Learning From a Terrorist Threat
Monday March 12, 2007 at 10:07 pm CST
Posted by Allysa Myers
It would seem MI5 has thwarted an alleged Al-Qaeda plot to attack a major colocation provider in the United Kingdom. It was not supposed to be threatened by way of any kind of cyberterrorism, but by infiltrating and bombing the facility from the inside. There are three important points here:
- A significant number of security problems are due to employees and contractors, not outside parties.
- It’s equally important to have physical security considerations as well as those for “cybersecurity.”
- Don’t allow a single point of failure.
The first two are relatively straightforward and are generally pretty well covered. When it comes to the very small (single employees) and very large (major utilities or service providers), people often take things for granted.
It’s a sad fact of life but disasters happen. Whether they are intentional, accidental, or natural disasters, “stuff” just happens. It’s a wise idea to plan for this worst-case scenario. You don’t want any one employee, process, program, facility, or external company to be so irreplaceable that it could significantly impact your business should it suddenly cease to operate normally. It’s important to have a plan of action in case the worst should happen, so that you’re prepared if something does come to pass.
Is there any one employee whose actions are so important that it would take you a considerable amount of time to recuperate if that person decided to move to the opposite end of the globe tomorrow? Do you understand what each of your employees do well enough to accurately assess that? If not, now is a good time to figure that out and plan for redundancy if necessary.
Is there any one facility that provides something so important to your business that if it was taken out of commission tomorrow your business would be taken out of commission too? If so, can you provide redundancy or protection commensurate with its importance?
This reminds me of a joke that was popular among the tech-support folks of a popular utility software many, many years ago; it regards folks who didn’t make regular backups of business-critical data:
“At what point did your data become important to you?”
March 13th, 2007 at 11:06 am
These are usually not true, they are usually made up propaganda. Al Qaeda is actually the CIA, and these plots are done to scare us. I am sure with a little research this whole plot will crumble, as has every other one. The problem is most people don’t research.