With financial and legal turmoil rocking the telecommunications industry and cyber terrorist threats looming, security analysts say companies need a backup for their telephone and Internet connections.
“I would consider not having a backup foolhardy at this point,” says George Bakos, senior security expert at the Institute for Security Technology Studies at Dartmouth College. “If I were an attacker of any sort, telecoms are a wonderful, wonderful place to hit. Information assurance — that’s what this is about.”
When WorldCom hit the headlines with news that the telecom giant had been cooking the books to the tune of about $4 billion, a lot of companies started shaking in their boots, according to industry watchers. That’s because WorldCom services thousands of businesses. It accounted for 30% of the U.S. backbone market last year, according to published statistics. And WorldCom carries 50% of global Internet traffic, largely because of its UUNet subsidiary.
If WorldCom, which has filed for bankruptcy, went under, what would happen to all of those connections? How would email get through to a business’ finance department? How would customers buy products online? How would calls get into the service center?
WorldCom executives say their backbone business is solid and many analysts agree with that. But the volatile situation has caused a lot of CIOs and CSOs to reevaluate their ISP and telecom deals, as well as their disaster recovery plans.
“Look at the criticality of what you’re doing,” says Judith Hurwitz, principal with CycleBridge Technologies LLC, an analyst firm in Newton, Mass. ”If you can’t afford to be down for a few hours or a few minutes, it’s clearly something you need to plan for. You can’t take it for granted that it will always be there.
“The good news,” Hurwitz adds, “is that there’s plenty of these companies with a lot of excess capacity out there. It’s not like there’s no room in the boat for you. Telecos have been suffering because of all their excess capacity.”
But financial turmoil and bankruptcies aren’t the only thing companies need to worry about when it comes to their telecom partners.
Security analysts warn that terrorists are more likely to strike out at an online target that would cause a wide ripple effect, as opposed to simply hacking into one particular company. That makes telecoms sweet terrorist targets. If even one telecom went down, customers’ connections would be affected — spreading the economic damage and multiplying the panic one cyber attack would cause.
On Monday night, the FBI released a warning that Internet Service Providers (ISPs) should be on alert for possible denial-of-service attacks. Evidence of any attacks was minimal but the alert drove home the message that ISPs could be a target.
“Companies need to take this threat seriously and I think a lot of them, especially the really big companies, are starting to,” says Bakos. “They need to have multiple entry points into the Internet. Different providers.”
But analysts also say ISPs are set up so that any hacker attack would affect specific areas and not take down the company’s entire network.
“I don’t know if we’ve seen a model that would take out an entire provider,” says Dan Woolley, a vice president at Reston, Va.-based SilentRunner Inc., a wholly owned subsidiary of Raytheon. “They have multiple backups and multiple systems to make sure they’re covered. I’d worry more about a company going out of business than being completely taken down by a terrorist.”
But whichever way the network could fall, companies should be prepared to continue operating business as usual.
“Think of the business impact of relying on one choke point,” says Woolley. “You need to eliminate single points of failure. You should always have an alternative.”
Gordon Haff, an analyst at Illuminata, a firm in Nashua, N.H., says WorldCom’s financial woes and talk of terrorist threats could ultimately be a good thing.
“Businesses should have had backups two, three, four years ago,” says Haff. “If this serves as a wakeup call, then perhaps it’s been helpful.”