January 07, 2021

Trump Should be Impeached Now

Congress should do its job.

It is dangerous to leave Trump in office a moment longer than necessary. His behavior must be censored, and part of an impeachment can be a ban on his holding office in the future.

Minority Leader Schumer (he’s still minority leader until Inauguration) and Speaker Pelosi say they will consider impeachment if the Trump’s cabinet doesn’t act to remove him as “incapacitated” under the 25th Amendment. Waiting for that to happen is a bad idea. Congress was attacked. Congress should act. Republicans have a shot at redemption by cooperating in a swift process.

During a time of constitutional crises, it is important to follow the Constitution closely. The 25th amendment was passed to deal with an “incapacitated” President. Trump has too much capacity for further harm. He should be removed because he has committed “high crimes and misdemeanors”  - exactly what impeachment was meant to deal with. It would be bad precedent to have the 25th amendment used as a punishment or for what could be taken as a political purpose. Impeachment is appropriate. Two simple counts would be fine: attempting to induce election fraud as demonstrated in his phone call with the Georgia Secretary of State and fomenting insurrection in his instructions to his supporters.

If Trump attempts something truly crazy during the impeachment process, the cabinet should be prepared to use the 25th amendment as a backstop.

Part of the longer-term constitutional problem we face is that Congress prefers to avoid action. Why get yourself pinned down by a vote when you can fall back on presidential orders, court rulings, or reams of regulation by unelected bureaucrats? Why go through impeachment if you can get the cabinet to do your job?

It will a monstrous defeat for all of us if Congress evades using the self-defense weapon given to it in the Constitution precisely for situations when the co-equal branch is under attack.

BTW, I voted for Trump in 2016 after opposing him in the primaries. Thought he was the lesser of two evils. That’s something I have to live with.

January 06, 2021

#Newnormal: The 50 Hour Family Work Week

Work from home (#WFH) has the potential to restore better family life for some without reducing net income. With two parents working a total of 50 hours at home, they’ll be able both to care for their kids and be as productive as they were when nominally working 80 combined hours in the office and commuting to boot. They won’t be materially worse off either. Both parents can have careers. Even single parents will benefit from a shorter WFH week, although certainly not as much.

Why do I think 25 hours/ week is the equivalent of a 50-hour week (counting commuting)?

  • Given a nine-to five schedule with an hour for lunch, the 40 hour work week was only 35 to begin with.
  • As an ex-CEO, I think that at least ten hours of each workweek go to socialization, surfing the internet, checking with the spouse or checking up on the children, chatting on smartphones etc. (Mary thinks only five).
  • Meetings and travel to meetings waste a huge amount of time and money. One reason that Zooming appears not to have reduced productivity is that many of the meetings weren’t productive to begin with.
  • Office space and often parking are expenses to the employer but they are not income to the worker. If office space and all its attendant costs can be drastically reduced, employers can afford to pay more dollars in salary for the same productivity.
  • Commuting expense including perhaps even the second car, daycare, clothing and dry-cleaning bills, and paid before and after school activities whose purpose is to supervise school age kids are all expenses which go away when parents can work from home. Even if the WFH employee has less gross taxable income, he or she will have more cash at the end of each month.

It’s a slam dunk even if Mary is right! BTW, employers will benefit in many ways if they learn to manage by actual productivity rather than by time in the office. Subject for another blog another day.

The social benefits of two parents who can participate in child-rearing are enormous. Both still get to have careers. Much less childcare needs to be outsourced. There will be more time to meet with teachers and make sure they are doing their job. It will be possible to shoo children out to play rather than ferry them to playdates when there are parents at home and more parents with eyes on the street. Empty homes are dangerous to kids, especially adolescents. Schools won’t have to try to take over so many parental teaching chores; and parents can help with homework more.

It can be better than the Leave it to Beaver days with its stereotypes of the homemaker and the breadwinner. If Dad works from home, it’ll be hard to say I can’t take kiddo to the doctor for his Covid shot or help with the birthday party.  Some families may still choose to have one breadwinner working 50 hours; but, if that 50-hour week is at home, there will be plenty of income for the whole family. People who want more money, particularly those without children, will be able to work two jobs in 50 hours or at least deliver 50 hours equivalent of productivity to their employers and make gobs of money.

Single parents will still have a very tough job. They may still need daycare when working from home if they have preschool children but will be better able to match working hours with the time children are home from school.

A danger in this utopian WFH future is that it widens the gap between those who can work from home and those who can’t – a category which includes most essential workers. There must be higher hourly wages for those who must work away from home. I believe that their workweek will eventually become 25 hours as part of the new normal; more on that in another post.

