The Internet could crash. We need a Plan B
-
0:01 - 0:04So, this book that I have in my hand
-
0:04 - 0:08is a directory of everybody who had an email address
-
0:08 - 0:11in 1982. (Laughter)
-
0:11 - 0:15Actually, it's deceptively large.
-
0:15 - 0:18There's actually only about 20 people on each page,
-
0:18 - 0:20because we have the name, address
-
0:20 - 0:23and telephone number of every single person.
-
0:23 - 0:25And, in fact, everybody's listed twice,
-
0:25 - 0:30because it's sorted once by name and once by email address.
-
0:30 - 0:33Obviously a very small community.
-
0:33 - 0:36There were only two other Dannys on the Internet then.
-
0:36 - 0:38I knew them both.
-
0:38 - 0:40We didn't all know each other,
-
0:40 - 0:43but we all kind of trusted each other,
-
0:43 - 0:47and that basic feeling of trust
-
0:47 - 0:49permeated the whole network,
-
0:49 - 0:52and there was a real sense that
-
0:52 - 0:55we could depend on each other to do things.
-
0:55 - 0:58So just to give you an idea of the level of trust in this community,
-
0:58 - 1:00let me tell you what it was like
-
1:00 - 1:04to register a domain name in the early days.
-
1:04 - 1:06Now, it just so happened that I got to register
-
1:06 - 1:09the third domain name on the Internet.
-
1:09 - 1:11So I could have anything I wanted
-
1:11 - 1:15other than bbn.com and symbolics.com.
-
1:15 - 1:18So I picked think.com, but then I thought,
-
1:18 - 1:21you know, there's a lot of really interesting names out there.
-
1:21 - 1:26Maybe I should register a few extras just in case.
-
1:26 - 1:29And then I thought, "Nah, that wouldn't be very nice."
-
1:29 - 1:35(Laughter)
-
1:35 - 1:38That attitude of only taking what you need
-
1:38 - 1:42was really what everybody had on the network in those days,
-
1:42 - 1:46and in fact, it wasn't just the people on the network,
-
1:46 - 1:48but it was actually kind of built into the protocols
-
1:48 - 1:50of the Internet itself.
-
1:50 - 1:54So the basic idea of I.P., or Internet protocol,
-
1:54 - 1:58and the way that the -- the routing algorithm that used it,
-
1:58 - 2:02were fundamentally "from each according to their ability,
-
2:02 - 2:04to each according to their need."
-
2:04 - 2:07And so, if you had some extra bandwidth,
-
2:07 - 2:09you'd deliver a message for someone.
-
2:09 - 2:12If they had some extra bandwidth, they would deliver a message for you.
-
2:12 - 2:14You'd kind of depend on people to do that,
-
2:14 - 2:16and that was the building block.
-
2:16 - 2:19It was actually interesting that such a communist principle
-
2:19 - 2:21was the basis of a system developed during the Cold War
-
2:21 - 2:24by the Defense Department,
-
2:24 - 2:27but it obviously worked really well,
-
2:27 - 2:30and we all saw what happened with the Internet.
-
2:30 - 2:32It was incredibly successful.
-
2:32 - 2:36In fact, it was so successful that there's no way
-
2:36 - 2:39that these days you could make a book like this.
-
2:39 - 2:46My rough calculation is it would be about 25 miles thick.
-
2:46 - 2:47But, of course, you couldn't do it,
-
2:47 - 2:48because we don't know the names of all the people
-
2:48 - 2:52with Internet or email addresses,
-
2:52 - 2:53and even if we did know their names,
-
2:53 - 2:56I'm pretty sure that they would not want their name,
-
2:56 - 3:00address and telephone number published to everyone.
-
3:00 - 3:04So the fact is that there's a lot of bad guys on the Internet these days,
-
3:04 - 3:08and so we dealt with that by making
-
3:08 - 3:10walled communities,
-
3:10 - 3:14secure subnetworks, VPNs,
-
3:14 - 3:16little things that aren't really the Internet
-
3:16 - 3:18but are made out of the same building blocks,
-
3:18 - 3:20but we're still basically building it out of those
-
3:20 - 3:24same building blocks with those same assumptions of trust.
-
3:24 - 3:27And that means that it's vulnerable
-
3:27 - 3:30to certain kinds of mistakes that can happen,
-
3:30 - 3:31or certain kinds of deliberate attacks,
-
3:31 - 3:34but even the mistakes can be bad.
