Thursday, September 22, 2005

What will you do when the cyber-levee breaks?

Computerworld has a thoughtful opinion piece by Bruce Levinson on thinking about the cyber-unthinkable: How do you (person or organization) respond to that inevitable day when the Internet, or your access to it, fails catastrophically.
As a former senior FEMA official under the Clinton administration explained, "There's only two kinds of levees: Ones that have failed and those that will fail." The same is true for cyber-levees.

The Internet today is in the same position as New Orleans was before the hurricane, a heavily fortified resource of incalculable economic and cultural value whose protections will one day inevitably fail...

Not only are there limits to how far we can go in securing the Internet, there should be limits. After all, the most secure computer is one that is unplugged. Enjoying the social and economic benefits of the Internet also inherently means accepting and learning to manage risk.

Just as the world was shocked by the devastation of New Orleans, a scenario that has been predicted for decades, so too will the globe be staggered by the failure of the Internet. There are still many people and institutions who don't appreciate just how intertwined the Internet has become in virtually every aspect of modern society.

New Orleans will eventually be rebuilt in some form. The Internet will most likely be repaired much more quickly. However, the consequences of each failure will reverberate long after working infrastructures have been restored.

What is needed is not just to protect the Internet but also to prepare for the time when those protections fail...

One of the lessons learned from Katrina and 9/11 is that communications failures are the first consequence of disaster. Radios fail. Cell phone networks become overwhelmed. Plain old telephone service goes down. Since the Internet is really nothing more than a means of communicating, Internet-disaster planners should recognize that what you are going to experience is a failure to communicate.

Depending on what causes a major disruption (natural disaster, violence, cyber-attack) it would not be surprising to see virtually all non-human communications networks fail, including phones, cell phones and even local wireless networks...

Contingency plans are great at providing lists of steps for people to take during various scenarios. They rarely explain what to do when the situation doesn't fit of one the prepared scenarios or if you can't take one or more of the listed steps. Plans don't always fail but that is a reasonable way to bet...

It may be possible to draft effective guidance on the back of the proverbial envelope. Regardless of what developmental approach is used, try to do it without PowerPointing everyone to tears...

So get ready for when your cyber-levees fail, since, as the former Robert Zimmerman explained, a hard rain's a-gonna fall.

Labels: , ,


Friday, September 16, 2005

Critical Infrastructure Vulnerable to Cyber Attack

A House Science Committee press release summarizes recent testimony by industry CIOs on the alarming lack of preparedness for cyberdisasters.
The nation’s critical infrastructure remains vulnerable to cyber attack. The witnesses said the economy is increasingly dependent on the Internet and that a major attack could result in significant economic disruption and loss of life.

Urging action to address this vulnerability, the witnesses advocated increased funding for cybersecurity research and development (R&D) and greater information sharing between industry and government and among various sectors of industry. Witnesses also urged greater federal attention to cybersecurity...

“We shouldn’t have to wait for the cyber equivalent of a Hurricane Katrina to realize that we are inadequately prepared to prevent, detect and respond to cyber attacks,” said Science Committee Chairman Sherwood Boehlert (R-NY). “And a cyber attack can affect a far larger area at a single stroke than can any hurricane. Not only that, given the increasing reliance of critical infrastructures on the Internet, a cyber attack could result in deaths as well as in massive disruption to the economy and daily life.

“So our goal this morning is to help develop a cybersecurity agenda for the federal government, especially for the new Assistant Secretary. I never want to have to sit on a special committee set up to investigate why we were unprepared for a cyber attack. We know we are vulnerable, it’s time to act.”

[Mr. John Leggate, Chief Information Officer, British Petroleum Inc.] testified that an informal survey earlier this year found that executives in the telecommunications, energy, chemical, and transportation sectors estimated that about 30 percent of their revenue depends directly on the Internet. He also said that, because of interdependency among various industry sectors, a single attack could reverberate throughout the global economy: “These cascading dependencies all too quickly create ‘domino effects’ that are not obvious to the corporate customer or the policymaker.”

Labels: , , , ,


Bill Wulf: Real threats to national security.

William A. Wulf is President of the National Academy of Engineering. He recently testified at a House hearing on “Sources and Methods of Foreign Nationals Engaged in Economic and Military Espionage,” making the point that espionage is not the major factor affecting national security and that misguided attempts to thwart it can do much more harm than good. His testimony is worth reading in its entirety, but here are some pertinent excerpts:
I am convinced that security – real security – comes from a proper balance of keeping out those that would do us harm and welcoming those that will do us good. Throughout the last century, our great successes in creating both wealth and military ascendancy have been due in large part to the fact that we welcomed the best scientists and engineers from all over the world. No other country did that, and nowhere else has the genius for discovery and innovation flourished in the way it has here. I am deeply concerned that our policy reactions to 9/11 have tipped that balance in a way that is not in the long term interests of the nation’s security...