If COVID gets us off the too-many-hours-wasted-away-from home-treadmill, it will at least have a silver lining.

See also:

#Newnormal: Mass Transit

#Newnormal: Will Workers or Employers Pocket the Profit from #WFH Productivity?

Working from Home Defines the New Normal

Forward to a New Normal

January 04, 2021

Working from Home Defines the New Normal

Changes family life, housing, daycare, climate, and infrastructure needs.

Not everyone can work from home (WFH), of course. But the huge shift to WFH will change life for everyone, even the essential many who still need to commute to their jobs and will be paid more for the extra effort. As new legislatures convene in the new year, they will try to spend billions to restore the old normal and solve problems which WFH is solving for us. We can’t let them do that. There will be new problems of the new normal which do need solutions.

The long-term effects of WFH are:

  • Obviously fuel usage and associated emissions are way down. Gasoline sales are down 13% from 2019 to 2020 according to the US Energy Information Administration. That’s like taking one of eight cars off the road.
  • The combination of WFH and more flexible hours means less rush-hour congestion. Although we have a huge backlog of repair projects for existing roads, bridges, rails, and airports, increasing rush-hour capacity should be on hold. I would’ve sworn the NY metro area needed a third train tunnel from NY to NJ. Maybe it doesn’t. If the Biden Administration passes a huge infrastructure bill, it must be for the priority list of the new normal including universal high-speed broadband.
  • Less rush-hour congestion means that most mass transit systems have more busses, light transit vehicles, and subway cars than they need since they had to have fleets capable of handling rush hour. As people lose their fear of contagion, mass transit can come back by providing better schedules around the clock with the workforce and capacity it already has. Time to cancel orders for the capacity that was needed yesterday.
  • A massive repurposing of real estate will happen. When I commuted to work, I had a house, an office, and frequent hotel rooms I occupied on business trips while both my home and office were vacant. If I were mainly working from homing and Zooming to meetings, many of those offices and hotel rooms would no longer needed. This dislocation can either result in hollowed out downtowns or, with some creativity. the buildings can be repurposed as residences. We’ve seen the start of this during the pandemic with hotels converted to homeless shelters. Government can hurt this effort by bailing out the owners of buildings no longer needed for their original purpose or can help with permissive rezoning to make sure repurposing can happen and there is some market for the stranded assets.
  • Daycare at an affordable price was an Achilles’ heel of our all-parents-working economy. Daycare centers now have vacancies! If parents are working from home, the time they used to spend commuting and communing around the office coffee machine can be used to keep an eye on pre-school kids without loss of productivity. Yes, I know which gender ends up with most of the keeping-an-eye-on chores in most households; but us Dads’ll have less of an excuse when we’re around as much as Mom is. Very seriously, this is a help but not a solution for single working parents. Parents who must still commute to work (most essential workers) will benefit from more availability of daycare. They must be paid more to make daycare and their other commuting expenses affordable. Government should not subsidize no-longer needed daycare slots; that will only hurt the daycare providers who have enough business to prosper.
  • For at least the intermediate term, the world will be way ahead of UN targets for greenhouse gas (GHG) emission reduction. Not only are people driving less, there will be much less new construction since new rush-hour capacity is no longer needed and because many people will no longer be occupying a home, an office, and many business hotel rooms. Construction, particularly the production of concrete, releases huge amounts of GHGs. Leisure travel will probably come back; business travel probably not very much. Aviation fuel usage will decline. Even under pessimistic scenarios, the doomsday clock has been set back far enough so that longer-term solutions and mitigations for climate change can be more effective at less cost than the many subsidies and mandates of the Green New Deal.

This is a time of enormous challenge and opportunity. We’ll blow it if we try to put the old normal back together again or persist in solving yesterdays’ problems. We’ll certainly blow it if we persist in trying to preserve asset values for the wealthy. Much of what passes for “bipartisan” pandemic relief already looks more like wealthfare than help for those who need it.

There is an automatic WFH bonus for the families who now don’t have to spend time and money paying the expenses of commuting; we will not be able to make minimum wage apply to them; they will be measured by productivity. We need a much higher minimum wage for those commuting workers who’ve just shown how essential they are and who work where hours can be measured. The extra cost of higher wages to essential workers will be a reasonable expense to us in the WFH crowd when we use their services directly and indirectly.

