[88128] in North American Network Operators' Group
RE: The Backhoe: A Real Cyberthreat?
daemon@ATHENA.MIT.EDU (Wallace Keith)
Sat Jan 21 02:07:11 2006
Date: Sat, 21 Jan 2006 02:06:38 -0500
From: "Wallace Keith" <kwallace@pcconnection.com>
To: <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
I for one have spoken in the past in favor of making the FCC Outage =
Reports public again. If you want to deliberatley destroy fiber =
infrastructure, you can gain more knowledge quicker by stepping outside =
your door and gazing upon clearly marked routes, than by reading outage =
reports. Want to find a bldg where multiple carriers are housed? Read =
the carrier hotel advertisements on the internet and in print or read =
NANOG.=20
I have suffered more from trying to figure out (quickly) over the past =
few years what's going on in a multi carrier fiber outage situation, =
especially when a given carrier has IRU's on the competitor's fiber =
which I have also provisioned my redundany on (and they seem to "forget" =
that). Many times during outages people in NOCs are spinning in their =
chairs trying get a grip. The information that is purposely being =
suppressed from the public by DHS initiatives with the FCC, is also =
frequently inadvertantly obfuscated within a given orginisation due to =
turnover, layoffs, mergers and acquisitions, etc. So besides government =
interference, we are at times our own worst enemy due to lack of =
adequate knowledge transfer and change mgmt. procedures. Imagine if you =
will 2 competing carriers, 1 has a cut 22.1 km east of X, the other 3 km =
west of Y, crews are dispatched, and bingo- collide at the scene.....how =
many times has THAT happened. Neither realizes they share some form of =
infrastructure until they are having coffee together while looking at =
the muddy hole in the ground that the contractor for a 3rd company just =
dug. It IS a less than perfect world within the industry.
On a slightly different rant - Forget attacking the glass. Take down DNS =
and SS7 at the same time...hmmm wonder what one company has a lock on a =
big piece of THAT. enough said. Hope their infrastructure for those =
things stays totally diverse (no offense meant). Just another thing that =
I think about at times...
-Keith
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
sgorman1@gmu.edu
Sent: Friday, January 20, 2006 3:05 PM
To: frank@dticonsulting.com
Cc: nanog@merit.edu
Subject: Re: The Backhoe: A Real Cyberthreat?
What data went into the system would depend on what questions you were =
looking to answer. I spend most of my time looking at the geographic =
diversity of fiber routes, so I'll use that as a very simple example. =20
To answer that particular set of questions you would need the fiber =
routes for each provider, and they would need to be georeferenced. =
Other useful data would be the buildings lit by those fiber routes and =
lease costs. Users would then enter the buildings they want =
connectivity for. The system would find all the providers that could =
service that combination of buildings then calculate what the diversity =
of each provider is for that set of buildings, or what the diversity was =
if the user wanted to use more than one provider. Each provider would =
be given a score for that particular connectivity combination and a =
price, or the scores for each combination of providers. The user would =
then have a market indicator for diversity. You could have a vairety of =
metrics - the total distance between network paths, average distance, =
the variance, the number of times paths come with 100 feet of each =
other, the number of routes that are colocated etc. =20
The providers do not give up any proprietary data and the customers have =
a set of indicators to make a more informed choice. Not the ideal =
solution, but the game was to come up with something that would be =
palatable to the providers. Companies like Last Mile Connections =
already keep provider supplied databases of lit buildings and prices to =
run auctions. This would just be another indicator for customers that =
also value diversity and resiliency. Protecting the master database =
would be important, but there are lots of mechanisms to do that =
effectively. The metrics are the key, and that of course is my angle on =
the game.
----- Original Message -----
From: Frank Coluccio <frank@dticonsulting.com>
Date: Friday, January 20, 2006 1:53 pm
Subject: Re: The Backhoe: A Real Cyberthreat?
>=20
> >My argument simply is if this kind of awareness=20
>=20
> >can be made more broadly available you end up with=20
>=20
> >a more resilient infrastructure overall.
>=20
>=20
>=20
> Sean, would you care to list the route, facility, ownership and=20
> customer
> attributes of the data base that you'd make public, and briefly=20
> explain the
>=20
> access controls you would impose on same?=20
>=20
>=20
>=20
> If this is not what you originally intended, then please show me=20
> the way ... thanks.
>=20
>=20
>=20
>=20
>=20
> Frank=20
>=20
>=20
>=20
> On Fri Jan 20 9:19 , sgorman1@gmu.edu sent:
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> As you mentioned before this is largely because the customer=20
> (SIAC) was savvy
>=20
> enough to set the reuirements and had the money to do it. A lot of=20
> that saviness
>=20
> came from lessons learned from 9/11 and fund transfer. Similar=20
> measures were
>=20
> taken with DoD's GIG-BE, again because the customer was=20
> knowlegable and had the
>=20
> financial clout to enforce the requirements and demand the=20
> information. An
>=20
> anonymous data pool is just one suggestion of a market based=20
> mechanism to do it.
>=20
>=20
>=20
> ----- Original Message -----
>=20
> From: Michael.Dillon@btradianz.com
>=20
> Date: Friday, January 20, 2006 5:37 am
>=20
> Subject:=20
>=20
>=20
>=20
> >
>=20
> > > Imagine if 60 Hudson and 111 8th
>=20
> > > were to go down at the same time? Finding means to=20
> mitigate this
>=20
> > > threat is not frivolously spending the taxpayer's money, IMO;
>=20
> > > although perhaps removing fiber maps is not the best way to
>=20
> > > address this.
>=20
> >
>=20
> > No, removing fiber maps will not address this problem
>=20
> > now that you have pinpointed the addresses that they
>=20
> > should attack.
>=20
> >
>=20
> > Separacy is the key to addressing this problem. Separate
>=20
> > circuits along separate routes connecting separate routers
>=20
> > in separate PoPs. Separacy should be the mantra, not
>=20
> > obscurity.
>=20
> >
>=20
> > End-to-end separation of circuits is how SFTI and other
>=20
> > financial industry networks deal with the issue of continuity
>=20
> > in the face of terrorism and other disasters. In fact, now
>=20
> > that trading is mediated by networked computers, the physical
>=20
> > location of the exchange is less vulnerable to terrorists=20
> because
> > the real action takes place in redundant data centers connected
>=20
> > by diverse separate networks. Since 9-11 was a direct attack on
>=20
> > the financial services industry, people within the industry
>=20
> > worldwide, have been applying the lessons learned in New York.
>=20
> > Another 9-11 is simply not possible today.
>=20
> >
>=20
> > --Michael Dillon
>=20
> >
>=20
> >
>=20
> >
>=20
> >=20
>=20
>=20
