Continuity of operations

News Flash: The United States have invaded Greenland.

In retaliation Denmark cut all USA traffic on trans-Atlantic cables,
and tit-for-tat Google and Microsoft have shut down all European
accounts for Google Workspace and Office 365.

There is no prospect for a diplomatic solution in the next year.

Describe your COOP plan for your business to survive.

Competitors always seem to know exactly what your next
move is. Following accusations of insider leaks at a shareholder
meeting you discover the problem is systemic; your VOIP, SS7
telecom networks and employee devices are compromised.

Implement an emergency interim communications system and policy
for minimum disruption. You cannot reuse credentials, so
describe effective key-sharing mechanisms to get the new
system running in 48 hours.

The first thing we say is "Jump in a time machine and go back six months". In other words the most important question is not what can you do? but what is it you already did?

This mindset of preparedness and anticipatory vigilance is Left Of Bang. COOP can never be 'reactive'.

A good place to start is always at the top, which means DNS. Nothing you do at the local network or device level is much use until you've ensured your domains are safe. Take a leaf from the books of Wikileaks, ThePirateBay, SciHub and SilkRoad; have one or more backup domains in countries that are beyond your adversary's reach. DNS is an extreme security weak-spot. Be ready with alternatives for all your internal and external name services and be sure web resources, apps and other software can easily be flipped to a backup (no hard-wired name spaces).

In exercise 1 you'll ideally have:

• complete on-prem mirror of all your cloud assets
• all of your documents already in a NATO/ISO format (IEC 26300:2006) able to be written and read by a wide variety of FOSS applications.
• tested minimal viable office/productivity flow using FOSS tools such as [Abiword] or [LibreOffice]
• a working exchange node located in friendly territory such as Proton, or self-hosted such as NextCloud, OwnCloud or Seafile.

Telecom systems should already be considered wide open following the disclosure of totally [hacked telecom appliances] post 2024. They have always had [vulnerable protocols] and all "smartphones" should be considered a security disaster area given the epidemic of [endpoint spyware ] and vendor malware.

Endpoints that have never been exposed to these networks and have entry points only through trustworthy VPN/Tor nodes should be a workable backup for C-Level executives to run a basic secure COOP network using auditable and build-verifiable FOSS tools (currently like Briar, Wire, or Element).

Talk to us to find out more about how left of bang thinking can help you prepare for continuity.