Are we going to throw a burlap sack over 60 Hudson, the Westin Building,
One Wilshire,
or similar buildings and disavow knowledge of their existence? You can't
hide major infrastructure.
Yes.
However we can work to spread out the infrastructure more so that it is
harder for terrorists to find a single point of failure to attack. If they
have to coordinate an attack on 3 or 4 locations, there is an increased
probability that something will go wrong (as on 9/11) and one or more of
their targets will escape total destruction.
We all need to find ways to make our networks more resilient even if that
means moving away from "comfortable" vendors like Cisco and Juniper. The
costs of resilience are not immovable objects. Those costs arise because
the routers and circuits we would use to implement resilience are the same
things we use to carry paying traffic and the vendors price their products
based on the expectation that we use them for paying traffic. Since the
vendors can't tell whether or not the router/circuit earns revenue for us,
they won't give up their margin on the sale. In both cases, the underlying
components of the product are virtual commodities (fiber, wavelengths,
circuit boards, chips) and are continually dropping in price.
Perhaps it will require government regulations regarding diversity and
resilience to change this but wouldn't it be nice if the industry could
get together and solve this problem in a self-regulatory fashion?
I like maps with circles on them. Triangles are usually good too. Mostly, I like to see lots of interconnecting lines.
The last I checked, there are at least two interconnect houses in each city. This is true of data and telco layouts. Critical networks tend to interconnect multiple cities as well. The wonderful thing about what we created is that just because you shut down an exchange, doesn't mean you shut down the network. You can remove Telehouse and even those networks who's connectivity in the area you've killed can offload traffic via other interconnects. Granted, this means more money spent as traffic raises on other routes.
Granted, there are ways to limit local damage, but those are usually secondary to the overall network and a little manual intervention can usually bring an emergency circuit up in a local market. Do you think the destruction of telehouse would have everyone else saying, "I'm sorry and sympathetic to your needs, but we just don't have the time right now to let you through this fiber path or place equipment in our facility."
-Jack (learns about interconnects which are thousands of miles away, of no use to his network, but which he hopes to be lucky enough to see someday)
I hate to be a doom sayer, but any chump with a couple of tools and
rudimentary knowledge can lift manholes, cut cables and jump to another
location in minutes. No amount of diversity could defend against a concerted
attack like that unless you start installing very special low-level routes
away from street level into many many buildings. Maybe you guys in the US
are historically more paranoid, but London is just covered in single points
of major failure for telecoms.
Protecting the switching centres (IP or voice) looks great, but walk a few
hundred feet and all senblence of physical security breaks.
I recall reading, last year, about a "Cyber Bunker" outside London UK which is being offered as colo to major banks. The banks were raving praise about it. This facility is an ex-RAF centralized radar control site, buried dozens of feet underground w/ thick concrete and designed to withstand nuclear weapon overpressure. Blast doors, EMF shielding, dual-redundant air filtered generators, the works.
The people who bought it and turned it into a colo neglected to mention one thing: It's in the middle of a farm field with a single homed fiber route to Telehouse Docklands.
I recall reading, last year, about a "Cyber Bunker" outside London UK
which is being offered as colo to major banks. The banks were raving
praise about it. This facility is an ex-RAF centralized radar control
site, buried dozens of feet underground w/ thick concrete and designed
to withstand nuclear weapon overpressure. Blast doors, EMF shielding,
dual-redundant air filtered generators, the works.
In the US, American Tower is/was liquidating a number of cold war era
ex-AT&T blast-proof sites. They are all in need of an upgrade, but the
basics are there (underground, multiple layers of concrete, blast doors,
etc. Even "blast toilets". I'm surprised some enterprising/paranoid soul
has not snatched a few of these up and converted them into secure offsite
storage. Even without diverse routes, you can ensure safe data storage.
Only bad part, is the ILEC doesn't have the facility to bring
T1s to the site (let alone anything bigger). They are, however, about
1/2 mile from the border of one of the independents -- I believe they're
being served via some type of wireless.
It's probably a bit easier to get high quality bandwidth to Detroit than Roswell, NM. Also has the advantage of being across the river from Windsor ON for diverse connections to Shaw Bigpipe, Telus, Bell, GT/360, etc.
On another note, some people affiliated with the SeattleWireless community wireless MAN have purchased one of those former AT&T microwave relay sites from American Tower. Mt. Baldi was formerly part of a microwave relay from downtown seattle, across the Cascade mountain range to cities such as Yakima and Spokane. Anyone interested in colocating at 4,000 foot altitude on top of a mountain? I believe access is by snowmobile from late November to mid March.
Perhaps some "security" measures have a different purpose -- as
you say, "LOOKS great" (emphasis added).
Just like 99% of all recent airport security measures... reassure the sheep,
then they might stop bleating and march to order instead. "Baaaaaauy
McDonalds, Baaaaauy Gas, Baaaaauy SUV".
Managing security perception can sometimes reduce security risks or the
security TCO, by reducing the number of low-risk attackers. Die-hards will
only stop for real security controls, but you may find easier to impose such
controls without a lot of noise from your security alarms.
The real issue is when you start believing that you are as safe as the sheep
think you are.
