http://www.nytimes.com/2007/09/12/technology/techspecial/12threat.html By John Schwartz September 12, 2007 NOTHING was moving. International travelers flying into Los Angeles International Airport more than 17,000 of them were stuck on planes for hours one day in mid-August after computers for the United States Customs and Border Protection agency went down and stayed down for nine hours. Hackers? Nope. Though it was the kind of chaos that malevolent computer intruders always seem to be creating in the movies, the problem was traced to a malfunctioning network card on a desktop computer. The flawed card slowed the network and set off a domino effect as failures rippled through the customs network at the airport, officials said. Everybody knows hackers are the biggest threat to computer networks, except that it aint necessarily so. Yes, hackers are still out there, and not just teenagers: malicious insiders, political activists, mobsters and even government agents all routinely test public and private computer networks and occasionally disrupt services. But experts say that some of the most serious, even potentially devastating, problems with networks arise from sources with no malevolent component. Whether its the Los Angeles customs fiasco or the unpredictable network cascade that brought the global Skype telephone service down for two days in August, problems arising from flawed systems, increasingly complex networks and even technology headaches from corporate mergers can make computer systems less reliable. Meanwhile, society as a whole is growing ever more dependent on computers and computer networks, as automated controls become the norm for air traffic, pipelines, dams, the electrical grid and more. We dont need hackers to break the systems because theyre falling apart by themselves, said Peter G. Neumann, an expert in computing risks and principal scientist at SRI International, a research institute in Menlo Park, Calif. Steven M. Bellovin, a professor of computer science at Columbia University, said: Most of the problems we have day to day have nothing to do with malice. Things break. Complex systems break in complex ways. When the electrical grid went out in the summer of 2003 throughout the Eastern United States and Canada, it wasnt any one thing, it was a cascading set of things, Mr. Bellovin noted. That is why Andreas M. Antonopoulos, a founding partner at Nemertes Research, a technology research company in Mokena, Ill., says, The threat is complexity itself. Change is the fuel of business, but it also introduces complexity, Mr. Antonopoulos said, whether by bringing together incompatible computer networks or simply by growing beyond the networks ability to keep up. We have gone from fairly simple computing architectures to massively distributed, massively interconnected and interdependent networks, he said, adding that as a result, flaws have become increasingly hard to predict or spot. Simpler systems could be understood and their behavior characterized, he said, but greater complexity brings unintended consequences. On the scale we do it, its more like forecasting weather, he said. [...] ____________________________________ Visit the InfoSec News Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Sep 12 2007 - 23:18:33 PDT