I’ve been wondering lately if the increase in scripting attacks on web sites is a prelude to a real attack of some kind. As if a country, or hackers-for-hire, are perfecting their attack by using test runs. Then along came this story about a cyber war that might be approaching, and this story talking about 200,000 web pages that are infected with a new Java trojan. Imagine a distributed denial-of-service (DDOS) attack that involved hundreds of thousands of computers, or possibly even millions, aimed at one company, city, or Internet backbone routers? Can your company survive for one hour without the Internet? Want to find out? Shut down your border router for an hour and watch the mayhem that ensues. Imagine this going on for hours, or days. And we won’t likely be as lucky as the last target, Estonia, and be able to just disconnect the country from the Internet. Too much relies on the Internet today.

I was downtown the other day, and noticed the local phone company had removed their line-of-sight microwave receivers and transmitters from the top of their core central office. How much of our land-line and cell phone traffic is routed via VoIP across the Internet? After reading this article, I started thinking about what it would be like to go without phone service for a day as the attack hits the major phone companies. Remember the Blackberry outage a few weeks ago that lasted for 2 hours? Imagine the entire network down for days! Or this quote from the article:

‘I am worried about significant public disruption — there’s an awful lot of systems that are under control that you would worry about,’ he said. ‘Could you imagine somebody deciding for fun that they could turn all the traffic lights in New York to red?'” (Rogers, ¶ 7).

Thinking about that scenario makes me happy I live in a mid-western city that isn’t that large. But take it a step further – imagine looters and rioters deciding it’s time to exact some revenge? In city after city after city across the country. Without an ability to call for help, we’ll be on our own in the middle of that. It’s not a pretty picture. But back to the business world…

It might be time to sit down with your executives and start thinking about a strategy, in the overall business continuity plan, to handle this type of scenario…if you don’t have one already. I know a number of companies rely on an Internet VPN to connect remote offices to the corporate data center. Those people will be cut off. And if you use SIP to route phone traffic via VoIP to the outlying offices, that will be down as well. If your MPLS vendor routes the traffic over the Internet rather than a private backbone, write it off as well. At the very least, talk about it with your team, take an inventory of what is likely to be hit, and see what the options are. If the attack does happen, it’s going to make for some long and anxious nights.

By the way, check out this article where Vietnam admits that 95% of its computers are infected with viruses. 95%!!!!!!! “Last year, 342 Vietnamese Websites were hit by attackers, 224 of them from outside the country. And over 33.6 million computers were infected with viruses” (Higgins, ¶ 5).

— Higgins, K. J. (2008, March 20). Vietnam: 95% of Its PCs Infected With Viruses. Dark Reading. http://www.darkreading.com/document.asp?doc_id=148863.

— Rogers, J. (2008, March 20). US Firms Brace for Cyber War. Dark Reading. http://www.darkreading.com/document.asp?doc_id=148929.

— Wilson, T. (2008, March 18). Mass Hack Hits 200,000 Web Pages. Dark Reading. http://www.darkreading.com/document.asp?doc_id=148708.