Attacks on the cloud could cause major global outages and the service providers are now quietly worried at the potential for chaos, a survey of the sector has found.

According to Arbor Networks' latest annual Infrastructure Security Report (Volume 5) survey of 132 large IP operators from across the world, 35 percent of respondents put this at the top of their worry list for the next year, ahead even of the traditional anxiety over botnets and DDoS.

Evidence for attacks on the nascent cloud industry are thin on the ground compared to other sectors, but it is easy to see where the anxiety comes from. In principle, a single vulnerability in any part of the various software elements on which a cloud provider bases its services could compromise not just a single application but the whole virtualised cloud service and all its customers.

Botnets came second on 21 percent, marginally ahead of ID and credential theft on 20 percent, with DNS cache poisoning, BGP route hijacking, system compromise and Internet worms all under the 10 percent worry mark.

It is a small comfort that the ISP projections on the peak size of DDoS attacks have come in some way below the 80Gbit/s level it was assumed they might reach in 2009. In the event, the largest DDoS of the year got to 49Gbit/s, a modest 20 percent rise over the 40Gbit/s maximum seen in 2008.

Perhaps the biggest challenge revealed by the survey is simply the sheer number of challenges that have come along at once, what Arbor describes as a ‘perfect storm' of problems. This covers from imminent IPv4 address exhaustion, the need to implement DNSSEC (DNS Security Extensions) and 4-byte ASNs (a change to the inter-domain routing architecture)

"Any one of these changes alone would constitute a significant architectural and operational challenge for network operators," Arbor's notes on the survey say. "Considered together, they represent the greatest and potentially most disruptive set of circumstances in the history of the Internet, given its growth in importance to worldwide communications and commerce."

Arbor Networks' Worldwide Infrastructure Security Report Volume 5 can be downloaded from the company's website (requires registration).