[88120] in North American Network Operators' Group
Re: The Backhoe: A Real Cyberthreat? [ & Re: cyber-redundancy ]
daemon@ATHENA.MIT.EDU (Frank Coluccio)
Fri Jan 20 18:41:59 2006
From: Frank Coluccio <frank@dticonsulting.com>
To: nanog@merit.edu
Reply-To: frank@dticonsulting.com
Date: Fri, 20 Jan 2006 17:41:30 -0600
Errors-To: owner-nanog@merit.edu
Responding to both Sean Gorman's and Sean Donelan's posts:=0D
=0D
---=0D
=0D
Sean Gorman, =0D
=0D
In your earlier reply you stated that Verizon will tell me that a cable is=
=0D
diversely placed, when in reality it is only 2mm away from the original pat=
h.=0D
Then you proceed to describe the considerations and the makeup of a data ba=
se=0D
that Verizon (using them as an example here) should use to document cable=
=0D
placements in order to give me the information that would be .... what? Whi=
ch is=0D
it? I'm either naive to ask for a route statement, so I shouldn't bother. O=
R, I=0D
trust that they're going to be straightforward and wind up getting whacked =
with=0D
bogus information in the end, anyway? =0D
=0D
We've written numerous asset-tracking systems that list dozens of attribute=
s,=0D
starting with geo-referenced path information at Layer Zero (spaces, pathwa=
ys,=0D
roads, etc.) that is integrated parametrically with CAD software, and endin=
g with=0D
the fire ratings of the sleeves and innerducts entering buildings, and=0D
everything, including all media attributes, in between. This is not a trivi=
al=0D
undertaking when done to the demands of the craft (in addition to those tha=
t=0D
might be of interest to someone flying at 30,000 ft), but every cable pulli=
ng=0D
service provider/carrier/entity worth its salt has or should have one. Whet=
her=0D
they are kept up to date or not is another story, entirely. To this point, =
some=0D
systems I've seen possess information that is so out of date and in such di=
sarray=0D
that they actual represent a primary reason (shame) why an SP would not wan=
t to=0D
make them vieaable to end customers for viewing. But that's another story a=
ll its=0D
own. =0D
=0D
---=0D
=0D
Sean Donelan., you make a good point by comparing financial institutions wi=
th=0D
carriers with respect to holding back information from one another, and som=
etimes=0D
to the customer, as well. You'll note in my earlier post I made allowances =
for a=0D
third party ("or agents") for this very reason, although I didn't elaborate=
on=0D
that point at the time. I've seen instances when trusted third parties, usu=
ally a=0D
then- big six CPA firm, would be mutually agreed to as the party of choice =
to=0D
hold and confirm route information for a client. I=E2=80=99ve seen this don=
e for tower=0D
righs of way and for fiber optic paths, but nothing like this that I am awa=
re of=0D
ever became widely available as a broking service to the general public, al=
though=0D
I think it should. Have you come across this sort of arrangement in the pas=
t? Anyone?=0D
=0D
I've also been blessed with having to work through both of these industry g=
roups=0D
on a single project. For example, I once orchestrated the client-side desig=
n and=0D
buildout of two IRU facilities (called optical fiber services, of OFS) back=
in=0D
1987 for a financial institution across the street and down the block from =
the=0D
NYSE to the Teleport on Staten Island. Since Teleport (and TCG) was partial=
ly=0D
owned by Merrill Lynch back then, along with WU, NYCity and the Port Author=
ity of=0D
NJ/NY, and the entrance point to the site was in Merrill's own building, I =
had to=0D
arrange for alternate penetration points and trenching from the perimeter o=
f the=0D
park to a new building that was designed and constructed simply to circumve=
nt the=0D
sharing of space and duct facilities with the client's chief competitor. =
=0D
=0D
To make this story more interesting, the two routes on the NJ side (which t=
he=0D
routes traversed in order to get back to the Holland and PATH Tunnels on th=
eir=0D
way to 60 Hudson and the WTC, respectively) had a single cross-over point (=
single=0D