-
3:34 - 3:37So, for instance,
-
3:37 - 3:39in all of Asia recently,
-
3:39 - 3:43it was impossible to get YouTube for a little while
-
3:43 - 3:45because Pakistan made some mistakes
-
3:45 - 3:49in how it was censoring YouTube in its internal network.
-
3:49 - 3:52They didn't intend to screw up Asia, but they did
-
3:52 - 3:55because of the way that the protocols work.
-
3:55 - 3:58Another example that may have affected many of you in this audience is,
-
3:58 - 4:01you may remember a couple of years ago,
-
4:01 - 4:03all the planes west of the Mississippi were grounded
-
4:03 - 4:06because a single routing card in Salt Lake City
-
4:06 - 4:09had a bug in it.
-
4:09 - 4:11Now, you don't really think
-
4:11 - 4:14that our airplane system depends on the Internet,
-
4:14 - 4:15and in some sense it doesn't.
-
4:15 - 4:17I'll come back to that later.
-
4:17 - 4:19But the fact is that people couldn't take off
-
4:19 - 4:21because something was going wrong on the Internet,
-
4:21 - 4:24and the router card was down.
-
4:24 - 4:28And so, there are many of those things that start to happen.
-
4:28 - 4:31Now, there was an interesting thing that happened last April.
-
4:31 - 4:32All of a sudden,
-
4:32 - 4:36a very large percentage of the traffic on the whole Internet,
-
4:36 - 4:40including a lot of the traffic between U.S. military installations,
-
4:40 - 4:42started getting re-routed through China.
-
4:42 - 4:45So for a few hours, it all passed through China.
-
4:45 - 4:50Now, China Telecom says it was just an honest mistake,
-
4:50 - 4:54and it is actually possible that it was, the way things work,
-
4:54 - 4:56but certainly somebody could make
-
4:56 - 4:59a dishonest mistake of that sort if they wanted to,
-
4:59 - 5:02and it shows you how vulnerable the system is even to mistakes.
-
5:02 - 5:07Imagine how vulnerable the system is to deliberate attacks.
-
5:07 - 5:11So if somebody really wanted to attack the United States
-
5:11 - 5:13or Western civilization these days,
-
5:13 - 5:15they're not going to do it with tanks.
-
5:15 - 5:17That will not succeed.
-
5:17 - 5:19What they'll probably do is something
-
5:19 - 5:23very much like the attack that happened
-
5:23 - 5:25on the Iranian nuclear facility.
-
5:25 - 5:28Nobody has claimed credit for that.
-
5:28 - 5:31There was basically a factory of industrial machines.
-
5:31 - 5:34It didn't think of itself as being on the Internet.
-
5:34 - 5:36It thought of itself as being disconnected from the Internet,
-
5:36 - 5:38but it was possible for somebody to smuggle
-
5:38 - 5:41a USB drive in there, or something like that,
-
5:41 - 5:44and software got in there that causes the centrifuges,
-
5:44 - 5:47in that case, to actually destroy themselves.
-
5:47 - 5:50Now that same kind of software could destroy an oil refinery
-
5:50 - 5:54or a pharmaceutical factory or a semiconductor plant.
-
5:54 - 5:57And so there's a lot of -- I'm sure you've read a lot in papers,
-
5:57 - 6:00about worries about cyberattacks
-
6:00 - 6:02and defenses against those.
-
6:02 - 6:04But the fact is, people are mostly focused on
-
6:04 - 6:06defending the computers on the Internet,
-
6:06 - 6:09and there's been surprisingly little attention
-
6:09 - 6:13to defending the Internet itself as a communications medium.
-
6:13 - 6:15And I think we probably do need to pay
-
6:15 - 6:18some more attention to that, because it's actually kind of fragile.
-
6:18 - 6:21So actually, in the early days,
-
6:21 - 6:23back when it was the ARPANET,
-
6:23 - 6:26there were actually times -- there was a particular time it failed completely
-
6:26 - 6:30because one single message processor
-
6:30 - 6:32actually got a bug in it.
-
6:32 - 6:34And the way the Internet works is
-
6:34 - 6:38the routers are basically exchanging information
-
6:38 - 6:41about how they can get messages to places,
-
6:41 - 6:45and this one processor, because of a broken card,
-
6:45 - 6:47decided it could actually get a message
-
6:47 - 6:49to some place in negative time.
-
6:49 - 6:53So, in other words, it claimed it could deliver a message before you sent it.
