Anapaya Blog

Malicious Actors can take advantage of the core vulnerability of the Internet

Written by Patrick Bollhalder | 28 April, 2022

The Internet is under threat - but Switzerland is already prepared.

The escalating Russia-Ukraine crisis has highlighted the need for greater control over online communication. If nations do not change the way they connect to and use the Internet, they could be at the mercy of what Ukraine is already experiencing: sustained DDoS attacks, hijacked communication, disruption of critical infrastructure and leaked confidential information.

The Federal Communications Commission (FCC) has recognized the dangers involved in using today’s internet. Their recent investigation questions the security, or lack thereof, surrounding the Border Gateway Protocol (BGP), the default method of interconnectivity on the internet. However, these vulnerabilities are nothing new - and Swiss national organisations and private businesses are already employing a solution.

The FCC Investigation

The FCC is an independent US government agency that regulates interstate and international communications. They are responsible for implementing and enforcing America’s communication laws and regulations. The FCC has recently launched an investigation into the BGP in response to “Russia’s escalating actions inside of Ukraine”, according to the commission’s notice of inquiry.

The threat of BGP hijacking is a cause for major concern, the FCC said, noting how such an event could cripple the critical infrastructure of a country. Financial markets, healthcare, transportation, communications and utilities were just a few of the systems listed as being at risk.

The inquiry has set out to identify the damage that could result from a BGP attack, how to monitor such scenarios, and if there is a way to accelerate the deployment of security standards for the BGP. "Ensuring continued U.S. leadership requires that we explore opportunities to spur trustworthy innovation for more secure communications and critical infrastructure," the FCC said.

Read the response of ETH Zurich and Carnegie Mellon University here:

 

The BGP - the Achilles heel of the internet

If recent events are anything to go by, no-one's data is safe online. The internet's inherent risks lie squarely on its foundation - the Border Gateway Protocol.

The internet itself is made up of multiple different networks, controlled by many different kinds of companies around the world. Whether it be a post on Facebook or highly sensitive financial business information, your data travels through these networks, each making their own decisions about where your data goes, independently of each other.

These networks are all connected, loosely, by a system called the Border Gateway Protocol, which works like a telephone directory helping the networks locate one another. Through the Border Gateway Protocol, the networks automatically attempt to identify the shortest and most optimal route to your data’s final destination.

While this system is efficient, it is not secure or controlled. Owners of the data being sent through the internet usually have no say over what networks handle their data, where those networks are located or even who owns that specific network.

How BGP can be misused

Hostile countries, as we’ve seen with Russia’s actions, can use this to their advantage. To do this, all they need to do is publish fake routes and networks misusing BGP to establish fake routes, allowing for the illicit capture of data. On these fake routes and networks, third-parties can hijack, harvest data, and send it towards its final destination with no-one the wiser. This is known as a BGP routing attack.

The reason for this insecure system is the simple fact that the internet has never been built with security in mind. It has no built-in protection methods from routing attacks, and as a result, governments - and indeed everyone who uses the internet - is at risk every time they use the internet and send data.

With the increased reliance upon digital processes to operate and support critical infrastructure, this situation is simply not acceptable for modern nations and their citizens. When basic necessities, from water delivery to military defences, depend on our internet, the risks are severe – even with lives at stake.

This is why the FCC is looking into the situation to remedy the BGP problem - however, there exists a better way to connect, which has a proven track record of security.

SCiON - a ready-made, proven solution

The need for a better solution to internet connectivity has driven the research and development of SCiON, a Swiss-developed internet architecture that is secure by design.

BGP hijacking relies upon the fact that users who send data online do not have control over the route it travels, which is automatically selected based on efficiency. SCiON does away with this assumption, enabling users to control where their data travels.

SCiON, or Scalability, Control, and Isolation on Next-generation Networks is a Swiss-made solution to the problems faced by the BGP. It offers the ability to select which networks their data passes through and puts the control back into the hands of the data owner. For example, if they wish to avoid certain geographical locations, they may choose which to avoid before sending or choose to avoid poorly regulated locations, hostile nations, or faulty networks entirely. Additionally, the SCiON network is also completely immune to routing attacks, with information only being sent through legitimate, registered networks.

SCiON also provides a way for nations to support their critical infrastructure in unpredictable and disruptive circumstances. With fast fail-over solutions and reserved bandwidth, disruptions are resolved within milliseconds, removing any potential barrier to communications and connectivity.

BGP hijacking relies upon the fact that users who send data online do not have control over the route it travels, which is automatically selected based on which prefixes are perceived to be most efficient. SCiON does away with this assumption, enabling users to control where their data travels.

 

SCiON in action:

The SSFN

The Swiss financial industry is currently powered by SCiON to protect and secure their transactions. The Swiss Secure Financial Network (SSFN) is used by both the Swiss Exchange and the Swiss National Bank for superior flexibility, control and security.

Swiss Department of Foreign Affairs and Department of Defense

SCiON is also used by the Swiss Federal Department of Foreign Affairs and Department of Defense to connect the HQ in Bern to Swiss embassies and representation sites across the globe. It is the core asset in connecting the demilitarized zone between North and South Korea using advanced Geo-Fencing and military-grade security for reliable and safe communication.

Protect your communications

In the light of recent events, it has become clear that critical infrastructure like power and water supply, defensive systems and healthcare are extremely vulnerable. The BGP is no longer an effective means to use the internet. Organizations and governments that use it will never be secure as long as those who anonymously threaten it continue to do so.

Thankfully, SCiON offers a safer, more secure and more reliable alternative. As demonstrated in Switzerland, it can be used as a force for good online, making data exchange safe again.

If you’re interested in gaining the benefits of SCiON for your own needs, contact Anapaya today. We offer the foremost SCiON-based solutions to help you secure your digital connectivity now and in the future.