Following one of our previous articles on ransomware (“The risk of losing it all…”) and the three mantras to counter it – don’t get it; don’t pay; have disaster-recovery means in place – let’s discuss that third mantra again. How to avoid a disaster for your “crown jewels”.
Crown jewels? Of course, here we don’t mean the shiny carbon pellets belonging to the Queen of the United Kingdom and stored in the Tower of London but rather documents, files, settings and other data whose unrecoverable loss would signify a tremendous trauma for you and a significant setback for the Organization. A real disaster. Like you losing all your precious family photos from the day you and your kids were born. Some CERN examples might be:
- calibration data of accelerator or experiment components that took months of cosmic runs, low-intensity runs or other special runs to acquire or whose values have been fine-tuned over years of operation – think of cryogenics systems, the beam loss monitors, silicon trackers and calorimeters;
- calibration data, fudge factors, efficiencies, run information and similar values gained after iterations of reprocessing of physics data, accumulated knowledge of detector performance, zillions of cross-checks, and essential data for the correct interpretation thereof;
- physics analysis software – online or offline – leading to major discoveries;
- all the data necessary to perform a cold restart of your control system or computing service, or to reinstall it from scratch without the process taking more than a few days;
- configuration data essential for running computing services like the Active Directory, the collection of Puppet manifests or the EOS file catalogue;
- records of historical value like photos or our funding documents;
- Pension Fund records and investment plans;
- contracts, NDAs and other documents signed by and committing the Organization.
Ideally and theoretically, all that data (and any other crown jewels you know of and hold dear) should be placed in the safe custody of the IT department with multiple and independently stored copies in place, tested for recovery and well protected against alteration. But given the complexity and heterogeneity of the Organization, it’s better to be safe than sorry and to double-check.
Do you own any of the aforementioned or any other crown jewels? Where do you store them? Do the storage owners and storage managers know about them? Have they put the right means in place to really guarantee fully independent, unalterable and verified back-ups? Are you sure that your expectations of back-ups, business continuity and disaster recovery match what they offer? Tell us by email at Computer.Security@cern.ch.
Remember that there are three kinds of people: (1) those who don't back up (and regret it later), (2) those who back up but don't check their back-ups (and definitely regret it later), and (3) those who back up and check their back-ups. It’s not too late to check! You, as a CERN service manager, data taker, control system expert, trigger master, software custodian or document librarian, have a professional responsibility to ensure that your crown jewels are properly protected and backed up. So, talk to us or your storage provider. Figure out how your mission-critical information assets are handled. And make disaster recovery a priority. Otherwise, you risk losing it all… which would be a disaster for your crown jewels, and for CERN.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.