[ISN] Pay attention to choke points before crisis hits

From: InfoSec News (isnat_private)
Date: Mon Oct 14 2002 - 00:10:57 PDT

  • Next message: InfoSec News: "[ISN] CfP Phrack Magazine #60"

    By Dan Gillmor
    Mercury News Technology Columnist
    Oct. 13, 2002
    What do major seaports, gas pipelines, the Windows operating system
    and your local phone company have in common? They are just a few of
    the choke points of the modern world.
    Choke points are risky, to society and the economy. They'd be less of
    a threat if we worked harder at preventing their formation in the
    first place, and if we spent more time planning for their inevitable
    Some choke points are natural, or at least difficult to avoid in the
    normal course of affairs. Others are manufactured. All are dangerous
    when we ignore their existence and risks until things go wrong.
    The West Coast dock lockout, suspended under political pressure from
    Washington, was the latest warning. In an increasingly global economy,
    it showed the potential for chaos if one of the few major shipping
    corridors were closed.
    This is a just-in-time world. The container ships carrying an endless
    flow in and out of our ports each year are part of a massive, moving
    warehouse for manufacturers, supermarkets, toy stores and just about
    every physical good. Close the doors of the warehouse, and the economy
    shudders, as we saw when the lockout led New United Motor
    Manufacturing Inc., the Toyota-General Motors joint venture, to shut
    down auto and truck production at its Fremont manufacturing plant.
    The world's oil moves in supertankers, and there aren't that many of
    these mega-ships. Suspicions are growing that last Sunday's explosion
    on a French oil tanker, which crippled the vessel, was sabotage or
    terrorism. The oil markets were already nervous about the potential
    for a Middle Eastern war that could shut down some of the world's most
    important oil fields. A crippled oil-transport industry would, at
    least temporarily, make the dock lockout look like a picnic.
    California learned the hard way about energy choke points in late 2000
    and early 2001. Among the abuses of a poorly designed system of
    semi-regulation, which invited unethical businesses to game a flawed
    marketplace, was a natural-gas company's move to use its control of
    vital natural-gas pipelines to starve supplies in order to hike
    prices. The state is trying to undo the damage, but too many of the
    conditions that led to the trouble remain in place.
    The more virtual world of computing and communications is becoming
    more burdened by choke points all the time. Everyone is aware of
    Microsoft's monopoly in operating systems and, increasingly, other top
    software for desktop computers. Most people aren't aware of the risk
    we run by using a standard that has again and again been shown to be
    insecure and controlled by a company that views ethics in the context
    of tactics, not basic behavior.
    Virus writers cause damage to the monocultural Windows ecosystem when
    they send their anti-social code into the ether. Microsoft uses its
    control to prevent innovation.
    The regional phone companies, too, have been among the more
    anti-competitive entities in recent years. These government-granted
    monopolies have had a lock on local phone service for decades, and
    then took advantage of flawed deregulation (sound familiar?) to stifle
    budding competition for data services. Barring some changes in policy,
    they and another major local monopoly -- cable-TV systems -- will be
    pretty much the only game in town for high-speed data.
    Why do governments, which should know better, tend to allow choke
    points to emerge rather than do everything possible to eliminate them
    or at least encourage bypasses? Incompetence is too simplistic an
    explanation, though all organizations have their share of fools.  
    Governments actually like choke points, at least until they really
    squeeze the economy, because they're easier to keep tabs on and
    control if necessary.
    Government doesn't always do the wrong thing, of course. On Thursday,
    the Federal Communications Commission, which has largely been a lapdog
    recently for the companies it regulates, turned down the
    ill-considered merger of the two dominant satellite-television
    services, Echostar's Dish Network and Hughes' DirecTV. We could use
    more actions of this sort.
    In a world where rationality prevailed, we'd launch a new kind of
    Manhattan Project to remove the energy and communications choke
    points. We'd actively discourage a software monoculture that leaves us
    so open to cyber-vandalism and corporate power hunger. We'd work
    harder to establish more competition for telecommunications, not let
    the industry consolidate to a tiny number of players.
    We don't live in such a world.
    Sometimes there's value in learning the hard way. Humans respond to
    crisis, though the higher the risks, the more danger in assuming we'll
    muddle our way through our higher-stakes woes. And we emphatically
    don't want a centrally planned economy.
    But why do we allow ourselves to indulge in short-term indifference,
    poor planning and lack of action when an obvious problem is taking
    When we do, we invite trouble, and we inevitably get it.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 03:58:48 PDT