One of the fun things about TUANZ is you never know where the next media storm will come from, on Saturday I was in Wellington talking to the real heroes of NZ rural broadband – the regional wireless ISP’s (more about them later)

Here’s the latest update from Spark: 

Cyber criminals based overseas appear to have been attacking web addresses in Eastern Europe, and were bouncing the traffic off Spark customer connections, in what is known as a distributed denial of service (DDoS) attack.

The DDoS attack was dynamic, predominantly taking the shape of an ‘amplified DNS attack’ which means an extremely high number of connection requests – in the order of thousands per second – were being sent to a number of overseas web addresses with the intention of overwhelming and crashing them.  Each of these requests, as it passes through our network, queries our DNS server before it passes on – so our servers were bearing the full brunt of the attack.

While the Spark network did not crash, we did experience extremely high traffic loads hitting our DNS servers which meant many customers had either slow or at times no connectivity (as their requests were timing out). There were multiple attacks, which were dynamic in nature.  They began on Friday night, subsided, and then began again early Saturday, continuing over the day.  By early Sunday morning traffic levels were back to normal and have remained so since. We did see the nature of the attack evolve over the period, possibly due to the cyber criminals monitoring our response and modifying their attack to circumvent our mitigation measures – in a classic ‘whack a mole’ scenario.

Its good to see Spark coming out with this statement as it deals with a lot of the ‘chatter’ that is out there, one question has been top of mind for a lot of people – Why just Spark? 

Here’s their reply: 

Why only Spark?

We can’t say what other networks experienced.  However, cyber criminals often look for clusters of IP addresses to use in any particular DDoS attack.  That makes it more likely that these IP addresses belong to the customers of a single ISP – even more likely with a large ISP like Spark.

How did they get access through the Spark Network?

Since the attacks began we have had people working 24/7 to identify the root causes, alongside working to get service back to normal. During the attack, we observed that a small number of customer connections were involved in generating the vast majority of the traffic. This was consistent with customers having malware on their devices and the timing coincided with other DNS activity related to malware in other parts of the world. 

However, while we’re not ruling out malware as a factor, we have also identified that cyber criminals have been accessing vulnerable customer modems on our network. These modems have been identified as having “open DNS resolver” functionality, which means they can be used to carry out internet requests for anyone on the internet. This makes it easier for cyber criminals to ‘bounce’ an internet request off them (making it appear that the NZ modem was making the request, whereas it actually originates from an overseas source). Most of these modems were not supplied by Spark and tend to be older or lower-end modems.

What remains clear is that good end user security remains an important way to combat these attacks. With the proliferation of devices in households, that means both the security within your device and the security of your modem.

What did Spark do?

We have now disconnected those modems from our network and are contacting all the affected customers. We have also taken steps at a network level to mitigate this modem vulnerability.  We are now in the process of scanning our entire broadband customer base to identify any other customers who may be using modems with similar vulnerabilities and will be contacting those identified customers in due course to advise them on what they should do.

With respect to malware we continue to strongly encourage our customers to keep their internet device security up to date, conduct regular scans and regularly update the operating software and firmware on their home network. We also continue to advise customers not to click on suspicious links or download files when they are not sure of the contents.  

We have also taken steps at the network level to make it more difficult for cyber criminals to exploit the DNS open resolver modem vulnerability and we’re using the latest technology to strengthen our network monitoring and management capabilities. For security reasons we can’t detail these steps, however this is an ongoing battle to stay one step ahead of cyber criminals who are continually using more and more sophisticated tactics.

I spend quite a bit of time watching various technology stories emerge and I’ve learnt that you need to develop a couple of skills if you are going to maintain both your focus and sanity.

It is very easy to believe everything that you read and soon you come to realise that:

a.   A lot of the breathlessly announced new technologies never see the light of day

b.   A lot of progress is incremental and each subsequent release brings an increasing sense of disappointment as products and services approach the boring nirvana of some kind of long term ‘steady state’ existence

c.   How do you pick the winners?

There are a couple of models that I have found really useful over the years, the first is Geoffrey Moore’s ‘Crossing the Chasm’ model which helps to explain why so many products never make it beyond the early adopters and then I came across the Gartner Hype Cycle which I came across through my long term addiction to Wired magazine.

So I’m very curious to what the 2014 edition of the hype cycle contains:

The 2014 Gartner emerging technology Hype Cycle graph

Gartner have actually analysed over 2000 emerging technologies and placed them on this curve and they’ve been doing it for over 20 years so they have pretty unique depth in this space.

I love this model for several reasons, one is that it makes sorting the wheat from the chaff a lot easier, the second is that I now cynically wonder what the real purpose of a lot of announcements truly is. You know that they are usually about money, When concepts are at the ‘innovative trigger’ stage it can be about research grants, then attracting angel investors and venture capital, once the delightfully named ‘peak of inflated expectations’ is reached its often about attracting investors to an IPO or increasingly now part of a ‘crowdsourcing’ push this is followed by the aptly named ‘trough of disillusionment’ where it maybe about keeping grumpy investors or bankers on side long enough to reach the golden shores of the ‘slope of enlightenment’ which lead to the ‘plateau of productivity’ and its then our money that they’re after as consumers.

So what do you think of their picks?