To be sure, 9/11 and globalization have changed the balance point. There is good reason to fundamentally rethink our policies. However, several recent policy changes, related to visas, treatment of international visitors, deemed exports, and so on, have had a chilling effect. Enrollment of international students in U.S. colleges and universities has declined. Scientists have chosen to hold conferences in other countries. U.S. businesses have had to shift critical meetings to locations outside this country. In the meantime, foreign companies, universities and governments are marketing themselves as friendlier places to do business or get an education. In the race to attract top international talent, we are losing ground...

After WW II, the U.S. forged a mutually reinforcing triad of complementary R&D strengths in industry, academia and government. However, U.S. industrial laboratories have greatly reduced their support for long-term basic research; and many U.S. corporations are shifting research and development to overseas locations—not just because foreign labor is cheaper, as is the common and comfortable myth, but because it is of higher quality! U.S. government laboratories are in various states of disarray, and no longer maintain the stature that they did in 1960’s. Government support for the physical sciences and engineering at universities has declined in real terms, and is suffering further under present budget pressures – clearly, a strong research capability is not a current federal priority. Enrollment in the physical sciences and engineering, as a percentage of undergraduates, is among the lowest in the industrialized world – the U.S. now graduates just 7% of the world’s engineers, for example. Given that our 12th graders score among the lowest in the world in science and mathematics, the ranks of U.S. born scientists and engineers are not likely to expand dramatically anytime soon. Our once strong triad of R&D capabilities is crumbling...

One might ask if these policy changes will improve our security. I would point out that the United States is not the only research-capable country; China and India, for example, have recognized the value of research universities to their economic development and are investing heavily in them. By putting up barriers to the exchange of information about basic research, we wall ourselves off from the results in these countries and slow our own progress. At the same time, the information we are “protecting” is often readily available from other sources...

The 2001 Hart-Rudman Commission, which in February of 2001 predicted a catastrophic terrorist attack on the U.S., and which then proposed the Department of Homeland Security, said:

“… the inadequacies of our system of research and education pose a greater threat to U.S. national security over the next quarter century than any potential conventional war that we might imagine.”

The international image of the United States has been one of a welcoming “land of opportunity”; we are in the process, however, of destroying that image and replacing it with one of a xenophobic, hostile nation. We are in the process of making it more likely that the world’s “best and brightest” will take their talents elsewhere. The policies that superficially appear to make us more secure are, in fact, having precisely the opposite effect...

I would like to close with another quote from the Hart-Rudman report:

“Second only to a weapon of mass destruction detonating in an American city, we can think of nothing more dangerous than a failure to manage properly science, technology, and education for the common good over the next quarter century.”

Labels: , , ,


Tuesday, September 13, 2005

Before the Flood

A New York Times Op-Ed piece by Simon Winchester [free registration required] gives even more reasons to be angry about the incompetent government response to the New Orleans flood.

Public servants of good will, and the general public, did a much better and quicker job of disaster relief after the April 18, 1906 San Francisco earthquake and fire than after the recent New Orleans hurricane and flood. And 99 years ago they didn't have any advance warning, because the geology of faults wasn't yet understood.
The last time a great American city was destroyed by a violent caprice of nature, the response was shockingly different from what we have seen in New Orleans. In tone and tempo, residents, government institutions and the nation as a whole responded to the earthquake that brought San Francisco to its knees a century ago in a manner that was well-nigh impeccable, something from which the country was long able to derive a considerable measure of pride.

This was all the more remarkable for taking place at a time when civilized existence was a far more grueling business, an age bereft of cellphones and Black Hawks and conditioned air, with no Federal Emergency Management Agency to give us a false sense of security and no Weather Channel to tell us what to expect...

A stentorian Army general named Frederick Funston realized he was on his own - his superior officer was at a daughter's wedding in Chicago - and sent orders to the Presidio military base. Within two hours scores of soldiers were marching in to the city, platoons wheeling around the fires, each man with bayonet fixed and 20 rounds of ball issued; they presented themselves to Mayor Eugene Schmitz by 7:45 a.m. - just 153 minutes after the shaking began...

The first relief train, from Los Angeles, steamed into the Berkeley marshalling yards by 11 o'clock that night. The Navy and the Revenue Cutter Service, like the Army not waiting for orders from back East, ran fire boats and rescue ferries. The powder companies worked overtime to make explosives to blast wreckage.

