Punjab National Bank CBS network offline for over 21 hours / DR site not ready

10 views
Skip to first unread message

Rakesh.Goyal@Sysman

unread,
May 24, 2012, 6:51:06 AM5/24/12
to Rakesh.Goyal@Sysman
There was a fire in CBS data center of Punjab National Bank (PNB) at 5, Parliament Street, New Delhi on 23 May 2012 at about 5:30 pm.
 
Since then whole PNB network is down. There is no transaction at any of over 5000 branches and all ATMs.
 
Even the main site www.pnbindia.in showing "Service Unavailable". Netbanking site www.netpnb.com is also unavailable at 3 pm on 24 May 2012.
 
 
Three main questions are - Fire Protection, DR Site and responsibility. These are not exhaustive or only questions but main in current situation.
 
1. Was there any fire protection at data center? Why fire protection (detection and suppression) systems, if any, was not triggered? Do they exist? Were they designed as per critical and Tier-4 data center. Or these were expired, untested or not available. Does the environment hygiene maintained in data center?
 
2. What happened to DR site? Why DR site had not taken over the network immediately or even after few seconds/minutes or even hours? It has to be seen whether the back-up of data till split second before fire is available. Does BCP exist?
 
3. Will some one at top management layer (Chairman, ED, GM (IT) or GM (Audit, Inspection or Vigilance) or CISO) will take responsibility and will be charged for the losses to the bank and it's customers?
 
There can be many more questions on controls like - the real-time online surveillance of data center; training and availability of people; fireproofing; security drill; type of material used; quality control; replication of data at DR site (if exist and used at hot site), etc.
 
Three main traits of IT security are CIA - Confidentiality, Integrity and Availability.
The performance and efficiency of management is judged on CIA.
Here -
A (availability) is gone for a six (or even ball lost). Data/Service not AVAILABLE for over 21 hours.
I (Integrity) of data is doubtful, if the back-up is not there and also doubtful as (a) every thing is burnt at main data center and DR Site is in limbo.
C (Confidentiality) - Allah Malik!!!
 
How much do you rate PNB management on IT Security on 1-10 scale (10 being excellent)?
 
Rakesh Goyal
 
Reply all
Reply to author
Forward
0 new messages