-
6:53 - 6:56So of course, the fastest way to get a message anywhere
-
6:56 - 6:58was to send it to this guy,
-
6:58 - 7:02who would send it back in time and get it there super early,
-
7:02 - 7:05so every message in the Internet
-
7:05 - 7:08started getting switched through this one node,
-
7:08 - 7:09and of course that clogged everything up.
-
7:09 - 7:12Everything started breaking.
-
7:12 - 7:14The interesting thing was, though,
-
7:14 - 7:15that the sysadmins were able to fix it,
-
7:15 - 7:20but they had to basically turn every single thing on the Internet off.
-
7:20 - 7:22Now, of course you couldn't do that today.
-
7:22 - 7:24I mean, everything off, it's like
-
7:24 - 7:26the service call you get from the cable company,
-
7:26 - 7:30except for the whole world.
-
7:30 - 7:32Now, in fact, they couldn't do it for a lot of reasons today.
-
7:32 - 7:35One of the reasons is a lot of their telephones
-
7:35 - 7:38use IP protocol and use things like Skype and so on
-
7:38 - 7:40that go through the Internet right now,
-
7:40 - 7:43and so in fact we're becoming dependent on it
-
7:43 - 7:45for more and more different things,
-
7:45 - 7:48like when you take off from LAX,
-
7:48 - 7:50you're really not thinking you're using the Internet.
-
7:50 - 7:54When you pump gas, you really don't think you're using the Internet.
-
7:54 - 7:56What's happening increasingly, though, is these systems
-
7:56 - 7:58are beginning to use the Internet.
-
7:58 - 8:01Most of them aren't based on the Internet yet,
-
8:01 - 8:03but they're starting to use the Internet for service functions,
-
8:03 - 8:05for administrative functions,
-
8:05 - 8:08and so if you take something like the cell phone system,
-
8:08 - 8:13which is still relatively independent of the Internet for the most part,
-
8:13 - 8:16Internet pieces are beginning to sneak into it
-
8:16 - 8:19in terms of some of the control and administrative functions,
-
8:19 - 8:22and it's so tempting to use these same building blocks
-
8:22 - 8:24because they work so well, they're cheap,
-
8:24 - 8:25they're repeated, and so on.
-
8:25 - 8:28So all of our systems, more and more,
-
8:28 - 8:30are starting to use the same technology
-
8:30 - 8:32and starting to depend on this technology.
-
8:32 - 8:34And so even a modern rocket ship these days
-
8:34 - 8:37actually uses Internet protocol to talk
-
8:37 - 8:39from one end of the rocket ship to the other.
-
8:39 - 8:42That's crazy. It was never designed to do things like that.
-
8:42 - 8:45So we've built this system
-
8:45 - 8:48where we understand all the parts of it,
-
8:48 - 8:52but we're using it in a very, very different way than we expected to use it,
-
8:52 - 8:54and it's gotten a very, very different scale
-
8:54 - 8:56than it was designed for.
-
8:56 - 8:59And in fact, nobody really exactly understands
-
8:59 - 9:01all the things it's being used for right now.
-
9:01 - 9:04It's turning into one of these big emergent systems
-
9:04 - 9:07like the financial system, where we've designed all the parts
-
9:07 - 9:10but nobody really exactly understands
-
9:10 - 9:13how it operates and all the little details of it
-
9:13 - 9:16and what kinds of emergent behaviors it can have.
-
9:16 - 9:19And so if you hear an expert talking about the Internet
-
9:19 - 9:22and saying it can do this, or it does do this, or it will do that,
-
9:22 - 9:24you should treat it with the same skepticism
-
9:24 - 9:29that you might treat the comments of an economist about the economy
-
9:29 - 9:31or a weatherman about the weather, or something like that.
-
9:31 - 9:33They have an informed opinion,
-
9:33 - 9:36but it's changing so quickly that even the experts
-
9:36 - 9:38don't know exactly what's going on.
-
9:38 - 9:40So if you see one of these maps of the Internet,
-
9:40 - 9:42it's just somebody's guess.
-
9:42 - 9:44Nobody really knows what the Internet is right now
-
9:44 - 9:47because it's different than it was an hour ago.
-
9:47 - 9:50It's constantly changing. It's constantly reconfiguring.
