9/11: Attacks Changed the Way Companies View IT
The Sept. 11, 2001, terrorist attacks led to scores of changes in how U.S. residents live and do business, and the IT industry was not spared.
The 9/11 attacks, coming just after the late '90s Internet boom, were a wake-up call for many IT managers who hadn't contemplated the possibility of their entire computing systems being destroyed without warning, some IT managers and company executives said.
"Many companies maintained their systems under the basic idea that they could reconstruct the systems with only minor interruption to the enterprise," said Keith Payne, IT security officer at Javitch, Block & Rathbone, a law firm with offices in Ohio and three other states.
Losses of technology and intellectual property on "such a large scale" were considered unlikely before 9/11, Payne said.
"Before 9/11, our customers did not heavily evaluate the possibility that the entire firm could cease to exist with no pre-indicators," he said. "We have made large investments in identifying all assets in the scope of how they contribute to the overall ability to operate. No longer are the days of backup tapes being moved off-site weekly; now mirrored systems are maintained with geographical separation."
Ten years after 9/11 cloud storage and disaster recovery remain high-growth areas in the IT industry. ABI Research predicted the global market for business continuity and disaster data-recovery products would grow from US$24.3 billion in 2009 to more than $39 billion in 2015. The open networked disk storage market grew 15 percent between the second quarter of 2010 and the second quarter of 2011, rising to $4.8 billion in revenue, according to IDC.
The 9/11 attacks were a "tipping point" for IT and U.S. awareness of terrorism, added Chris Caldwell, CEO and co-founder of LockPath, a vendor of risk management and compliance software. "Prior to the attack, American companies may have been prepared for natural disasters -- 2011 events like the D.C. earthquake, Midwest tornadoes and Hurricane Irene -- but most didn't have terrorist activity on their radar at all," he said. "Now, most companies -- especially those on Wall Street -- have taken a hard look at their business continuity plans and disaster recovery practices."
Vineet Jain, CEO and co-founder of cloud storage vendor Egnyte, points to 9/11 and later major disasters as leading to the modern cloud storage industry. The attacks showed that a single data center is more vulnerable than backing up data at multiple locations, he said. The attacks also led to a discussion in business circles about cybersecurity, with raised data security expectations from customers, he said.
The attacks created a "classic turning point" where business customers became more concerned about data security and availability, he said.
The 9/11 attacks also led to new government demands for information from businesses. Civil liberties groups protested after revelations that major telecom carriers helped the U.S. National Security Agency monitor the communications of some U.S. residents, and the U.S. Patriot Act, passed in late 2001, expanded the use of so-called national security letters allowing the Federal Bureau of Investigation and other agencies to issue secret subpoenas for information about customers.
But for many businesses, 9/11 led to internal examinations about disaster response and recovery, executives said.
Now, even small and medium-sized businesses realize their entire operation can be wiped out in an instant, said Leib Lurie, co-founder and CEO of One Call Now, a provider of a mobile-phone messaging service and an Egnyte customer. U.S. businesses must now focus on preventing data loss and recovering quickly after a problem, he said.
"The depth and breadth of threats are astounding," he said. One Call Now had six employees in Joplin, Missouri, when a major tornado hit the city in May, but the company had the data backed up.
The 9/11 attacks "geared people toward a completely different way of thinking," Lurie said. "Everyone has always had backup and colocation and back-up plans, every large company has. After 9/11 and [Hurricane] Katrina and the string of other things, even a three-person law firm, a three-person insurance agency, a doctor with his files, if your building gets wiped out and you have six decades of files, not only is your business gone, not only is your credibility gone, but you're putting hundreds of lives at risk."
The loss of a doctor's records could be fatal in some cases, and with the loss of a law firm's records, "you could have people tied in knots legally until you find alternative records, if you find them," Lurie said.
In recent years, Lurie sees more IT vendors, including his company and Egnyte, focusing on emergency response and recovery needs of small and medium-sized businesses, with product pricing geared toward businesses with small budgets. In many cases, cloud-based storage can be cheaper than building a new data center, he said.
The attacks spurred the creation of more robust IT systems and led to a focus on disaster recovery, said Rich Arenaro, CTO at Stroz Friedberg, a digital forensics and investigations firm.
Even with an increased focus on the impact of disasters, Arenaro sees some "arrogance" in the IT industry about cyber-attacks not tied to disasters. The 9/11 attacks led to an awareness of the problems created by data losses, but many businesses still don't take cyber-attacks seriously enough, he said.
The 9/11 attacks showed that terrorists can hijack airplanes. Later cyber-attacks showed that simple-to-use hacking tools are available to people with limited IT skills, he said, even though ties between hacking and traditional terrorist groups are tenuous.
Cybersecurity plans can't be limited to filling out forms or thinking about the issue once or twice a year, Arenaro said. Businesses can't "convince ourselves that it can't happen to us, or it's unlikely to happen to us, or we're not important enough to be a target," he said. "We have to look at this as an industry, and say, it doesn't matter if you're the big guy or the small guy. We're only as strong as the weakest link."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is email@example.com.