Is Your DR Plan Vulnerable to an Attack?
Computerworld - Sorry, I have to do this. I have to rant. Here's what I have to get off my chest. News item: "DHS Scores F on Cybersecurity Report Card."
Last week, a congressional oversight committee gave the U.S. Department of Homeland Security a failing grade on its annual cybersecurity report card. Congress says that when it comes to protecting the country's data infrastructure -- an entity that in itself has become critical to the continued functioning of the U.S. economy -- the DHS is a D-U-N-C-E. Appalling.
Shortly after 9/11, I published an article at SNWonline.com that stated that an aggressive and well-thought-out attack on our financial information systems could be economically devastating. Furthermore, I wrote that the attacker didn't have to strike by exploding a dirty bomb or hijacking a plane. In fact, the attack could be executed without taking a single life. An attacker using electronic means could even be smart and resourceful enough to disable disaster recovery (DR) capabilities just before launching an attack.
To be sure, I didn't expect Washington to hear this particular warning because at the time, there were many more audible voices saying the same thing. But the very sad truth is that the current administration wasn't listening to them either. In fact, the DHS has been handed the cybersecurity dunce cap three years running. The rest of us knew that Al Gore was just joking when we claimed to be the creator of cyberspace. The DHS must have taken the joke seriously because they behave like cyberspace is a place where only liberals live.
If you are an IT professional, I think it is safe to assume that the DHS doesn't get it and won't -- that it's not even interested in locking the door at night. I think that means that you, the IT professional, have to double-down on security measures. This would include scrutiny of firewalls and adding storage-based security. And, here's another thought I have in that regard: Is your DR plan vulnerable to an attack? Said another way, could an attacker disable your DR capability prior to launching an attack? In essence, does your DR plan have a DR plan?
We now live in a society in which very powerful -- and potentially harmful -- information technologies can be had at a cost of something between cheap and free. As an attacker, all you really need to add to the mix is brain power. In fact, I personally think that all it will take is one devastating cyberattacker to prove to us that bombs are obsolete. So I ask again. Is your DR plan safe from attack?
John Webster is senior analyst and founder of research firm Data Mobility Group LLC. He is also the author of numerous articles and white papers on a wide range of topics and is the co-author of the book Inescapable Data: Harnessing the Power of Convergence (IBM Press, 2005). Webster can be reached at jwebster@datamobilitygroup.com.
Storage
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