See also:

If There Were No Welfare, There’d be No Need for a Minimum Wage

Celebrate Labor Day and Essential Workers by Substantially Raising Minimum Wage

Forward to a New Normal

#Newnormal: Mass Transit

January 01, 2021

Grandson Jack's Good Riddance to 2020


December 28, 2020

UVMMC Ransom Attack Postmortem

Preparing for next time.

First, kudos to the University of Vermont Medical Center (UVMMC) for not giving any serious consideration to paying ransom, as reported in VTDigger. Even if they had trusted the hackers to unlock the files and remove all malware, each ransom paid guarantees more attacks on someone else. The hackers are in it for the money.

Second, more kudos to the staff of the hospital system who soldiered on without access to key information as round two of the virus pandemic reared its ugly head. They worked very hard to protect their patients from both dangers.

Third, though, based on public information, the hospital should have planned better for recovery from an attack like this one. They had to wipe 5000 computers clean and put them back in service before they could use their applications again. Even a month later and with the help of the National Guard and a private security firm, the hospital had not restored full functionality and estimated the cost for each day the systems were down at a million and a half dollars NOT counting the toll on the staff and the dangers to patients.

Planning for a disaster means having a plan which works even if the original computers have been hacked, burned, or flooded out of existence! Apparently UVMMC did not have such a plan.

Hospital leadership says attacks like this are inevitable; they’re right. They cite an arms race between hackers and defenders in which the good guys sometimes lose. True also. But, if you know there is a significant chance that you are going to lose access to all your servers and laptops, then you must make sure that you can restore service without those laptops and servers. The plan must be made and rehearsed in advance of the disaster. Even the “unsinkable” Titanic had lifeboats.

According to the hospital, 1300 of the infected computers were servers – more on them in a minute – leaving 3700 infected laptop and desktop machines. Even assuming these cost an average of $3000/each (a lot) and assuming that all of them had to be replaced for service to resume, buying all new laptop and desktop machines would have cost only about $10 million – less than seven days of outage. Buying new computers quickly – starting with cheap ones to get back up and running – as well as a rehearsed protocol for loading all needed software onto them from somewhere other than the infected servers must be part of a disaster recovery plan. Replacing the desktop and laptop machines is actually the easy part of the recovery.

The hard part is doing without the servers which have been infected. Two parts to this:

  1. Getting access to the data. Presumably UVMMC transmits a copy of its data to a location which is both physically offsite and is not part of the hospital network. I would be very surprised if they weren’t doing this. Even if the hackers locked up the onsite data, they shouldn’t have had any access to offsite data.
  2. Putting the data back on servers which are not infected. As UVMMC saw, you cannot assume that your old servers will be available. Unlike the desktops and laptops, it’s not practical to buy all new servers on a moments notice. However, the advent of cloud computing means that you can rent the capacity of thousands of servers from providers like Amazon, Google, Microsoft, or IBM with just minutes of notice and without a standby fee. You pay for and use these only until your old servers are back. Rent stops as soon as you can turn them off.

However, turning up a thousand servers in a cloud, loading them with your applications, restoring backup data to them, and putting them in use in place of your own compromised servers only works if the process has been carefully planned and practiced. Even for installations larger than UVMMC, recovery should take hours, not days or weeks – if it’s been practiced. Fatalities were high in the Titanic disaster because the crew and passengers had not had proper lifeboat drill.

I’m not writing this to be critical of UVMMC; I owe the hospital my life for their medical skill. I’m writing in hope of encouraging those who are responsible for critical IT systems in an age when attacks are inevitable to make sure that, even if there is no fool proof way to prevent all attacks, there is always a quick recovery path which does not require regaining use of the compromised computers.

See also:

Vaccine for the Hacker Attack Epidemic

Protecting an Enterprise from Cyber Catastrophe

December 21, 2020

Lots of Good News

Don’t let the media grinches steal it.

Initial day of Vaccination in the USA Highly Successful” would have been an accurate headline last Tuesday. “Predicted Side Effects Controlled” might have been a good subhead

2 Alaska Health Workers Got Emergency Treatment After Receiving Pfizer’s Vaccine” was the actual headline in the online New York Times. The subhead starts “One of the workers, who did not have a history of allergies, remained in the hospital on Wednesday night…” You don’t know from the headlines that both people are fine and say they’d take the vaccine again. Even the full article fails to mention that the risk of an anaphylactic reaction after an immunization is low but well-publicized. You have to read almost to the end to find this paragraph:

“Dr. Paul A. Offit, a vaccine expert and member of an outside advisory panel that recommended the Food and Drug Administration authorize the Pfizer vaccine for emergency use, said the appropriate precautions are already in place. For instance, he said, the requirement that recipients remain in place for 15 minutes after getting the vaccine helped ensure the woman was quickly treated.”

The Washington Post and most TV networks gave the story about the same treatment as the NYT. Yes, we need to know that there is some small risk associated with the vaccine although that isn’t headline-worthy news since it was already well publicized. But why can’t the story be told in the context of the very good news? At some point someone will die after being vaccinated; of course the death will and should be investigated. Will major news media run scare stories without emphasizing the hundreds of thousands of lives the vaccines will save in the US? Will the scare stories discourage people from being vaccinated?

Another example:

My headline this weekend would have been “First Week of Vaccine Distribution Successful Despite Major Snowstorm” subhead “Moderna Approval Means Millions More Doses than Planned in Weeks Ahead.” Instead traditional media concentrated on a glitch which may mean that slightly less Pfizer vaccine is available next week than originally forecast although all involved say that even this shortfall will be made up by the end of the year.

Why the negativity? Of course bad news sells more papers and draws more clicks than good news. I think there’s also leftover Trump Derangement Syndrome in traditional media even though he’s almost old news now (can’t be soon enough). Papers like the NYT and WaPo felt they had a duty to make sure Trump wasn’t reelected. Any good news which may have been attributed to him would have been counterproductive to their self-assigned mission. Hopefully they’ll take a deep breath, relax, and go back to just reporting the news so that we can decide for ourselves who deserves blame and credit.

Speed and Trump were also part of another good news story. The Supreme Court with its conservative majority and three Trump appointees acted at warp speed to turn down the Texas-Trump petition to overturn elections in states he lost. Apparently the only debate between the Supremes was over the technical issue of whether the case should be refused or accepted and then turned down on its merits. Turns out constitutionalist judges are not a good support group for a coup.

So here’s to a better 2021. 2020 has certainly set a low bar.

December 14, 2020

Regulate Action Not Speech

Let’s talk about vaccination.

I’ll try to be first in line to get my COVID shot whenever my cohort is called. Most anti-vaxxers idiotically parrot disproved claims. But anti-vaxxers should have freedom to speak, even on social media; what they should not have is the freedom to endanger others.

Free speech is essential to democracy; no one can be trusted to be the censor. Freedom of action, however, is not guaranteed. We must pay our taxes; we used to have to do military service; we aren’t allowed to drink and drive. Our freedom comes from our right to elect the people who make the laws, not from universal license to do whatever the hell we please.

Some reluctance to allow debate comes from the fear that individuals will make the “wrong” decision. That fear goes away if, after public debate and legislation, certain actions are mandated. The only reason we need to fear a minority being “wrong” is if the minority is free to act on its own misconception and that action puts others at risk. We don’t need to be unanimous in order to enact a mandate. If we don’t need unanimity, then we don’t have to take police-state like actions to suppress dissent.

It is reasonable to be skeptical about whether corners were cut in the ultrafast development of the new vaccines. Certainly some red tape was eliminated; did some needed oversight also get cut? That skepticism has apparently led to a very careful (although very quick) process. As the vaccines are rolled out, we don’t want to stop looking for both possible side effects and ways to make them safer and more effective. We may find that there are some large groups of people who shouldn’t take them. Someone who sounds like a quack may actually find a problem. Debate must continue.

The pandemic and its consequences for both health and the economy must be stopped. Right now, with vaccines in short supply, the argument is who should get them first; obviously a good question with no simple answer. But, once we have had more experience with the vaccines and sufficient doses are available, the argument will switch to should vaccination be compulsory (with a medical exception) as many vaccines have been in the past. The answer depends on the course of the pandemic but may well be “yes”.

The sooner the infection rate goes down, the faster the economy can open back up. Under what circumstances should vaccination be required? Should vaccination be required for entry into the US? Almost certainly “yes”; it will be for other countries as well. Should vaccination be required for air travel? Should vaccination be required for school as many vaccinations were when I was young? What about just for going to a restaurant? Should hotels and resorts be allowed to require vaccination certificates and advertise that requirement as a way of luring customers back? What about those who would not be able to tolerate the vaccination (it is for their protection that we need enough other takers for herd immunity).

These are all questions we must debate – without censorship. It will not damage our democracy to have laws passed which require vaccination for some or all activities. It will be damaging, however, if these requirements come from executive proclamations (which are appropriate only in emergencies); legislators both at the state level and nationally must get off their butts to protect democracy by actually going on record for what needs to be done. It will be near fatal to democracy and bad for science if we ban or even try to suppress discussion (even discussion we think is misinformation), especially when mandatory measures are being considered.

We cannot be afraid of either open debate or mandates if we want to live in a healthy democracy.

See also:

Why Vaccinations Need to be Mandatory

Perpetrator of Fraudulent Vaccine Scare Speaking in Stowe

It’s Time for Mandatory Vaccinations

December 09, 2020

On the air today

At 11AM ET this morning (Wednesday, December 9) I will be on Common Sense Radio hosted by Bill Sayre discussing cyber security. In the wake of the attack on UVMMC, we'll talk about how individuals and organizations can quickly recover from attacks as well as what government's role should be. The broadcast is on WDEV - 96. 1 FM,  550 AM, 96.5 FM, and 101.9 FM and streaming is live at https://wdevradio.com/stream/

Vaccine for the Hacker Attack Epidemic

Stop paying ransom!

Hackers are in it for the money. Most of the serious cyberattacks on school, hospitals, and individuals include demands that a ransom be paid by the victim to regain access to hacker-locked data. Payments are usually made in untraceable Bitcoin. Each ransom that is paid encourages further hacking.

The federal and state governments can act immediately (assuming the federal government can do anything immediately) to pass laws forbidding the payment of ransom by any government-supported institution. The in-it-for-the-money hackers will have no incentive to spend effort where no ransom is possible. This is, of course, the same logic that the US and Israel use in not paying ransom for victims of kidnappings by terrorist groups. Each ransom finances terror and incents more kidnapping.

Hackers will test this resolve and attempt to punish those who don’t pay ransom. Individual institutions have not been able to resist this pressure; legislation will give them the gift of no alternative. We may want to have some funds allocated to help the first stand-fast institutions so long as not a penny goes to the hackers. “Millions for defense but not a penny for tribute”, Thomas Jefferson may or may not have said to demands for payments by the Barberry Pirates.

Government institutions will still have to keep their defenses up so that attacks are expensive to pull off as well as unlikely to have any return. Moreover, these institutions have a responsibility to protect the data in their possession from being stolen and used for identity theft or other nefarious purposes (although there is very little data which is really secret).

When public institutions are no longer a lucrative target, hackers will redouble their effort to collect ransom from the private sector and from individuals. Individuals can very easily put themselves beyond extortion with cloud-based backup and recovery services as described here. The best defense for an enterprise from being tempted to give into a ransom demand is assuring that even hacker-locked data can quickly be restored to uninfected machines.

Although I don’t think government should pass laws against private individuals and institutions paying ransom, government can still help by assuring that institutions cannot be sued purely because they refused to pay a ransom; refusal to pay is not negligence. Governments could also discourage private ransom by making it a non-deductible business expense. Private enterprise does need to spend money hacker-proofing itself.

Piracy is a parasitic affliction which will probably always be with us in some form. We must do all we can to prevent it from being either easy or lucrative.

See also: Protecting an Enterprise from Cyber Catastrophe

Protecting Yourself from Cyber Disaster

At 11AM ET this morning (Wednesday, December 9) I will be on Common Sense Radio hosted by Bill Sayre discussing cyber security. The broadcast is on WDEV - 96. 1 FM,  550 AM, 96.5 FM, and 101.9 FM and streaming is live at https://wdevradio.com/stream/

December 07, 2020

Protecting an Enterprise from Cyber Catastrophe

Recovery planning must come before the disaster.

We are suffering an epidemic of cyber-attacks while in a viral pandemic. This post is for those who have responsibility for assuring that the IT-based services offered by their enterprise can quickly recover in the case of successful cyber-attack or other disaster.

University of Vermont Medical Center (UVMMC) is an excellent hospital. I owe my life to treatment there and am grateful for both the skill and the kindness of UVMMC staff. They have been devastated by a cyber-attack.

It took a full month for UVMMC to recover use of its patient database after the attack and the institution recently blamed failure to report COVID cases on after-effects. It is not possible to avoid all disasters; it is possible to recover quickly – but only if recovery has been planned and practiced in advance. There are several lessons in UVMMC’s travails for every organization and every business with a critical database.

At this point it would be reasonable and prudent for readers to ask whether I’m qualified to give this advice. I blog about a lot of stuff like education, politics, and economics which I’m not expert in. You don’t want to rely on amateur advice for service security.

