[AusNOG] Risks to country and business infrastructure

Paul Wilkins paulwilkins369 at gmail.com
Fri Sep 6 10:16:48 EST 2019


Chris,
It's an interesting point. I think someone needs to do a risk/vulnerability
analysis - not saying DCs haven't already done their due diligence on this.

It would need a lot of cooperation to get the equipment installed. I think
the business processes of DCs rely heavily on trust and established
relationships. You'd either need to onboard as a new customer, or you'd
have to infiltrate customers with existing trust. Both seem a difficult row
to hoe.

Now from a threat/vulnerability perspective, I'd say it would be easier to
get a rogue WiFi/Zigbee dongle installed in a DC than explosives, and the
vulnerability of financials to hacks/unauthorised access is higher than
data/service destruction, for which they have HA/DR plans.

More of a concern is the threat/vulnerability to infrastructure, who as
we've seen in the past, don't have solid HA (they may have HA test plans
but crunch time seems to expose unexpected gaps time and again). For most
infrastructure, there's no such thing as DR, because you know, it's
infrastructure, and if it's destroyed, it's well, a disaster.

Kind regards

Paul Wilkins

On Thu, 5 Sep 2019 at 23:56, Chris Macko <chrismackozdell at gmail.com> wrote:

> Dear colleagues,
>
> As many of you are aware there are many gaps that have been discovered in
> the hosting space and data centre centres over the years that I saw while
> managing director of my previous hosting enterprise. Some of you may know
> me quite intimately others who don’t I greet and say hello.
>
> I’m now working with a select group of specialists to form a new security
> service that will help assist with technology and build hardware devices
> that assist in solving (not mitigating) these risks.
>
> Examples of this include TIA942 and the Uptime Institute specs requiring
> bullet proof glass yet no one has a procedure to stop 1kg let alone 100kg
> of servers filled with explosives from entering our data centres disguised
> as normal server equipment within fully racks brought in by clients during
> colo moves.
>
> As you may be already aware at the time I last brought this to your
> attention I was asking if the risk exposed our stock market in the case
> that the ASX still continued to provide colo services, as that would put
> our entire share market in jeopardy..... is that still the case? Can anyone
> from the asx respond?
>
> I’ve spoken to many directors since I sold my businesses and I don’t
> believe anyone has stepped up to solving this risk (including ASIO or
> CSIRO) so my group will do our best to suggest the most cost effective ways
> to efficiently make the devices and provide them to you within a reasonable
> timeframe.
>
> If you have seen gaps in technology software in business, lga, state or
> federal run institutions, including airports, rail, mines, ports
> authorities, banks, apra members, we need to know about it. Please email a
> confidential email to chrismackozdell at gmail.com with 7 day expiry method
> so that I can print off your concerns and safely store them until our group
> meets for discussions in relation to your and our risks that we’ve seen
> over the years.
>
> If you could please reply at your convenience, it would be appreciated.
>
> Kind and warm regards from Pilbara WA,
>
> Chris Macko
> Master Director
> Macko Corporation Pty Ltd
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190906/ba179851/attachment.html>


More information about the AusNOG mailing list