Preparing for the Worst in IT 172
mplex writes "How vulnerable is the internet to terrorist attack? Is it robust enough to handle an outage on a massive scale? Should the commercial infrastructure that powers the internet be kept secret? These are the sorts of questions raised by Mark Gibbs in his latest column in Network World. 'There is an alternate route available for nearly all services through Las Vegas or Northern California serving all facilities-based carriers in Los Angeles -- all interconnected at numerous L.A. and L.A.-area fiber-optic terminals supporting both metro and long-distance cable.' Given that the internet thrives on open networks, it's hard to imagine keeping them a secret. At best, we must be prepared to deal with the worst."
lol zonk (Score:4, Funny)
Re:lol zonk (Score:5, Funny)
Re: (Score:2)
What about a boogeyman attack? (Score:5, Insightful)
Why is terrorism "the worst" now? I'm much more afraid of a high-magnitude earthquake hitting the west coast of the US, or a major hurricane veering further north than usual on the east coast, than I am of some random bomb going off somewhere.
Just in the last year we've seen how a single earthquake in Taiwan [slashdot.org] can bring connectivity between Asia and the rest of the world nearly to a halt. Natural disasters like that are a sure thing and it makes much more sense to me to worry about that than about the latest episode of "24" coming true.
Which isn't to say that we should dismiss any possible threat entirely, of course -- but we should also prioritize our efforts. It's not possible to fully prepare for every possible problem.
Ironically, TFA actually claims that we are pretty well prepared.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Interesting)
If the West Coast gets hit by a quake, we're pretty much screwed.
Re:What about a boogeyman attack? (Score:5, Insightful)
High-voltage transmission lines are frequently in the middle of nowhere, with no patrollers or police nearby, yet easily accessible from any SUV by just driving down the service road. A single stick of dynamite is probably sufficient to take down a single tower. The grid (as was shown by the outage on the east coast a couple years ago) is not very redundant, so only a few towers would need to be prepared in this manner. The bombs could be set off from a cellphone with little risk of an attacker being captured, and it would take weeks to repair.
I agree with you that the priorities are off, but even considering only the Internet, priorities are off. The Internet can't function without the power grid, and the power grid is a lot more delicate than most people know.
Re:What about a boogeyman attack? (Score:5, Funny)
Re:What about a boogeyman attack? (Score:4, Interesting)
People in IT like to brag how robust and reliable Internet is in the event if a disaster, but I've seen far more interruption of my internet service (at any point on the route), that interruptions of my electricity.
And that's without any terroristic activity.
Re: (Score:2)
Re: (Score:2)
How do you figure? (Score:2, Informative)
Re: (Score:2)
But in those cases none of the high-voltage transmission lines were affected. If you dynamited one of those towers, it would take a heck of a lot more than two weeks to restore it, and
Re: (Score:2)
Re: (Score:3, Informative)
A single lightning strike or solar storm is also capable of disabling an entire line, not forgetting tornados
or heavy snow which can also bring the cables. And the same lightning strike can also take out telephone lines.
what caused the outage .. (Score:2)
Actually the grid used to more redundant until the utility companies stopped building standby generators and connected local systems to a central control station, to save on staff and to save money. They managed this by lobbying in Washington to get the regulations diluted.
The actual blackout was caused by the MS Blaster worm that caused the SCADA units to freeze. These Windows based units are used to pr
Re:What about a boogeyman attack? (Score:5, Insightful)
So, you don't even WANT to know what we might/should/could do if someone/group (unlike an earthquake in California) actually simultaneously destroyed or just plain hosed up some key fiber routes and datacenters in LA, San Fransisco, New York, Vegas, and Northern Virginia at the same time? It's not like it takes nukes to still really screw it up. The sort of truck bombs that did the Murrah federal building would be pretty effective against a lot of infrastructure points. And a day or three of very latent or completely absent routes in and out of those areas and the ones that depend on them would be fantastically painful to businesses large and small... and thus to all of us. You don't have to be a Russia-backed super-hacker '24'-class villain to do that sort of stuff. Mostly, you just have to be willing to do things just like have already happened overseas plenty of times. Trucks, fertalizer, diesel fuel... and being willing to crash your rented truck through or up to the front door of a few not-very-unknown buildings.
Never mind the loss of backbones... just half a dozen Level3 or Savvis datacenters would send serious shockwaves. Savvis has decent enough datacenter security when it comes to the walk-up, gun-toting sort of thing... but they're hardly truck-bomb proof.
