|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Points of Failure (was Re: National infrastructure asset)
Ray writes: >> I know it's difficult to refrain from comment, but let's try to remember >> that the bad guys read this list too. While they may not have the knowledge >> of critical communication infrastructure points, they can certainly find and >> target them if we point them in the right direction. > >I'd actually argue the opposite. It's difficult to face this, but we know >we ARE vulnerable. The important long term solution is that we need to >address our weaknesses. By acknowleding where the critical points are, >AND PLANNING TO DEAL WITH THEIR LOSS, we make the system that much harder to >defeat. Exactly. The short term situation is we're vulnerable; how do we deal with those vulnerabilities being exploited (or accidentally exposed). The long term situation is how to we reduce or eliminate as many of those as possible. Part of the insidiousness of all this is that currently there is insufficient information available to a telco line end user to properly plan for that sort of loss. Right now, it is nigh-on impossible to get, verify, and keep on a permanent basis truly widely separated leased lines / bandwidth from point A to point B. Because of the increasing cooperation, shared facilities, etc. in the telco and fiber arenas, with many providers you're really getting someone else's service for part of the connection. Recall the train tunnel fire from not that long ago, now seemingly trivial, but at the time a huge disaster... On top of that, none of these facilities are sufficiently hardened. What takes a backhoe operator ten minutes by accident would be no more than an hours work by hand of a sufficiently educated attacker. None of these telco buildings are hardened in the traditional anti-terrorist sense of the word. There are still co-loc facilities in buildings shared with offices of unrelated companies, etc., there are still co-loc facilities in buildings with windows into server rooms, etc. I could go on but will stop now. The situation is hopeless in many areas. What we have learned and need to deal with is that we are, and will remain for the forseeable future, vulnerable to large chunks of "stuff" dropping away, possibly permanently. Be that buildings, bandwidth, higher level protocols, the immediate response has to be to be prepared to replace or route around something. And by that I mean *anything*. If your NOC burns down or is blown up (or hit by a tornado, knock on wood...) do you have adequate personel and facilities elsewhere to recover your network management? Eliminate all fiber links from city A to city B, and can your network still function? If all your facilities in metropolitan area Z all go completely offline, what are you able to do about it? Longer term, we all need to think about multi-level hardening of facilities and connectivity to avoid "cheap kills" due to accident or malicious attack. This gets into traditional datacenter design issues and beyond, into building hardening (the new standards for Federal buildings, for example, or even better the new standards for US Embassies...). This is a bad time for people who run fiber, but maybe it's a good time for them to consider how they run that fiber and should run it in the future. Raw cable in shallow trenches may be in the long term more expensive (if we include accidents, and in particular vulnerability to intentional attack) than deeper and/or better protected cables. Using random rights-of-way may be a mistake; it may make more sense to use ROW which are known and controlled or patrolled to some degree already. I had brought up the idea of using modern oil-well drilling technology to go horizontally deep under rivers and city centers a month or so ago; that also introduces structural hardening against intentional or accidental attack on the fibers. The key here is *think* about it. There is probably some bad guy out there who already is, though he may never decide to execute on those thoughts on you (or anyone). Try and get to any conclusion he might first, and at the very least list our your known vulnerabilities at every level you can think of, so that you can work on reducing them over time and conceptually be prepared to deal with them even if you can't afford to do detailed plans for everything that might go wrong. -george william herbert [email protected]
|