Pirates versus Internet Service Providers

As reported in Computerworld, Black Internet AB was ordered by Swedish authorities to “disconnect” The Pirate Bay from the Internet.  Within hours of that action, Black Internet customers began experiencing outages; resulting from what CEO Victor Möller described as acts of sabotage.  And in spite of the action taken by Black Internet, The Pirate Bay was back online within hours of being disconnected.

From a legal perspective, Black Internet had no choice but to obey the court order.  But it was unprepared for the possibility of aggressive acts against its network.  The lack of preparation, by both Black Internet and its affected customers, highlights the importance of Disaster Recovery and Contingency Planning (DRCP).

DRCP heavily involves two Information Assurance principles; Integrity and Availability.  The primary goal of DRCP is to protect the integrity and availability of information assets, under adverse conditions.

Anybody who heavily depends upon the Internet for their personal or business infrastructure, should prepare in advance; adequate plans to cover the possibility of service outages and information loss.  Disaster Recovery focuses on the specifics of how one recovers their information assets.  Contingency Planning focuses on how one continues going about their business, due to the loss of their information assets.

The first step, is to perform a risk assessment of your information assets.  Part of this assessment includes a determination of how your life or business would be affected, if your assets were unavailable for periods of 24 hours, a week, month, or forever.  The assessment also inventories and categorizes those assets which require the most protection, based on a loss/recurrence priority.

Loss/Recurrence priority balances the potential for losing assets, against how often a loss is expected to occur; in relationship to the asset’s importance to your ability to operate.  Assets with a high importance and high loss/recurrence priority should get more protection than assets with a low importance and low loss/recurrence priority.  Failure to properly set priorities can quickly increase the costs associated with DRCP.

Once the assessment has been completed, it is time to create your contingency plan.  Plans should not only cover the technical;, but financial, legal, operational and public relation aspects as well.  All employees should have a familiarity with those parts of the plan, that affect their duties.  And the plan should be periodically reviewed and updated, to account for any new threats to your information assets.

Disaster recovery plans cover the technical, logistical and operational aspects of how one regains the use of their information assets.  The disaster recovery plan is equal in priority, but at the same time, integrated into the contingency plan.  Care should be taken to ensure that it is the contingency plan that drives development of the disaster recovery plan. Otherwise, important fiduciary and legal considerations may take a backseat to technical details.

Disaster recovery and contingency planning is not an absolute requirement for business success.  But taking the step of performing a risk assessment, in order to arrive at that kind of decision, is worth the effort.  Additionally, the results of such assessments are commonly used by large corporations and government agencies to negotiate appropriate insurance premiums.

If you or your organization thinks it can benefit from DRCP, please contact The Assurer for a consultation.

Spread the word!