Survival Guide: Perspectives from the Field -- Gregory Burnham, chief technology officer for the Port Authority of New York and New Jersey
- By Joab Jackson
- Sep 05, 2002
When terrorists flew a jet into the 90th floor of the World Trade Center's north tower, Gregory Burnham, who was in his office on the 71st floor, had one main focus: get out with his staff and let his family know he was OK. But once the dust settled, he had an even larger task. As chief technology officer of the Port Authority of New York and New Jersey, he had to replace the vital parts of the port authority's IT system that were housed in the World Trade Center complex. Manpower ? 74 port authority police and civilian employees were killed ? and the supporting infrastructure, such as roads and telephone lines, were in bedlam. Washington Technology Staff Writer Joab Jackson spoke with Burnham to find out how his office responded and what lessons he learned from the ordeal. WT: What were you doing when your building was struck?
Burnham: I was on the phone with a client. I thought [the attack] was a bomb. The building rocked so far south that some things rolled off my desk. It righted itself, then rocked the other way. Those of us in the building really didn't know what the cause was. Unfortunately for us, the cell phones didn't work in the stairwells. So I went down the 71 flights [not knowing what just took place].WT: What parts of the port authority system were located in the World Trade Center?
Burnham: It was not our main processing area, [but other elements such as] our Internet infrastructure, which included the switch that took us to our outside service provider, and the firewall were located there. We had some critical system servers there, too, including EZPass, which is our electronic toll payment system server. WT: What functions did you have to get running again immediately after Sept. 11?
Burnham: We decided we needed to make payroll, pay bills and bill people. We actually made payroll that Thursday. [Sept. 11 was a Tuesday.] There were some unique challenges there. We did not lose the machine that the payroll was running on, but we lost all the folks who were doing payroll and lost some very specialized pieces of equipment used to print checks.
Because the transportation system was shut down, we couldn't get the specialized equipment, so we did some creative things working with the banks to get the checks out, compromised on the coding on the checks and what not. WT: What sorts of precautions did you take that worked out successfully?
Burnham: Interestingly, the EZPass server was backed up at our main data center site, and it failed over nicely to that server.
The network was designed to be self-healing, but there are some smaller problems that turned up. For example, the local telephone companies didn't have the wherewithal to keep up with the demand for reallocating circuits. So now we're considering whether we can find bandwidth capacity outside the telephone companies.WT: Were there things you could have done to better prepare for such an attack?
Burnham: There was no way to ever prepare for the attack we had, but there were a few things we didn't do that, in reflection, I think we should have done differently. For example, we didn't insist that people back up their departmental systems to our central facility. We had that capability, but we left that as an individual manager's decision. We're not doing that anymore.
Another thing we learned is that paper is much more fragile than anyone thought. I think if you asked someone, even today, how to save something, they may say, "Print it out, and put it in a file." But it turns out that the stuff we lost was the stuff that was on paper. The stuff that we kept was the stuff that was on machines. We had a fairly large project in October in which we went through our
e-mail archive to reconstruct documents that were on paper.
We had business recovery plans, but we never established a chain of command in those plans. We assumed that the people involved would all be alive. A typical information systems group would not think they would need a chain of command, but I could imagine if I hadn't been there, the three people who were reporting to me would have scrambled to find out who is in charge.
Joab Jackson is the senior technology editor for Government Computer News.