alkemi computer disaster survey 1983–1987
TRANSCRIPT
Vol. 10, No. 1, Page 10
ALKEMI COMPUTER DISASTER SURVEY 1983-1987
The identification and quantification of computer disasters
occurring in countries with advanced data processing installations
has proved elusive. Widely reported incidents of international
interest are usually of a spectacular nature, often involving
terrorist attacks with the familiar arsenal of bombs and arson
devices. The number of recorded incidents perpetrated by
organized groups such as France's Action Directe, intent on
causing mayhem within the computer fraternity, are such that
attacks are more likely to occur within mainland Europe rather
than in the UK.
However, terrorist acts know no boundaries; there is nothing
to prevent this disturbing trend from crossing the Channel, during
periods particularly of tension or controversy. For example, at the time of the Tripoli bombing in 1986, all IBM installations,
with their obvious links to the US, were put on full alert, and
security measures were considerably stiffened. Away from the political arena, organizations involved in sensitive activities,
such as laboratories where it is claimed that animal experiments
are conducted, have been targetted by action groups. Statistics based solely on European experiences can sometimes appear
unrealistic, particularly to UK eyes.
As far as the UK is concerned, the Alkemi Management
Consultancy has collated a history of computer disasters as part
of its awareness programme. The list begins in 1983, a time when
the computer systems which proliferate today, i.e. those with
distributed and networked systems, were generally in use. It was considered distortive to include incidents occurring up to ten
years ago to largely obsolete equipment, A further criterion was
that any incident must be confirmable. For reasons of
confidentiality, informants requested that, while they agreed to
be included in a statistical representation, individual names were
not to be revealed.
Survey results
At the present time, the results of the Alkemi survey are as
follows:
Hardware failure 32%
Fire/flood 23%
Industrial action 15%
Building fault 6%
Lightning/power surge 9%
Theft of equipment 9%
Bomb threat/explosion 3%
Natural disaster 3%
To industry as a whole, fire is always seen as the greatest
menace, and this is clearly borne out by the results of the
survey. However, the percentage attributable to hardware failure,
placing it at the top of the league table, continues to highlight
this area as the major cause of computer disasters.
A number of companies have been established in the face of
demand for emergency alternative processing facilities. Known as
warm start facilities (i.e. access for a limited period to a
compatible computer configuration while restoration of the original
0 1987 Elsevier Science Publishers B.V., Amsterdam.187/$0.00 + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any
means, electronic. mechanical, photocopying, recording or otherwise. without the prior permission of the publishers.
(Readers in the U.S.A. - please see special regulations listed on back cover.)
Vol. 10, No. 1, Page 11
UK LAW "TOTALLY ILL- EQUIPPED" FOR COMPUTER CRIME
installation takes place), speedy recovery should be ensured. Services on offer increasingly include data communications re-routing and access. In order to prove the viability of their
offerings, the computer standby companies are generally willing to discuss the details of invoked contracts.
Hardware problems appear to be prevalent; one company receives at least one call per week from its subscriber base, placing it on a standby footing, particularly during system upgrades or equipment relocation. The level of confidence placed in such exercises would appear to be low. Another company questioned stated that 40% of contract invocations and standby alerts had their origins with hardware or relocation exercises.
It is also interesting to note, referring to the 15% of disasters in the survey attributable to industrial action and disputes, that this category of disruption normally forms part of the exclusion clause of most standby contracts. Thus, access to the contracted standby facilities would be denied in this case.
Whatever decision is made regarding the individual recovery strategy, while attention should be paid to published statistics, the specific threats to the individual organization are still the major considerations. In the short term, it may be advisable to subscribe to a standby site, with a view to providing internal standby when, for example, a distributed mainframe system is to be installed in the near future. The path may be determined by the increasingly time-critical nature of the applications relying on a functioning hardware configuration.
In conjunction with Elsevier International Bulletins, Alkemi has published Computer Risk Manager, a regularly updated guide to computer contingency planning. Details are available from Elsevier International Bulletins, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, UK; tel: 0865-512242.
Steve Watt, Alkemi Ltd
The recent Appeal Court decision - reported in the September 1987 issue of CFSB - that the transmission of electronic impulses during the course of computer crime does not itself constitute the making of a false instrument under the terms of the Forgery and Counterfeiting Act 1981 has already been applied for the first time in a criminal trial at the Old Bailey, London on 2 September 1987.
Speaking at the trial of Angelo Lamberti and John Filinski, prosecuting counsel, Mr Julian Devan, described the law as now being "totally ill-equipped" to deal with some aspects of computer fraud. The two men had pleaded guilty to conspiring to defraud the firm of Bathe Securities by procuring the unauthorized computer transfer of a total of 18 Eurobonds, together valued at f5 million, but they denied an associated charge of making a false instrument in the form of an electronic message in order to effect the transfer. Following the Appeal Court decision, Judge Kenneth
0 1987 Elsevier Science Publishers B.V.. Amsterdam./87/$0.00 + 2.20
CO~p~Tg~jqd~;;y,;,& No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any
SEcvarrrm
means, electronic. mechanical, photocopying, recording or otherwise, without the prior permission of the publishers
(Readers in the U.S.A. - please see special regulations listed on back cover.]