Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

1/23/2007
07:15 AM
50%
50%

Living Off the Grid

Planning for disaster recovery before you're stuck with a crippled cable service

The Internet was, as we all know, designed by researchers working under contract for the Department of Defense. The problem that DOD was interested in was survivability -- making a network that was robust enough to withstand the loss of a few major nodes, seeing graceful degradation of the rest of the network.

In other words, in the event of war, the Soviet Union could nuke San Francisco and we'd lose access to Berkeley and Stanford, but the rest of the network would still be fully connected. Of course, this is trivial if you have a fully connected network, but the goal was to have a sparse set of connections and a robust set of routing algorithms that could dynamically adjust for the loss of even major nodes.

So why revisit this bit of history now? Well, recent events have tested that very design, and in a way that allowed me to personally experience the pain of lost connectivity.

The event I'm referring to was the magnitude 6.7 earthquake that shook Taiwan the day after Christmas. Its epicenter was just off the Taiwanese coast and its force was such that most of the major trans-Pacific fiber optic cables were severed.

I happen to live in one of the least connected nations on the planet, Cambodia. Being an American geek, my VOIP phone and Gmail account are critical to my daily existence. At the moment most of my IP communications are operating at a snail's pace (even more than usual), if they work at all. The ability to reroute traffic through European links, and thus over the Atlantic cable systems, took a few days to get in place. Even now those links are minimally helpful, at least here.

Lessons learned? Well, I guess the good news is that I sometimes have access to my Gmail. As I understand things, the cables require special ships to repair them, and at least one of those ships was out of commission at the time of the quake, further delaying repair. So the cables are still out of service, but I have service, even if it is degraded. Score a point for fancy routing algorithms.

The bad news is the service is still degraded, a month later, and it isn't likely to get better any time soon. If this had been an attack or disaster at one of the major U.S. hubs (e.g. one of the MAEs), the whole fabric of the Internet would likely be crippled. Let's hope their recovery plans include having equipment available to implement the plan.

If I were still in charge of a corporate disaster recovery plan, I'd take this as a not-so-subtle reminder to review it regularly, and I'd make sure everyone understand the resources needed to implement the plan. It isn't the sexy part of security, but it is the sort of thing that can save your organization millions of dollars in the event of a major problem. That's probably worth few hours of your time every couple of months, don't you think?

Nathan Spande has implemented security in medical systems during the dotcom boom and bust, and suffered through federal government security implementations. Special to Dark Reading

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15505
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2020-15506
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE-2020-15507
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
CVE-2020-15096
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affecte...
CVE-2020-4075
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...