Home page logo
/

nanog logo nanog mailing list archives

Re: Points of Failure (was Re: National infrastructure asset) (fwd)
From: David Lesher <wb8foz () nrk com>
Date: Tue, 25 Sep 2001 16:38:33 -0400 (EDT)


 George William Herbert leaked to the press:
 
Part of the insidiousness of all this is that currently there is
insufficient information available to a telco line end user to properly
plan for that sort of loss.  Right now, it is nigh-on impossible to
get, verify, and keep on a permanent basis truly widely separated
leased lines / bandwidth from point A to point B.  Because of the
increasing cooperation, shared facilities, etc. in the telco and
fiber arenas, with many providers you're really getting someone
else's service for part of the connection.  Recall the train tunnel
fire from not that long ago, now seemingly trivial, but at the time
a huge disaster...

That is fixable. Not easily. Not once {ie it takes ongoing effort
to counter entropy} but it could be done... by the industry,
IFF demanded by its customers.



On top of that, none of these facilities are sufficiently hardened.
What takes a backhoe operator ten minutes by accident would be no more
than an hours work by hand of a sufficiently educated attacker.
None of these telco buildings are hardened in the traditional
anti-terrorist sense of the word.  There are still co-loc facilities
in buildings shared with offices of unrelated companies, etc.,
there are still co-loc facilities in buildings with windows into
server rooms, etc.  I could go on but will stop now.  The situation
is hopeless in many areas.

Fixing THAT is a far far harder issue. We did tackle it once.
It's called variously "Continuity Of Government" or "ATT
Underground" or "L4".. During our last Cold War, ATT spend a few
zillion rate-payer dollars building hardened underground facilities
for the #5 Transcontinental Coaxial Cable. The #5 was buried deep
{~48"} from coast to coast. The underground facilities were solid;
some rated for 10psi shock waves. (The crapper is hung on springs...)
Air filters; generators; airlocks. There was also hardened microwave;
check out the "dish in the hillside" at Mt. Weather.

Most have been sold off, but not all. (DSN is based in one, as is
GEP.) We gave up when things like MIRVS made it obvious that
the undergrounds could be direct targets. 

Plus, I strongly doubt any facility other than Cheyenne Mountain
or Site R would survive a 767 hit. 

Longer term, we all need to think about multi-level hardening of facilities
and connectivity to avoid "cheap kills" due to accident or malicious attack.
This gets into traditional datacenter design issues and beyond, into building
hardening (the new standards for Federal buildings, for example, or even
better the new standards for US Embassies...).  

Note the biggest safety measure for both the above is also the
hardest to get & keep.... stand-off distance. It's especially
hard to maintain same when you have an active airport's flight
path going overhead.

And the biggest impediment is the oldest one; they co$t. 
LOTS. Who is going to pay?



-- 
A host is a host from coast to coast.................wb8foz () nrk com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]