In a review of Federal agencies work on cybersecurity, the Government Accountability Office (GAO) internet architecture is generally considered resilient, but there are still risks involved that Federal agencies are addressing.
Due to its decentralized nature, internet architecture is considered resilient, however Federal agencies must take actions “such as disseminating threat information and participating in global internet governance groups.”
“While experts consider the internet architecture to be resilient, it nevertheless faces a variety of cyber and physical risks that can impact its components; such risks can be intentional or unintentional,” wrote GAO. “Cyber-related risks can impact two sets of protocols needed to ensure the uniqueness of names used in internet-based services and for facilitating the routing of data packets.”
These protocols are threatened by intentional abuse from malicious actors, according to GAO, as well as by unintentional failure.
Risks here can result in incidents that disrupt the proper function of the internet with outages, degradation of performance, and interception of traffic. No one organization is responsible for the entirety of internet policy, operations, or security, GAO says, but the Federal government fills different roles directly addressing risks to the internet architecture.
In its review, GAO analyzed publicly available reports from Federal and non-Federal organizations for identifying risks to internet architecture components. It also convened two panels with subject matter experts with varying experience with internet architecture.