I had the pleasure to attend last week’s 57th meeting of the North American Network Operators’ Group (NANOG) in Orlando, FL as part of the RagingWire team, which included folks from our data center and network engineering groups. Not only was the weather a balmy 70 degrees, but it was one of the most informative events I have been to in my career thus far. The NANOG meeting covered some of the most important and controversial topics on the cutting edge of internet security, connectivity, and governance going into 2013. Some highlights:
World Conference on International Telecommunications (WCIT) Update.
Put simply, NANOG is a community of network operators who exchange technical and operational information in support of a single goal: to make the internet as connected and resilient as possible, ensuring free flow of information around the world. With this end-state in mind, internet governance is a topic of much conversation and consternation among the NANOG members who attend this session of the meeting.
The main thrust of the December 2012 WCIT, was to update and ratify a new, 21st century iteration of the International Telecommunications Regulations (ITRs) which were last ratified in 1988. Sally Wentworth, a public policy manager at the Internet Society, presented a "postmortem" on the effects and way forward from the ITR treaty that was voted on at the conference. Much of the presentation focused on dangers posed by those nations that wish to regulate and/or have the capability to censor, on a nationwide scale, the availability or usefulness of the internet as a weapon to quell popular sentiment or anti-government organization. The presentation was a timely reminder that unfettered, low-cost access to the internet is an ideal that must be protected. Ms. Wentworth also called on the NANOG membership body, as an expert knowledge base, to be a contributor and party to making that ideal a reality both now and in the future.
The Infrastructure and Internet Impacts of Hurricane Sandy.
Two sessions during the NANOG meeting were dedicated to the effects of Hurricane Sandy on the internet and the infrastructure that supports it. One the first day of the meeting, several data center providers discussed their responses and lessons learned from their facilities located in the NJ and NY areas. This presentation really highlighted the importance of data center location from a risk management point of view, but it isn’t just about location. Protecting data center infrastructure is also about the pre-planning that must be in place before a natural disaster occurs: diesel fuel refueling contracts, reliable hotel arrangements (with reliable backup power), work-from-home arrangements, food storage at the facility, and staffing arrangements, to name a few.
The second day featured a session on the impacts of Hurricane Sandy on the internet and posed the question: What happens if we turn off power to one of the key traffic exchange cities? One of the most interesting presentations ensued, demonstrating the interconnectedness and flexibility at the core of the internet as trace routes changed in real time to pass through Ashburn, VA instead of NYC as Sandy made landfall.
Arbor Networks Infrastructure Security 2012 Report
This meeting session focused on a survey by Arbor Networks that explored the landscape of network threats and attacks (multi-vector, DDoS) over the past year. Top issues for network operators included DDoS attacks (trending towards multi-vector sustained attacks), enterprise data centers as vulnerable even with firewalls, the increased concern over “shared risk” in migrating applications to the cloud, and the inability of mobile service providers to have visibility into their networks in order to detect or combat any kind of attack. Most attack incidents appear to be motivated by ideology, be it politics or revenge. The presentation took a deep dive into the recent, persistent, multi-vector DDoS attacks, nicknamed “Operation Ababil,” of many top Wall Street financial institutions that are ongoing. Overall, an eye-opening account of the ever-growing threat to network security, not just on a governmental level, but at the industrial/enterprise level as well.
If you work or play on the internet, you should know about NANOG, the Internet Society, and other groups who discuss topics like the ones presented last week – and who desire to keep the internet accessible and reliable for all of us. Congrats to NANOG members for the community they have built and the collective expertise they have to influence the international internet community.