successful, and there are a number of
lessons to be taken from it by other
countries wishing to avoid a cyberwarfare defeat. The simplest summary of
the dynamics of a DDoS-based cyber attack is as a numbers game. An attacker
with greater network capacity than the
defender will be able to overwhelm the
defender’s network, while retaining
sufficient capacity to support its own
needs at the same time. Such an attack
would be deemed successful. An attacker with less bandwidth than the defender would exhaust itself in consuming the defender’s capacity, while the
defender might well retain enough excess capacity that its population would
not be significantly inconvenienced;
such an attack would be considered
unsuccessful.
Viewed in closer detail, there are
different kinds of network capacity
and different mechanisms for improving and defending each. They can be
placed in four categories: local or internal capacity; external connectivity;
name resolution capability; and defensive coordination.
Local capacity, or bandwidth, is
most familiar as one’s initial connection to the Internet. This local loop, or
last mile, is the copper wire or fiber line
in the ground or on poles, or the wireless link that carry signals from the
customer to an ISP (Internet service
provider). A robust local-loop infrastructure consists of buried fiber-optic
cable interconnecting each business
or residence with multiple ISPs over
different physical paths. Ideally, these
service providers ought to be in competition so they cannot be collectively
suborned or sabotaged, and so their
prices are low enough that people can
actually choose fluidly among them. A
sparsely supplied market for local connectivity can create bottlenecks and
make attractive targets. In Estonia’s
case, multiple independent fiber infrastructure operators existed, and many
different ISPs built a healthy, competitive marketplace on top of that. More—
and more diverse—domestic fiber is
always better, but Estonia’s was more
than sufficient.
External connectivity. More impor-
tant to defensibility is the ecosystem
for the providers’ own connectivity
within that domestic context. The mod-
ern means to create an effective mesh
of providers is via Internet exchange
points, commonly abbreviated IXP.
The world has about 330 IXPs at the
moment, and that number has been
steadily increasing. Each IXP has a spe-
cific physical location and connects a
community of ISPs that meet as peers
at the exchange. Some countries, such
as the U.S., have many IXPs. Others,
such as the Netherlands and Germa-
ny, have very large IXPs. Many smaller
countries have exactly one exchange,
located in the capital city. But the great-
est number of countries, typically the
smallest ones, has no IXP at all. This
means that they are heavily dependent
for their domestic connectivity upon
international data circuits. Imagine a
situation in which there were no local
telephone calls, only calls overseas; to
reach someone next door, you would
have to make a call that went overseas
and then back again, at twice the cost.