Verisign network operating center
Technicians monitor Internet traffic in a Verisign network operating center. A new center has recently gone operational and will replace the one seen here.
By Brock N. Meeks Chief Washington correspondent
updated 1/20/2004 8:52:50 PM ET 2004-01-21T01:52:50

The “heart” of the Internet, the so-called “A” root that is the Internet’s master addressing computer, resides here on the third floor of a nondescript four story building, housed in massive flat-black aluminum cage that looks like it could double as a gym locker for a mountain troll. 

All this sits in a nondescript town at the end of a nondescript ribbon of highway that’s just a Little League outfielder’s throw from suburbia. And that’s just the way VeriSign Inc., the company responsible for administering the “A” root, wants it.  For that matter, that’s just how the Department of the Homeland Security, which has designated the root servers as critical homeland security infrastructure, likes it, too. 

The unassuming building that houses the “A” root sits in a cluster of three others; the architecture looks as if it were lifted directly from a free clip art library.  No signs or markers give a hint that the Internet’s most precious computer is inside humming happily away in a hermetically sealed room.  This building complex could be any of a 100,000 mini office parks littering middle class America. 

“That’s called ‘security through obscurity,’” says Christopher Ambler, a long time Internet veteran and principle of Ambler Internet Consulting.  “And that’s the first line of defense and that has traditionally been the main line of defense for root servers,” Ambler says, referring to the collection of thirteen computers located around the world that act as the main arteries for all the Internet’s addressing traffic. 

But Ambler nearly chokes on the word “defense” noting that “up until two years ago nobody gave a rat’s ass for security of the root servers because if the Internet went down it would have been an annoyance to some researchers and nerds.”

Today it’s a different story as the world’s economy cruises the Internet’s fast lane.  “Once terrorism became the buzzword and the Internet became the lynchpin of global commerce people started to get serious about their paranoia,” that the Net could very well be a target, Ambler said.

Volunteer duty
In addition to the “A” root, which maintains the central address book for the Net and in turn sends updates to the other 12 root servers, VeriSign also administers another root server in the Washington, D.C. area but in a different facility that is miles and miles away from where the “A” root sits. 

Each of the root servers is operated on a volunteer basis; they are scattered around the world with the U.S. operating the majority of them.  These root operators are a collection of academic, non-profit, scientific and governmental institutions.  Historically the root operators have formed a loose collation that coordinates and cooperates out of sense of duty, not regulation or contract. 

VeriSign is a publicly held company that inherited operation of the “A” root via an acquisition.  In addition, the company runs both the .COM and .NET databases, making it one of the most powerful and influential forces in the Internet.  As such, VeriSign’s actions often end up being only slightly less controversial than the sport of dwarf tossing.  The most recent dust-up being VeriSign’s “site finder” product that redirected a mistyped or non-existing Web address to a VeriSign-owned search page instead of simply returning a “site not found” message.  VeriSign was accused of hijacking such traffic and using it to potentially profit from.  The company has temporarily shut down the site while it “reviews” its options.

While controversy is a by-product of being the biggest player in the game there also are advantages.  The biggest is in the amount of money available to throw into security and VeriSign isn’t shy about touting the $150 million it has invested in various security measures.

But that figure isn’t just what VeriSign spends on securing the root servers -- that money also buys protection for a host of services VeriSign provides.  The root servers are unwitting benefactors of a company carrying out its fiduciary responsibility to to protect its entire business line.

“From our perspective, I think that clearly we are the leader in that particular area, that we provide more back-ups than anyone else does,” says Ken Silva, vice president of Network Security for VeriSign.  “The advantage of us running the root servers that we run is that we do invest in this infrastructure,” said Silva, a 20 year veteran of the nation’s top spy agency, the National Security Agency.  He believes that none of the other root server operators can match VeriSign’s investment.  

Inner chamber
While security outside the VeriSign building is non-existent, inside is another story.  An electronic badge is required to get into the reception area.  Visitors are “tagged and bagged” and made to sign de facto non-disclosure agreements before being lead to an elevator.

