Disaster Recovery Planning: Strategies for Protecting Critical Information Assets (2nd Edition) - Hardcover

This book is scheduled for publication on the eve of a new Millennium, as described in Western calendars. Indeed, for the past five years, "Year 2000 issues" have dominated discussions at every level of business and government—at least in the world's developed countries. Building to a crescendo of nearly deafening proportions by the end of 1999, the mainstream press has allocated millions of column inches to Y2K, creating a kind of mystique around a rather arbitrary date.

January 1, 2000 has been positioned as a watershed event in human history. Somehow, it is more than just another wintery pause in the seasonal cycles that determine agricultural prosperity, more than just another New Year's Day spent recovering from the Bacchanalian excesses of the previous evening's celebration, certainly more than just another Saturday spent working in the yard or watching TV or attending religious services.

For many, the date is loaded with symbolic significance. Year 2000 conjures to mind the conclusion of ten centuries of fast-paced technological innovation that has changed forever the society and culture in which we live. In just the past 100 years, we have witnessed the harnessing of the electron, the atom, the microwave, and the photon to meet the needs of everyday existence. The Industrial Revolution has come to flower, given way to a Computer Age, and now, courtesy of the global Internet, World Wide Web, and the ubiquitous Web browser, morphed analog reality into digital reality of the Information Age.

Doubtless, there are good reasons to select a day on which to pause and reflect on the past, to consider the present, and to prepare for the future. Some psychologists argue that the human mind requires bookmarks, milestones, and "closure events" to remain centered and healthy. One supposes that, to this end, January 1, 2000 is as good a date as any other.

However, Y2K has acquired a second symbolic meaning that is much less grounded in the psychological revolution that gave us Vatican II, no-fault divorce, and the self-help books of the 1980s. To many, the millennium is a mystical event, touching on a deeply rooted superstitious stratum seemingly present in the human psyche since the dawn of man. For a variety of reasons, Y2K is viewed as a harbinger of doom, a signal that some cataclysmic event is in the offing.

Hollywood understands the phenomenon and has provided a steady fare of disaster movies as the decade of the 1990s draws to a close. Recent wildly popular films have enabled audiences to "experience, " courtesy of Industrial Light and Magic and other computer graphic effects studios, the havoc and devastation caused by natural, man-made and even extraterrestrial disasters. With apologies to Bruce Willis and others, the acting and plot of these films do not explain their success. The real draw of the films appears to be the disasters themselves: tornadoes, volcanoes, earth-asteroid collisions, viral outbreaks, nuclear terrorism, and infrastructure collapse based on computer hacking. They satisfy a need in the viewers to confront their own mortality, if only vicariously.

Some of the movies are rooted in real-life disaster events, which seem to some observers to be coalescing as the end of the century approaches.

The World Trade Center and Oklahoma City federal building bombings underscored the reality of terrorism for a heretofore-insulated North American audience.

The eruption in 1980 of Mount Saint Helens, following a 128-year dormancy, and powerful earthquakes in California, including Loma Prieta/San Francisco earthquake of October 1989 and the Northridge/San Fernando Valley earthquake of January 1994, have stimulated concerns about geological disasters and their frequency. The National Earthquake Information Center of the U.S. Geological Survey is quick to point out that "while it may seem that we are having more earthquakes, earthquakes of magnitude 7.0 or greater have remained fairly constant throughout this century and, according to our records, have actually seemed to decrease in recent years."

The 1990s also gave the North America the costliest hurricanes in its history. While 1969 Hurricane Camille was the most powerful storm to date, Hurricane Andrew in 1992 racked up $26 billion in damage—the highest costs associated with any natural disaster on record to that point. As this book goes to press, experts are still calculating the costs accrued to 1999's Hurricane Floyd, which may well top Andrew's record. Between these devastating storms have been a steady wave of less powerful but very destructive cyclone events.