Washington learned of the calamity in the raw and unscripted form of Morse Code messages, with no need for the interpolations of anchormen or pollsters. Congress met in emergency session and quickly passed legislation to pay all imaginable bills. By 4:00 a.m. on April 19, William Taft, President Theodore Roosevelt's secretary of war, ordered rescue trains to begin pounding toward the Rockies; one of them, assembled in Virginia, was the longest hospital train ever assembled.

Millions of rations were sped in to the city from Oregon and the Dakotas; within a week virtually every military tent in the Army quartermaster general's stock was pitched in San Francisco; and within three weeks some 10 percent of America's standing army was on hand to help the police and firefighters (whose chief had been killed early in the disaster) bring the city back to its feet...



Sunday, September 11, 2005

Byzantine failures in safety-critical systems

Peter Ladkin has a sober post in RISKS DIGEST with very scary implications.
In this era of fly-by-wire, I am fond of saying that, as far as I know, there has never been a commercial aircraft accident caused by anomalies in flight control software. And it has been 17 years (the first A320 was introduced into service in 1988).

It is thus well to remember that designing and writing critical software-based systems for such applications is not a routine task that we now know how to perform. In fact, there are plenty of anomalies that crop up that the public doesn't hear about. Here is one that made it out, and a pointer to another...

There are various conclusions one can draw:

* The kinds of numbers used in Fault Tree Analysis for random hardware failures in software-based systems give no good indication of the rate of systematic failures (due to design or to errors in software) which can be expected.

* Fault-handling models are crucial parts of the architecture and their assumptions are critical. (This is made clear by the incidents discussed...)

* That there have been no accidents does not mean that there are no occurrences of substantial problems with potentially catastrophic consequences with software-based critical avionics.

Labels: ,


Wednesday, September 07, 2005

Evangelical Scientists Refute Gravity With New "Intelligent Falling" Theory

Sometimes The Onion is so on target:
KANSAS CITY, KS—As the debate over the teaching of evolution in public schools continues, a new controversy over the science curriculum arose Monday in this embattled Midwestern state. Scientists from the Evangelical Center For Faith-Based Reasoning are now asserting that the long-held "theory of gravity" is flawed, and they have responded to it with a new theory of Intelligent Falling.

"Things fall not because they are acted upon by some gravitational force, but because a higher intelligence, 'God' if you will, is pushing them down," said Gabriel Burdett, who holds degrees in education, applied Scripture, and physics from Oral Roberts University.

Burdett added: "Gravity—which is taught to our children as a law—is founded on great gaps in understanding. The laws predict the mutual force between all bodies of mass, but they cannot explain that force. Isaac Newton himself said, 'I suspect that my theories may all depend upon a force for which philosophers have searched all of nature in vain.' Of course, he is alluding to a higher power."

Founded in 1987, the ECFR is the world's leading institution of evangelical physics, a branch of physics based on literal interpretation of the Bible...
Of course, you read about this controversy first on VBS.



Sunday, September 04, 2005

Everybody knew but the Bush team

A story in Wired documents why Hurricane Katrina and its aftermath should not have been a surprise to those in charge of emergency management.
Virtually everything that has happened in New Orleans since Hurricane Katrina struck was predicted by experts and in computer models, so emergency management specialists wonder why authorities were so unprepared.

"The scenario of a major hurricane hitting New Orleans was well anticipated, predicted and drilled around," said Clare Rubin, an emergency management consultant who also teaches at the Institute for Crisis, Disaster and Risk Management at George Washington University.

Computer models developed at Louisiana State University and other institutions made detailed projections of what would happen if water flowed over the levees protecting the city or if they failed.

In July 2004, more than 40 federal, state, local and volunteer organizations practiced this very scenario in a five-day simulation code-named "Hurricane Pam," where they had to deal with an imaginary storm that destroyed over half a million buildings in New Orleans and forced the evacuation of a million residents.

At the end of the exercise Ron Castleman, regional director for the Federal Emergency Management Agency declared: "We made great progress this week in our preparedness efforts.

"Disaster response teams developed action plans in critical areas such as search and rescue, medical care, sheltering, temporary housing, school restoration and debris management. These plans are essential for quick response to a hurricane but will also help in other emergencies," he said.

In light of that, said disaster expert Bill Waugh of Georgia State University, "It's inexplicable how unprepared for the flooding they were." He said a slow decline over several years in funding for emergency management was partly to blame.

In comments on Thursday, President Bush said, "I don't think anybody anticipated the breach of the levees."

But LSU engineer Joseph Suhayda and others have warned for years that defenses could fail. In 2002, the New Orleans Times Picayune published a five-part series on "The Big One," examining what might happen if they did.

Labels: , ,