Read the Digest in PDF. You need the free Adobe Reader.

The digest of current topics on Continuous Availability. More than Business Continuity Planning.

BCP tells you how to recover from the effects of downtime.

CA tells you how to avoid the effects of downtime.

www.availabilitydigest.com

 

Follow us

@availabilitydig


The articles you read in the Availability Digest result from years of experience in researching and writing a variety of technical documents and marketing content. It’s what we do best, and we provide our services to others who value high-quality content created by IT specialists. Ask us about

• articles  white papers  case studies  web content  manuals  • specifications  patent disclosures

 

In this issue:

 

   Never Again

      The Government OPM Hack Gets Worse

   Best Practices

      Human Triple Whammy - NYSE, UA, WSJ

   Availability Topics

       United Airlines Bug Bounty Program

   Recommended Reading

       A Look at Today's Data Center Availability

   Tweets

      The Twitter Feed of Outages

 

 

Browse through our useful links.

See our article archive for complete articles.

Sign up for your free subscription.

Visit our Continuous Availability Forum.

Check out our seminars.

Check out our writing services.

Check out our consulting services.

When Will We Ever Learn?

When will we ever learn that hackers are smarter than us? No matter what the depth of defenses that we employ to keep our systems and our data safe, it seems just a matter of time before some malicious attacker breaches them. Even our laws don’t help – most attacks originate from overseas, and tracking the perpetrators is nearly impossible.

 Our data is especially susceptible. Entire private darknets have sprung up on the Internet for the sale of everything from credit-card data to Social Security numbers. The hacks of credit-card data at Target and Home Depot remain fresh in our minds.

 The recent theft from the U.S. Government’s Office of Personnel Management (OPM) of a wide range of personal data belonging to over 20 million Americans should be a wakeup call. This hack has affected almost one in every ten adults in the United States!

 The best defense against data thefts is to make the data useless to the attacker. All data should be encrypted in-flight and at-rest. Until our systems are updated to do this, expect data attacks to continue. We stress this topic in our seminars on High and Continuous Availability.

Dr. Bill Highleyman, Managing Editor

 

 


 

  Never Again

The Government OPM Hack Gets Worse

 

In the June 2015 issue of the Availability Digest, “A Massive Hack on the U.S. Government” described the database hack of the Office of Personnel Management (OPM). We reported that the personal information of 4 million current and former government employees had been stolen.

 

That number was a gross understatement. After further investigation, the people whose personal information was stolen rose to 21.2 million!

 

The hack was actually against two databases, one which contained all of the Government’s security clearance applications since the year 2000 and another that contained personal information on government employees.

 

The OPM is suffering from age syndrome. The hacked databases are stored on forty-seven servers, with software dating back to the 1960s. The servers are virtually impossible to update, and Congress has provided no funding for replacements.

 

However, even if all systems were upgraded, hackers would continue to prove that they are smarter than us. Systems will continue to be hacked and data stolen. The only certain defense (well, almost certain) is to make the data useless to an attacker. Encryption must be used for all data in place and in motion.

 

--more--

 

Best Practices

 Human Triple Whammy – NYSE, UA, WSJ

 

IT outage statistics show that about 40% of all system outages are caused by humans and that about 70% include humans in one way or another. Human frailties combined on Wednesday, July 8, 2015, to take down three major systems – the New York Stock Exchange, United Airlines, and the Wall Street Journal.

 

At first, many were convinced that these failures were the result of a massive coordinated hacking attack. Just the previous evening, the Anonymous hacking group had tweeted “Wonder if tomorrow is going to be bad for Wall Street … we can only hope.”

 

However, the detailed descriptions of the faults put this speculation to rest. The NYSE outage was caused by an improper software upgrade. The UA glitch was caused by a defective router. The WSJ fault was caused by a massive overload of queries concerning the NYSE failure.

 

Human beings have their fingers into most causes of IT failures, whether it be an overt action like typing the wrong command or a management decision that leave IT systems vulnerable. In each of the outages described in this article, proper human involvement could have avoided the outage.

 

--more--

 

Availability Topics

United Airlines Bug Bounty Program

 

In January 2015, hackers accessed customer information from United Airlines’ MileagePlus Frequent Flyer program. The hackers booked up to three dozen flights using mileage points from the Frequent Flyer accounts before United detected the attack.

 

United has now established a bug bounty program in which it will pay security researchers (“white-hat” hackers) frequent-flyer miles for information on security flaws. Depending upon the nature of the flaw, rewards range from 50,000 frequent-flyer miles to one million frequent-flyer miles. In just the few months that it has run its bug bounty program, United has already awarded millions of frequent-flyer miles to hackers who have uncovered gaps in the carrier’s web security. It has paid one million miles to each of two researchers.

 

As it has always done, United continues to thoroughly test its systems for security; and it engages cybersecurity firms to keep its websites secure. With the bug bounty program, researchers can flag problems before malicious hackers can exploit them. United finds that this approach is less costly than hiring outside consultants.

 

--more--

 

Recommended Reading

A Look at Today’s Data Center Availability

 

Organizations face increasing demands for “always on” availability. How are they faring? A 2014 survey by Veeam Software, a provider of data center availability products, explores this topic.

 

The survey, performed in conjunction with Vanson Bourne, an independent market research organization, is based on interviews with 760 senior IT decision makers in ten countries. The interviewees represent companies in retail, distribution, transportation, manufacturing, financial services, and business and professional services, among others.

 

The survey concludes that the system and data-availability requirements for companies is ever-tightening and that most companies are struggling to keep up.

 

Pointing out that an organization has an average of thirteen downtime incidents per year, the survey reveals the average downtime and data loss for mission-critical and non-mission-critical applications. It presents the costs that these outages impose on an organization.

 

--more--

 

Tweets

@availabilitydig - The Twitter Feed of Outages

 

A challenge every issue for the Availability Digest is to determine which of the many availability topics out there win coveted status as Digest articles. We always regret not focusing our attention on the topics we bypass.

 

Now with our Twitter presence, we don’t have to feel guilty. This article highlights some of the @availabilitydig tweets that made headlines in recent days.

 

--more--

 

 

 

 

Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm

 

Would You Like to Sign Up for the Free Digest by Fax?

 

Simply print out the following form, fill it in, and fax it to:

Availability Digest

+1 908 459 5543

 

 

Name:

Email Address:

Company:

Title:

Telephone No.:

Address:

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.

Managing Editor - Dr. Bill Highleyman editor@availabilitydigest.com.

© 2015 Sombers Associates, Inc., and W. H. Highleyman