-
9:50 - 9:51And the problem with it is,
-
9:51 - 9:55I think we are setting ourselves up for a kind of disaster
-
9:55 - 9:58like the disaster we had in the financial system,
-
9:58 - 10:03where we take a system that's basically built on trust,
-
10:03 - 10:05was basically built for a smaller-scale system,
-
10:05 - 10:08and we've kind of expanded it way beyond the limits
-
10:08 - 10:10of how it was meant to operate.
-
10:10 - 10:14And so right now, I think it's literally true
-
10:14 - 10:17that we don't know what the consequences
-
10:17 - 10:20of an effective denial-of-service attack
-
10:20 - 10:21on the Internet would be,
-
10:21 - 10:23and whatever it would be is going to be worse next year,
-
10:23 - 10:25and worse next year, and so on.
-
10:25 - 10:27But so what we need is a plan B.
-
10:27 - 10:29There is no plan B right now.
-
10:29 - 10:32There's no clear backup system that we've very carefully kept
-
10:32 - 10:34to be independent of the Internet,
-
10:34 - 10:37made out of completely different sets of building blocks.
-
10:37 - 10:40So what we need is something that doesn't necessarily
-
10:40 - 10:43have to have the performance of the Internet,
-
10:43 - 10:45but the police department has to be able
-
10:45 - 10:47to call up the fire department even without the Internet,
-
10:47 - 10:50or the hospitals have to order fuel oil.
-
10:50 - 10:54This doesn't need to be a multi-billion-dollar government project.
-
10:54 - 10:57It's actually relatively simple to do, technically,
-
10:57 - 11:01because it can use existing fibers that are in the ground,
-
11:01 - 11:03existing wireless infrastructure.
-
11:03 - 11:06It's basically a matter of deciding to do it.
-
11:06 - 11:08But people won't decide to do it
-
11:08 - 11:10until they recognize the need for it,
-
11:10 - 11:12and that's the problem that we have right now.
-
11:12 - 11:15So there's been plenty of people,
-
11:15 - 11:18plenty of us have been quietly arguing
-
11:18 - 11:21that we should have this independent system for years,
-
11:21 - 11:24but it's very hard to get people focused on plan B
-
11:24 - 11:27when plan A seems to be working so well.
-
11:27 - 11:31So I think that, if people understand
-
11:31 - 11:34how much we're starting to depend on the Internet,
-
11:34 - 11:36and how vulnerable it is,
-
11:36 - 11:38we could get focused on
-
11:38 - 11:41just wanting this other system to exist,
-
11:41 - 11:44and I think if enough people say, "Yeah, I would like to use it,
-
11:44 - 11:47I'd like to have such a system," then it will get built.
-
11:47 - 11:48It's not that hard a problem.
-
11:48 - 11:52It could definitely be done by people in this room.
-
11:52 - 11:56And so I think that this is actually,
-
11:56 - 11:59of all the problems you're going to hear about at the conference,
-
11:59 - 12:02this is probably one of the very easiest to fix.
-
12:02 - 12:05So I'm happy to get a chance to tell you about it.
-
12:05 - 12:07Thank you very much.
-
12:07 - 12:11(Applause)
- Title:
- The Internet could crash. We need a Plan B
- Speaker:
- Danny Hillis
- Description:
-
In the 1970s and 1980s, a generous spirit suffused the Internet, whose users were few and far between. But today, the net is ubiquitous, connecting billions of people, machines and essential pieces of infrastructure -- leaving us vulnerable to cyber-attack or meltdown. Internet pioneer Danny Hillis argues that the Internet wasn't designed for this kind of scale, and sounds a clarion call for us to develop a Plan B: a parallel system to fall back on should -- or when -- the Internet crashes.
- Video Language:
- English
- Team:
- closed TED
- Project:
- TEDTalks
- Duration:
- 12:31
Olivia Cucinotta edited English subtitles for The Internet could crash. We need a Plan B | ||
Olivia Cucinotta edited English subtitles for The Internet could crash. We need a Plan B | ||
Olivia Cucinotta edited English subtitles for The Internet could crash. We need a Plan B | ||
Olivia Cucinotta edited English subtitles for The Internet could crash. We need a Plan B | ||
Thu-Huong Ha edited English subtitles for The Internet could crash. We need a Plan B | ||
Thu-Huong Ha approved English subtitles for The Internet could crash. We need a Plan B | ||
Thu-Huong Ha edited English subtitles for The Internet could crash. We need a Plan B | ||
Morton Bast accepted English subtitles for The Internet could crash. We need a Plan B |