Earlier in my professional life I worked in information security, risk management and privacy. This allows me to joke that the early stages of my career were focused on the protection of information and the current stage on the sharing of information.
One of the projects I was involved in was the Canadian Government’s Secure Channel. It was a massive effort to bring government services online. The delivery team had to tackle many complex issues such as capacity, federated identity, security of information in transmission and storage, and privacy of personal information particularly as it applied to cross-departmental interactions.
Among the early design decisions; the entire system had to be available 99.999% of the time (the entire system couldn’t be offline for more then five-and-a-half minutes each year) and be able to handle the volume of traffic typical of the final hours of net filing of personal tax returns experienced by the Canada Revenue Agency.
Basically, Secure Channel was an incredibly complex system which had to be mostly over-architected for 364 days of each year.
Add to the mix that integrity of the data was incredibly important. If the data couldn’t be trusted the entire Secure Channel would be useless. That meant layering security controls such as intrusion detection, prevention and integrity monitoring systems.
To recap, we’re talking about a distributed, high-availability, high-capacity, load-balanced, trusted secure system which allowed citizens to do business with their government with confidence. The complexity and costs earned Secure Channel the label “billion dollar boondoggle.” (See I worked on The Secure Channel, a $1B â€˜boondoggle’)
This past weekend provided an important example of why systems are becoming so complex. The reliability of the NDP Leadership vote results have been questioned by some because a Distributed Denial of Service (DDoS) attack against the online voting system interfered with NDP members’ ability to cast their ballots online.
Put simply, DDoS attacks are like orchestrated traffic jams. The data remains intact because it can’t be reached. The meaning of the data is questioned because of concern the data provided might come from a small sample. In one case I know of, a BC-based NDP member had to try for a full hour before being able to register his vote. How many people gave up trying or were never able to get through? How many people succumbed to voting fatigue brought on by each subsequent round of voting and cascading delays in reaching the system?
Like it or not, big money, big government and big politics are desirable targets for elements of computer culture interested in a personal challenge or making a political statement. This also introduces thoughts of political war room tactics.