What is critical infrastructure?

For organization or for the movement? For orgs and then we can figure out what needs to be redundant for the movement.

Repeat options will show the importance of something.

(10) Humans / Internal Comms / Leadership Comms / Good Governance / Legal Support / mental health / emotional support

(7) Comms channels / video / discussion forums

(7) Backups

(5) Email / (Encrypted) Mailing lists / Texting

(5) DNS

(5) Networking / Upstream providers / Proxy servers / firewall / routers / internet access

(4) Web hosting / Monitoring

(4) Access Management / Password Vaults / Manager / Bank account access / LDAP

(3) Fundraising / money management

(3) Databases / CRM

(3) Location Compliance

Backups

Databases / code

How do we handle this for redundancy? Where do we store them?

Knowledge sharing can be the useful here because I need to implement it now

Backing up the servers. Where is the storage? It can get expensive. As a network, we talk about shared infrastructure. It's an ideal for working together. An office full of lawyers would be a good place to have the computer. We also want a location with some permanence. Can we as a network and negotiate that with a large organization? That would provide some level of security? Do we negotiate with a provider or we decentralize it?

We can also just exchange space between each other. Not just knowledge sharing.

We also want to avoid fighting with each of technological choices. Don't think of the tools, but the facilities.

Data centers are a scaling game. We're small gardens vs the supermarket. Handling backups is scaling game and require coordination.

What encryption do we want to use?

Data should be replicated to three sites minimum? This would help with high availability, but this harder and more expensive, but it does provide resiliency. How do we achieve HA for the movement? Not just a technical

Knowledge sharing should be done between us. Domino effect.

Humans as infrastructure

Managing stress and emotion. Avoid burnout.

Movement hosting orgs are tiny. We need redundancy of our workers. Some of us are aging out. This is a long-term concern. finding the capacity to cross-train still takes time.

We are small and don't overcharge. it's non-competitive. You have to be dedicated, so you it's hard to attract talent.

What are some steps we can take beforehand?

There's a lack of trainers in the digital security space. Training of trainers has been slow over the year, but it has really taken hold of the term. Can we do something similar in movement hosting? That has been tried. One person went to corporate America. There was very little interest. Funders didn't want to give money for it. capacity building can be sold to Funders.

the human part is hard.

Infrared is monthly meeting. Is tha energizing or stressful? Is video helpful? Meeting face to face? Some find it recharging. This would help shore up the group of practitioners.

Some capacity building train folks to be sysadmins.. They have become a important to grassroots movements.

During assessments during digital security, they recommend a sysadmin as a resource for asking about regular issues.

Unfortunately lots of this sharing requires an agreed upon standard. Can we actually help each other recover at this point?