North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Backbone Infrastructure and Secrecy

  • From: Deepak Jain
  • Date: Tue Jul 08 13:59:07 2003

> 	Security by obscurity is not viable for the long-term.

Amen. This whole industry is littered with NDAs and such which only keep
honest people honest. There is _nothing_ stopping a malicious individual (or
group of acting collaboratively but independently) from getting hired to a
subcontractor that does fiber digs/maintenance that does work for one or
more telecom companies. They get access to all the maps they need (either
from the subcontractor's internal resources or from the customer [telecom
company]). They assemble the pretty little PDFs and then move on to the next
contractor/company and continue. Lather, rinse, repeat. For extra fun,
extend to other utilities.

Or, borrowing from Wall Street (the movie), work for a janitorial service
that cleans the offices of these guys. How many people _really_ lock their
mapping stations at the end of each day and how long does it take to
circumvent it?

The PUCs and local governments are still the best source because all the
digs have to be permitted and for existing DPW conduit, the DPW knows where
everything is -- because they get paid for it.

A customer recently started mounting all their telecom gear (MUXes, etc)
behind bullet resistent/bomb resistent walls because they determined that
since their hot-spare equipment was mounted near their live gear, that if
someone took a gun (or similar) and shot up their telecom wall it would take
longer to replace (acquire, resplice and reassemble) what was lost than if
the fiber to the building (which already came in from several places) was
cut. These are guys who already had telecom gear in several different parts
of their building. You can easily extend this need to encasing all conduits
and power generation gear in similarly protected surroundings.

It only takes a natural disaster, power outage or fiber outage to really
know what services are truly critical and which are just believed to be.
Fortunately, the vast majority of commercially reasonable installations
really never get tested that way.

Deepak Jain
AiNET