Slashdot Mirror

← Back to Stories (view on slashdot.org)

Preparing for the Worst in IT

Posted by Zonk on from the in-a-post-blah-blah-blah dept.

mplex writes "How vulnerable is the internet to terrorist attack? Is it robust enough to handle an outage on a massive scale? Should the commercial infrastructure that powers the internet be kept secret? These are the sorts of questions raised by Mark Gibbs in his latest column in Network World. 'There is an alternate route available for nearly all services through Las Vegas or Northern California serving all facilities-based carriers in Los Angeles -- all interconnected at numerous L.A. and L.A.-area fiber-optic terminals supporting both metro and long-distance cable.' Given that the internet thrives on open networks, it's hard to imagine keeping them a secret. At best, we must be prepared to deal with the worst."

7 of 172 comments (clear)

  1. What about a boogeyman attack? by koreth · · Score: 5, Insightful

    Why is terrorism "the worst" now? I'm much more afraid of a high-magnitude earthquake hitting the west coast of the US, or a major hurricane veering further north than usual on the east coast, than I am of some random bomb going off somewhere.

    Just in the last year we've seen how a single earthquake in Taiwan can bring connectivity between Asia and the rest of the world nearly to a halt. Natural disasters like that are a sure thing and it makes much more sense to me to worry about that than about the latest episode of "24" coming true.

    Which isn't to say that we should dismiss any possible threat entirely, of course -- but we should also prioritize our efforts. It's not possible to fully prepare for every possible problem.

    Ironically, TFA actually claims that we are pretty well prepared.

    1. Re:What about a boogeyman attack? by Anonymous Coward · · Score: 5, Insightful

      I bet you think taking off your shoes and turning in your bottled water at the airport gate is making you safer.

    2. Re:What about a boogeyman attack? by Blakey+Rat · · Score: 5, Insightful

      Much more delicate than the Internet is the power grid it relies on.

      High-voltage transmission lines are frequently in the middle of nowhere, with no patrollers or police nearby, yet easily accessible from any SUV by just driving down the service road. A single stick of dynamite is probably sufficient to take down a single tower. The grid (as was shown by the outage on the east coast a couple years ago) is not very redundant, so only a few towers would need to be prepared in this manner. The bombs could be set off from a cellphone with little risk of an attacker being captured, and it would take weeks to repair.

      I agree with you that the priorities are off, but even considering only the Internet, priorities are off. The Internet can't function without the power grid, and the power grid is a lot more delicate than most people know.

      --
      Comment of the year
    3. Re:What about a boogeyman attack? by ScentCone · · Score: 5, Insightful

      Just in the last year we've seen how a single earthquake in Taiwan can bring connectivity between Asia and the rest of the world nearly to a halt. Natural disasters like that are a sure thing and it makes much more sense to me to worry about that than about the latest episode of "24" coming true.

      So, you don't even WANT to know what we might/should/could do if someone/group (unlike an earthquake in California) actually simultaneously destroyed or just plain hosed up some key fiber routes and datacenters in LA, San Fransisco, New York, Vegas, and Northern Virginia at the same time? It's not like it takes nukes to still really screw it up. The sort of truck bombs that did the Murrah federal building would be pretty effective against a lot of infrastructure points. And a day or three of very latent or completely absent routes in and out of those areas and the ones that depend on them would be fantastically painful to businesses large and small... and thus to all of us. You don't have to be a Russia-backed super-hacker '24'-class villain to do that sort of stuff. Mostly, you just have to be willing to do things just like have already happened overseas plenty of times. Trucks, fertalizer, diesel fuel... and being willing to crash your rented truck through or up to the front door of a few not-very-unknown buildings.

      Never mind the loss of backbones... just half a dozen Level3 or Savvis datacenters would send serious shockwaves. Savvis has decent enough datacenter security when it comes to the walk-up, gun-toting sort of thing... but they're hardly truck-bomb proof.

      Terrorism is "the worst," in this sense, because it can be a distributed attack. Not a quake in one city, or a hurrican that hits two... but far more surgical, with far wider implications, economically, at least for long enough to genuinely smack the country's cash flow around. That's the peril of just-in-time manufacturing, drop-shipping retailers, internet-based payroll processing, and so on. Just the civil unrest from the loss of pr0n, alone... think of it!

