The Backhoe: A Real Cyberthreat? [ & Re: cyber-redundancy ]

Imagine if 60 Hudson and 111 8th
were to go down at the same time? Finding means to mitigate this
threat is not frivolously spending the taxpayer's money,

This is not only a fair question, it's the very dilemma that some of us faced
during and immediately following September 11, 2001 when laying down routes into
NJ and north to midtown from the Wall Street area of NY City held new challenges.
The attacks on that grim date and its after effects revealed that sites no longer
had necessarily to be "taken down" in the traditional sense, per se, to be
inaccessible. It was no longer only the physical integrity of building property
and underground infrastructure that was vulnerable, but the very "access" to
those facilities from a broader geographic footprint perspective, as well, was
seen as something new that had to be dealt with.

To answer Sean Donelan's question, yes, enterprise customers and/or their agents
_do _need to have specific information on the routes in which their leased
facilities (and even dark fiber builds) are placed, ephemeral as those data might
be at times due to SP outside plant churn. They need this data in order to ensure
that they're not only getting the diversity/redundancy/separacy that they're
paying for, but because of the more fundamental reason being that it is the only
way they have to provide maximal assurances to stakeholders of the organization's

All of that having been said, up-to-date information on physical routes and
common spaces and the cables that reside within them remains among the most
problematic and opaque issues that enterprise network builders and SPs alike have
to deal with today in their quest to design and manage survivable networks. NDAs
aren't going away, and the anal nature of carriers isn't about to change anytime
soon. The best information gathering approach to double check any information
that "is" provided is very often knowing the right people to ask on an official
level, and being patient enough to wait for the right moment to ask.


Is the same thing also true for customers of financial institutions? Why
are financial institutions so reluctant to give details about the
locations of their data centers, processing offices, money transport
routes and security procedures to their customers? Don't customers of
financial institutions have the same concerns about the survivability
of the financial institutions as the financial institutions have about
their suppliers?

Doesn't this just turn into Y2K all over again with every organization
demanding guarantees and copies of data from every other organization?

The difference being the financial system can use the knowledge to make themselves more resilient.

How does the bank customer use the information you listed to make themselves more resilient?

Further, the banks are a fairly trusted and well regulated group.

There are a good number of bank customers that are not good guys.

Is there a fear the banks will use provider information for malicious ends?

Is that the reason the providers will not give the information?

Could it be they do not want customers to know most of their SONET rings are collapsed?