was the following question: is the vulnerability a sign of our being too connected, or not connected enough?
Perens notes how the attack demonstrated unnecessary dependence on connectivity, e.g., in the hospital’s internal network. But in an era of cloud computing, such dependencies on external services are becoming more common. It’s certainly easy to read a lesson in this experience that our systems should perform better in disconnected mode.
But the other lesson may be that it was too easy to disconnect the city. Should cutting eight cables be enough to disconnect over 50,000 people (not just in Morgan Hill, but also in nearby counties)? Should we instead be trying to achieve the fault tolerance of a mesh network? I’m no networking expert, so I don’t know whether, aside from the fixed costs associated with overhauling network infrastructure, mesh networking is efficient enough to replace our current architecture.
In any case, it was a sobering article. I’d like to believe it would be much harder to perpretrate a similar attack on my somewhat larger home town. But, more importantly, I’d like to think we are building a more reliable network of dependencies that exploits the extensive research on the subject.