Real World Security
Another pointed reminder of how security goes wrong in the real world.
The Chief engineer on the gulf Deepwater Horizon drilling rig testifying to a US Federal panel investigating the disaster made two important comments on failures in the IT systems aboard the rig before it exploded.
1. The alarm system was turned off.
Apparently this is some what normal, there is a long history of enforcement penalties on rig operator who have done this in the past. So normal they had a name for it “… operating with the gas alarm system in ‘inhibited’ mode for a year to prevent false alarms from disturbing the crew”.
This is what we call the problem of false negatives, or crying wolf. A system is so poorly designed or implemented, it produces so many alarms that in the end nobody believes anything it says. Another example is airport scanners, where hundreds of people trigger alarms because the system is so poorly designed it doesn’t know the difference between a gun or a belt to hold your trousers up. In the end people turn it off or ignore it.
2. The computer monitoring and drilling suffered a Blue Screen of Death.
I guess there are two ways to view this. On the one hand the shoddy engineering principles and practices software is built with finally caught up with us and contributed to a massive ecological disaster. On the other hand this is a one time deal and given the number of critical systems being controlled by computers was bound to happen. That’s why we need failover and human intervention in control systems.
We should try to remember this lesson every time idiots try to tell us how their system can’t or will never failure. Banks, insurance companies, credit card companies, airlines, manufacturers, councils and government agencies are packed with systems that can and do suffer failures just like these ones.
This business of security is always about what happens when things fail, not when they work perfectly.
The whole sordid story at The Washington Post
Comments
Post new comment