Rare Catastrophic Events and Infrastructure

René Pfeiffer/ March 12, 2011/ High Entropy

Most security administrators have to deal with risks and their management. If you read the news, then you will hear about lots of things that can go wrong for a multitude of reasons. A common tactic to get the required budget for securing infrastructure is to collect some horror stories and present them to management. Basically this is a polite form of blackmail. It might work, but there’s already enough fear and uncertainty spread through various media channels and word of mouth (or both). Now if you’re really interested in more stories about the End of your Data Days, why not go for earthquakes and global warming? Asteroids will do fine, too.

But seriously, there’s some real thoughts behind this idea. The Internet is not strongly bound by geographical boundaries. The data of most companies is spread out over several countries or even continents. Especially cloud computing separates the owners of data from the data itself. There’s no magic in that. Working with terminals connected to mainframes is the same concept albeit much older. You can’t always take all your data with you. And this is where the risk management comes into play. If your task is to secure your company’s data, where do you put it? To quotes the news: »Tokyo, 373 km (231 miles) southwest of the quake’s epicenter, is home to a number of large data centers run by government, universities, banks, and web hosts.« While earthquakes are not controlled by human beings, the BGP announcements are: »Looking at BGP data we can confirm that according to our analysis 88% of the ‘Egyptian Internet’ has fallen of the Internet.« There you go – offline, either way.

Since the discovery of Murphy’s Law we know that things go wrong. However proper risk management is all about what can go wrong and what can be done to minimise the impact on your daily operation. Given the trend to move data all around the globe, you will have to keep an eye on politics, revolutions, earthquakes, sun flares, asteroids, hurricanes, financial stability of regions, currencies, floods, droughts, volcanoes, fires and other major incidents as well. If I were an attack, I’d look out for these anomalies as well and see if the defences are lower in times of crisis. The digital world knows about looters, too.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.