Is it possible to have a backup of important data that can withstand an EMP or similar event (solar flare?). (see an earlier brief thread about these phenomena and their effect on electronics) I came up with this question while revisiting my backup strategy and idly going into more extreme scenarios.
As far as I understand, you would need to put a USB drive, HDD or SSD in a Faraday cage, basically a metal box. This brings to mind further questions: Are there differences in susceptibility of different kinds of storage? Does it matter if the drive itself seems to be largely a metal enclosure?
Similarly what would suffice for a Faraday cage? I though of using a cookie tin or paint tin. Would a wrapping of tin foil suffice? (some ideas in an earlier thread)
And ultimately, does it even make sense to take such precautions? From what I gather from an earlier discussion, an EMP would not destroy the world infrastructure except if it is so strong that it would also kill all life.
Honestly, your best bet is to backup your data to the cloud. There are all sorts of services that offer this at various price points depending on what you want. Anywhere from free to expensive depending on many factors.
You do not even need an EMP or solar flare event to mess with your data. Cosmic rays can do it and they are not uncommon.
If you are running some vital servers that need to be hardened then you should have someone working for you managing all of that.
As for is it worth it? Only you can answer that. How much is your data worth to you? How bad is it if you lost everything? That can be from meh to life is ruined. Then you have to decide how much effort and cost you are willing to tolerate to protect that data.
Good point about cloud storage, but I have three reasons not to rely solely on the cloud.
First of all, I’m not entirely sure that a sufficiently large-scale event would also destroy cloud storage, or at least seriously disrupt it for a significant amount of time.
Secondly, I have reservations about privacy of cloud storage. I could store data in encrypted files and store those encrypted files in the cloud, but I’d have to think about that workflow.
Thirdly, cloud storage is no guarantee that your data will not be lost. If they muck up their backups you can lose all your data, and you have no recourse. Cloud storage can at best be an additional backup. But you are correct that it may be a very useful additional option to secure vital data.
So maybe my question is a bit more theoretical, in that a combination of local disks, cloud storage (of encrypted files) may already suffice even in the absence of Faraday cages.
Can you create a sufficiently secure local storage with external disks or USB drives that can withstand EMPs and the like, or is that infeasible?
What is “feasible” is how much money and time you are willing to spend securing your data.
Again, you have to decide your pain point. Is the workflow to encrypt your data for cloud storage worse than building Faraday cages and buy uninterruptible power supplies and gas generators? Is your data of a nature that encryption is really important? I mean, it may bug you that the NSA is looking at pictures of your grandma’s 90th birthday party but do you really need to encrypt that?
Cloud storage reliability is pretty great if you use the big players. They cater to mega-corporations. Guaranteeing their data integrity is job #1. Again, how much are you willing to pay to make SURE your data never, ever gets corrupted/lost?
I can tell you that doing it on your own, in your own home, will be very expensive and time consuming to get to the level of cloud storage (the big players) or better.
Maybe it is better for you to say how much money you are willing to spend (total or monthly) to secure your data and people here can (maybe) suggest the best you can do with that money.
As I stated, take the question as theoretical, if you prefer. As I indicated, I’m not actually concerned about the possibility of EMP or solar flare or whatever, if I really think about it. But I am interested to see what science and engineering says about this.
To what extent are current USB drives and SSDs able to withstand an EMP, if they have a metal casing? And if they are not, is a simple metal enclosure actually doing anything at all?
Or are even stronger measures needed if you actually wish to accomplish something?
As you say, everything has a price point. What is the price point for what levels of safety against such occurences? I’ve not been able to find anything but WAGs or very broad generalizations, so I wonder whether anyone is able to actually provide hard data.
It all depends on what exactly you’re trying to defend against. Some kinds of EMP or solar event only affect systems with kilometers of wire in them. This can take down a power grid, but won’t do anything to anything disconnected from the grid, so if that’s what you’re worried about, just unplug the backup computer while you’re not actively doing backups. On the other hand, if the EMP is from a nuke, and the nuke lands right on top of your backup facility, it’s toast no matter what you do (other than having multiple backups in different cities, but then we’re back to the cloud again).
For the subject at hand, this is pretty close to the worst possible advice in the whole world.