Terrorism is "the worst," in this sense, because it can be a distributed attack. Not a quake in one city, or a hurrican that hits two... but far more surgical, with far wider implications, economically, at least for long enough to genuinely smack the country's cash flow around. That's the peril of just-in-time manufacturing, drop-shipping retailers, internet-based payroll processing, and so on. Just the civil unrest from the loss of pr0n, alone... think of it!
Re: (Score:2, Insightful)
Cutting the west coast from the rest of the Internet would not cause terror, just annoyance. I'd say as a terrorist target the Internet ranks pretty low.
Re: (Score:2)
Re: (Score:2)
Do you reinforce your car with steel, surround yourself in the drivers seat with fluffy pillows, wear a helmet and drive 5 mph wherever you go?
There's being careful, and there's being ridiculously obsessed over every little thing that could possibly go wrong.
Re: (Score:2)
Let's say you're in the warehousing and trucking industry, and your facility it served by three major highways, and some small back roads. Do you think it might be smart to think through how you'd handle your daily (and only) source of revenue on the off chance that there was a major disruption to all but the back roads? Or, say you're a highly competitive (read, low-margin) dot-com business
Re: (Score:2)
I'm not saying we shouldn't take any precautions, but with limited resources, we have to pick and choose what gets defended. Putting armed guards around every high-voltage tower might prevent terrorist attacks, but it wouldn't be economically feasible to do so.
So, sometimes you just have to take chances and hope for the best.
Re: (Score:2)
Most of the infrastructure built at the time was designed to resist such an attack as best as possible. AT&T had a massive network [slashdot.org] of hilltop microwave transmitters which was abandoned
Re: (Score:2)
Temporary loss of connectivity is nothing fatal, merely an inconvenience. Perhaps expensive inconvenience, but still a mere inconvenience. And while the attacks can be parallel, the repairs can be parallel to
Re:What about a boogeyman attack? (Score:5, Informative)
1. Redundant Network Connections
2. Highly available Services (Applicaiton Clusters)
3. Fail over - Off site if needed (Local, Metro, then off-site)
4. Power backup & Isolation (Generators good for 48 hours at least if not more, plus filtration systems that will withstand a localized EMP)
5. Testing - Smoking hole scenarios. (ie: where did NY, Chicogo, Washington, just go?)
I am not at liberty to divulge my client list but I can say for certain that they are very interested in maintaining service availability even if their primary sites were hit directly by nuclear weapons. Services include all communications not just the internet. Arpanet was founded by the boys in green, they worry about these sorts of things.
It becomes a matter of balanceing function with cost, the old engineering addage does ring true here more than anywhere else:
Cheap, Fast, Reliable; pick any two!
Companies like Hugues, Teleglobe, and various governments of the G8 do what their budgets allow to facilitate redundancy, however since terrorism is a good political tool to motivate sales (along with natural disasters) then people in the consulting industry will be well met to help the organizations that make the internet redundant.
As for the power grid, Telcordia standards dictate that a carrier grade data center (if it's essential services) has to have some method of running even at a reduced capacity for extended periods of time. Thus there is a buffer provided for the local power company to get their systems working, that and most datacentres are close to large power supplies. This is the result of the original POTS standards. It's also the reason VOIP providers don't guarantee 911 service. The regulation and maintence costs on these datacenters is very high, which is how AT&T and Verizon justify charging an arm and a leg for your land line.
Then again, I've seen Tier 1 data-centerers undone by a fire-systems worker (plumber) dropping a wrench on the -48V bus-bar and having instantaneously weld to the A-Frame causing millions in damage and making an entire city core go quiet. Who needs terrorists when we have difficulty hitting 100% availability on our own, normally?
Re: (Score:2)
Re: (Score:3, Funny)
Beats the hell out of me. I read the headline and assumed that a sysadmin had wandered into the office on a bright, fresh, monday morning and discovered that their datacentre had been mysteriously populated with Vista and SCO unix.
We *ARE* preparred against terrorists (Score:2)
We *ARE* prepared, but against terrorists.
- Because there's some redundancy on the 'net. One small bomb attack can't bring down the whole planet's network.
- Because, even if they could, it would be foolish for them to "shut down the whole internet" as they are using it for communicating too.
- Because, as you point out, natural disasters are much more likely, frequent and deadly/damaging than terrorists, and it would be much more interesting to
Re:What about a boogeyman attack? (Score:5, Insightful)
Re: (Score:2)
Do you think you'd feel any different at all if you or someone you care about had been sitting next to the guy that was caught actually trying to set off real shoe bombs on an actual airplane? Are you of the "well, we lucked out on that one, caught him, and since they know we know that trick now, they would never try it again, and we can stop looking for it now" camp? How does your brain work o
Re:What about a boogeyman attack? (Score:5, Insightful)
Terrorism will happen. You can't stop it, but you can stop running around freaking out at every pair of nail clippers and toy guns for GI Joe dolls (both of which have been known to be confiscated before boarding). That's absurd. The goal of terrorism is to instill terror. They've failed on my part, but it looks like they're doing a pretty good job with the masses.
