[ISN] Who Needs Hackers?

From: InfoSec News (alerts@private)
Date: Wed Sep 12 2007 - 23:06:58 PDT


By John Schwartz
September 12, 2007

NOTHING was moving. International travelers flying into Los Angeles 
International Airport more than 17,000 of them were stuck on planes for 
hours one day in mid-August after computers for the United States 
Customs and Border Protection agency went down and stayed down for nine 

Hackers? Nope. Though it was the kind of chaos that malevolent computer 
intruders always seem to be creating in the movies, the problem was 
traced to a malfunctioning network card on a desktop computer. The 
flawed card slowed the network and set off a domino effect as failures 
rippled through the customs network at the airport, officials said.

Everybody knows hackers are the biggest threat to computer networks, 
except that it aint necessarily so.

Yes, hackers are still out there, and not just teenagers: malicious 
insiders, political activists, mobsters and even government agents all 
routinely test public and private computer networks and occasionally 
disrupt services. But experts say that some of the most serious, even 
potentially devastating, problems with networks arise from sources with 
no malevolent component.

Whether its the Los Angeles customs fiasco or the unpredictable network 
cascade that brought the global Skype telephone service down for two 
days in August, problems arising from flawed systems, increasingly 
complex networks and even technology headaches from corporate mergers 
can make computer systems less reliable. Meanwhile, society as a whole 
is growing ever more dependent on computers and computer networks, as 
automated controls become the norm for air traffic, pipelines, dams, the 
electrical grid and more.

We dont need hackers to break the systems because theyre falling apart 
by themselves, said Peter G. Neumann, an expert in computing risks and 
principal scientist at SRI International, a research institute in Menlo 
Park, Calif.

Steven M. Bellovin, a professor of computer science at Columbia 
University, said: Most of the problems we have day to day have nothing 
to do with malice. Things break. Complex systems break in complex ways.

When the electrical grid went out in the summer of 2003 throughout the 
Eastern United States and Canada, it wasnt any one thing, it was a 
cascading set of things, Mr. Bellovin noted.

That is why Andreas M. Antonopoulos, a founding partner at Nemertes 
Research, a technology research company in Mokena, Ill., says, The 
threat is complexity itself.

Change is the fuel of business, but it also introduces complexity, Mr. 
Antonopoulos said, whether by bringing together incompatible computer 
networks or simply by growing beyond the networks ability to keep up.

We have gone from fairly simple computing architectures to massively 
distributed, massively interconnected and interdependent networks, he 
said, adding that as a result, flaws have become increasingly hard to 
predict or spot. Simpler systems could be understood and their behavior 
characterized, he said, but greater complexity brings unintended 

On the scale we do it, its more like forecasting weather, he said.


Visit the InfoSec News Bookstore

This archive was generated by hypermail 2.1.3 : Wed Sep 12 2007 - 23:18:33 PDT