<p dir="ltr">The risk is low. Getting access to the volume and/or types of these materials needed to destroy a DC in the manner you're suggesting is very hard, as access to them is very regulated and controlled.</p>
<p dir="ltr">At a whole of industry level these risks are mitigated by distribution and diversity - by spreading resources across many DCs. Less DCs means a smaller number of much more critical targets and much larger consequence of a DC being destroyed.</p>
<p dir="ltr">For example, consider the risk of having resources spread across 14 very large DCs that everybody has to use in 7 capital cities of Australia compared to having the same resources spread accross 121 DCs.</p>
<p dir="ltr">On 25 Sep 2016 20:48, "chrismacko80" <<a href="mailto:chrismacko80@gmail.com">chrismacko80@gmail.com</a>> wrote:<br>
><br>
> Dear Industry Colleagues,<br>
><br>
> In the last week, in reflection of previous data centre tours I have<br>
> undertaken across the country and the risks that face us all within<br>
> the IT industry, a concern came to mind in our physical security layer<br>
> in relation to data centre facilities. It is my understanding<br>
> currently in Australia (and for other countries as per discussions<br>
> with colleagues), colocated computer equipment provided by customers<br>
> is not inspected nor scanned for any potentially damaging substances<br>
> before being installed within data centres, by organisations providing<br>
> these services. At times, singular servers may be extremely bulky, and<br>
> there may also be occasions when customers provide multiple racks<br>
> fully equipped that is positioned within the data centre without any<br>
> closer inspection apart from basic identification checks, as per<br>
> understanding of information provided from some of our largest data<br>
> centres. Considering this, I feel it's a risk that we don't scan<br>
> equipment as it is being delivered/installed, similar to airports, in<br>
> particular when it has been delivered locally.<br>
><br>
> It's my understanding as an industry we spend billions each year<br>
> securing our data security layer within data centres, however it<br>
> appears that even with the strictest data centre audits (including by<br>
> government risk assessors), these have not scrutinised this risk to<br>
> any degree. I'm not aware if the Attorney General's department nor our<br>
> federal or state governments perform any such checks when equipment is<br>
> being installed into their own data centre facilities. I also don't<br>
> believe I ever saw any such risk considered under any data centre<br>
> rating specification. As a point, what good is bullet-proof glass<br>
> within the foyer of a data centre and specific outline of the<br>
> construction of a goods lift, when there is a greater threat for<br>
> potentially damaging substances to be wheeled into a data centre<br>
> within equipment without scrutiny.<br>
><br>
> I would also ask the question whether our financial market is exposed<br>
> in any way to this risk, and whether the Australian Stock Exchange<br>
> sufficiently scans computer equipment delivered for installation into<br>
> its' data centre facilities in particular by third party customers. I<br>
> don't know the answer. I hope they do, if not, the question really<br>
> needs to be asked, why not?<br>
><br>
> Quoting from ASX document<br>
> (<a href="http://www.asx.com.au/documents/professionals/alc-connectivity-guide.pdf">http://www.asx.com.au/documents/professionals/alc-connectivity-guide.pdf</a>)<br>
> which is available on their website currently;<br>
><br>
> "The Australian Liquidity Centre (ALC) is a state-of-the-art data<br>
> centre and financial markets community located just outside Sydney’s<br>
> CBD. It enables ASX customers to connect with each other and the<br>
> Australian and global financial markets like never before.<br>
><br>
> Offering one central location for fast, simple connection to the<br>
> financial markets community, the ALC provides low latency connectivity<br>
> options to domestic and global liquidity sources, ASX market data and<br>
> all ASX markets.<br>
><br>
> The ALC is designed to maximise the potential of its community. It<br>
> houses all of ASX’s primary trading, clearing and settlement systems<br>
> as well as providing hosting facilities for its customers which<br>
> include buy and sell-side firms, market infrastructure and liquidity<br>
> venues, information and technology vendors, and infrastructure and<br>
> network service providers."<br>
><br>
> I've reached out to several colleagues within the industry, who also<br>
> agree the lack of scanning of potentially damaging substances is a<br>
> serious concern, I'd ask that you consider your thoughts on this risk<br>
> in regards to safeguarding our technology and investments made by all<br>
> involved, and what you believe should be done to address this risk<br>
> moving forward.<br>
><br>
> Kind regards,<br>
><br>
> Chris Macko<br>
> _______________________________________________<br>
> AusNOG mailing list<br>
><a href="mailto:AusNOG@lists.ausnog.net"> AusNOG@lists.ausnog.net</a><br>
><a href="http://lists.ausnog.net/mailman/listinfo/ausnog"> http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</p>