I was sitting in my office with my famous poster that was co-developed with Charlie Hopkins in 1999 (then Program Manager for the METOC office in PMW 150). ”Hope for the best, Prepare for the worst” was something Charlie had us put on new posters that included the new METOC Logo (I think the tag line came from a fortune cookie!). 13 years later, as we are going thru some hot and humid days (not complaining on the west coast), I am reminded of how weather and computer networks have a lot in common. I found this newsletter segment that I wrote in 2005. Seems relevant only 7 years later and help me get ready for the hot fall in San Diego County combined with Navy football.
September 2005
Katrina and Zotob have some things in common.
From Jim Pietrocini, CEO RL Phillips Inc.
I am writing this while flying a Delta flight back to the east coast. I have a hall pass from the wife to attend the Navy- University of Maryland football game during the Labor Day long weekend, then followed by Navy- Stanford (my reunion weekend). The excitement of tailgating and enjoying the college gridiron has been extremely leveled by the events this past week in New Orleans. I have friends and business associates from my days in the Navy that worked and lived coastal Louisiana and Mississippi and many have lost their homes. The event hit home this week, when we received an email of a young IT professional sending his resume and asking if we had any positions opened. He had just lost his home and possessions from Katrina and wanted to move to San Diego County.
RL Phillips federal group has supported the Navy Meteorological and Oceanographic program directorate for the past 15 years. RL Phillips team was involved in the development of a weather information system for the US Navy in the mid-90’s and gained a valuable appreciation for the collection of environmental information, disseminating that information and providing computer based tools to help forecast the weather and interject how the weather affects mission critical systems such as flying jets to targeting tomahawk missiles. Bottom Line is that “Weather does MATTER”. Today, RL Phillips supports the Navy by managing an innovation laboratory at the Coronado Naval Base and provides systems engineering support at the Space and Naval Warfare Command in San Diego. While watching CNN on the morning of Hurricane Katrina hitting the Louisiana/Mississippi coastline, it seemed the region’s population had an attitude of “it will not be THAT BAD” or “If we survived Camille in 1969, what else can be worse.” Days later, we are now seeing the effects of poor preparation and a city that was not prepared for the worst.
Zotob, a funky name for a malicious software worm, hit our internet and networks in mid August. Our commercial small/medium business (SMB) IT services team spent 3 days upgrading and patching our client servers to ensure everyone was safe. Our SMB client base has grown to over 30 clients in a little over 18 months, evidence that information technology is definitely a core piece of a businesses daily operations and core infrastructure. Zotob hit over 175 companies including General Electric, Caterpillar, and UPS. The worm dug itself into the “plug and play” code in Windows 2000 and opened an internet relay chat channel back to servers which then downloaded more nasty code that could turn the machine into a zombie to allow it to spam other machines or create a denial of service to other servers/computers on the affected network. Fortunately, all our clients were not running the older Windows 2000 operating system and are kept current with XP Professional, but the event reminded business owners that attacks on the internet, like bad weather, will never go away. I even wonder if the event was more of a “cry wolf” and most business owners are becoming complacent.
Information Security has gained acceptance since September 11, 2001 (footnote- I am flying back to San Diego on the 9/12 vice Sunday 9/11). Large enterprises and small businesses are getting educated on firewalls, intrusion prevention, virtual private networks, spam filtering, ad-aware software, and spy-ware. How much to invest/spend on information technology in general or what information security mechanisms must a business deploy are questions that must be on every small/medium business plan. Similar to the city of New Orleans living below sea-level with levees that could handle a Category 3 hurricane and pumps that would protect any flooding, the wrath of Katrina changed the rules of the game.
Some factoids and points related to information technology and information assurance for small/medium size businesses to comprehend:
- The federal government recently received a report card of a D+ on how they handle information security for government networks.
- The GOOD. Businesses have spent the past few years learning the power of the internet. Email has become a core application. Accessing information via email from work, home, or at the hotel is becoming a critical piece of your business processes. Fax Servers, sending PDF files, accessing databases via websites are becoming day to day activities.
- The BAD. The internet is also a medium for corruption and the evil side of society. Five years ago, a hacker was a young pimple faced teenager having fun hacking into computers. Today, organized crime and terrorist organizations are hiring software/network professionals across the globe to hack into businesses to make money. Hacking databases of credit cards, Fake websites (termed “Phising”), and developing the next worm/Trojan is becoming common practice.
- The UGLY. The Department of Cybersecurity terms the internet as the “Perfect Storm” for the criminal world. Anonymity prevails on the internet. I received an email today from a former Navy Information Security professional now working at the information security officer for the Colorado Governer’s office.
- We updated yesterday’s diary with the information of fake emails and domains being used to get donations for the Katrina Hurricane and Brian Krebs just updated the Security fix blog, with new information about these fake domains. Some that we strongly suspect so far are katrinahelp.com , katrinarelief.com and katrinacleanup.com.
- A recent survey of businesses show over 51% will increase their IT budget and focus on better access control, secure remote access, and ensure up-to-date patching of systems.
- The University of California at San Diego had several their databases of personnel information compromised.
There have been several headlines in 2005 related to computer security breeches. There is also a feeling that most businesses, especially the larger names, do not want to admit that they lack certain security infrastructure to deter the potential threat. RL Phillips also runs into small businesses not wanting to spend a dime extra on their firewalls, backing up their data, and even having a discussion on disaster recover plans (Where does your business operate in the event of a power failure or earthquake?). Unfortunately, like Katrina, it takes a major “event” to convince our personal and business mindset to change. There will be internet event in the future that will affect our businesses and cost money to fix. The events of Katrina and Zotob should continue to drive home the fact that all businesses should “BE PREPARED”.
I am a strong advocate that small businesses are what drive this country’s innovation and spawn the large enterprises of the future. Small businesses move faster and touch customers that several large companies do not care about. In the same light, I am rooting for underdog Navy over the Terps and Cardinals.
Go Navy
* RL Phillips has setup a “care package” for the Katrina victims. We are collecting any small items (gum, canned food, toilet paper, etc) and will send on behalf of RL Phillips and our clients. Please email Sheryl Estey for more information.
