The time to plan for disaster is now
- By William Jackson
- Feb 07, 2007
SAN FRANCISCO ' As the RSA security conference was getting under way Tuesday, a massive denial-of-service attack was being directed at three of the Internet's root Domain Name System servers.
Because of plans in place for such an event, the impact was minimal, Michael Witt, deputy director of the US CERT, said during a discussion at the RSA conference on continuity-of-operations planning.
Although the details of the attack were not available, Witt said the 54Gbps-attack was directed at the .mil, .info and .bus root DNS servers for several hours. Despite the volume of malicious traffic, none went down. The most heavily targeted server was the .mil, and US CERT worked with the Defense Department to mitigate the attack.
'They were having no impact on operations at all,' Witt said.
The incident underscored the importance of advance planning, attention to detail and testing for continuity-of-operations plans.
Much of the responsibility for plans for protecting the continuity of the nation's critical infrastructure falls to the private sector, and they cannot rely on the government to come to their rescue in the event of an emergency, said attorney Scott Lewis Weber, former senior counsel to Homeland Security secretary Michael Chertoff.
'Do not count on the government,' he said. 'You need to be self-sufficient. The government is not going to save you.'
That said, the government is in a position to give some assistance. The second version of the National Infrastructure Protection Plan was recently released, and the White House is reviewing individual sector plans that have been developed in partnership with the private sector. These are expected to be released soon.
The Emergency Support Function is included in the NIPP as a mechanism for releasing federal money to states for the restoration of communications systems in the event of a disaster. Originally intended to protect the telecommunications infrastructure, the convergence of voice and data onto the same IP networks has made the distinction between telecomm and computer networks meaningless. ESF is being revised to include recovery money for IP networks as well, Witt said.
Unfortunately, putting together a continuity-of-operations plan is as much an art as a science, and there are few metrics for determining what is adequate, said Guy Copeland of Computer Sciences Corp.
'It's how much you're willing to spend to avoid the loss,' he said.
Teresa C. Lindsey, chief continuity officer for ABN AMRO LaSalle Bank, said developing adequate plans is a matter of experience, which her company gained during a fire in its 47-story Chicago headquarters.
'If you want metrics, set your headquarters on fire,' she said.
William Jackson is a Maryland-based freelance writer.