[CII] terms and conditions

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Tue Dec 1 16:10:38 UTC 2009 

On Sun, Nov 29, 2009 at 05:20:39PM +0100, Eukasz Bromirski wrote:
> On 2009-11-29 13:54, bmanning at vacation.karoshi.com wrote:
> >On Sun, Nov 29, 2009 at 02:22:40PM +0200, Gadi Evron wrote:
> >>bmanning at vacation.karoshi.com wrote:
> >>>	I have "everything you need to make this work".  I have no need of
> >>>	Brazilian or Norwegian infrastructure.  They are not critical to me.
> >>
> >>What would happen to your connectivity if the Brazilian and Norwegian
> >>localized internet infrastructures were to stop working?
> >
> >	nothing.  zero.  nada.  zilch.
> >	
> >	not critical to me.   the point being, critical has a reference,
> >	usually an end user.
> 
> Somebody already called for defining the 'critical infrastructure', as
> we can easily go into many discussions without actually definining why
> we disagree :)
> 
> So, even if You're not living in the Brazil or Norway, they
> infrastructure may be critical for you. Think about shared hubs for
> banks, C&C systems for ATM machines and the card readers in shops,
> gas stations, etc. It doesn't have to be a bunch of DNS root servers,
> it may be a GSM IP network that is connecting you via a dialin to
> the internet, or a AAA server somewhere around the world (we're already
> in the era of cloud computing, please remember that), that just breaks.
> And in terms of daily life, you're reduced to what you have in your
> house. Shops won't sell you anything, they won't take orders, your
> cell phone won't connect you anywhere, nor paid phone. If you have
> cash, the TAXI may get you somewhere (if they still have fuel), but the
> train system may not be able - precisely because of the fact, that
> some set of IP networks used by a just a couple of companies in your
> country just became unreachable.
> 
> And that's a fact that some of the networks in just three countries
> are very important to most of the international companies operating
> around the world. Without them, we're going to 'backup' plan, and
> sometimes the backup plan really doesn't exist, or was tested
> 'well, three years ago'.
> 
> When you have a chance to work for couple of companies dealing with
> internet connectivity on a "it's a something on our checklist to have
> our project complete" or a "it always did work!" basis, you may change
> your idea about being always safe very fast.
> 
> I wonder if Raoul Chiesa is on the list to share his experience. And
> I expect we all have our own and sometimes it's really scary to
> become aware during auditing, discussing architecture or redesigning
> a network that just a simple error in ONE place may render whole
> set of 'entities' disconnected.
> 
> And to show some real example: two years ago in Poland, we've had a
> rather small DDoS. The DDoS was aimed at one of the international
> bank. As the bot C&C apparently missed the fact, that the bank had
> only something like /24 allocated, he brought down entire /19.
> Along it went away two other banks (one national), a big newspaper
> and independent company doing ATM 'services', and part of the network
> of a gas station company.
> 
> People at the edge of Christmas Eve were unable to withdraw money
> from ATMs, and pay by credit cards in shops. They were unable to pay
> at gas stations, not to mention other 'difficulties' I can't actually
> discuss in public. If the /19 would be further extended to say /16,
> I see other countries would begin to see the 'problem'.
> 
> That's how it works - it's interconnected. Everything with everything
> else.
> 
> So, that's my hello to the list :)
> 
> -- 

	I'll bite.  its not that its connected, its that it -can be- connected.
	and I'm not comfortable conflating critical with convience.  your points
	about "backup" plans is key.  we need them, we need to exercise them on
	a regular basis, and we ought to ensure that shared dependencies are minimized.

--bill

More information about the CII mailing list