Security of Critical National Infrastructure – BT Service
News and information from the Advent IM team.
News and information from the Advent IM team.
Del Brazil takes a look at the resilience of CNI, specifically our communications networks, after the BT outages.
A recent second outage of BT Broadband has raised questions as to whether BT are not only suitable to manage the country’s communications infrastructure but should they be permitted to undertake the role alone?
We regularly highlight the importance of back-ups and the requirement to have redundant systems in place to reduce or eliminate the potential for an outage. Despite this well-known practice how can the country’s major communications infrastructure provider still suffer an outage?
The outage was tracked to a tripped circuit breaker in the Telehouse North exchange in the London Docklands resulting in 5% of BT’s broadband customer base being affected. This is on the back of another outage on the previous day which affected 10% of the BT’s broadband customer base and was attributed to a power failure on the Telecity Harbour Exchange which houses the data centres for the London Internet Exchange (LINX).
The outage has to date caused an unknown amount of damage to businesses currently reliant on BT Broadband. There is an assumption that the impact on larger businesses is likely to be small as they generally ensure that a second ISP is built into any network infrastructure; however this doesn’t necessarily apply to smaller businesses. There are obvious costs associated with running a second ISP connection which have to be justifiable and provide value for money, this is where the smaller businesses have trouble, justifying the expense. It may be a long time before companies report any losses attributable to the BT outage but never the less there will be losses.
To have a very small issue cause so much impact is somewhat frightening in this time of an ever increasing reliance on IT services. It is appreciated that nothing lasts for ever and this is more over evident in a ‘throwaway society’; however this does not detract away from the need for redundant systems, if anything it should actually increase awareness and the requirement to ensure that secondary systems are in place where potential Single Points of Failure are identified.
Running secondary systems is not only expensive but also resource intensive and so businesses need to consider their requirements carefully. The costs associated with running and maintaining secondary/redundant systems can quickly escalate and may have a serious financial impact on the business; however failing to ensure that any type of redundant/secondary service is place can also be catastrophic to a business in the event of an outage. For example it is relatively easy to identify the requirement/need for a redundant/secondary service in a bank; however is there a similar requirement for a sole trader who relies on his IT system to provide services to customers?
Should it be so easy to bring down or interrupt IT services? The answer should be a resounding no, but nothing is perfect and we all have to be prepared to deal with the unexpected. This is where redundant systems, secondary power, standby generators and UPS come into play. The first three are designed to ensure that there is no interruption to critical services or potentially a whole organisation. These secondary/redundant services are expensive to install and are primarily used by larger businesses; however smaller businesses maybe able to take advantage of these systems should they be a tenant in a building supported by such systems. The fourth, UPS is related more to protecting hardware and systems from unexpected outages by facilitating safe and controlled shut downs. The UPS provision is a relatively cheap and cheerful solution but does provide the assurance that hardware is correctly powered down thus protecting expensive hardware components and data storage systems; however UPS doesn’t allow businesses to continue to function and as such any business solely relying on UPS is still reliant on power, IT and network services to be restored before they can return to normal operation.
In light of the two recent outages related to BT broadband all businesses should review their existing redundant/secondary systems and test them accordingly to ensure that they are providing the necessary protection. Good practice would be to carry out a series of tests on these systems to ensure that they are suitable for the needs of the business. These provisions should be reviewed regularly as business requirements change as the business grows; however is the infrastructure capable of such growth?