by Duncan James
***
Bill Denning was one of the key managers within the Global Crossroads organisation. It was his job to oversee the monitoring of their whole operation, and to ensure that any interruptions to the service they provided to their customers were immediately rectified. It was a 24-hour/seven day a week responsibility.
The GXR operations room was in the bunker beneath what was once the Financial Times building at Canary Wharf in the Docklands area of East London. International businesses and organisations that needed to transmit information and data securely and reliably over the Internet depended on Global Crossroads to provide that service.
Bill knew full well that the organisation had a unique record, and it was a major part of his role to ensure that its reputation was maintained. The sheer volume of their work and the responsibilities they undertook on behalf of others was always a major concern, and often caused him sleepless nights.
For one thing, Global Crossroads had negotiated and signed a unique network security agreement with the US Government, and the UK security services had confirmed that GXR provided one of the most reliable and secure environments available for this sort of activity. For this reason, they were the leading provider in the highly security conscious government communications sector. They had designed, installed and now operated the Government Data Network, providing secure data services both nationwide and internationally, as well as a fully managed telecommunications service supporting over 90,000 end users in over 90 UK government departments and agencies. GXR also provided a secure networking service to the Royal Air Force and had a framework agreement to provide similar services to the 26 member countries of NATO. As if this wasn't enough for him to worry about, his organisation also provided a secure communications network linking 240 British Embassies to the Foreign and Commonwealth Office.
But at the moment, it was none of this Government activity that bothered him.
Something was wrong in the banking sector of GXR's operations.
The facilities required for the international banking community were very similar to those required by the government and the armed services. Indeed, banks used the same IBM 4758 crypto-processors that were used by the military and governments across the world to encode highly sensitive information sent over their networks. Bill's organisation had provided them with a further vast array of secure network services, which overlaid their own systems, to meet their individual business needs. They had helped the banks with business continuity planning and disaster recovery, as well as providing back-up network design strategies and installing a leading-edge self-healing architecture to ensure the reliability of the whole operation. Like the government, and other organisations for whom Bill's company provided facilities, the banks' major need was for security and privacy, but given the differing global timescales in which the banking community operated, they also required total 24-hour reliability.
What Bill and his team monitored was the integrated international network system that had been established to meet this requirement. They had developed and installed a rapid reaction automated fault detection protocol that offered a unique level of monitoring and control for the banks' worldwide operations. It wasn't as if this managed security service, as it was known, was simply installed and left to get on with it. As its name implied, it was 'managed'. Constantly monitored. Every aspect of it, like the Intrusion Detection system, which looked for attempts to interfere with the integrity of the system from inside as well as outside the organisation. So was the Intrusion Prevention system, and the Email Security Service, and the Firewall. Everything that went to make up the Managed Security Service as a whole was constantly monitored by GXR.
And yet, in spite of all that - together with the banks' own sophisticated security systems, which were themselves deemed to be impregnable - in spite of all that, it appeared that someone, somewhere, had managed to gain unauthorised access.
Bill and his colleague Alan Dale, who looked after the banking section, were together in the Ops. Room, looking at the schematic world map - rather like the London Underground map - which showed all the links and connections that the banks used for their international operations. While the lines showed green, everything was working and all the connections were in place. Any fault, or break in the service showed up in a pulsating red. It updated itself every ten minutes.
Alan indicated a short section in Colombia, showing red.
"Look at that," he exclaimed, pointing. "Some silly bugger has put his drill through the fibre optic cable again - that must be the third time. The sooner they finish that by-pass round Bogot?, the better."
He grabbed the phone, and got through to their man on the spot, who would have to sort the problem and arrange for computers to be re-programmed. Meanwhile, traffic between the banks' computers had automatically been rerouted. There would have been a short interruption to the service, but probably no one had noticed. Except the people GXR, whose job it was to notice, and to manage the system on behalf of their clients.
Alan finished his call.
