I heard a great quote this morning: "New York ain't what it used to be." Sure, we all know that too vividly. But in this case, the quote refers to the increasing amount of temporal dispersion occurring, in this case, in lower Manhattan. The nerve-rattling amount of data-centre concentration in the financial sector now is finding itself getting ready to be spread hither and yon. The same kinds of discussions are occurring in Washington, DC, Chicago and other critical infrastructure-centric metropolitan areas.
Temporal dispersion is an attempt to balance a business' risk by spreading critical hardware assets over a greater physical distance than heretofore thought necessary. The corollary is to spread our best and brightest to these different locations and put them on duty 24-7. So if the IT hits the fan, some of the experts will still be around to reconstitute mission-critical systems. This is a smart and long overdue move.
Consider what we lackadaisically have assembled in the last couple of decades:
- Huge data centres in high-rise buildings that were built for beauty and bragging rights, not physical security.
- Back-up data centres in the same buildings.
- Data centres on the ground floor or beneath ground and, often, the water line.
- Reliance on public communications lines for backup, redundancy and business continuity.
- Secondary power sources designed to work but are rarely tested.
So along comes temporal dispersion, which, depending on to whom you speak, yields a variety of interpretations. Because we don't know when or how attacks might occur, we need to consider several added variables we might not have a year ago. A systemic network failure because of an attack can have farther-reaching consequences than previously thought. We know collocation of critical infrastructures is a recipe for disaster, but many companies do little about it.
A physical attack is more likely than in the past and the effects of collateral damage on nearby critical infrastructure can be just as debilitating. Large metropolitan areas share common utilities, even across spans of 10, 20 or 50 miles.
Perhaps the scariest aspect is that we also concentrate our people, our best and brightest, in single locations at the same time. Think about your own shop: How many of your top technicians work the day shift? What percentage of your techs work second or third shift? Are they your best, or are they the second string? How many of your primary technical staff members work in the same physical location?
In the early post-Cold War days, some firms found it enticing to put their contingency resources into hardened missile silos from Nebraska to Montana. Today, talk is of using the long-forgotten "home bases" of Minuteman missiles because of their proximity to critical East Coast assets. West Virginia is a popular alternative data centre site, in part because of the lobbying efforts of US Senator Robert Byrd and in part because the cost of living is appreciably lower than in nearby Washington.
Moving techs and support staff to lower-cost areas or offering commuting bonuses is one reasonable approach to temporal dispersion efforts. But what about management? Do they temporally disperse, too? Or is it business as usual, with the same daily concentration of top brass in single facilities, convenient to them, their homes and their current lifestyles? If the techs are all there and the management is all gone, who is going to run the show? The national security term is continuity of government. Organisations should take the same view of their own survival and continuity.
Part of the new reality we are facing is that high-tech network defence intrinsically means physical defence of fixed assets, physical dispersion of certain others, including contingency, awareness of the strengths and weaknesses of supporting critical infrastructures, and the temporal dispersion of people to keep it all working.
This might not be what we all signed up for. But there are much worse things in life than living in the country, working in a hardened and safe silo and cutting personal expenses by one-third. Much worse.
Schwartau is president of Interpact, a security awareness consulting firm, and author of several books, including the recent Pearl Harbor Dot Com.