Re: (Score:2)
Re:What about a boogeyman attack? (Score:4, Informative)
By 'real shoe bombs' you mean 'shoe bombs that would actually detonate'?
Ie unlike the "shoe bombs" deployed by Richard Reid... Which were actually fake shoe bombs?
The fake shoe bombs in question were plastic explosives which he 'attempted' to detonate using *matches*. There was never a threat to the aircraft or its passengers.
These 'devices' would not have detonated and were fake bombs.
If I knew someone who had sat next to this guy on this flight, no I would not be insisting that people take off their shoes to get on an airplane.
Re:What about a boogeyman attack? (Score:5, Interesting)
You mean Richard Reid, the guy who tried to set off plastic explosives with a match (hint: you don't ignite plastic explosives with a match; if you set C4 on fire it will just burn, not explode [howstuffworks.com]) and who was beaten unconscious by the other passengers before he could even fail to set off his nonfunctional bomb?
No, I don't think I'd feel that different.
In fact, it's a good demonstration of, as you say, how my brain works: I try to think through the subject based on what actually happened. Observable history, one might call it.
The only reason two of the three 9/11 hijackings succeeded was because the passengers, having never heard of a passenger jet being used as a weapon before, assumed they would be flown to Cuba or somesuch, just like all the other passengers on hijacked jets in living memory. That is no longer the case, as evidenced by the fact that the third hijacked plane failed to reach its target. The simple fact that everyone knows there are people out there who want to blow up passenger jets will, without an extra dime spent on security or any extra disrobing at the gate, make it a lot harder to pull off any stunt that requires a terrorist passenger to initiate.
And those plans that don't require a passenger to initiate, e.g. smuggling a bomb into the cargo hold, hitting a plane with a surface-to-air missile after takeoff, etc., won't be affected at all by the senseless security theater everyone is subjected to.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Or why here in the U.S., I can't take a bottle of whisky with an intact 49-year-old tax stamp on the cap through security. I had to place this valuable stuff in my suitcase, where thankfully it made the entire trip.
Silly me, I thought the liquid ban was only for opened containers - which would make sense - not fa
Re: (Score:2)
pretty good, but some improvements (Score:2)
Terrosism IS no big deal (Score:2, Insightful)
good link (Score:3, Informative)
ummm, link? (Score:2, Redundant)
Already UNDER ATTACK (Score:5, Interesting)
It might be hackneyed, but please remember the internet was designed to withstand hundreds of nuclear warheads. Half of any class of nodes can go down and the rest keep running.
Re: (Score:2)
Re:Already UNDER ATTACK (Score:4, Informative)
Nowdays? No. The internet isn't as robust as it used to be, because real redundancy costs a lot of cash. There are single buildings that could be hit that would cripple internet connectivity to entire regions, or at the very best reduce traffic to a near standstill. It's far from nuke-proof these days, nor is it very terror-proof.
Having said that, I think terrorism isn't the big threat here. Earthquakes, hurricanes, and flooding are more pressing concerns. It is a certainty that one of them will do severe damage to a US city at some point in the future, and those sort of events do much more than take down a single building. Fiber cuts, power interruption, etc.
Re: (Score:2)
The problem is *NOT* the cost (Score:2)
You'll find that your ISP etc will absolutely not allow routing of other networks across your regular connection. They barely tolerate wireless routers. Essentially they insist you act as a leaf node. If you want to do more, expect it to cost a bundle.
Dear Zonk (Score:1, Offtopic)
Dear Zonk, your posts to Slashdot are uninformative, full of errors, and not relevant to anyone's interests. Please go away.
Also, anyone who agrees with me, please tag this article "zonkism".
Re: (Score:1, Offtopic)
Re:Dear Zonk (Score:5, Informative)
There is already a tag which our software recognizes as indicating a typo in an article. It's 'typo'. This is in the FAQ [slashdot.org]. If you want to get the attention of the editor on duty, use the 'typo' tag.
Constantly Surprised at the Quality of Slashdot (Score:4, Insightful)
For instance, in a story about how resistant the Internet is to attack, the editors apparently decided to demonstrate what a possible attack might look like.
Take a look! [schend.net]
Bravo!
Re: (Score:2)
I addressed this here last month (Score:2)
This goes for infrastructures as well. Those who manage them must be prepared for everything from a cable cut to a planet-smashing asteroid.
