There but for the grace...

GRAPHIC details of how Sony DADC’s UK warehouse was torched by rioters in early August, and how the company got supplies moving again, emerged when DADC director Thomas Irnberger spoke with frankness and passion at the Entertainment Retailing and Supply Chain Summit conference staged by Futuresource in London recently.

The facility in the north London suburb of Enfield – once home to Thorn EMI and the government arms establishment that made the Lee Enfield rifle – was set up by Sony DADC in 2006. Before the riots of August 8, it had a stock of 25 million discs, a permanent staff of 100 and up to 150 extra temporary workers at peak demand periods.

The fire alarms sounded around midnight and Thomas Irnberger managed to get there from central London by 1.30am, after being kicked out of three taxis whose drivers refused to go anywhere near the riot zone. By then, the entire building had been gutted and all 25m units of stock lost. Mr Irnberger and key staff set up an emergency command HQ in a local Marriott hotel.

Sony’s IT systems were still working and by 6am all communication lines had been diverted to Sony’s replication plant at Southwater in West Sussex, and interim statements made to the press and trade. CCTV images were retrieved that subsequently helped the police identify and arrest some of the rioters.

The HQ team immediately identified the top 20 titles lost and asked Southwater to start emergency replication of 5.3m discs. These were then shipped direct to retailers in batches of 200. Fifteen permanent staff relocated to Southwater and 40 to Sony’s offices in Golden Square in central London, which made space for DADC desks while Sony Electronics provided Vaio laptops. A dealer hotline was also set up and deals struck with competitor Cinram, in Aylesbury, to assist in rebuilding stock. Liquor distributor Cert Octavian in Hoddesdon stored the replacement stock for Sony.

 “Thankfully our IT system was never affected. If it had been lost, the situation would have been completely different,” said Mr Irnberger. “My advice is that building an IT backbone with fail-safe capability is critical.”
Dealers might now like to ask themselves how they would cope if their shop and office computers were lost in a fire. Is the data mirrored by network to their home, for instance? How often are full backups made? And where are the backups kept?

A major UK education establishment once lost crucial data when fire destroyed the Portakabin where its computers were installed – and the backups were lost, too, because they were stored in the same building.
“I would like to say a big thank-you to everyone, especially our competitors, for their support,” Mr Irnberger concluded. “I want to thank the entire industry. In these tough times we should all perhaps think more about how we can collaborate.”

By horrid coincidence, the Enfield riots followed soon after the hacking of Sony’s PlayStation Network, when more than 100m files of personal information were opened up.

“When the Sony network was hacked, there was a general feeling across the industry of ‘there but for the grace of God go I’,” said Spencer Mott, chief information security officer with games developer Electronic Arts, speaking at the same conference. “The entertainment industry was wide open to attack because we didn’t think we would be a target.
“We thought, ‘why would people take time out to attack an entertainment site that gives joy and pleasure?’ Credit card data is well protected. So we didn’t see ourselves as a target. But we realised that we all hold an immense amount of personal data, which the attacker can use later. EA suffered a significant breech after Sony and we saw the data being sold on.

“This is a problem that won’t go away. Personal information is so valuable. We need to think about how we can share collective expertise, which can be very powerful. We are all in this together.”
Sean Catlett, director of security at online betting site Betfair, warned that entertainment industry security lags far behind the betting world, which has long been a prime target for online fraud because of the huge sums of money rapidly changing hands.
“Do you understand your own vulnerabilities? You have to be willing to share information,” said Mr Catlett. “We would certainly have helped Sony after the hacking, if we had been asked.”

Opinions still vary on how serious the PSN hack was. Gildas Pelliet, managing director at Sony UK, raised eyebrows at the Intellect conference by referring to it simply as an “incident” and saying rather vaguely that the system is now “robust”.

Although Sony forced all PSN users to update their passwords before they could use the PSN service again, hackers sell stolen personal details to criminals round the world who may wait before using them. Anyone who uses the same password for several services could find themselves mysteriously hacked on other services.

Identifying and reorganising shared passwords after the PSN hack took me many hours. I’ll bet a lot of people never did it. Did you?