One More Threat to Business Continuity

One More Threat to Business Continuity

January 25

I was reading Janet Napolitano’s comments today about the “imminent threat” of a “cyber 9/11” and I began to wonder what form this threat might take.  My first thought was in related to the local news that XO Communications suffered an outage today.  It seems plausible to me that a cyber-terrorist attack might come in the form of an attack on our communications infrastructure, essentially bringing modern communications to a screeching halt.  For example, many businesses rely on e-commerce solutions, web-based applications, VoIP telephone systems and email for a significant part of their daily business transactions.  Think about how life would be if suddenly these avenues for commerce were blocked or even significantly inhibited.  Certainly this type of attack would have an immediate affect and a lasting impact on our daily lives.

Next I considered the possibility of a new virus designed to propagate rapidly and to cause computers to self-destruct.  An example of this might be the Batchwiper virus which is currently erasing Iranian hard drives on predetermined time intervals.  There is no reason that this type of wide spread system failure couldn’t affect other countries around the world.  What happens when this type of disruption happens to us and local government systems supporting police and fire departments go offline, or air traffic controller systems suddenly become inoperable, or bank accounts vanish overnight?  Certainly we ought to be prepared for the eventuality that Mother Nature wreaks havoc on our business systems.  Shouldn’t we also then be ready if human nature takes a turn?  I think so.

In light of the Homeland Security Secretary’s comments we now have even more to consider when compiling our business continuity plans.  That is to say, we have to consider more than natural disasters and human error.  We also need to consider possible malicious attacks against the lifeblood of our economy: our data and the business systems that house this data.

No, I’m not a deep-seated cynic, nor do I consider myself overly paranoid.  Simply put, I have to consider how I would feel if everything I’ve stored on a computer was somehow irrevocably lost.  Certainly I would feel awful, but is it the type of awful that can be compared to the temporary inconvenience of a sliver in my finger or is it the type of awful compared to the loss of a limb?  Knowing how much I rely on modern electronics, I’m leaning heavily towards the latter of the two examples.  I would feel like I’d lost a functional part of myself if everything digital in my life suddenly vanished.

If Secretary Napolitano is correct then we must begin planning for this possibility today.  This does not imply a frenzied panic running around yelling that the sky is falling.  It does however mean that we have an opportunity and a responsibility to protect our data and systems today for a likely event in the future.  I cannot begin to imagine the myriad and complex ways a computer system could be secured against this type of event.  However, I do know of one very simple and easy way of protecting data and systems and that is to have a reliable onsite backup with an offsite copy.  This is probably a very cost effective way of protection as well.  I will be the first to admit that a secure backup does not prevent a disaster from happening.  I’m not sure any system out there offers 100% disaster prevention.

I guess the one thing I’ve realized in this thought process is that it may not be possible for me to avoid or prevent a future disaster.  I just know that when (not if) a disaster happens I would prefer to have a solid backup I can rely on to recover and keep moving forward.