"Prepared" doesn't always mean being able to fix the problem. It may just mean declaring in advance that the problem won't be fixed and moving on with life. Or in the case of a disaster guaranteed to be fatal, accepting that this is the end.
If the citi
Better Question: (Score:2)
"eggs in one basket"
Re: (Score:2)
Re: (Score:2)
Replace "Internet" with... (Score:2)
1. Internet
2. Electrical grid
3. Interstate Highway system (or your national trasnportation system of choice.)
4. Petroleum infrastructure
5. Microsoft Corp. (Hey, it's Slashdot.)
6. Postal system
7. Telephone network
8. Municipal water supply
Oh yeah that fiber... (Score:2)
commercial infrastructure (Score:2, Interesting)
Re: (Score:2)
I think that we have more to fear from the chinese blowing Taiwan off the map than we do of any kind of Taiwanese embargo.
Re: (Score:2)
Egoism (Score:5, Interesting)
Wrecking the US's communications systems would require a significant industrial expense and commitment, this doesn't come from terrorists.
Re: (Score:2, Interesting)
1. Bomb the power grid
2. Bomb the freeways
3. Bomb the phone system
4. Bomb Cellular towers
5. Bomb the tv system
6. Bomb the Radio stations
7. Bomb the locations that make satellite TV and satellite internet possible
If I were a minor terrorist I'd probably truck-bomb a local public building, take down a highway overpass, or poison the water supply.
If I had the resources of a major terrorist organization, my goal would be to inflict the maximum terror with the minimum chance of getting caught beforehand.
I might run a few private planes full of explosives into rural school cafeterias during lunch or into movie theaters on the opening weekend for a big blockbuster. Not only are many rural areas soft targets but like att
Re:Egoism (Score:5, Interesting)
Sixteen days after 9/11 my daughter was born, it scared the shit out of me. I wondered if I would be drafted for war, I wondered if she would, one day go to war, I wondered if one day she would have to prepare for terrorist attacks in school, I wondered if she would be snuffed out two weeks into life by some nasty man made virus, I wondered if the virus had already been released and we just didn't know it yet, I thought a lot about my daughter's future and how I would raise her to deal with it. I was thoroughly terrified of the future.
Looking back on all of that I realize that Americans did more to terrify ourselves than the enemy ever could have. We've lost thousands of soldiers and spent billions of dollars in this war on terror and we are only more terrified, it doesn't make us safer, it doesn't keep the power on, we're not flying safer, our water, internet, phones, roads, schools, our children are not safer, and hell we don't even feel safer. It's all at risk now, because we've spent all of our money and time trying to lock things down, keep things safe and protect ourselves from the boogeymen.
Today, my daughter is five, she can read, tie her shoes, and does well with math. She doesn't know what a terrorist is and they don't talk about that in school. Her little brother is also doing great, neither has gone hungry or lonely or cold a day in their lives and we still haven't finished our Y2K rations. They know only one thing about politics and it's that George W. Bush is a dumb ass. They also know what consumerism is and the ways that the TV can affect them.
I'm sick of hearing about terrorists and terrorism. I'm not scared of a terrorist attack and in fact, I'd rather be scared than watch another one of our civil liberties gobbled up by the administration or watch another funeral on the news. I'm so fucking sick of hearing about this "post 9/11" bullshit, that I could scream. We weren't safe "pre 9/11" and there isn't a fucking thing we can do to become safe in a post 9/11 world. Get over it. Life is fragile and raising your children in a bubble will not make them safer. In fact, once they inevitably leave that bubble they will not be able to survive the harsh reality that is "fresh air". So thanks George W. for a nation that cannot move without asking themselves WWTTD? (What Would The Terrorists Do?)
Re: (Score:2)
I wish nothing but success and comfort for you and yours.
--chuck
Re: (Score:2)
There is no such thing, although the Old River Control Structure [wikipedia.org] is a critical river control apparatus, shunting the Mississippi when it is in flood. Attacking the ORCS during flood would be catastrophic for shipping and petroleum prices, and could cause tens of thousands of deaths.
The locks and dams are all far, far upriver, before it turns into a mile-wide behemoth.
Re: (Score:2)
That, coupled with a good router takedown, and some off-the-shelf Windows trojans ought to do the trick. Who needs bombs when you can wipe half the computers on the net?
Re: (Score:2)
Re: (Score:2)
That is all it would take. Shoot down three jetliners in disparate parts of the country, pretty much any country. This would shut down air travel - all air travel, worldwide - for a while. When they start back up because obviously "the threat is gone", shoot down two more.
