[AusNOG] RISK - IT Industry - Concern Over Equipment Being Installed in Data Centre Facilities

Mister Pink misterpink at gmail.com
Tue Sep 27 09:19:35 EST 2016 

Chris,

What you are describing is known as a Black Swan event - that is an event
that is has an extremely low likelihood, but with a very high consequence.
There are many many such scenarios, some of which have been alluded to on
this thread, such as planes falling on DC's, meteor strikes, but it also
includes kidnapping of key personnel, global pandemics, military coup
d'etat, if it's conceivable we have almost certainly thought of it, and in
most cases it has already happened somewhere.

When we review the security of a DC, or any other resilient systems, we
adopt a risk based approach, typically using the ISO 30000 risk assessment
methodology.
In short you try to come up with an exhaustive but high level list of
everything that possibly can go wrong, and populate a 5X5 matrix of
likelihood and consequence so that you can devise appropriate treatments
for the risks you have identified.

When you embark on such a process, you typically end up with a long list of
things, and you then have to decide what controls you will prescribe to
treat those risks. In the real world, you never have enough money and
resources to treat all of them (or at least all of them in the depth you
would like to), so you prioritise on the most critical ones, and get as far
down the list as your budget will allow before having a tussle with the
board about the level of risk they are prepared to accept.

The problem is, you tent to run out of money and resources long before you
get to the part of that list that is determined by likelihood ratings that
are skewed by never having happened before.

If you work in defence, then you are going to be able to get further down
that risk than if you work for a telco, and a telco will get further than a
not for profit etc etc.  This is called risk appetite, and you can't just
arbitrarily state that you have a low appetite for risk, you have to put
your money where your mouth is, and this is ultimately why risk is
opportunity. (If company A spends 1 million dollars a year on asteroid
defences, and company B spends nothing, in all probability, Company B will
not git hit by an asteroid, and Company A will go out of business).

For this reason you will struggle to find a DC anywhere in the world that
will put x-rays on their doors, because the cost alone would render their
services unaffordable.
If an attack such as this took place tomorrow (And it might well), perhaps
people would then consider paying a premium for this sort of service, and
DC's might begin to offer it (Assuming x-raying metal boxes is even
possible)
Personally I would not be counseling my customers to do this, because the
simple fact is there are numerous other ways I can think of that would
cause the same amount of disruption without the need for bomb making
capabilities, the cost, the required lead time to deploy or the risk of
getting caught.  (consider if you will the miles of exposed fibre
throughout the London Underground and the cost of a cordless angle grinder).

As Macca eloquently pointed out, the way to mitigate this risk, along with
hundreds of other black swan events and an even longer list of more
plausible corner case scenarios is to build the appropriate level of
resilience in to your systems using disparate
providers/locations/technologies, something that is getting easier and
cheaper with each passing day thanks to cheap public cloud services.


Eric P


On 26 September 2016 at 17:26, Jim Woodward <jim at alwaysnever.net> wrote:

>
> +1 from me too!
>
> This is the most intelligent thing I've read in the last few pages of
> posts, prepare for the worst and put in the best solution within your
> budget constraints, You can't afford disaster mitigation plan? Can you
> afford not to have one?
>
>
> Kind Regards,
> Jim.
>
>
>
> On 26/09/2016 2:41 PM, Bob Woolley wrote:
>
> This.
> +11111111
>
>
> Bob
>
> On 26 September 2016 at 14:37, McDonald Richards <
> mcdonald.richards at gmail.com> wrote:
>
>> What's that Fight Club quote...
>>
>> “On a long enough time line, the survival rate for everyone drops to
>> zero.”
>>
>> Back your shit up and distribute your applications if they're mission
>> critical. Plan for the worst and hope for the best.
>>
>> This can be said for the ransomware thread too.
>>
>> Malicious threats, natural disasters, planes crashing into data centers
>> near airports by accident (coz nobody would ever build a data center near
>> an airport right?), all can be mitigated from a data loss perspective if
>> you plan for it.
>>
>> I'm pretty sure if there was a twister on top of the data center that
>> housed your BRAS, your customers would cut you a few days slack to make
>> arrangements. If you tell them you lost your account database because it
>> was your only copy, you deserve to lose them.
>>
>> Macca
>>
>>
>>
>> On Sun, Sep 25, 2016 at 5:55 PM, Sam Silvester <sam.silvester at gmail.com>
>> wrote:
>>
>>> On Sun, Sep 25, 2016 at 10:36 PM, Skeeve Stevens <
>>> skeeve+ausnog at eintellegonetworks.com> wrote:
>>>
>>>> But... I don't think we should theorise in an open forum giving anyone
>>>> ideas on how you could abuse this situation.
>>>>
>>>> I'd even scrub the archives of this if possible.
>>>>
>>>>
>>> I always find it strange when people put forward advice like this.
>>>
>>> Even the most basic of IT security courses puts forward that 'security
>>> through obscurity' is a bad plan. If you feel smuggling in contraband is a
>>> real risk (I do not subscribe to that theory), you should be out talking
>>> about it.
>>>
>>> If you're worried about terrorist, commercial espionage or even
>>> 'nation-state' attacks on your equipment in a data centre, then avoiding
>>> talking about it is just dumb. The 'bad guys' are not stupid and are
>>> certainly able to discuss freely, so keeping the group defending against
>>> them artificially small is self-defeating. It's more about ego than about
>>> getting a good result.
>>>
>>> The simple fact exists and remains true that putting all your eggs in
>>> the one basket is a fantastically stupid idea. It's been shown time and
>>> time again that even the most well-run and well-intentioned data centres
>>> can and do suffer failures. If being up 24/7 is your goal, don't be in a
>>> single site, or you've already lost.
>>>
>>> Likewise, don't be with a single carrier, as (again, it's been shown to
>>> be true) intentional or unintentional damage to outside plant like fibre
>>> and power is also a thing. There would be tens of thousands of carrier pits
>>> with no locks or locks that are relatively easily forced, yet you don't see
>>> much in the way of hand-wringing over this risk.
>>>
>>> If you build your services properly, all of these risks can be
>>> minimised. That is where the discussion and focus should be, not ridiculous
>>> 'do not talk about' topics or suggestions to censor the list and/or
>>> archive. This is the Internet, not a 5-eyes meeting. It came to be by an
>>> open and sharing attitude.
>>>
>>> Sam
>>>
>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160927/67dfb167/attachment.html>

More information about the AusNOG mailing list