Re: Points of Failure (was Re: National infrastructure asset)
Ray writes:
I know it's difficult to refrain from comment, but let's try to remember that the bad guys read this list too. While they may not have the knowledge of critical communication infrastructure points, they can certainly find and target them if we point them in the right direction.
I'd actually argue the opposite. It's difficult to face this, but we know we ARE vulnerable. The important long term solution is that we need to address our weaknesses. By acknowleding where the critical points are, AND PLANNING TO DEAL WITH THEIR LOSS, we make the system that much harder to defeat.
Exactly. The short term situation is we're vulnerable; how do we deal with those vulnerabilities being exploited (or accidentally exposed). The long term situation is how to we reduce or eliminate as many of those as possible. Part of the insidiousness of all this is that currently there is insufficient information available to a telco line end user to properly plan for that sort of loss. Right now, it is nigh-on impossible to get, verify, and keep on a permanent basis truly widely separated leased lines / bandwidth from point A to point B. Because of the increasing cooperation, shared facilities, etc. in the telco and fiber arenas, with many providers you're really getting someone else's service for part of the connection. Recall the train tunnel fire from not that long ago, now seemingly trivial, but at the time a huge disaster... On top of that, none of these facilities are sufficiently hardened. What takes a backhoe operator ten minutes by accident would be no more than an hours work by hand of a sufficiently educated attacker. None of these telco buildings are hardened in the traditional anti-terrorist sense of the word. There are still co-loc facilities in buildings shared with offices of unrelated companies, etc., there are still co-loc facilities in buildings with windows into server rooms, etc. I could go on but will stop now. The situation is hopeless in many areas. What we have learned and need to deal with is that we are, and will remain for the forseeable future, vulnerable to large chunks of "stuff" dropping away, possibly permanently. Be that buildings, bandwidth, higher level protocols, the immediate response has to be to be prepared to replace or route around something. And by that I mean *anything*. If your NOC burns down or is blown up (or hit by a tornado, knock on wood...) do you have adequate personel and facilities elsewhere to recover your network management? Eliminate all fiber links from city A to city B, and can your network still function? If all your facilities in metropolitan area Z all go completely offline, what are you able to do about it? Longer term, we all need to think about multi-level hardening of facilities and connectivity to avoid "cheap kills" due to accident or malicious attack. This gets into traditional datacenter design issues and beyond, into building hardening (the new standards for Federal buildings, for example, or even better the new standards for US Embassies...). This is a bad time for people who run fiber, but maybe it's a good time for them to consider how they run that fiber and should run it in the future. Raw cable in shallow trenches may be in the long term more expensive (if we include accidents, and in particular vulnerability to intentional attack) than deeper and/or better protected cables. Using random rights-of-way may be a mistake; it may make more sense to use ROW which are known and controlled or patrolled to some degree already. I had brought up the idea of using modern oil-well drilling technology to go horizontally deep under rivers and city centers a month or so ago; that also introduces structural hardening against intentional or accidental attack on the fibers. The key here is *think* about it. There is probably some bad guy out there who already is, though he may never decide to execute on those thoughts on you (or anyone). Try and get to any conclusion he might first, and at the very least list our your known vulnerabilities at every level you can think of, so that you can work on reducing them over time and conceptually be prepared to deal with them even if you can't afford to do detailed plans for everything that might go wrong. -george william herbert gherbert@retro.com
From: "George William Herbert" <gherbert@retro.com> Subject: Re: Points of Failure (was Re: National infrastructure asset)
Part of the insidiousness of all this is that currently there is insufficient information available to a telco line end user to properly plan for that sort of loss.
I was able to procure extremely detailed route information from multiple CLECs and Verizon in the Boston area when researching both dark fiber and SONET purchases, up to and including street-level maps. Long-haul providers also are able to provide detailed route information, if you're willing to ask -- the key is to be an educated buyer.
On top of that, none of these facilities are sufficiently hardened. What takes a backhoe operator ten minutes by accident would be no more than an hours work by hand of a sufficiently educated attacker. (snip) Longer term, we all need to think about multi-level hardening of facilities and connectivity to avoid "cheap kills" due to accident or malicious attack.
Before I would jump to harden all telecom and colo facilities to physical attack or mishap, I'd at least examine whether it was cheaper and easier to design my network assuming that any given facility can / will go away, either short- or long-term. -travis
On Tue, 25 Sep 2001, Travis Pugh wrote:
I was able to procure extremely detailed route information from multiple CLECs and Verizon in the Boston area when researching both dark fiber and SONET purchases, up to and including street-level maps. Long-haul providers also are able to provide detailed route information, if you're willing to ask -- the key is to be an educated buyer.
Getting the maps is the "easy" part. Keeping track of where your circuit is after six months is the hard part. I've spoken to people who even had "dark fiber" groomed into a single path. When even NORAD and VISA have had problems maintaining diversity, I find it hard to believe it is a simple as saying the key is to be an educated buyer. Heck, I know major, major carriers which have wiped out all the circuits to their own NOC. If it was so simple, everyone would do it.
From: "Sean Donelan" <sean@donelan.com>
When even NORAD and VISA have had problems maintaining diversity, I find it hard to believe it is a simple as saying the key is to be an educated buyer. Heck, I know major, major carriers which have wiped out all the circuits to their own NOC.
I don't mean to understate the difficulty of maintaining diversity, or the willingness of carriers to dodge the issue. I've been screwed my share of times on "diverse" circuits. You have to take that into account, and plan for it -- hopefully a carrier or two lying shamelessly about diversity is part of the buyer's education. -travis
participants (3)
-
George William Herbert
-
Sean Donelan
-
Travis Pugh