Welcome to Lesson 26. Let us now turn our attention to the Internet. As alluded to previously, the Internet is at the crux of the Homeland Security cyber security concern. Because the Internet provides an avenue for attacking critical infrastructure from anywhere in the world. And the Internet itself is a critical infrastructure on which many other critical infrastructures depend. Not surprisingly, the Internet is the youngest of the four infrastructures we examine in this course. Developed in the 1960s, the Internet has undergone rapid evolution that may be summarized in three epics. One, the creation and expansion of the ARPANET for government related research from 1969 to 1981. Two, the introduction of the TCP/IP Protocol and transition to NSFNET resulting in rapid proliferation among universities from 1982 to 1995. And three, it's explosive growth from 1995 to present, following release from government and introduction of HTML protocols creating the worldwide web. Experts say we're on the verge of fourth epic characterized as the Internet of Things. Where communications between people will be vastly outstripped by communications between appliances. Although the Internet has undergone rapid revolution, it remains at its heart a simple collection of links, routers, and protocols providing a common medium for communications between different computers. Nobody owns the Internet. However, the vast majority of links and routers are owned by a small number of very large Tier 1 corporate Internet Service Providers. In the US, there are only seven Tier 1 ISPs. These ISPs in turn, interconnect among themselves and with smaller ISPs through about 350 Internet exchange points. Enabling a communications path between computers just about anywhere in the world. The key to facilitating this global data exchange is the Internet protocol addressing scheme. IP addresses are controlled by the Internet Corporation for Assigned Names and Numbers, ICANN, a global non-profit agency operating out of Los Angeles. A department within ICANN, called the Internet Assigned Numbers Authority, IANA, manages several hundred geographically distributed domain name servers. IANA domain name servers supply ISP routers with IP address translations that are essential to delivering communication packets to their correct destination. Although there are hundreds of domain name servers, IANA maintains master IP address lists only on 13 root servers. From this brief description, we can see that despite its globe spanning architecture, the Internet has at least two points of vulnerability. One, the IXPs and two, the root servers. A denial-of-service attack is one that attempts to choke off computer's communications by overwhelming it with superious requests. A denial-of-service attack effectively neutralizes a computer by cutting off access to it. It is surmised that a well-timed and coordinated massive denial-of-service attack could bring down any number of IXPs taking down significant parts of the Internet. A more likely target though, are the DNS route servers. In fact, in December 2015 a coordinated denial-of-service attack from many sources succeeded in neutralizing 3 of the 13 IANA route servers. The Internet is classified as part of the information technology infrastructure in PPD-21. But also forms the underlying support for most of the communications infrastructure. The Department of Homeland Security Office of Cybersecurity and Communications under the National Protection and Programs Directorate is the designated sector specific agency for the Internet. DHS has no regulatory authority over the Internet but works with ISPs and ICANN on a voluntary basis. In response to a NIST request for information stemming from executive order 13636, improving critical infrastructure for cyber security. The Department of Homeland Security in May 2013, stated that it was not adverse to the NIST cyber security framework. But it was already employing the Cyber Assessment Risk Management Approach, or CARMA, to assess cyber security in the information technology sector. Okay, let us review what we have learned in this lesson. 1, nobody owns the Internet. 2, the Internet is basically comprised of links, routers, and protocols. 3, most of the links and routers are owned by a few very large Internet Service Providers who interconnect themselves through about 350 Internet exchange points. 4, Internet communications depend on domain name services that are supported by just 13 root servers managed by the Internet Assigned Numbers Authority. 5, attacks on either the IXPs or DNS root servers could disable a significant portion of the Internet. 6, the Department of Homeland Security Office of Cybersecurity and Communications has responsibility for protecting the Internet. 7, the Department of Homeland Security has no regulatory authority over the Internet. And, 8, the CS&C works in voluntary cooperation with ISPs and ICANN to protect the Internet using CARMA, the Cyber Assessment Risk Management Approach. Please join me next time as we take a closer look at CARMA. Thank you.