IT vs. Terrorism

Computerworld - It's not a dumb idea - it just looks that way on the surface. The notion of re-creating the federal government's Y2k command center, only this time in order to make sure critical infrastructure is protected against terrorist attacks instead of programming problems, sure does seem misconceived.
Y2k was a one-time problem; terrorism is an ongoing risk. Y2k had straightforward, if very expensive, fixes; terrorism is largely undefined. Y2k threatened computer systems; terrorism threatens everything. In almost every way, Y2k is the wrong model. Terrorism simply isn't Y2k.
But a Y2k-style effort is the right idea anyhow - and not just for the feds.
After all, the biggest threat from the millennium bug wasn't the chance that computers might fail on Jan. 1, 2000. It was the possibility that ripple effects could cascade faster than any recovery effort could hope to match.
If a critical computer system failure knocked out part of the electric grid, and that triggered a failure in the telephone system, which in turn disabled control systems that handled water or natural gas or air traffic control - that was the kind of problem we all dreaded.
It didn't happen with Y2k. But that's exactly the kind of ripple effect terrorists would aim for when they attack.
It also makes sense that it's the IT-focused electric utilities that are floating the idea of the old Y2k command center being reborn as an infrastructure security effort. They already use IT heavily to monitor transmission systems - which are already threatened by thieves and vandals as well as earthquakes, hurricanes, floods and blizzards.
And their standards for reliability are pretty much the old glass-house standards: The system isn't allowed to stop working because of a glitch or a bug. Unplanned downtime for anything less than a disaster is unacceptable - and even then there should be fail-over systems to minimize recovery time.
That's how you protect infrastructure: by making it as secure as possible, then constantly monitoring for problems, reacting as soon as they're detected and always having a way of keeping things running, even when something fails.
It's that IT mind-set that makes a command center approach a perfect match for infrastructure protection.
And that's a very good reason for corporate IT shops to be floating the idea of an infrastructure protection command center for our own companies, too.
Not just a corporate security department - we've already got that, complete with rent-a-cops and ID badges and alarm systems. The security department will be part of the infrastructure