"He wasn't best pleased," he said. "Columbia's five hours behind us, and he was still in bed. But he called up the map on his laptop, and could immediately see the problem, so is getting on with it."
"These things happen," commented Bill. "But it's the series of unexplained interruptions that concern me at the moment."
"Me too," agreed Alan. "I've been through the logs again, I still can't turn up any clue as to what might have caused them. The only thing I'm sure about is that it's not us."
"So far as you can tell, there's nothing wrong with the integrity of our systems?" asked Bill.
"Nothing," Alan reassured him.
"I'll tell you why I wanted to meet you here," said Bill. "You remember that I told our chum Alistair Vaughan at the Bank of England about the recent unexplained blips?"
Alan nodded.
"Well, he's been back on to me," continued Denning, "to say that a couple of the dates matched what he called 'incidents' that had been reported to him by another bank."
"What sort of 'incident'?" asked Dale.
"He wouldn't say, I suppose for obvious reasons. But he did ask if we could look again at those log entries specifically. He's particularly looking for clues about where the possible intrusions took place."
"Well, we can look again, but we won't find anything, I'll bet."
"I told him that," replied Denning, "but said we'd check for the umpteenth time. These are the ones he's interested in."
Alan Dale looked at the piece of paper Bill Denning handed him, and pulled up the log on the computer.
"Our big problem here," said Dale, "is that these interruptions were so short that they almost didn't happen. Not like our chum with the road drill in Bogot?, who makes a job of it every time. You see," he said, pointing. "No total shut down at all, even briefly. They were just blinks on the system, which could have been anywhere."
They studied the screen in silence for a few moments, and not for the first time.
"If you want my opinion," offered Alan Dale, "this is an insider somewhere, using someone else's log-in and password to get unauthorised access. The system senses something wrong, but immediately finds that it isn't a real intruder because it recognises an individual's identity."
"Even if the identity doesn't actually belong to the individual using it?"
"Quite. The computer has no way of knowing that."
"I can't imagine how anyone could ever devise a software programme that could spot the unauthorised use of a perfectly legitimate ident." commented Bill.
"The only way to do that would be through the linked use of biometrics - physical identification like an iris pattern or DNA or even finger prints - something like that," suggested Alan.
"That doesn't help Vaughan and his current problem, though," said Bill.
"It simply has to be an inside job, if you ask me," opined Alan Dale. "I can't think that it's any kind of machine fault anywhere."
"I agree
," said Bill Denning. "And Alistair Vaughan thinks the same, too. He's already started looking, and so, apparently has the bank involved in one of the 'incidents'."
"Good luck to them," exclaimed Alan. "Without knowing the routing affected, where the hell would you start? It could be anywhere in the world."
"Vaughan is starting at home."
"Within Threadneedle Street you mean? I suppose it could be someone there, who could access all the codes - perhaps even in the international clearing section. But it's a very long shot."
"I agree," said Denning. "But he has to start somewhere, and you never know - he might just be lucky."
"Incidentally, have you told him we've had a few more cases since you first spoke to him?" asked Alan Dale.
"I haven't, but I suppose I should," replied Denning. "In case any more 'incidents' turn up."
"I'd love to know what's going on," said Dale, "even if only to prove our systems are all working as they should be."
"We certainly can't find anything wrong anywhere, so I think we're OK," said Denning. "We would have heard from our clients soon enough if they were having problems. And it's interesting we haven't - not from any sector at all, not even the financial world. But somewhere, at least one bank has had to report an 'incident' to the Bank of England - perhaps more than one. So I don't think our data transmission procedures have been compromised in any way, but I do think someone somewhere is getting unauthorised access to one of the systems used by the banking fraternity. I can't think of any other explanation."
"It would be handy if we knew where these cases of ours actually took place," said Alan Dale.
"It would certainly help Alistair Vaughan," agreed Bill Denning. "But if it is somewhere within the banking system, then he may eventually be able to tell us."