point of failure) in a large PSE&G vault in Journal Sq., which I refused to=
sign=0D
off on. I never would have detected this fault, except for my personal=0D
inspections of the physical route constructions against the design document=
s I=0D
was given by all parties concerned. It wound up costing seven digits to tre=
nch a=0D
path to an agreed upon distance from the vault before an order to commence=
=0D
pulling cable through those sections received a final go ahead. And so it w=
ent ...=0D
=0D
Frank=0D
=0D
=0D
=0D
=0D
=0D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D
=0D
On Fri Jan 20 18:11 , sgorman1@gmu.edu sent:=0D
=0D
=0D
=0D
The difference being the financial system can use the knowledge to make=
=0D
themselves more resilient.=0D
=0D
How does the bank customer use the information you listed to make thems=
elves=0D
more resilient?=0D
=0D
Further, the banks are a fairly trusted and well regulated group.=0D
=0D
There are a good number of bank customers that are not good guys.=0D
=0D
Is there a fear the banks will use provider information for malicious e=
nds?=0D
=0D
Is that the reason the providers will not give the information?=0D
=0D
Could it be they do not want customers to know most of their SONET ring=
s are=0D
collapsed?=0D
=0D
=0D
=0D
=0D
----- Original Message -----=0D
From: Sean Donelan <sean@donelan.com>=0D
Date: Friday, January 20, 2006 4:44 pm=0D
Subject: Re: The Backhoe: A Real Cyberthreat? [ & Re: cyber-redundancy =
]=0D
=0D
>=0D
> On Fri, 20 Jan 2006, Frank Coluccio wrote:=0D
> > To answer Sean Donelan's question, yes, enterprise customers=0D
> and/or their agents=0D
> > _do _need to have specific information on the routes in which=0D
> their leased=0D
> > facilities (and even dark fiber builds) are placed, ephemeral as=0D
> those data might=0D
> > be at times due to SP outside plant churn. They need this data=0D
> in order to ensure=0D
> > that they're not only getting the diversity/redundancy/separacy=0D
> that they're=0D
> > paying for, but because of the more fundamental reason being=0D
> that it is the only=0D
> > way they have to provide maximal assurances to stakeholders of=0D
> the organization's=0D
> > survivability.=0D
>=0D
> Is the same thing also true for customers of financial=0D
> institutions? Why=0D
> are financial institutions so reluctant to give details about the=0D
> locations of their data centers, processing offices, money transport=
=0D
> routes and security procedures to their customers? Don't=0D
> customers of=0D
> financial institutions have the same concerns about the survivability=
=0D
> of the financial institutions as the financial institutions have abou=
t=0D
> their suppliers?=0D
>=0D
> Doesn't this just turn into Y2K all over again with every organizatio=
n=0D
> demanding guarantees and copies of data from every other organization=
?=0D
=0D
------=0D
=0D
On Fri Jan 20 15:05 , sgorman1@gmu.edu sent:=0D
=0D
=0D
What data went into the system would depend on what questions you w=
ere=0D
looking to answer. I spend most of my time looking at the geographic divers=
ity of=0D
fiber routes, so I'll use that as a very simple example.=0D
=0D
To answer that particular set of questions you would need the fiber=
=0D
routes for each provider, and they would need to be georeferenced. Other us=
eful=0D
data would be the buildings lit by those fiber routes and lease costs. User=
s=0D
would then enter the buildings they want connectivity for. The system would=
find=0D
all the providers that could service that combination of buildings then cal=
culate=0D
what the diversity of each provider is for that set of buildings, or what t=
he=0D
diversity was if the user wanted to use more than one provider. Each provid=
er=0D
would be given a score for that particular connectivity combination and a p=
rice,=0D
or the scores for each combination of providers. The user would then have a=
=0D
market indicator for diversity. You could have a vairety of metrics - the t=
otal=0D
distance between network paths, average distance, the variance, the number =
of=0D
times paths come with 100 feet of each other, the number of routes that are=
