North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Learning from the past (was Re: effects of NYC power outage)

  • From: Sean Donelan
  • Date: Mon Jul 22 15:42:49 2002

>	Ok, come on... That was 310 or so days ago. Exactly what happened
>shouldn't be a huge concern anymore. They addressed it, fixed it, and are
>making sure it doesn't happen again, thats the part we need to concentrate
>on.

The Morris worm happened over a decade ago.  Computers are still being
attacked using the same vulnerabilities used by the Morris worm, and
amazingly some of the attacks are still working.

The AT&T New York City/FAA power failure happened over a decade ago
(http://www.att.com/news/0991/910930.cha.html).  Power problems continue
to be a significant cause of network disruptions.  AT&T is a bit unusual.
It almost always releases more information about its failures than any
other telecommunications company.

AS7007 happened over 5 years ago.  Some networks still don't practicee
safe filtering.


Think volunteer fire department.  The house you keep from burning down may
be your own.  If you don't want to participate, don't expect much help
from your neighbors.


Its amazing how often something happens to one organization, and continues
to happen to other organizations.  As an industry we want to make sure it
not only doesn't happen to the same provider again, but the experience
isn't repeated by other providers.  That's why the electrical industry
shares their experiences through DAWG (Disturbance Analysis Working Group)
and the telephone industry shares their experiences through NRIC (Network
reliability and interoperability council).

I encourage folks to participate in the ISAC, NRIC and NSTAC programs. You
may have the same vulnerability as several other providers, and don't know
it.  The solution you share may save yourself from a future vulnerability.

The government cyber-protection groups have realized that they don't have
good contacts with carrier hotel landlords, and it is an unknown exposure.
Heck, there isn't even a good list of all the "important" carrier hotels.
If you are a carrier hotel landlord, and aren't in contact with the
government working groups examining infrastructure vulnerabilities, they
want your input.