Lessons Learned from July 8 Network Failures
Successive computer glitches happened at the United Airlines, Wall Street Journal and New York Stock Exchange facilities last July 8. Internet connection was shut down for several hours. What could have happened if the disruptions were more widespread? There were numerous theories and presumptions as to why these happened.
Some 4,900 United Airlines flights stopped for more than one hour because of this occurrence which management claimed was a connectivity issue. The stock exchange glitch cause trading to be suspended for the rest of the day. The Homeland Security chief and NYSE administration claimed that there was no hacking at all. The Department of Homeland Safety and White House issued several statements. Yet, the real reason for the outages could not really be established. However, one thing was evident. Cyber security has been threatened.
In the light of this massive network collapse, there are many lessons that the government and citizens can learn:
Ì How will internal and external communications function in an emergency condition such as this one? One of the problems is the exact cause of this breakdown. Everyone will demand an immediate answer especially the media. Avoid making rash conclusions. Concerned government agencies must act swiftly and delegate responsibilities clearly. The key is to implement a comprehensive communication strategy that covers all possible situations. There should also be a collaborative effort between the government and private sector Internet and Communications Technology matters.
Ì There should be rehearsals in trouble-shooting for systems restoration in case any malfunctions happen. Technical teams must find out right away the reasons for the outage. Prompt solutions are required in the event of cyber attacks. IT security teams must be fully prepared for breaches of vital infrastructure.
Ì Collaboration is important among government departments, business firms and clients. There must be proper coordination and cooperation among these parties. As much as possible, formulate “what-if” scenarios. Otherwise, action teams will find it difficult to figure out the right response plan to execute. Periodic system upgrades are necessary. These may be mistaken for cyber security incidents or ordinary computer network problems.
Ì Make sure to inspect systems and network architecture regularly. Identify possible points for failure as well as systems that require redundancy. This will prevent media from issuing irresponsible statements that can cause panic among the people. Instead, there should be a factual report that network stoppage was simply the result of server failure or computer switching program that malfunctioned.
Ì Finally, it is necessary for everyone to remain calm and alert. People and organizations rely so much on technology. If anything related to technology goes wrong, you can expect the public to panic right away.
One thing is clear: No matter how sophisticated IT is, it can never be 100 percent foolproof. Errors and intrusions will happen when people least expect these to take place. Computer flaws are nothing new even to the most progressive government or high-tech Multinational Corporation. This is definitely not the first time that this predicament happened to prominent institutions in the United States. The concern here is even a lapse for several minutes can cause an organization millions of dollars in losses.
It is important to address the root cause and not only the symptoms. Perhaps, it is not a matter of IT entities not caring at all or failure to make systems work perfectly. The problem could be that they are easily overcome by the magnitude of problems or complexity of preparations. All that the affected companies can do is to look for something or someone to blame rather than find ways to prevent this incident from happening again.
Also, pro-active security must be put into action. Manufacturers of hardware and software should begin to enhance product security up to protocol and silicon levels. Unfortunately, their progress has been very sluggish. Enterprises need to evaluate computer apps at the core of their systems. They have to determine if the application is robust or capable of performing efficiently as it can. Any analysis must be converted into analytics. Management and business owners and not the IT personnel alone are accountable for this move.
IT Solutions should also be designed to deal with unauthorized disclosure of classified information over an unsecured outlet, spread of viruses which expose the network to bugs. These should provide corporations with security, management and regulatory conformity. It includes authentication, encryption, auditing, recording and monitoring of communications. All electronic communications must act in accordance with existing policies, monitored and archived for likely audits.
Today’s corporations place considerable importance on information technology since this has become the lifeblood of day to day operations. Nevertheless, it is not enough to implement ordinary measures to thwart possible cyber attacks. There should also be constant monitoring of your infrastructure so as not to compromise operations.