There’s a piece of received wisdom from the years of the Cold War that if the Russians[1] had ever really wanted to start a land war in Europe, they would have done it on Christmas Day, when all of the US soldiers in Germany were partying and therefore unprepared for an attack. I’m not sure if this is actually fair – I’m sure that US commanders had considered this eventuality – but it makes for a good story.
If I were going to launch a cyberattack on the US, I would do it on the 4thof July. Now, to be entirely clear, I have no intentions of performing any type of attack – cyber or not – on our great ally across the Pond[2]: not today (which is actually the 3rd July) or tomorrow. Quite apart from anything else, I’m employed by[5] a US company, and I also need to travel to the US on business quite frequently. I’d prefer to be able to continue both these activities without undue attention from the relevant security services.
The point, however, is that the 4th of July would be a good time to do it. How do I know this? I know it because it’s one of my favourite holidays. This may sound strange to those of you who follow or regularly read this blog, who will know – from my spelling, grammar and occasional snide humour[6] – that I’m a Brit, live in the UK, and am proud of my Britishness. The 4th of July is widely held, by residents and citizens of the USA, to be a US holiday, and, specifically, one where they get to cock a snook at the British[7]. But I know, and my European colleagues know – in fact, I suspect that the rest of the world outside the US knows – that if you are employed by, are partners of, or otherwise do business with the US, then the 4th of July is a holiday for you as well.
It’s the day when you don’t get emails. Or phone calls. There are no meetings arranged.
It’s the day when you can get some work done. Sounds a bit odd for a holiday, but that’s what most of us do.
Now, I’m sure that, like the US military in the Cold War, some planning has taken place, and there is a phalanx of poor, benighted sysadmins ready to ssh into servers around the US in order to deal with any attacks that come in and battle with the unseen invaders. But I wonder if there are enough of them, and I wonder whether the senior sysadmins, the really experienced ones who are most likely to be able to repulse the enemy, haven’t ensured that it’s their junior colleagues who are the ones on duty so that they – the senior ones – can get down to some serious barbecuing and craft beer consumption[8]. And I wonder what the chances are of getting hold of the CISO or CTO when urgent action is required.
I may be being harsh here: maybe everything’s completely under control across all organisations throughout the USA, and nobody will take an extra day or two of holiday this week. In fact, I suspect that many sensible global organisations – even those based in the US – have ensured that they’ve readied Canadian, Latin American, Asian or European colleagues to deal with any urgent issues that come up. I really, really hope so. For now, though, I’m going to keep my head down and hope that the servers I need to get all that work done on my favourite holiday stay up and responsive.
Oh, and roll on Thanksgiving.
1 – I suppose it should really be “the Soviet Union”, but it was also “the Russians”: go figure.
2 – the Atlantic ocean – this is British litotes[3].
3 – which is, like, a million times better than hyperbole[4].
4 – look them up.
5 – saying “I work for” sets such a dangerous precendent, don’t you think?
6 – litotes again.
7 – the probably don’t cock a snook, actually, as that’s quite a British phrase.
8 – I’m assuming UNIX or Linux sysadmins: therefore most likely bearded, and most likely craft beer drinkers. Your stereotypes may vary.
Alice, Eve and Bob - a security blog 
litotes — new word for me. Thanks.
LikeLike