=0D
colocated etc.=0D
=0D
The providers do not give up any proprietary data and the customers=
have=0D
a set of indicators to make a more informed choice. Not the ideal solution,=
but=0D
the game was to come up with something that would be palatable to the provi=
ders.=0D
Companies like Last Mile Connections already keep provider supplied databas=
es of=0D
lit buildings and prices to run auctions. This would just be another indica=
tor=0D
for customers that also value diversity and resiliency. Protecting the mast=
er=0D
database would be important, but there are lots of mechanisms to do that=0D
effectively. The metrics are the key, and that of course is my angle on the=
game.=0D
=0D
=0D
----- Original Message -----=0D
From: Frank Coluccio <frank@dticonsulting.com>=0D
Date: Friday, January 20, 2006 1:53 pm=0D
Subject: Re: The Backhoe: A Real Cyberthreat?=0D
=0D
>=0D
> >My argument simply is if this kind of awareness=0D
>=0D
> >can be made more broadly available you end up with=0D
>=0D
> >a more resilient infrastructure overall.=0D
>=0D
>=0D
>=0D
> Sean, would you care to list the route, facility, ownership and=
=0D
> customer=0D
> attributes of the data base that you'd make public, and briefly=
=0D
> explain the=0D
>=0D
> access controls you would impose on same?=0D
>=0D
>=0D
>=0D
> If this is not what you originally intended, then please show me=
=0D
> the way ... thanks.=0D
>=0D
>=0D
>=0D
>=0D
>=0D
> Frank=0D
>=0D
>=0D
>=0D
> On Fri Jan 20 9:19 , sgorman1@gmu.edu sent:=0D
>=0D
>=0D
>=0D
>=0D
>=0D
>=0D
>=0D
> As you mentioned before this is largely because the customer=0D
> (SIAC) was savvy=0D
>=0D
> enough to set the reuirements and had the money to do it. A lot o=
f=0D
> that saviness=0D
>=0D
> came from lessons learned from 9/11 and fund transfer. Similar=0D
> measures were=0D
>=0D
> taken with DoD's GIG-BE, again because the customer was=0D
> knowlegable and had the=0D
>=0D
> financial clout to enforce the requirements and demand the=0D
> information. An=0D
>=0D
> anonymous data pool is just one suggestion of a market based=0D
> mechanism to do it.=0D
>=0D
>=0D
>=0D
> ----- Original Message -----=0D
>=0D
> From: Michael.Dillon@btradianz.com=0D
>=0D
> Date: Friday, January 20, 2006 5:37 am=0D
>=0D
> Subject:=0D
>=0D
>=0D
>=0D
> >=0D
>=0D
> > > Imagine if 60 Hudson and 111 8th=0D
>=0D
> > > were to go down at the same time? Finding means to=0D
> mitigate this=0D
>=0D
> > > threat is not frivolously spending the taxpayer's money, IMO;=
=0D
>=0D
> > > although perhaps removing fiber maps is not the best way to=
=0D
>=0D
> > > address this.=0D
>=0D
> >=0D
>=0D
> > No, removing fiber maps will not address this problem=0D
>=0D
> > now that you have pinpointed the addresses that they=0D
>=0D
> > should attack.=0D
>=0D
> >=0D
>=0D
> > Separacy is the key to addressing this problem. Separate=0D
>=0D
> > circuits along separate routes connecting separate routers=0D
>=0D
> > in separate PoPs. Separacy should be the mantra, not=0D
>=0D
> > obscurity.=0D
>=0D
> >=0D
>=0D
> > End-to-end separation of circuits is how SFTI and other=0D
>=0D
> > financial industry networks deal with the issue of continuity=
=0D
>=0D
> > in the face of terrorism and other disasters. In fact, now=0D
>=0D
> > that trading is mediated by networked computers, the physical=
=0D
>=0D
> > location of the exchange is less vulnerable to terrorists=0D
> because=0D
> > the real action takes place in redundant data centers connected=
=0D
>=0D
> > by diverse separate networks. Since 9-11 was a direct attack on=
=0D
>=0D
> > the financial services industry, people within the industry=0D
>=0D
> > worldwide, have been applying the lessons learned in New York.=
=0D
>=0D
> > Another 9-11 is simply not possible today.=0D
>=0D
> >=0D
>=0D
> > --Michael Dillon=0D
>=0D
> >=0D
>=0D
> >=0D
>=0D
> >=0D
>=0D
> >=0D
>=0D
> Frank A. Coluccio=0D
DTI Consulting Inc.=0D
212-587-8150 Office=0D
347-526-6788 Mobile=0D
=0D
=0D
=0D
> =0D
=0D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D
=0D
Frank A. Coluccio=0D
DTI Consulting Inc.=0D
212-587-8150 Office=0D
347-526-6788 Mobile=0D
=0D
=0D
=0D
