Terrorism: IT’s response
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Events in recent years have forced organisations to take the impact of a terrorist attack seriously.
This November, the UK was once again confronted with the reality of what it means to be the world’s number one terrorist target.
Only months after the foiling of a plot to blow up US-bound flights came revelations of plans for a series of attacks on a scale even more devastating than the London Underground and bus bombings of 7 July 2005. A British court heard how Dhiren Barot of north-west London – described by prosecutors as “member or close associate” of al-Qaeda – had not only laid detailed plans for attacks on Waterloo Station, the Heathrow Express, a Tube train travelling under the Thames, and the Savoy Hotel, but had drawn up a hitlist of US business targets: Citigroup Centre in New York City, and the Prudential Corporate Plaza and world headquarters in Newark, New Jersey, the International Monetary Fund headquarters and World Bank headquarters in Washington, DC, and the New York Stock Exchange.
That just affirms what many high-profile businesses already know and have been preparing for: the uncomfortable truth that they too are potential targets. An attack on such organisations would not only be a symbolic blow against Western economic power, says Dr Anthony Richards of the Centre for the Study of Terrorism and Political Violence (CSTPV) at St Andrews University, but serve the wider goal of largescale economic disruption. “If you look at al-Qaeda and the Global Salafi Jihad, one of their strategies is to inflict economic costs on their enemy,” Richards observes.
Virtual impact
Attacking business interests – and financial institutions in particular – is more likely to achieve this end for the simple reason that their assets and the services they provide are largely virtual in nature , and delivered via a large and vulnerable IT infrastructure.
That is a threat that is taken seriously. Downtime inflicted on such organisations as the result of an attack – or even the threat of a direct attack – could devastate a business. This realisation, says Peter Yates, head of infrastructure for EMEA at European banking giant ABN AMRO, has led to a discernable change of attitude within the business continuity circles of the financial world.
“Certainly, several years ago, companies recognised that they should have business continuity plans, but they were often quite happy to let someone run that. Now, since 9/11 and the London bombs, it has become apparent that these disasters can happen and, if so, you do have a big chance of losing business. Now it appears to be more high profile, and senior management are taking it very seriously now.“
This concern however, is by no means the preserve of financial services. According to a recent survey of global continuity practices designed to chart changes in practices since the 7/7 bombings, 32% of businesses say that just four hours of downtime as a result of such a disruption would be potentially “fatal” for their organisation. The research, by online information service Continuity Central, however found that the vast majority (73%) thought the meltdown point would come within 24 hours of their IT infrastructure disappearing, showing just how critical and deeply embedded IT is within the fabric of most businesses.
In recognition of that position, MI5 recommends businesses prioritise the protection of their IT infrastructure as a matter of business survival, second only to providing physical protection for their buildings and staff. According to Continuity Central, the majority of organisations have now started to properly address this issue, with 73% of the CIOs and IT directors it surveyed confirming they have a business continuity plan (BCP) in place. Of these, 46% said they test their plans annually, with a further 32% performing tests at least four times a year.
For large multinationals, such as investment banks, oil companies or pharmaceutical giants – companies that are aware of threats from a range of political activists and terrorists groups – activities of this nature are now assuming a massive scale. For example, as a matter of priority, says Barry Clark, consultant and former superintendent at Scotland Yard, nearly all such organisations have begun to reconsider the location of their data centres.
That is something Yates confirms: “Our primary UK data centre is in London, but we have a major project right now to look at other data centre sites. We also have a secondary facility in the UK, and all our critical data is backed up as well as being replicated at another site.”
The lack of specifics is not surprising. Like most financial organisations, the location of such critical business infrastructure, that in years gone by were openly shared, are now treated as highly confidential.
Continued...