Some may say that life imitates art. Following the success of the movie, Twister, Bridge Creek, Oklahoma experienced a real-life encounter in May 1999 with an F5 tornado, a so-called a "Finger of God".1 This and many other severe storms, made the 1999 tornado season the most active since 1992. In part because of the movie, these storms commanded the full attention of the media, which subtly attributed the tornadoes, hurricanes, floods, and ice storms of the last decade to humanity's destruction of the environment and nature's reprisal. In some reports, the tornadoes were incorrectly correlated with the El Niño/Southern Oscillation effect.2 According to government tornado watchers, the number of tornadoes have increased as the century draws to a close, but this phenomenon does not correlate to El Niño/El Niña weather patterns in any statistically meaningful way.

The possibility of near-earth-orbit (NEO) asteroids and comets colliding with the earth has been part of science fiction lore since the Golden Age of the genre in the 1950s. As the millennium approaches, concerns about this threat have been fueled by several events. One was the 1994 collision of Comet Shoemaker-Levy 9 with Jupiter, which was photographed in brilliant color using NASA's Hubble Space Telescope and published in magazines and newspapers worldwide. The other was the hyperbole surrounding 1997 XF11, an asteroid originally thought to be on a collision course with Earth, but later determined to be no threat when it passes the planet at a comfortable distance in 2028. The mistaken estimate sent many millennium watchers to their underground shelters and found NASA asking for authority to censor such predictions until they could be properly verified.

One man-made disaster potential that has seen a marked increase as the millennium approaches is the computer virus. Bearing such innocuous names as Melissa, Chernobyl, and ExplorZIP, 1999's crop of viruses have already resulted in greater dollar losses than has malicious programs introduced in any previous year. Experts expect this trend to continue for three basic reasons. First, the widespread use of the Internet for email and file transfers provides a perfect mechanism for spreading viruses. Second, the increased sophistication of programming tools is enabling even novices to create powerful virus programs. Third, the increased complexity of common desktop applications, such as word processors, spreadsheets, and browsers, are providing a "target-rich environment" for exploitation by hackers and other malicious code writers.3

According to the FBI and the Computer Security Institute, virus-related costs are only a subset of a growing trend in crime directed at companies and enabled by computers and networks. Directed against critical infrastructure systems, such as the power grid, telecommunications, air traffic control systems, and so on, malicious programs and computer terrorism could potentially be as devastating as nuclear weapons.

Given the perception in many minds that disasters are coalescing as the millennium approaches, it is easy to understand how Y2K has become so closely associated with Armageddon. However, upon more sober analysis, few indicators point to a cataclysmic end to human existence on the first Saturday in January. It is a safe bet that the day will come and go without the seas boiling, dogs and cats living together, or any other apocalyptic nightmares being realized. If we are wrong in this conclusion, then this book will have a rather short shelf life.

What we may have to look forward to on January 1, 2000 (and possibly for several months after) is a set of irritating, and in some cases hazardous, interruptions in services that are supported by information systems and networks. These interruptions will have nothing to do with Nature's wrath or Judgment Day. They will be linked to simple, software-based, date calculation errors.

The Y2K bug exists in many older software programs, those written at a time when programmers did not consider how programs would behave when the calendar turned over from 99 to 00. Some of the software is compiled to execute on computer systems. In other cases, the software is embedded in microchips that are installed on computing and networking devices themselves.

Obviously, government and industry have known about the Y2K problem for some time. Significant investments in Y2K code remediation efforts began in the mid-1990s in most developed countries. In 1998, however, valida

8450F-5

The most complete guide to data protection, disaster recovery avoidance, and disaster recovery tools, techniques, and technologies!

Disaster Recovery Planning, Second Edition shows exactly how to implement world-class disaster recovery for today's distributed environments-without paying for expensive consultants or proprietary methodologies! Veteran planner and analyst Jon William Toigo delivers strategies and insight that any company can use, large or small.

You'll find comprehensive coverage of disaster recovery techniques that reflect the latest technologies in data storage, networks, server systems, and the Internet:

• E-business and Web based disaster planning and recovery
• Recovery strategies for n-tier client/server and ERP systems-the Achilles heel of modern corporate IT
• Low-cost steps you can take now to dramatically reduce the risks of disaster
• Guidelines for leveraging current and next generation IT and network technologies to ensure maximum protection for mission-critical business processes

Disaster Recovery Planning, Second Edition is linked to an accompanying Web site, http://www.drplanning.org, that will serve as a "living appendix"-keeping IT professionals up-to-date on disaster recovery for years to come!