RE: The Backhoe: A Real Cyberthreat?
I for one have spoken in the past in favor of making the FCC Outage Reports public again. If you want to deliberatley destroy fiber infrastructure, you can gain more knowledge quicker by stepping outside your door and gazing upon clearly marked routes, than by reading outage reports. Want to find a bldg where multiple carriers are housed? Read the carrier hotel advertisements on the internet and in print or read NANOG. I have suffered more from trying to figure out (quickly) over the past few years what's going on in a multi carrier fiber outage situation, especially when a given carrier has IRU's on the competitor's fiber which I have also provisioned my redundany on (and they seem to "forget" that). Many times during outages people in NOCs are spinning in their chairs trying get a grip. The information that is purposely being suppressed from the public by DHS initiatives with the FCC, is also frequently inadvertantly obfuscated within a given orginisation due to turnover, layoffs, mergers and acquisitions, etc. So besides government interference, we are at times our own worst enemy due to lack of adequate knowledge transfer and change mgmt. procedures. Imagine if you will 2 competing carriers, 1 has a cut 22.1 km east of X, the other 3 km west of Y, crews are dispatched, and bingo- collide at the scene.....how many times has THAT happened. Neither realizes they share some form of infrastructure until they are having coffee together while looking at the muddy hole in the ground that the contractor for a 3rd company just dug. It IS a less than perfect world within the industry. On a slightly different rant - Forget attacking the glass. Take down DNS and SS7 at the same time...hmmm wonder what one company has a lock on a big piece of THAT. enough said. Hope their infrastructure for those things stays totally diverse (no offense meant). Just another thing that I think about at times... -Keith -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of sgorman1@gmu.edu Sent: Friday, January 20, 2006 3:05 PM To: frank@dticonsulting.com Cc: nanog@merit.edu Subject: Re: The Backhoe: A Real Cyberthreat? What data went into the system would depend on what questions you were looking to answer. I spend most of my time looking at the geographic diversity of fiber routes, so I'll use that as a very simple example. To answer that particular set of questions you would need the fiber routes for each provider, and they would need to be georeferenced. Other useful data would be the buildings lit by those fiber routes and lease costs. Users would then enter the buildings they want connectivity for. The system would find all the providers that could service that combination of buildings then calculate what the diversity of each provider is for that set of buildings, or what the diversity was if the user wanted to use more than one provider. Each provider would be given a score for that particular connectivity combination and a price, or the scores for each combination of providers. The user would then have a market indicator for diversity. You could have a vairety of metrics - the total distance between network paths, average distance, the variance, the number of times paths come with 100 feet of each other, the number of routes that are colocated etc. The providers do not give up any proprietary data and the customers have a set of indicators to make a more informed choice. Not the ideal solution, but the game was to come up with something that would be palatable to the providers. Companies like Last Mile Connections already keep provider supplied databases of lit buildings and prices to run auctions. This would just be another indicator for customers that also value diversity and resiliency. Protecting the master database would be important, but there are lots of mechanisms to do that effectively. The metrics are the key, and that of course is my angle on the game. ----- Original Message ----- From: Frank Coluccio <frank@dticonsulting.com> Date: Friday, January 20, 2006 1:53 pm Subject: Re: The Backhoe: A Real Cyberthreat?
My argument simply is if this kind of awareness
can be made more broadly available you end up with
a more resilient infrastructure overall.
Sean, would you care to list the route, facility, ownership and customer attributes of the data base that you'd make public, and briefly explain the
access controls you would impose on same?
If this is not what you originally intended, then please show me the way ... thanks.
Frank
On Fri Jan 20 9:19 , sgorman1@gmu.edu sent:
As you mentioned before this is largely because the customer (SIAC) was savvy
enough to set the reuirements and had the money to do it. A lot of that saviness
came from lessons learned from 9/11 and fund transfer. Similar measures were
taken with DoD's GIG-BE, again because the customer was knowlegable and had the
financial clout to enforce the requirements and demand the information. An
anonymous data pool is just one suggestion of a market based mechanism to do it.
----- Original Message -----
From: Michael.Dillon@btradianz.com
Date: Friday, January 20, 2006 5:37 am
Subject:
Imagine if 60 Hudson and 111 8th
were to go down at the same time? Finding means to mitigate this
threat is not frivolously spending the taxpayer's money, IMO;
although perhaps removing fiber maps is not the best way to
address this.
No, removing fiber maps will not address this problem
now that you have pinpointed the addresses that they
should attack.
Separacy is the key to addressing this problem. Separate
circuits along separate routes connecting separate routers
in separate PoPs. Separacy should be the mantra, not
obscurity.
End-to-end separation of circuits is how SFTI and other
financial industry networks deal with the issue of continuity
in the face of terrorism and other disasters. In fact, now
that trading is mediated by networked computers, the physical
location of the exchange is less vulnerable to terrorists because the real action takes place in redundant data centers connected
by diverse separate networks. Since 9-11 was a direct attack on
the financial services industry, people within the industry
worldwide, have been applying the lessons learned in New York.
Another 9-11 is simply not possible today.
--Michael Dillon
I for one have spoken in the past in favor of making the FCC Outage Reports public again. If you want to deliberatley destroy fiber infrastructure, you can gain more knowledge quicker by stepping outside your door and gazing upon clearly marked routes, than by reading outage reports. Want to find a bldg where multiple carriers are housed? Read the carrier hotel advertisements on the internet and in print or read NANOG.
Any idiot terrorist can walk up to a CO or colo and find the entrance facilities (facility in more cases) and walk down the block looking for manhole covers with company names or logo's. It doesn't matter if you cut it 10 miles or at the CO, it still takes the same amount of time to resplice it all. If it were at the CO it would probably be done half-assed i.e. they throw a cable out the window and splice that as a temporary fix not understanding just that, that it does not matter where it's cut in most cases. There are methods and methods and techniques to use to make the mitigation harder which I won't get into here, but anybody can knock out comm links with not a lot of thought. FCC outages reports should be public because it keeps carriers competing. We want that. I don't know where this whole nonsense about not being able to find metro loop fiber routes came from, but if a carrier refuses to at least show you the redundancy on a map then they probably don't have it. It's pretty simple. Ask to see the DLR, the metro loop map, and ask where your cross connects are going to be made, if any. If you're going to a carrier hotel, you are likely aggregating closer than you think and you want to know. If you are single homed, don't bother asking those questions. -M<
Any idiot terrorist can walk up to a CO or colo and find the entrance facilities (facility in more cases) and walk down the block looking for manhole covers with company names or logo's.
They would have to be idiots to waste there time hunting for buried telecom lines when they could blow up electric towers instead. That's what terrorists did on Saturday night in south Russia (near Chechnya) when they blew up a gas line and two high voltage towers. They also placed explosives under three other towers but that did not explode for some reason. It's nice to assume that the network is so important that terrorists would target it, but this may not be in touch with reality. The terrorists in Russia certainly did not bother with telephone lines indicating that they considered them of no more than 3rd rate importance. Given that true physical separacy of circuit paths will defeat both the occasional terrorist and the hundreds of thousands of backhoe incidents every year, perhaps people should focus on ensuring separacy rather than worrying about keeping secrets from terrorists. --Michael Dillon
participants (3)
-
Martin Hannigan -
Michael.Dillonļ¼ btradianz.com -
Wallace Keith