Thirty five years ago today I was working at my summer job at JFK airport in New York and all the lights went out – only the control towers were lit, a very eerie sight from a truck driving around the tarmac. This was the great Northeast blackout of 1977.
There have been a number of those over the years – 2003 was the last big one, I think. Now everyone tends to try to overhype cyber-threats as the cause of these outages, but generally they are environmental or operational failure driven. Breathless reports always cite “hackers can take down the power grid any time they want” but for some reason they don’t but mother nature does.
Anyway, we learned by the mid 1980s that mainframes and servers without electricity were pretty much just big, expensive paperweights, so the Uninterruptible Power Supply/Battery Backup industry grew up. Here in the 2000’s we are finding that PCs and data centers without Internet connectivity are just big, expensive, electricity-consuming paperweights – when the Internet is down business comes to a crawl.
There have definitely been environmentally caused Internet outages, but in this case denial of service attacks are the leading cause. There are low scale attacks that anyone who can spell LOIC can launch and then there are large scale distributed attacks that take a bit more knowledge of botnets and the like, but DoS attacks are basically like thunderstorms on the Internet: hard to predict when they will hit, but they will and you can build a thunderstorm-proof Internet connection – just the way you can have thunderstorm proof power to your datacenter.
Basically, it is time to have DDoS protection considered as part of Business Continuity planning, just the way redundant Internet connections and backup datacenters are planned for and funded.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.