All hazard Internet security

[Larry Sheldon <lsheldon () creighton edu>]

> One of the issues I've been discussing as part of various
> critical infrastructure protection forums is the need
> for "all hazard" outage information.  Treating Internet
> security as just a law-enforcement issue can warp your
> perception.  Unless you have a good view into all the
> other things which can wreck Internet availability, it is
> difficult to gauge the impact of a malicious activity
> versus "normal" outages.

BoyHowdy!  Bingo!  I'll say.  Also difficult to "sell" to
managment--the notion of "normal" outages (I like the terms "risk
assessment" and "business continuation preparation" here).

> I don't completely understand the data.  The impact of the
> Baltimore train wreck shows up very clearly.  Traffic
> returns to nearly normal by 6am the next morning.  But then
> degrades again the following the day (i.e. "Worm day").  I
> don't have access to the raw data, so I can't tell if there
> are differences between carriers with fiber in the Howard
> tunnel and other carriers.  Did congestion increase the following
> day due to the reduced bandwith the following day, or was it
> consumed by the worms propagation.

I think you have left out the "rubberneck effect" (I may have just
coined a new term).

I often notice in our traffic graphs that certain events and certain
rumored events, as well as (in the instant case) certain "predictions"
Will cause dramatic increases in traffic in our network.

I think a sociologist would be helpful in understanding that, but my
very informal and anecdote-ridden "study" indicates to me that when
we make a major upgrade in facilities, there is a jump in traffic
as people ping stuff all over, try the MS web page (and its speedometer
doodad), and so on.  There was a jump last evening at about 1930 local
and there was one the night before at about the same time--people
checking to see if the 'net was dead?

--
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
.                                                                       .
- L. F. (Larry) Sheldon, Jr.                                            -
. Unix Systems and Network Administration                               .
- Creighton University Computer Center-Old Gym                          -
. 2500 California Plaza                                                 .
- Omaha, Nebraska, U.S.A.  68178       Two identifying characteristics  -
. lsheldon () creighton edu                  of System Administrators:     .
- 402 280-2254 (work)                Infallibility, and the ability to  -
. 402 681-4726 (cellular)               learn from their mistakes.      .
- 402 332-4622 (residence)                                              -
. http://www.creighton.edu/~lsheldon    Adapted from Stephen Pinker     .
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-