Well I’ve had a night to sleep on yesterday’s announcement and I’m still pretty excited, its a clever piece of policy work, by extending the TDL (Telecommunications Development Levy – successor to the much derided TSO) the Government has given itself an extra $150 Million to play with that is fiscally neutral (I think they’ll be hoping that the Telco’s paying the TDL won’t notice that they’re going to keep paying a wee bit longer.

Politically its very smart as it does 3 things, firstly it gazzumps Labour’s $9.6 million contestable fund for very similar rural initiatives, secondly it deals with genuine heartland concern about broadband and mobile coverage and finally it is actually quite ambitious for rural New Zealand.

To be really successful it needs a target and I think it needs to be an ambitious target – funding projects that will have the capability within 10 years to deliver 1 gigabit/second to rural New Zealand.

Thats not a pipe dream. it can be done today with 2 technologies fibre and point to point wireless and by 2024 5G should be gigabit capable as well. 

As a former rural New Zealander (I’m just currently an economic exile in #gigatownporirua) one thing that really pisses me off is hearing that old technology is good enough for country folk. Its up there with the now 30 year old refrain about farming being a sunset industry, I’m glad its such a long sunset as without the ‘white gold’ boom we would be in a far worse position.

Farming is developing into a very sophisticated data intensive business, it is the starting point for the worlds food based supply chain and consumers increasing demand for more detail about their food & where it comes from. But not only that, rural New Zealanders are entitled to all the good stuff that comes with ultra fast internet, tomorrow see’s the launch of Spark’s ‘Lightbox’ service and I’m sure plenty of rural Kiwi’s are up for a bit of ‘Global mode’ too.

The devil as they say is in the detail and it will be the same with yesterdays announcement, there are many questions to be asked and a lot of capacity to be rebuilt. In its first broadband schemes the Government favoured large monolithic structures run by contract, in fact it believed that contracts would work better than regulation.

Councils and small regional operators were sidelined by both the UFB and the RBI and massive waste and overbuild has occurred, the situation in Palmerston North is a prime example where pioneering work was done by James Watts and his team at inspire.net and he had an effective partnership going with the Palmerston North City Council, James was even running fibre to the farm 7 years ago.

Now the Government recognises that local is often best and will need to re-engage players who still have much to offer. This will require both sides to re-establish dormant relationships and a number of plans can be dusted off and updated.

Who will run the new scheme? is it best suited to MBIE or could it function out of CFH with an expanded mandate? Nearly all of the old team at MED who used to run these projects have moved on or retired.

I think it could well take several years to get back in shape for this challenge, the current RBI advisory structure needs to be revisited and updated to provide genuine governance and oversight.

We also need to make sure that it remains consistent with our market structure, that is that new access networks are structurally separated and open access and the the correct regulatory settings are applied.

I’ll leave with the insights I’ve just gained from the engineer behind the very successful Northpower fibre rollout. 

A few different experiences lately have got me thinking about digital leadership and just whose job should it be?

A recent discussion on twitter also canvased the issue as well, I think the whole ‘gigatown’ campaign highlights the difficulties around trying to stimulate UFB uptake and awareness when Chorus itself comes from the culture that up until recently when suddenly there was Government money involved, actively denied the need for anything better than ‘everyday broadband’ which was seen as being around 256kb/s.

The UFB is a bold initiative that is already driving NZ up the global broadband rankings, the US is still getting excited that fibre might be coming to Cupertino – the home of Apple. Within a decade it will be the norm in every New Zealand town.

In 2008 TUANZ called for the creation of a Government entity dedicated to providing digital leadership similar to role played by the IDA (the Infocomm Development Authority) in Singapore.

Xero founder and all-round digital good guy Rod Drury has been vocal in his call for NZ to have a CTO (Chief Technology Officer) something that is get picked up as an idea by a number of political parties but sadly not yet by the Government.

And when you get down to it digital leadership does seem to come back to the government for many reasons:

1.0  They are the collective voice for NZ inc

2.0  They are the biggest beneficiary of NZ being a keen adopter of ICT through everything from increased productivity generally down to lowering the cost of delivering government services

3.0  They are the biggest aggregated purchaser of ICT services in the country, who else has the money to do INCIS, Novopay etc

4.0  They are now once more a significant investor in ICT and hold stakes in a variety of ICT related entities (for example CFH, Chorus, Kordia, REANNZ & N4L)

5.0  Their policies direct how the NZ digital landscape develops at both an infrastructure and commercial level

6.0  They set and operate the regulatory regime, the spectrum regime, the resource management regime, the educational curriculum and broad economic policy

7.0  They are our interface to wider international agreements and environments for issues like copyright, trade, RS&T and international standards

8.0  Various arms of government also contain more people who are paid to look at the future than you find in the ‘real’ economy where we are focused on surviving today and coming back for more tomorrow

Steven Joyce is a man I like and respect but he is wrong when he says that having a GCIO (Government Chief Information Officer) is as good as having a NZ inc CTO reporting directly to the PM. We do need a GCIO mainly to manage number 3 on the list, the CTO needs to have an overview of everything.

And the CTO needs to be able to look at the big picture stuff like the ‘Internet of Cows’, ‘3D printing’, ‘Digital Inclusion’ or ‘delivering Rural Gigabit’.

What do you think?