<div dir="ltr">Chris,<div><br></div><div>What you are describing is known as a Black Swan event - that is an event that is has an extremely low likelihood, but with a very high consequence.<div>There are many many such scenarios, some of which have been alluded to on this thread, such as planes falling on DC's, meteor strikes, but it also includes kidnapping of key personnel, global pandemics, military coup d'etat, if it's conceivable we have almost certainly thought of it, and in most cases it has already happened somewhere.</div><div><br></div><div>When we review the security of a DC, or any other resilient systems, we adopt a risk based approach, typically using the ISO 30000 risk assessment methodology.</div><div>In short you try to come up with an exhaustive but high level list of everything that possibly can go wrong, and populate a 5X5 matrix of likelihood and consequence so that you can devise appropriate treatments for the risks you have identified.</div><div><br></div><div>When you embark on such a process, you typically end up with a long list of things, and you then have to decide what controls you will prescribe to treat those risks. In the real world, you never have enough money and resources to treat all of them (or at least all of them in the depth you would like to), so you prioritise on the most critical ones, and get as far down the list as your budget will allow before having a tussle with the board about the level of risk they are prepared to accept.</div><div><br></div><div>The problem is, you tent to run out of money and resources long before you get to the part of that list that is determined by likelihood ratings that are skewed by never having happened before.</div><div><br></div><div>If you work in defence, then you are going to be able to get further down that risk than if you work for a telco, and a telco will get further than a not for profit etc etc. This is called risk appetite, and you can't just arbitrarily state that you have a low appetite for risk, you have to put your money where your mouth is, and this is ultimately why risk is opportunity. (If company A spends 1 million dollars a year on asteroid defences, and company B spends nothing, in all probability, Company B will not git hit by an asteroid, and Company A will go out of business).</div><div><br></div><div>For this reason you will struggle to find a DC anywhere in the world that will put x-rays on their doors, because the cost alone would render their services unaffordable.</div><div>If an attack such as this took place tomorrow (And it might well), perhaps people would then consider paying a premium for this sort of service, and DC's might begin to offer it (Assuming x-raying metal boxes is even possible)</div><div>Personally I would not be counseling my customers to do this, because the simple fact is there are numerous other ways I can think of that would cause the same amount of disruption without the need for bomb making capabilities, the cost, the required lead time to deploy or the risk of getting caught. (consider if you will the miles of exposed fibre throughout the London Underground and the cost of a cordless angle grinder).</div><div><br></div><div>As Macca eloquently pointed out, the way to mitigate this risk, along with hundreds of other black swan events and an even longer list of more plausible corner case scenarios is to build the appropriate level of resilience in to your systems using disparate providers/locations/technologies, something that is getting easier and cheaper with each passing day thanks to cheap public cloud services.</div><div><br></div><div><br></div><div>Eric P</div><div> </div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 26 September 2016 at 17:26, Jim Woodward <span dir="ltr"><<a href="mailto:jim@alwaysnever.net" target="_blank">jim@alwaysnever.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<p>+1 from me too!<br>
</p>
<p>This is the most intelligent thing I've read in the last few
pages of posts, prepare for the worst and put in the best solution
within your budget constraints, You can't afford disaster
mitigation plan? Can you afford not to have one?</p>
<p><br>
</p>
Kind Regards,<br>
Jim.<div><div class="h5"><br>
<br>
<br>
<div>On 26/09/2016 2:41 PM, Bob Woolley
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">This.
<div>+11111111
<div><br>
</div>
<div><br>
</div>
<div>Bob</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 26 September 2016 at 14:37, McDonald
Richards <span dir="ltr"><<a href="mailto:mcdonald.richards@gmail.com" target="_blank">mcdonald.richards@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>What's that Fight Club quote...</div>
<div><br>
</div>
<div>“On a long enough time line, the survival rate for
everyone drops to zero.”<br>
</div>
<div><br>
</div>
Back your shit up and distribute your applications if
they're mission critical. Plan for the worst and hope for
the best.
<div><br>
</div>
<div>This can be said for the ransomware thread too.</div>
<div><br>
</div>
<div>Malicious threats, natural disasters, planes crashing
into data centers near airports by accident (coz nobody
would ever build a data center near an airport right?),
all can be mitigated from a data loss perspective if you
plan for it.</div>
<div><br>
</div>
<div>I'm pretty sure if there was a twister on top of the
data center that housed your BRAS, your customers would
cut you a few days slack to make arrangements. If you
tell them you lost your account database because it was
your only copy, you deserve to lose them.</div>
<div><br>
</div>
<div>Macca</div>
<div><br>
</div>
<div>
<div>
<div><br>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div>On Sun, Sep 25, 2016 at 5:55 PM, Sam
Silvester <span dir="ltr"><<a href="mailto:sam.silvester@gmail.com" target="_blank">sam.silvester@gmail.com</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><span>On Sun, Sep 25,
2016 at 10:36 PM, Skeeve Stevens <span dir="ltr"><<a href="mailto:skeeve+ausnog@eintellegonetworks.com" target="_blank">skeeve+ausnog@eintellegonetwo<wbr>rks.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>But... I don't think we should
theorise in an open forum giving
anyone ideas on how you could abuse
this situation.<br>
</div>
<div><br>
</div>
<div>I'd even scrub the archives of
this if possible.</div>
</div>
<div class="gmail_extra"><br>
</div>
</blockquote>
<div><br>
</div>
</span>
<div>I always find it strange when people
put forward advice like this.</div>
<div><br>
</div>
<div>Even the most basic of IT security
courses puts forward that 'security
through obscurity' is a bad plan. If you
feel smuggling in contraband is a real
risk (I do not subscribe to that theory),
you should be out talking about it.</div>
<div><br>
</div>
<div>If you're worried about terrorist,
commercial espionage or even
'nation-state' attacks on your equipment
in a data centre, then avoiding talking
about it is just dumb. The 'bad guys' are
not stupid and are certainly able to
discuss freely, so keeping the group
defending against them artificially small
is self-defeating. It's more about ego
than about getting a good result.</div>
<div><br>
</div>
<div>The simple fact exists and remains true
that putting all your eggs in the one
basket is a fantastically stupid idea.
It's been shown time and time again that
even the most well-run and
well-intentioned data centres can and do
suffer failures. If being up 24/7 is your
goal, don't be in a single site, or you've
already lost.</div>
<div><br>
</div>
<div>Likewise, don't be with a single
carrier, as (again, it's been shown to be
true) intentional or unintentional damage
to outside plant like fibre and power is
also a thing. There would be tens of
thousands of carrier pits with no locks or
locks that are relatively easily forced,
yet you don't see much in the way of
hand-wringing over this risk.</div>
<div><br>
</div>
<div>If you build your services properly,
all of these risks can be minimised. That
is where the discussion and focus should
be, not ridiculous 'do not talk about'
topics or suggestions to censor the list
and/or archive. This is the Internet, not
a 5-eyes meeting. It came to be by an open
and sharing attitude.</div>
<span><font color="#888888">
<div><br>
</div>
<div>Sam</div>
<div><br>
</div>
<div><br>
</div>
</font></span></div>
</div>
</div>
<br>
</div>
</div>
<span>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
<br>
</span></blockquote>
</div>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
AusNOG mailing list
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>