Retrieving information from cloud storage has four separate points of failure. One is that you have to have a working device. The second is that that device must be capable of accessing the internet. The company that hosts your data also has corresponding points of failure on their end. ALL FOUR points MUST be working for data retrieval to be successful. In the event of a major flare or EMP, the likelihood that all four points will be working is extremely low.
Proper enterprise cloud storage like Azure allows you to bring your own encryption key, storage is secure out of the box. There is nothing additional required to implement.
It is not bad advice at all unless you are the NSA or Defense Department or Raytheon.
Just what kind of system do you think the average Joe can build at home that will be more resilient than (say) Amazon Web Services?
I have been to a data center. They are not a few computers in someone’s basement. They are in reinforced buildings (i.e. you cannot drive a truck through the wall), have massive security, numerous backup power systems, redundant everything, fire suppression systems that won’t harm the servers, your data is backed up to remote locations and they have staff who know a whole lot about this stuff maintaining things 24/7/365.
You can do better to ensure you don’t lose all of your family photos? Good luck.
Again–for the subject under discussion–I absolutely can do better; very easily, in fact. I can make back-ups to an external drive, unplug the drive, and put it in a Faraday cage. Will the data center do that for me?
A Faraday cage is unnecessary. Even an EMP won’t fry an isolated hard drive or SSD.
The problem is: what happens if the drive is running? Then you may have problems, since the induced voltage on the power lines might be substantial.
If you can tolerate batch backup, optical discs are pretty darn tough.
This would be my question. How long a lead wire does a device need to be susceptible to EMP? Should I make a point of unplugging the 6-foot USB cable that came with the drive? Does a wifi antenna put a device at risk? Would a battery UPS be fried? I’m assuming my backup power generator or solar or wind turbine install would be toast since these rely on electronics to manage the power in and out and have plenty of exposed wiring.
Naturally, the obvious backup-to-external-drive solution (or any solution) should rely on multiple storage media, rotated in turn. Full protocol for a business backup also says rotate offsite in case of catastrophic failure of the local site. (Fire, burglary, etc.) After all if the system crashes in the middle of the write you could end up with unreadable data and backup media.
But then, where? A bank safe deposit box would be secure, but if the whole computing infrastructure is fried, banks may not be open for business. How reliant on electricity is a bank branch for access to the vault?
To be fair, if there’s an EMP event, a non-natural even capable of destroying significant chunks of the internet and reducing a significant portion of the computing infrastructure to junk - then business continuity will likely be the least of anyone’s worries, and probably permanently irrelevant. If the banks can’t run, neither can you or the places you do business with. I’m hoping that whoever has designed those data centers has accounted for EMP.
(How do you do that? A faraday cage around the data center and its power supply, and all external connections via fiber optic?)
To withstand an EMP or solar flare I would not rely on a HDD, SSD, or other storage where the read/write electronics are packaged with the data. Use something like tape or optical disk. If the electronics on a HDD are fried, then the drive is unreadable (outside of very expensive clean-room platter swaps).
The suitable storage environment for the tapes or optical disks is much more forgiving than for a hard disk. An event that will fry the electronics on a HDD aren’t going to do anything to a Bluray. If your tape or disk reader fries, then just buy a new one. That also means, sticking with a tape or disk format which is modern, and the readers are easy to obtain. This does mean migrating to a new format every decade or so.
If it is a global event which destroys all readers and capacity to make more, then you have bigger problems than some missing data.
Cloud might also work, as long as you distribute it around the world. If your primary data is in the US, then buy cloud storage in Amazon’s Sydney availability zone.
There are lots of tools to automate encryption and secure backup to the cloud, so no need to reinvent a whole process, just install rclone or something.
This is the 64 Billion dollar question - an external hard drive, the small USB type not connected to any cables, is the circuit board alone enough of an antenna to pick up chip-destroying EMP power? Or is this a mischaracterization of the thereat - that the long-ish power line leads and network cable leads are the threat to modern interconnected electronics. Almost everything has a wire to the nearest breaker panel, usually 50 feet or more. Same with network cables, they can be a run of copper (interconnected cables) up to 300 feet. That’s a fairly long lead to pick up an induced current pulse.
In the Carrington event, telegraph lines sparked at the operator keys. Solar flares have induced currents that kicked breakers on long distance power lines. A quick search does not give me details on what a nuclear EMP threat really does and to what.
