[ISN] BlackBerry outage underscores need for a backup plan

From: InfoSec News (alerts@private)
Date: Tue May 01 2007 - 02:14:55 PDT


http://www.gcn.com/print/26_09/43568-1.html

By Patrick Marshall
GCN Staff
04/30/2007 issue

You don’t miss the water until your well runs dry. And when millions of 
BlackBerrys lost their e-mail capability April 17, it suddenly became 
clear how dependent many people in federal agencies and departments have 
become on the devices.

“Certainly, the senior folks in the agency view them essentially as an 
extension of their bodies,” Corey Booth, chief information officer of 
the Securities and Exchange Commission, told Government Computer News. 
And when the e-mail service went out, Booth said dryly, “it was 
certainly a source of complaint.”

At first, Research in Motion offered few details of why the service was 
down. Only two days later did the company explain the outage, chalking 
it up to insufficient testing of new caching software in its network 
operations center (NOC) in Canada.

One factor that made the outage more widespread than it otherwise might 
have been is the BlackBerry system’s highly centralized message routing. 
All e-mails are routed though one of two NOCs — one in Canada serving 
the Western Hemisphere and one in England serving Europe, Africa and the 
Middle East.

Booth said agencies and departments would be well-advised to plan on 
future failures.

“The thing that everyone has to understand is that there are very few 
forms of technology, particularly of communications technology, that are 
foolproof,” Booth said. “You can have a RIM-related failure, you can 
have a telephone company-related failure, you can have a failure within 
our e-mail system, you can have a failure at any of the gateways between 
those various systems. There are a lot of places where problems can 
occur.”

That’s why it’s critical for staff to have a Plan B.

“Plan B can be pretty simple,” Booth said. “It can be just carrying 
around peoples’ cell phone numbers. Plan B can be knowing how to log in 
to your e-mail from home. There are lots of things that people can do 
that are in the category of somewhat inconvenient but workable 
workarounds.”

Some analysts have also voiced concerns about the security and 
reliability of a system that depends on such a centralized architecture. 
And, particularly for federal agencies and departments, there may be 
concerns about routing e-mails through NOCs that reside in a foreign 
country.

“If the software vendor can be forced to cooperate with government 
agencies, the possibility exists that the wireless e-mail software could 
include hidden eavesdropping capabilities in accordance with governments 
or intelligence agencies for various purposes,” a recent Gartner report 
states. For that reason, some governments — including France, Germany, 
Great Britain and the Netherlands — have opted not to rely on such 
systems.

However, Booth said, not all federal agencies need to be concerned. “I’m 
not arrogant enough to believe that our business [at SEC] is so 
mission-critical that we would be unable to perform our mission without 
having two NOCs owned by RIM,” he said. On the other hand, “if we were, 
say, a first-response agency of some kind — like a FEMA or a DOD — I 
might have some concern.”

RIM’s response to the outage is not likely to put concerned minds at 
ease. Apart from its brief statement citing the software glitch as the 
culprit, the company has been quiet on the issue. A week after the 
incident, no mention of the outage or its cause had been posted on the 
company’s Web site nor had RIM responded to a request for an interview.



__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Tue May 01 2007 - 02:30:59 PDT