Friday, July 8, 2022

Principle of Information Security: Module 2 The Need for Information Security (Part 10)











Forces of nature, sometimes called acts of God, can present some of the most dangerous threats because they usually occur with little warning and are beyond the control of people. These threats, which include events such as fires, floods, earthquakes, landslides, mudslides, windstorms, sandstorms, solar flares, and lightning as well as volcanic eruptions and insect infestations, can disrupt not only people’s lives but the storage, transmission, and use of information. Severe weather was suspected in three 2008 outages in the Mediterranean that affected Internet access to the Middle East and India.


Natural disasters also include pandemics, such as the 2020 COVID-19 outbreak. At the time of this writing, the pandemic was still under way, and many small businesses were shut down, some never to reopen. The majority of the world’s infrastructure continues to function, but if the virus had been more deadly, its global impact could have been even more disastrous. Knowing a region’s susceptibility to certain natural disasters is a critical planning component when selecting new facilities for an organization or considering the location of off-site data backup.


Because it is not possible to avoid threats from forces of nature, organizations must implement controls to limit damage and prepare contingency plans for continued operations, such as disaster recovery plans, business continuity plans, and incident response plans. These threats and plans are discussed in detail in Module 5, “Contingency Planning and Incident Response.”


Another term you may encounter, force majeure, can be translated as “superior force,” which includes forces of nature as well as civil disorder and acts of war.


Fire


A structural fire can damage a building with computing equipment that comprises all or part of an information system. Damage can also be caused by smoke or by water from sprinkler systems or firefighters. This threat can usually be mitigated with fire casualty insurance or business interruption insurance.


Floods


Water can overflow into an area that is normally dry, causing direct damage to all or part of the information system or the building that houses it. A flood might also disrupt operations by interrupting access to the buildings that house the information system. This threat can sometimes be mitigated with flood insurance or business interruption insurance.


Earthquakes


An earthquake is a sudden movement of the earth’s crust caused by volcanic activity or the release of stress accumulated along geologic faults. Earthquakes can cause direct damage to the information system or, more often, to the building that houses it. They can also disrupt operations by interrupting access to the buildings that house the information system. In 2006, a large earthquake just off the coast of Taiwan severed several underwater communications cables, shutting down Internet access for more than a month in China, Hong Kong, Taiwan, Singapore, and other countries throughout the Pacific Rim. In 2013, major earthquakes and the resulting tsunami severed cables around Japan. In 2016, several undersea cables around Singapore were damaged, resulting in substantial loss of communications capacity to the island. In the United States, earthquakes impacted the country from Alaska to North Carolina in 2020. Most cause some damage to property. Losses due to earthquakes can sometimes be mitigated with casualty insurance or business interruption insurance, but earthquakes usually are covered by a separate policy.


Lightning


Lightning is an abrupt, discontinuous natural electric discharge in the atmosphere. Lightning usually damages all or part of the information system and its power distribution components. It can also cause fires or other damage to the building that houses the information system, and it can disrupt operations by interfering with access to those buildings. In 2012, a lightning strike to a communications cable near Fort Wayne, Indiana, left almost 100,000 residents without phone and Internet access. Damage from lightning can usually be prevented with specialized lightning rods placed strategically on and around the organization’s facilities and by installing special circuit protectors in the organization’s electrical service. Losses from lightning may be mitigated with multipurpose casualty insurance or business interruption insurance.


Landslides, Mudslides, and Avalanches


The downward slide of a mass of earth, rock, or snow can directly damage the information system or, more likely, the building that houses it. Landslides, mudslides, and avalanches also disrupt operations by interfering with access to the buildings that house the information system. This threat can sometimes be mitigated with casualty insurance or business interruption insurance.


Tornados and Severe Windstorms


A tornado is a rotating column of air that can be more than a mile wide and whirl at destructively high speeds. Usually accompanied by a funnel-shaped downward extension of a cumulonimbus cloud, tornados can directly damage all or part of the information system or, more likely, the building that houses it. Tornadoes can also interrupt access to the buildings that house the information system. Wind shear is a much smaller and linear wind effect, but it can have similar devastating consequences. These threats can sometimes be mitigated with casualty insurance or business interruption insurance.


Hurricanes, Typhoons, and Tropical Depressions


A severe tropical cyclone that originates in equatorial regions of the Atlantic Ocean or Caribbean Sea is referred to as a hurricane, and one that originates in eastern regions of the Pacific Ocean is called a typhoon. Many hurricanes and typhoons originate as tropical depressions—collections of multiple thunderstorms under specific atmospheric conditions. Excessive rainfall and high winds from these storms can directly damage all or part of the information system or, more likely, the building that houses it. Organizations in coastal or low-lying areas may suffer flooding as well. These storms may also disrupt operations by interrupting access to the buildings that house the information system. This threat can sometimes be mitigated with casualty insurance or business interruption insurance.


Tsunamis


A tsunami is a very large ocean wave caused by an underwater earthquake or volcanic eruption. These events can directly damage the information system or the building that houses it. Organizations in coastal areas may experience tsunamis. They may also disrupt operations through interruptions in access or electrical power to the buildings that house the information system. This threat can sometimes be mitigated with casualty insurance or business interruption insurance.


While you might think a tsunami is a remote threat, much of the world’s coastal area is under some threat from such an event. In 2011, the Fukushima Daiichi nuclear disaster resulted from an earthquake and subsequent tsunami; the disruption to the Japanese economy directly and indirectly affected much of the world. The United States coastline has exposure to tsunamis caused by severe earthquakes or landslides that might begin across the Atlantic Ocean, Pacific Ocean, or the Gulf of Mexico.


The earthquake that shook Alaska in 2020 was expected to result in a significant tsunami. The U.S. Coast Guard was mobilized, and the coastal regions were warned. Fortunately, the resulting tsunami only reached about a foot high, almost indistinguishable from normal wave patterns.


Electrostatic Discharge


Electrostatic discharge (ESD), also known as static electricity, is usually little more than a nuisance. However, the mild static shock we receive when walking across a carpet can be costly or dangerous when it ignites flammable mixtures and damages costly electronic components. An employee walking across a carpet on a cool, dry day can generate up to 12,000 volts of electricity. Humans cannot detect static electricity until it reaches around 1,500 volts. When it encounters technology, especially computer hard drives, ESD can be catastrophic, as damage can be caused by as little as 10 volts.


Static electricity can draw dust into clean-room environments or cause products to stick together. The cost of ESD-damaged electronic devices and interruptions to service can be millions of dollars for critical systems. ESD can also cause significant loss of production time in information processing. Although ESD can disrupt information systems, it is not usually an insurable loss unless covered by business interruption insurance.


Dust Contamination


Some environments are not friendly to the hardware components of information systems. Accumulation of dust and debris inside systems can dramatically reduce the effectiveness of cooling mechanisms and potentially cause components to overheat. Some specialized technology, such as CD or DVD optical drives, can suffer failures due to excessive dust contamination. Because it can shorten the life of information systems or cause unplanned downtime, this threat can disrupt normal operations.


Solar Activity


While most of us are protected by the earth’s atmosphere from the more dramatic effects of solar activity, such as radiation and solar flares, our communications satellites bear the brunt of such exposure. Extreme solar activity can affect power grids, however, as in Quebec in 1989, when solar currents in the magnetosphere affected power lines, blowing out electric transformers and power stations. Business communications that are heavily dependent on satellites should consider the potential for disruption.



0 comments:

Post a Comment