|
We are suffering an epidemic of cyberattacks while in a viral pandemic. This post is for those who have responsibility for assuring that the IT-based services offered by their enterprise can quickly recover in the case of successful cyber-attack or other disaster.
University of Vermont Medical Center (UVMMC) is an excellent hospital. I owe my life to treatment there and am grateful for both the skill and the kindness of UVMMC staff. They have been devastated by a cyber-attack.
It took a full month for UVMMC to recover the use of its patient database after the attack, and the institution recently blamed the failure to report COVID cases on the after-effects. It is not possible to avoid all disasters; it is possible to recover quickly—but only if recovery has been planned and practiced in advance. There are several lessons in UVMMC’s travails for every organization and every business with a critical database.
At this point, it would be reasonable and prudent for readers to ask whether I’m qualified to give this advice. I blog about many things like education, politics, and economics, which I’m not an expert in. You don’t want to rely on amateur advice for service security.
At Microsoft in the early 90s, I was responsible for the development of server-based products, including Outlook and Exchange. Later I led the development and rollout of AT&T’s first ISP, AT&T WorldNet Service. ITXC, which my wife Mary and I founded, had a network that spanned 200 countries and provided a VoIP service despised by most of the world’s telcos and quite a few governments. It had to be hacker resistant. NG Advantage, which we also founded, has an extensive Internet of Things (IoT) network. I’m a nerd, so I was deeply involved in the technology of all these products and services. More boasting here.
I’m no longer an expert in how to prevent a hacker attack, although I did write a novel called hackoff.com. The technologies for intrusion and intrusion detection and prevention change so rapidly that only those active in the field have any hope to keep up. Fortunately, the principles of preparing for and accomplishing catastrophe recovery are largely the same no matter what tools mother nature or a hacker group used to bring your servers and your services down. This post is about preparing for recovery, a very separate subject than preventing attacks.
Now getting new server hardware up and running immediately sounds hard and expensive but is actually cheap and almost trivially easy. As long as preparation has been made in advance, it is possible to spin up a practically unlimited amount of computer power from cloud-providers like Amazon, Microsoft, or IBM within minutes. There is no significant standby cost for this capability. Once the cloud equipment is no longer needed, it can be shut down, and the cloud billing meter stops.
Apparently, the desktop computers and laptops (and possibly tablets) which are used at UVMMC to access data were also infected and unusable. Recovery of function cannot depend on restoring the access devices any more than it can rely on restoring the servers. In practice, this means that access to all essential functionality must be possible from a web browser on any properly authenticated laptop, computer, or smartphone. There must be a small backup supply of devices to restore key functionality immediately. New ones can be purchased and placed in service in days so long as they don’t have to be loaded with special software.
Anyone responsible for critical systems in public or private sector should be asking their own IT people two simple questions: when was the last successful rehearsal of our functional recovery plan? How long did it take to restore functionality in the rehearsal?
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byDNIB.com