Explosives as a tool of cyber-disruption
There is a lot of concern these days over protection of our cyber infrastructure. You can’t read anything these days – including this journal – without getting advice about firewalls, anti-virus tools, dealing with hackers, and backup storage of data.
All of this advice is both valid and important, and should be taken to heart. Nonetheless, if you keep in mind the adage that simple is best, you can see that your cyber world also has a physical component which should not be overlooked so quickly.
This means that you may have the best hardware and the best software, and full-time monitoring of your network, and feel pretty good about how safe your system has become. However, if we can get into your facility – and we can assure you that we can get into your facility – there is little stopping us from blowing up your computer. And when we blow up your computer not all the software and monitoring in the world will be of help, and you’d best hope you had good backup and recovery plans.
You can deal with this issue in two ways. First and foremost, you really do need to listen to the contingency planning folk, and be prepared for the loss of everything you have. The good news is that you don’t, in this case, have to worry about the cause of the loss. In fact you really don’t care: Fire, flood, tornado, hurricane, act of God, war, crime, accident, or mere fluke, it doesn’t matter. If you are prepared for a loss from natural disaster, you will be prepared for a loss from unnatural disaster.
The second is by having physical security appropriate to the possible threat and impact. Your security people are, in fact, likely to either know something about physical security, or where to find specialists that can help you analyze the threats you face, the vulnerabilities you have, and the impact if your vulnerabilities are exploited.
Obviously, there is no such thing as perfect security (which is why you have insurance), but you can at least deal with a significant number of the issues you face. But when doing your planning try to keep an open mind, and to think of the extraordinary threats, not just the ordinary ones. We have recently listened to a lot of people describing sophisticated solutions to sophisticated problems, and clearly overlooking the simple problems. Like someone blowing up your data center.