Resilience In The Face Of Disaster

Statue_of_liberty

This year when ball drops in Time Square next week to usher in the New Year, it will be a little different than in prior years, because rather than blanket cheer, there will be a good amount of consternation as we hit the debt limit of $16.4 trillion as well as the Fiscal Cliff where broad spending cuts and tax increases are to go into effect (whether in full, partial with some sort of deal, or in deferral).

Like the statue pictured here, the strength and resilience of the American people will be tested and we will need to stand tall and strong. 

In this context, it was interesting to read in Wired Magazine (January 2013) a interview with Andrew Zolli, the author of Resilience: Why Things Bounce Back, an exploration of the importance of resilience in the face of adversity. 

Whether in response to natural disaster like Hurricane Sandy or man-made ones like the financial crisis and terrorism, we need to be prepared to adapt to disaster, respond and continue operations, and recover quickly to rebuild and grow. 

According to Zolli, we need shock absorbers for our social systems that can “anticipate events…sense their own state…and can reorganize to maintain their core purpose amid disruption.”

Adaptability is important, so that we can continue to operate in an emergency, but also vital is “self-repair” so we can “bounce back.”

These concepts for resiliency in emergency management are similar to how Government Computer News (December 2012) describes the desire for building autonomous self-healing computer systems that can defend and recover from attacks. 

The notion is that when our computer systems are under cyber attack, we need to be able to defend them in an automated way to counter the threats in a timely fashion. 

Thus, acccording to GCN, we need IT systems that have situational monitoring for self awareness, real-time identification of an attack, continuous learning to adapt and defend againt changing attack patterns, and self-healing to recover from them. 

Thus, bouncing back from social and cyber disasters really requires similar resilience, and for some challenges, it may be sooner than later that we are tested. 😉

(Source Photo: Minna Blumenthal)

>Activity Monitoring and Enterprise Architecture

>

When you log on at work, many of you probably—know it or not–click on an acknowledgement that you consent to monitoring of your activities.

When you are working, your time and your “privacy” are not really your own!

Organizations routinely conduct various sorts of monitoring include network monitoring, intrusion detection monitoring, and now more and more, monitoring of employee activities online. This is an important part of the organization’s technical and security architecture.

  • Network focusedNetwork monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. It is a subset of the functions involved in network management.”
  • External focused–“An intrusion detection system (IDS) is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).” (Wikipedia)
  • Internal-focused–An activity monitoring tool, according to ComputerWorld Magazine, 7 April 2007, “monitors all activities on an end-user’s system to make sure that no data or computer usage policies are violated. If a violation does occur, the agent issues an alert to the company’s security team and begins collecting data for further review.”

While we all can understand the need for network monitoring and intrusion detection systems, many find internally-focused activity monitoring, a put-off, a display of lack of trust in the employees, or a violation of our privacy.

However, companies do actually have much to fear from their employees—especially the disgruntled or corrupt ones:

CyberDefense Magazine, August 2004, reports in “Beware of Insider Threats to Your Security” as follows: “Gartner estimates that 70% of security incidents that cause monetary loss to enterprises involve insiders…[that] recent FBI statistics show that 59% of computer hackings are done internally…[and that] a source inside the United states intelligence community stated that more than 85% of all incidents involving the attempted theft or corruption of classified data involved an individual who had already been thoroughly vetted and been given legal access to the data.

According to ComputerWorld, activity monitoring tools “features a video-like playback feature that lets security administrators view precisely what a user was doing before, during and after a policy violation was flagged. That can help the admins determine almost instantly whether the violation was an accident or the result of deliberate action…[Additionally, other tools] keeps an eye on all internal network traffic for sensitive or inappropriate material…[or] monitor database activity and check for improper access and other abuses.”

“Because the software [tools] can quickly correlate log even from practically every IT system, it also serve as both a “real-time alerting system and an after-the-fact forensic tool.”

Related products can actually be set up to quarantine a computer, when a policy violation is detected.

The architecture for monitoring the network and internal and external threats is becoming ever more sophisticated. While according to ComputerWorld, Gartner estimates that “less than 30% of Fortune 5,000 companies have installed such [activity monitoring] tools,” we can expect many more to adopt these in the near future.

These tools are vital in today’s information-rich environment where confidentiality, availability, and integrity are the backbone for our enterprise decision-making.