Planning for no Power and no Internet

While we must secure machines on the Internet we must also plan to survive without it. I am not talking individuals but nations. I often hear about the cost of human life if our power goes down. What are we doing to mitigate that cost?

I was talking to a guy at a security meeting in Seattle. I said we have to plan for no Internet. He scoffed and said the "horse is already out of the barn door". In other words the Internet is here to stay. I hope he doesn't get too hungry if/when the power goes out and the Internet goes down or even if just the Internet goes down and we still have power.

For every major digital system there should be a planned paper system. It should be something that could be implemented on a very timely basis. If not paper then a manual system should be planned. Both types of parallel systems should be desk-audited, tested and certified.

The cost of this planning will be high while the cost of not planning will be higher. Most experts agree that our power system is highly vulnerable. Without power there is no Internet. Suddenly the horse that is "out of the barn door" just vanishes" but the issues it was designed to solve don't.

As an industry securing information-flow systems (not just digital ones), we need to have conversations about planning for no Internet. We need to keep in mind the critical-system dependencies we are building and have a plan for if those dependencies fail. We also need to limit the critical-system dependencies to what makes sense not just ones we can create for convenience. This needs to be done on the federal, state, municipal, company, and organizational levels. The largest concern being federal.