      --
      Don't disappoint your bird dog. Go to the range.
    4. Re:What about a boogeyman attack? by linguizic · · Score: 5, Funny

      Thank you my friend. I find what you say very useful. Allah smiles on you this day my friend!

      --
      Does this sig remind you of Agatha Christie?
    5. Re:What about a boogeyman attack? by Ontology42 · · Score: 5, Informative

      As a consultant I routinely receive requests for Disaster Recovery work for organizations ranging in size from a few hundred to a few hundred thousand. Depending on the alloted budget we work our way down the hardware.
      1. Redundant Network Connections
      2. Highly available Services (Applicaiton Clusters)
      3. Fail over - Off site if needed (Local, Metro, then off-site)
      4. Power backup & Isolation (Generators good for 48 hours at least if not more, plus filtration systems that will withstand a localized EMP)
      5. Testing - Smoking hole scenarios. (ie: where did NY, Chicogo, Washington, just go?)

      I am not at liberty to divulge my client list but I can say for certain that they are very interested in maintaining service availability even if their primary sites were hit directly by nuclear weapons. Services include all communications not just the internet. Arpanet was founded by the boys in green, they worry about these sorts of things.
      It becomes a matter of balanceing function with cost, the old engineering addage does ring true here more than anywhere else:
      Cheap, Fast, Reliable; pick any two!

      Companies like Hugues, Teleglobe, and various governments of the G8 do what their budgets allow to facilitate redundancy, however since terrorism is a good political tool to motivate sales (along with natural disasters) then people in the consulting industry will be well met to help the organizations that make the internet redundant.
      As for the power grid, Telcordia standards dictate that a carrier grade data center (if it's essential services) has to have some method of running even at a reduced capacity for extended periods of time. Thus there is a buffer provided for the local power company to get their systems working, that and most datacentres are close to large power supplies. This is the result of the original POTS standards. It's also the reason VOIP providers don't guarantee 911 service. The regulation and maintence costs on these datacenters is very high, which is how AT&T and Verizon justify charging an arm and a leg for your land line.
      Then again, I've seen Tier 1 data-centerers undone by a fire-systems worker (plumber) dropping a wrench on the -48V bus-bar and having instantaneously weld to the A-Frame causing millions in damage and making an entire city core go quiet. Who needs terrorists when we have difficulty hitting 100% availability on our own, normally?

    6. Re:What about a boogeyman attack? by koreth · · Score: 5, Interesting

      Do you think you'd feel any different at all if you or someone you care about had been sitting next to the guy that was caught actually trying to set off real shoe bombs on an actual airplane? Are you of the "well, we lucked out on that one, caught him, and since they know we know that trick now, they would never try it again, and we can stop looking for it now" camp? How does your brain work on topics like that?

      You mean Richard Reid, the guy who tried to set off plastic explosives with a match (hint: you don't ignite plastic explosives with a match; if you set C4 on fire it will just burn, not explode) and who was beaten unconscious by the other passengers before he could even fail to set off his nonfunctional bomb?

      No, I don't think I'd feel that different.

      In fact, it's a good demonstration of, as you say, how my brain works: I try to think through the subject based on what actually happened. Observable history, one might call it.

      The only reason two of the three 9/11 hijackings succeeded was because the passengers, having never heard of a passenger jet being used as a weapon before, assumed they would be flown to Cuba or somesuch, just like all the other passengers on hijacked jets in living memory. That is no longer the case, as evidenced by the fact that the third hijacked plane failed to reach its target. The simple fact that everyone knows there are people out there who want to blow up passenger jets will, without an extra dime spent on security or any extra disrobing at the gate, make it a lot harder to pull off any stunt that requires a terrorist passenger to initiate.

      And those plans that don't require a passenger to initiate, e.g. smuggling a bomb into the cargo hold, hitting a plane with a surface-to-air missile after takeoff, etc., won't be affected at all by the senseless security theater everyone is subjected to.