Neighbourhood Cyber tracks availability of critical infrastructure, offers alerts for citizens, and keeps a historical record.
Currently, this proof of concept is monitoring web-based, public-facing aspects of critical infrastructure, as a proxy for overall availability.
Using Neighbourhood Cyber, I'm exploring methods which can be used to be reliably notified when specific services become unavailable or degraded, and wider issues become more likely. When selections monitored by each Watchtower have better alternatives, they will be updated.
Information currently tracked includes:
- uptime, and
- average response time.
Average response time itself is not expected to be an indicator of degradation, as the metric is affected by latency between the monitored selections and GitHub's infrastructure (on which the Watchtowers rely). However, sudden changes in response time could be a possible relevant indicator of a developing incident.
What set of services are considered critical infrastructure?
Have a look at the watchtower for Helsinki, Finland and use the symbols below to connect types of infrastructure with local providers.
Two-thirds of people do not have an emergency supply kit that likely contains water, so they are missing the multi-day supply of water recommended by emergency services.
People tend to rely on centralized energy supplies to power mechanical devices considered critical, such as water pumps, mobile phones, and transportation.
A majority of people's communication relies on centralized (as opposed to distributed) infrastructure to contact each other and contact emergency services.
A society that loses the ability to provide medical care...
If you can't get around, your society is going to experience issues.
A society that cannot transact...
A society that cannot provide emergency services, such as ambulances,...
Critical components of critical infrastructure should be airgapped. But, whether airgapped components exist or not, society is largely moving towards more connectivity. The same connectivity that allows threat actors better access to potential targets, can also provide citizens the information to respond.
A monitoring project that is not limited to geographic regions opens up the possibility of response teams that are similarly distributed. Teams with members in multiple timezones can react faster to rapidly developing incidents, as folks with on-call experience in technology operations can attest.