Home page logo
/

nanog logo nanog mailing list archives

Re: Points of Failure (was Re: National infrastructure asset) (fwd)
From: George William Herbert <gherbert () retro com>
Date: Tue, 25 Sep 2001 14:34:41 -0700



David Lesher <wb8foz () nrk com> wrote:
George William Herbert leaked to the press:

The press are here?  I thought we were safer than that ;-)
 
On top of that, none of these facilities are sufficiently hardened.
What takes a backhoe operator ten minutes by accident would be no more
than an hours work by hand of a sufficiently educated attacker.
None of these telco buildings are hardened in the traditional
anti-terrorist sense of the word.  There are still co-loc facilities
in buildings shared with offices of unrelated companies, etc.,
there are still co-loc facilities in buildings with windows into
server rooms, etc.  I could go on but will stop now.  The situation
is hopeless in many areas.

Fixing THAT is a far far harder issue. We did tackle it once.
It's called variously "Continuity Of Government" or "ATT
Underground" or "L4".. During our last Cold War, ATT spend a few
zillion rate-payer dollars building hardened underground facilities
for the #5 Transcontinental Coaxial Cable. The #5 was buried deep
{~48"} from coast to coast. The underground facilities were solid;
some rated for 10psi shock waves. (The crapper is hung on springs...)
Air filters; generators; airlocks. There was also hardened microwave;
check out the "dish in the hillside" at Mt. Weather.

Most have been sold off, but not all. (DSN is based in one, as is
GEP.) We gave up when things like MIRVS made it obvious that
the undergrounds could be direct targets. 

Plus, I strongly doubt any facility other than Cheyenne Mountain
or Site R would survive a 767 hit. 

We don't really need all our coloc buildings, telco switching centers,
cable landings to resist a nearby nuclear blast or direct hit from
a jumbo jet.  Even at the WTC, only a fraction of the damage to telco
gear was in buildings the jets hit.  Most of the damage was not-hardened
buildings nearby getting plastered, or buildings far enough away that
they were structurally fine which suffered systems failures running
independently in the long-term blackout that followed.

Let's look at the "worst credible case" though, jet aircraft.
Nuclear reactor domes are rated to survive jumbo jet hits.
Jet aircraft are remarkably poor penetrators, in military terminal
ballistics terms.  Ten feet of good reinforced concrete, at
$400/cu yd or so installed, will do the job nicely, though there
may be some spalling inside the aircraft won't penetrate.  For a 3
story, 120,000 sq ft 200x200x30 ft building that would be about
$9.3 million, about $77.70/ft^2.  That's a Big Deal but within
reason for total building costs, and if your threat isn't quite
as serious as "jumbo jets being rammed into building" but then
you can have porportionally thinner walls on your
bunker/building.  Or you can substitute going underground or
piling an earth mound on top for some of that.

Not that I'm recommending every telco facility be hardened to
resist a direct jumbo jet hit.  But it's not that ridiculous
a task, and lesser hardening (half or 1/3 that level) would be
downright reasonable compared to the other costs of making these
sorts of buildings for these roles.  A 2 foot thick reinforced
concrete wall, for example, might well be extremely reasonable.

Longer term, we all need to think about multi-level hardening of facilities
and connectivity to avoid "cheap kills" due to accident or malicious attack.
This gets into traditional datacenter design issues and beyond, into building
hardening (the new standards for Federal buildings, for example, or even
better the new standards for US Embassies...).  

Note the biggest safety measure for both the above is also the
hardest to get & keep.... stand-off distance. It's especially
hard to maintain same when you have an active airport's flight
path going overhead.

And the biggest impediment is the oldest one; they co$t. 
LOTS. Who is going to pay?

Stand-off distance is a big part of it, and critical if we're worried
about carbombs and truckbombs.  It's useless if we're worried about
aircraft.  And won't help at all if the company we leased 400 square
feet of cage to brings 2 tons of Semtex in inside Sun E5500 cases.
Think of the network firewalls analogy; hard exterior but vulnerable
interior is only so good... not all the threats are external.
Hell, there are buildings with natural gas service inside the
same structural enclosure as the coloc machine room.  That can
turn into a bomb entirely by accident, much less malicious
intent.  Or what happens if someone knocks over one of your tanks
of fire supression agent with a forklift, and it bounces around the
machine room like a scuba tank does when the regulator's knocked off,
only 100 times larger.  Those can go through foot thick concrete
walls or better.  Or someone drills into your wet pipe sprinkler
system by accident.

There are many many angles to all of this.


-george william herbert
gherbert () retro com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault