Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Hurricane Sandy Update - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Hurricane Sandy Update

Last nights storm cut power to millions of households across much of the north east of the US and parts of Canada. The outages affect major population centers, including New York City.

At this point, the damage to infrastructure appears to be substantial and recovery may take days to weeks.

We have not heard of any outages of east coast services like amazon's cloud or google web services hosted in the area. We will try to keep you updated as we hear about any larger outages, but right now, there are only some individual web sites affected. This may change if power outages persist.

If you reside in the effected area, you are probably best off staying at home. Many roads are blocked by debris and in some cases by downed power lines.

Here are some of the typical issues we see after an event like this:

- outages of communications networks as batteries and generator fuel supplies run out.
- malware using the disaster as a ruse to get people to install the malicious software ("watch this video of the flooding")
- various scams trying to take advantage of disaster victims. 

A couple ways how the internet can help in a disaster like this:

- many power companies offer web pages to report and monitor outages.
- FEMA offers updates on it's "ready.gov" and "disasterassistance.gov" web sites.
- local governments offer mobile applications to keep residents informed.

Twitter can provide very fast and localized updates, but beware that twitter is also used to spread misinformation.

A lot has been made of tweets that suggest organized looting. The posts I have seen appear to be meant as a joke if read with other tweets by the same person. In some cases the person doesn't live in the area, or the account is very new. Remember it is hard to detect irony in 140 characters.

We hope everybody in the effected area will stay save. The storm is still on going and internet outages are probably the least significant issue right now.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Intrusion Detection In-Depth - SANS Boston Summer 2019

Johannes

3578 Posts
ISC Handler
Peer1 just announced that "We are going to implement a controlled shutdown of NY Data Center at 10:45 ET. Customer communications is being prepped."

For more information please see http://forums.peer1.com/viewtopic.php?f=37&t=7532
PW

63 Posts
Why are the stock markets still closed? Shouldn't any business that large have a disaster recovery plan, and have it already implemented?

This storm is a reminder that disaster recovery plans should be geographically diverse.
PW
6 Posts
Have you started seeing the inevitable SCAMS and spam and malware-laced e-mail links, trying to take advantage of super-storm Sandy? Brace yourselves...
PW
12 Posts
"a disaster recovery plan"... will never cover a catastrophy this large:

- http://www.nasa.gov/mission_pages/hurricanes/archives/2012/h2012_Sandy.html
10.29.12 - "... NOAA's GOES-13 satellite captured a visible image of Hurricane Sandy battering the U.S. East coast on Monday, Oct. 29 at 9:10 a.m. EDT that showed the immense extent of the storm. The image was created by the NASA GOES Project at NASA's Goddard Space Flight Center, Greenbelt, Md. Tropical Storm force winds extend almost 500 miles from the center making it almost 1,000 miles in diameter..."
>> http://www.nasa.gov/images/content/701204main_20121029-SANDY-GOES-FULL.jpg

Every hundred years or so, the human race will have to take the hit.

.
Jack

160 Posts
""a disaster recovery plan"... will never cover a catastrophy this large"
That sounds like a failure to plan correctly and understand geographic diversity. For example, Arizona, Colorado, and Texas were not impacted by this storm.
Jack
6 Posts
I agree with the failure to plan correctly post, but only to a point. Small and medium businesses often do not have the resources to have redundant systems to say nothing obout geographical diversity. They can shut down and evacuate systems to high ground and many other things.

IT recovery from this event sounds like a good subject for a diary.
KBR

63 Posts
""a disaster recovery plan"... will never cover a catastrophy this large"...
Then what you really need is a CATASTROPHE Recovery Plan.
KBR
12 Posts
A disaster recovery or business continuity plan has to consider cost and likely hood of the disaster. It can get very expensive to prepare and in some cases, you are better of to just "sit out" the disaster and close shop for a couple days.

That said, one common issue I have seen is that fuel storage and pumps were located in basements, which flooded. The generator itself was housed on a "safe" floor. This could be the result of building codes, or just cost (supporting heavy tanks on upper floors can be difficult). In a dense location like NYC, you may not have the luxury of placing a tank next to the building. Of course another BCP is to just have a secondary location to do business from.

As for the stock exchange: I understand that the networks are fine, and it was considered to only run computer based trading. But this was considered too risky for the market expecting higher fluctuations and higher volume after such a disaster.
Johannes

3578 Posts
ISC Handler
I think I speak for everybody when I say, the internet is broken, and it sucks.
hacks4pancakes

48 Posts

Sign Up for Free or Log In to start participating in the conversation!