Calculating availability is a fairly well-worn path. It is a matter of dividing up time and then applying cost values.
Percent Uptime
Downtime/day
Downtime/month
Downtime/year
95
72.00 minutes
36 hours
18.26 days
99
14.40 minutes
7 hours
3.65 days
99.9
86.40 seconds
43 minutes
8.77 hours
99.99
8.64 seconds
4 minutes
52.60 minutes
99.999
0.86 seconds
26 seconds
5.26 minutes
I often hear large enterprise architects arguing that building to three nines (99.9% Uptime) is a necessity to avoid the high cost of outages. However, the cost of building a highly available infrastructure must also be weighed against the risk of confidentiality loss. In other words, how much will they increase the risk of sensitive data exposure in order to get from 99.5% to 99.9%? Regulations should help companies more clearly weigh the options (e.g. a $250,000 minimum fine for each incident in California is higher than a $100,000 outage).
This is not to suggest that confidentiality is more valuable than availability but rather, confidentiality should not be sacrificed for a particular architecture to achieve availability. The best solution is one that provides high confidentiality and availability, but it is likely to cost more than a solution that sacrifices one to achieve the other.
Recovery funds are accelerating the cleanup of contaminated facilities, soil, and ground water at one of the nation’s key nuclear weapons sites.
During the early 1950s, the Savannah River Site (SRS) produced tritium and plutonium-239 to be used in the manufacture of nuclear weapons.
[…]
Since the 1990s, the Department of Energy (DOE) has been working to clean up contamination on the 310-square-mile site in South Carolina. Recovery funds totaling $1.6 billion are allowing DOE to accelerate these clean-up efforts. DOE says the Recovery funds — from six separate awards — will reduce the SRS footprint by 75 percent by 2012, seven years earlier than previously planned.
It is amazing how large of an area is contaminated or otherwise impacted by these nuclear facilities — 310-square-miles!
Just one segment of the project, which already is completed, had 23 buildings spread over 40-square-miles. Quick trivia check: 40-square-miles is the same as 25,000 acres and…
Imagine if $1.6 billion was earmarked by the federal government for the same 310-square-miles to fund innovation and production instead of just reclamation (making the area usable again). Although innovation and jobs for reclamation are notable, this is a good example of the back-end costs that are sunk into fixing pollution.
Microsoft’s Threat Research and Response Blog says a recent update to their Malicious Software Removal Tool (MSRT) can now detect Renocide, a worm from 2008. The new MSRT in one week already has Renocide at #4 on the top ten infections list.
A description, with some signs of infection, was provided with the update.
Win32/Renocide is a family of worms that spread via local, removable, and network drives and also by means of file sharing applications.
It infects the network by scanning the local network using the subnet mask 255.255.0.0 and looking for writeable shares where it can copy itself and an autorun.inf file. It also uses the NETBIOS protocol to look for machines in the local network where it can plant copies of itself.
To infect computers beyond the local network, it plants copies of itself in the shared folders of popular file sharing applications. This step also involves social engineering techniques to maximize infection success.
Robert Reich brings up whether GE was cutting corners with security controls within the Mark 1 Reactor, but he does not address why and how regulators failed to stop a 90% failure calculation from widespread adoption. Did they accept compensating controls? Liability offset? Low probability of melt?
The New York Times reports that G.E. marketed the Mark 1 boiling water reactors, used in TEPCO’s Fukushima Daiichi plant, as cheaper to build than other reactors because they used a comparatively smaller and less expensive containment structure.
Yet American safety officials have long thought the smaller design more vulnerable to explosion and rupture in emergencies than competing designs. (By the way, the same design is used in 23 American nuclear reactors at 16 plants.)
In the mid-1980s, Harold Denton, then an official with the Nuclear Regulatory Commission, said Mark 1 reactors had a 90 percent probability of bursting should the fuel rods overheat and melt in an accident. A follow-up report from a study group convened by the Commission concluded that “Mark 1 failure within the first few hours following core melt would appear rather likely.â€
a blog about the poetry of information security, since 1995