At Microsoft in the early 90s I was responsible for the development of server-based products including Outlook and Exchange. Later I led the development and rollout of AT&T’s first ISP, AT&T WorldNet Service. ITXC, which Mary and I founded, had a network which spanned 200 countries and provided a VoIP service despised by most of the world’s telcos and quite a few governments. It had to be hacker resistant. NG Advantage, which we also founded, has an extensive internet of things (iot) network. I’m a nerd so I was deeply involved in the technology of all these products and services. More boasting here.

I’m no longer an expert in how to prevent a hacker attack although I did write a novel called hackoff.com. The technologies for intrusion and intrusion detection and prevention change so rapidly that only those active in the field have any hope to keep up. Fortunately, the principles of preparing for and accomplishing catastrophe recovery are largely the same no matter what tools mother nature or a hacker group used to bring your servers and your services down. This post is about preparing for recovery, a very separate subject than preventing attacks.

  1. Recovery planning starts with the assumption that there will be a disaster which renders all your organization’s computers unusable. Could be a fire, a flood, a cyber-attack or something else. UVMMC and the Green Mountain Care Board, which is their regulator, have been citing attacks on other hospitals and the continuing arms race between black-hat hackers and defenders. If you know that there is a possibility of a successful attack, there is no excuse for not having and rehearsing a recovery plan. Even the “unsinkable” Titanic didn’t put to sea without lifeboats.
  2. Recovery capability requires an off-premise backup of ALL critical data. In the olden days, we used to truck magnetic tapes with backup data to places like Iron Mountain in New York. Now the backup data can move over the internet, but the principle is the same. The backup data must not be on the same premises or, equally important, on the same network as the servers which are being used to provide the service.
  3. The off-premise backup data must be current. For many operations, including running a hospital, restoring the data as it was a month or even a week before the disaster struck means a significant loss of function. Even though it is only practical to backup an entire huge database periodically, changes to the database can also be sent offsite. Ideally these changes are applied to a shadow copy of the database so that almost all data can be restored immediately when required. The process of updating the shadow database must also be off-premise and off-network and not rely on any of the software used for the day-to-day service.
  4. Recovery of function must not depend on use of the original hardware. During Tropical Storm Irene, the State of Vermont’s computers in the basement of the Waterbury complex drowned. In the UVMMC disaster, whatever malware had been loaded on to the computers apparently took a month to eradicate. There didn’t used to be a good solution to the problem of quick access to replacement servers.

Now getting new server hardware up and running immediately sounds hard and expensive but is actually cheap and almost trivially easy. As long as preparation has been made in advance, it is possible to spin up a practically unlimited amount of computer power from cloud-providers like Amazon, Microsoft, or IBM within minutes. There is no significant standby cost for this capability. Once the cloud equipment is no longer needed, it can be shut down and the cloud billing meter stops.

Apparently the desktop computers and laptops (and possibly tablets) which are used at UVMMC to access data were also infected and unusable.  Recovery of function cannot depend on restoring the access devices any more than it can depend of restoring the servers. In practice, this means that access to all essential functionality must be possible from a web-browser on any properly authenticated laptop, computer, or smartphone. There must be a small backup supply of devices to restore key functionality immediately. New ones can be purchased and placed in service in days so long as they don’t have to be loaded with special software.

  1. Recovery must be practiced frequently and after any change to the IT environment. Experience says that a recovery plan which has not been practiced before an emergency can be counted on to fail when disaster strikes. Lifeboat drill is mandatory. If an organization’s servers are not already in the cloud (as most should be), the organization must periodically practice bringing up its applications and restoring its data on cloud computers. Losing a few minutes’ data is excusable; losing access for up to an hour may be unavoidable. Losing access for a month means recovery has not been sufficiently planned or practiced.
  2. The functional recovery team must be separate from the hardware recovery team in order to restore function as quickly as possible. As soon as the environment has been compromised by disaster, the recovery team swings into a well-rehearsed routine of restoring data from the offsite backup to backup servers in the cloud (if it is not already being replicated there) and providing any new access devices and passwords needed. If the original hardware does end up coming back soon, there is a small expense for renting cloud-servers; but this is immaterial compared to the cost of not having access to critical data.
  3. The post-mortem which follows every disaster must separately determine why the vulnerability and how successful the recovery. The two issues are different.

Anyone who is responsible for critical systems in the public or private sector should be asking their own IT people two simple questions: when was the last successful rehearsal of our functional recovery plan? How long did it take to restore functionality in the rehearsal?

For disaster proofing your home computers, see Protecting Yourself from Cyber Disaster

Blog powered by TypePad
Member since 01/2005