SECURITY PLANNING: Living with Terror

1 2 Page 2
Page 2 of 2

Steve Akridge, chief information security officer for Georgia’s Technology Authority, the Atlanta-based IT arm of the state of Georgia, shares similar concerns. A former U.S. Navy chief cryptologist who worked in Europe, Akridge sees a sharp contrast between American preparedness for terrorist attacks and the far less sanguine view prevailing overseas. "I’ve spent time in the U.K., and there are a lot of things that folks there have come to accept, maybe without even thinking about it anymore?like the absence of trash cans," he says. (Trash cans are a favored location for terrorists’ bombs.) "I’m concerned that we’re now in that environment in America."

And certainly, the events of Sept. 11 have acted as a kind of wake-up call. "It’s not a fire in an electrical room that they’ve got to prepare for or a flood," says Akridge. "Instead, it’s utter devastation."

European companies have shown themselves more willing to pay out the serious money required to provide themselves with the best form of protection against such devastation: backup facilities, ready to be moved into if necessary. In British eyes, the United States is underprovisioned with those facilities. "Having your computers backed up and your data safe is no use if there’s nowhere for people to operate those computers?what we call the bums-on-seats factor," says John Kersley, general manger for global recovery services at SchlumbergerSema of Walton-on-Thames, England.

It is, he adds, a peculiarly American blind spot. "We estimate that only 20 percent of the businesses based in the World Trade Center had an adequate disaster recovery plan in place at the time of the attack," he says. "In the whole of Manhattan, we could find less than 1,000 business continuity positions provided by third parties," he says. "In London, we alone operate 6,000 positions?and we’re just one supplier."

Such backup facilities are big business in the United Kingdom. Although New York City dwarfs London as a financial and commercial center, London has more than 1 million square feet of third-party-operated business recovery space compared with New York City’s 500,000 square feet, according to Kersley.

Recognizing terrorism as a risk of doing business is an attitude that prevails throughout Europe. "The incidence of ETA [the Basque terrorist group] terrorism in Spain is very localized, and sometimes we aren’t very comfortable knowing that a specific node of our network is in a place with a higher degree of risk," says Paualino Folch, director of organization and IT at NestlŽ Esp‹na in Barcelona, Spain. "You can’t avoid such places?business is business?so you just have to live with the risk." In such locations, NestlŽ applies the same technical security standards as elsewhere, but stipulates a higher degree of physical security such as restricted access and a careful choice of server location.

One thing seems certain. Whatever their chosen degree of protection, American companies now join their European counterparts in knowing that the unthinkable can indeed happen. While the events of Sept. 11 were extreme?no attack in Europe has even come close to matching their horror?never again will U.S. CIOs be able to assume that it can’t happen here. It has, and it could again. And that’s something Europeans have known for quite a while.


Copyright © 2002 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Get the best of CIO ... delivered. Sign up for our FREE email newsletters!