Air travel and cargo shipments would be over. Possibly forever. The economic ripples of this would give the West something to think about whi
You don't actually have to bomb the freeways (Score:2)
Re: (Score:2)
Re: (Score:2)
Yes and no (Score:4, Interesting)
No in practice. Because it is cheaper not to. Those multiple routes and connections are more expensive than a simple, single one which works just fine on a clear sunny day.
The reality is somewhere in between.
Hand Jobs (Score:2)
The goal of doofus management is to place as many people/layers between themselves and firing time. That's why we know have vice-presidents of every imagineable sort. Anyone with a brain will note that this phenomenon started
Re: (Score:2)
Really? I don't agree. And it wasn't "invented" either. There comes a point where a large enough population can basically do what it wants (usually to the detriment of everyone else).
Many boomers own houses that are valued at 5-10x what they paid for them. This gives them great financial leverage but shuts out new home buyers.
The only people that benefit from ridiculously inflated house prices are the banks, real estate agents and those that cas
Re: (Score:2)
Middle management was in fact "invented" in order to gain some sembalance of control over organizations whose employees numbered in the tens of thousands, and who maintained plants and offices all over the planet. In fact it was derived directly from the command-and-control techniques developed to manage a little project known as WWII.
Today, the pervasive use of computers, email, the internet, and so on have enabled modern corporations to "flatten" th
Re: (Score:2)
If boomers didn't self-create multiple levels of Vice-Presidentship, Executive Managers and Senior Lead With Special Powers, who did?
The mob rules, and the ballooning of the middle class generated official-sounding titles for people that have very little power (backstabbing political moves excepted). Good for the ego, bumps up a salary range -- same old guy doing the same old job, but sounds mo
Re: (Score:2)
And how many generals and admirals did we have during WWII? Vice-admirals? Rear-admirals? Seriousy, if you're managing something small like, say, GE, who's the head guy in charge of sales? Marketing? HR? Procurement? IT? R&D? PR? Comptroller? US operations? Asian? Europe? Consumer products? Lighting? Appliances? Aircraft powerplants and aviation? Nuclear power generation division? Transportation? Electrical distribution equipment
Re: (Score:2)
Thanks for your time and thoughts.
Re: (Score:2)
Have a nice day.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Do you have a philosophically sound argument for preferring nonexistence to existence, if both are possible as equilibrium states?
Well, the answer has to be no, since in my eyes that is a purely hypothetical question. No matter how much the human population has been reduced in previous years, due to famine, diseases, etc, the population has always recovered and in a faster pace than ever. I just don't believe that we can reach a steady state, we're just not bred that way.
The scientist in me would think it would be very sad for the humans to get extinct, because it would be cool indeed to go out and spread to other planets, maybe m
Taiwan Earthquake DID break the Internet (Score:3, Informative)
Re: (Score:3, Insightful)
Virtual vs Real world (Score:2)
In virtual wold the attacks are currently under way, maybe not that for religious or political reasons (?) but mainly for economical ones. Spam, botnets, trojans, exploiting vulnerabities, etc, are the "bombs" in internet, and, with a bit of luck, the people that do/run them could eventually be processed as terrorists too
The terrorists CAN destry de world (Score:2, Funny)
long-lived systems (Score:2)
Arpanet (Score:2)
Wrong question (Score:2)
Expected damage = Sum(types of damage) [ size of damage * probability of damage ].
So you really need to ask, how likely is it that terrorists will target the internet, considering all the other things they could target instead? And even that is too vague a question, since it presupposes an attack against "the entire internet". How hard would it be to "bring down the internet" whatever that means, and how much money and technical skill do "they" have, wh
Road to Ruin (Score:2)
This is pre-internet thinking and the road to ruin.
http://slashdot.org/comments.pl?sid=210824&cid=171 77778 [slashdot.org]
Think about the geniuses in WWII and what they (the Axis Powers) had operational (hint: Jets).
(BTW where did those geniuses end up?)
You wouldn't blow up the road to Rome before you used it to conquer IT.
Blow shit up? That's soooo American
Examples:
A coalition of Madmen (usi
You can't prepare for the worst (Score:2)
Depends (Score:2, Insightful)
a sane view from the clouds (Score:2, Informative)
stock up on dvdr disks (Score:2)
Isn't it ironic? (Score:2)
Now we're fearing exactly that. Though we switch "nuclear russian" with "terrorist islamic" in the fear context, the rest is pretty much the same. And why? Because we're being cheap and a single line is enough for the "commercial" internet.
That's simply what you get when you commercia
ARPANET and a nuclear attack .. (Score:2)
was Re:Isn't it ironic?
Greatest challenge for internet security... (Score:2, Informative)
Re: (Score:2)