Of course, if most of the computers in the country are fried, including the ones used to run chip-making facilities, recovery will be measured in years or generations.
I am going to acknowledge the ignorant question before I ask it:
what kind of data is worth going to that level of protection, knowing that the backup is only going to be needed if the country’s electricity and computing infrastructure are both fried? In that situation, we are in “shit hits the fan” mode, so a company can access its data, but no one can get to work, or do anything with the data. Isn’t the backup, even if successful, just an expensive paperweight at that point?
For me at least the issue is that there is a large variety of events, from countrywide failure to more localised effects. You can’t assume that if you lose your data that all of society is lost. If some event occurs on a lesser or more localised scale, it might not disrupt society but only make a few unfortunate individuals lose data (or lead to corrupted data). I like to take precautions insofar as feasible, so as not to be one of those unlucky persons. This thread is intended precisely to get a more solid assessment of the actual risks and the possible safety measures. If it turns out that those are infeasible or very expensive, at least we would know that this is so. And this site is dedicated to knowledge, isn’t it?
From what I understand, the consensus up to now is actually that you do not need costly measures at all, which is comforting. Even an external disk is apparently much less prone to malfunction in such events than computers. So there is no problem with high costs.
For me personally I have a lot of data that I would prefer to keep, because a lot of work was put into it or because of sentimental reasons, just like people keep diaries and photo’s and financial records. If there are easy measures to take, like simply locking an external disk in a metal box or burning a DVD, I think it may be worthwhile to also look into those. I don’t understand the vehemence of some posters against such strategies. Apparently a lot of people do not have data they want to keep, that’s fine by me, must be nice.
Incidentally, from my point of view cloud backup is a very bad idea as a single backup mechanism. You are reliant on proper internal procedures: a single fuckup by a lowly technician can lead to you losing your data, and the cloud company does not owe you any duty to attempt to retrieve your data (read the T&C closely). There are sufficient cases of this happening to individuals. And that is not even going into security breaches.
To my mind it is better to have multiple backups, on multiple locations spread wide apart geographically. Cloud backup can at best be part of a solution (if you accept the risk of security breaches). But that is besides the question that I started off with.
Thank you. From some of the replies, I was thinking of a really large, cataclysmic type loss (probably my own misunderstanding). Your answer clarified it nicely.
Backups are extremely important. Data exists n-1 times. If the data is in only 1 place, then it is really in 0 places. If data exists in 2 places, then you finally have 1 copy of the data. This is the case because any single copy of the data will disappear without any notice at a random time.
Choosing the exact method of backup will depend on several non-independent factors
Cost (we don’t all have infinite money)
Convenience (difficult backup schemes will not be followed)
Size of the data to backup (1GB, a few TB, EBs)
How quickly the data changes (daily backups, hourly, monthly, once?)
Event to protect against (drive failure, house fire, large scale natural disaster, hostile action)
Necessary speed of recovery (business losses by the minute, or are weeks to restore acceptable?)
Cloud based backups can satisfy many of these things. Non-independent factors, so cost will usually scale by data size, but will probably start in the low hundreds of dollars per year. If done right security is not an issue with cloud backups. Encryption is easy, key management is hard. Don’t loose your password. Avoiding localized events is easy with cloud backups, as long as you choose a cloud location that is remote to the other locations of the data.
An external hard disk is cheap. Low hundreds of dollars spread over the multi-year lifetime of the drive. There are lots of software choices to automate backing up to connected storage. However, if the drive is in the same location as the primary data, then it is vulnerable to local events.
Detaching and moving the external drive solves the local events problem, but decreases the convenience. In my experience, people who “plug-in and backup to an external drive occasionally” rarely do so. It becomes even more rare if you forget to bring the drive home. If you are disciplined, then rotating several drives through local and remote locations is doable, but I would not trust myself to do it.
My solution is a private cloud which is really just an external drive I bought plugged into my computer at work. I have a server at home which collects backups from various laptops and such around the house. That server then sends backups to the external drive attached to my work computer. If my house burns down, my data is safely at work. If work burns down, then my data is still at home. If an event destroys both locations 15 miles apart, then I loose data. Perhaps I need to think about adding a truly remote location.