Another badge is needed to access floors three and four.  Off the elevator and again badges are needed to access any of a dozen doors. 

Access to the Network Operations Center, the “NORAD” of the Internet’s traffic monitoring, requires the electronic badge and then a double biometric hand print scan.

Silva offers up his badge and then scans his hand.  The door clicks open and he herds his small group into a much smaller hallway, briskly steps to another door, swipes his badge and reaches to place his hand on the second biometric scanner.

Abruptly he pulls his hand away, like a small child sensing the heat radiating from a stove burner.  “Can you pull that door closed?  I didn’t hear it click,” he asks of the person standing nearest to the first door.


Silva offers up his second hand scan and the door to the NOC opens.  Inside there is plush carpeting and the hushed atmosphere of a library.  The NOC is ringed in tasteful subdued lighting more suited to seduction than network protection. 

In front there are 13 huge flat panel monitors.  One of the screens shows Internet data loads on the root servers all over the world.  It’s the same screen that the Department of Homeland Security has real-time access to. 

Along the sides of the room CNN and CNN Headline News are playing; the techs monitor the world news in case of natural disaster.  When asked why only one of the 24-hour cable news networks is being monitored Silva says a bit sheepishly, “Oh yeah, we should have switched that [to MSNBC] I suppose.”

It is in this place, on these monitors, Silva says, that VeriSign’s technicians would be among the first to see any tell-tale sign that the Net was melting down.  “But frankly, there’s little chance of that happening,” he says.  On a scale of one-to-ten, ten being highest for the potential of the Internet totally crashing, “I’d give it a three,” Silva says.  “The Internet is more resilient that people give it credit for,” he says. 

Even if someone managed to simultaneously take out all 13 root servers in some kind of coordinated attack there are back-ups in place to shoulder the load. 

“Should the ‘A’ root fail for any reason, sudden network drop or a backhoe out there [cutting a line], somehow if this site just vanished off the Internet, it would automatically [switch] over to one or two other locations,” Silva said.  These are the so-called “warm back-ups” that VeriSign has on stand-by at all times.  The Internet never sees them, Silva says, but they can be up and running within 15 minutes and in that time Internet users wouldn’t even notice a hiccup in traffic, Silva says, owing to the fact that the majority of a user’s web experience is “cached” on a local Internet Service Provider.

Contracted responsibility
The other root server operators aren’t investing at VeriSign levels in security measures, but they are cutting deals that, in essence, allow a root server to clone itself on computers owned by other willing organizations.  This type of redundancy provides powerful disaster preparedness.

But there is no requirement or regulation placed on these root server operators compelling them to practice good Internet security. 

The Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit body contracted to the U.S. government to help administer the Internet and oversee the doling out of domain names, drafted a Memorandum of Understanding (MoU) that sets out recommended minimum security standards for all root operators.  But nothing in the ICANN document carries the force of law. 

That begs the question of whether the root operators should be under contract to ICANN to run the roots. 

The root server operators “have no contract with anyone, no guarantee of level of service, they could turn [the root servers] off tomorrow with no consequences at all because they are doing it out of the kindness of their heart,” said Internet consultant Ambler.  “ICANN needs contracts with the root server operators that specify minimum levels of service and minimum levels of security and the root servers need to be paid for that,” he said.

Internet pioneer Dave Farber said he would like to see the root server operators “held accountable” for creating a secure environment.  However, Farber said he’s not in favor of mandating how that should be accomplished because “that’s going to give you diversity, otherwise it’s the old Microsoft Windows game: if everyone is using the same software and someone finds a hole then everyone is vulnerable at that point.  Variety is the spice of life.”

But in a contract situation, where there are strict performance clauses and requirements, legal liability issues will inevitably crop up, Farber said, as would the issues of who do you sue and where do you sue.  “I think it’s a bag of worms,” he said.

© 2013 Reprints


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments