*Nice lecture here on "critical national infrastructure." You'll note that Japan's
infrastructure is pretty much American critical "national" infrastructure. 'Cause,
you know, that's how we do infrastructure nowadays.
RISKS-LIST: Risks-Forum Digest Tuesday 22 March 2011 Volume 26 : Issue 38
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at as
The current issue can be found at
Date: Tue, 22 Mar 2011 14:14:32 PDT
From: "Peter G. Neumann"
Subject: Interconnectivity – Local, Global, and All-ways
The recent 9.0 earthquake in Japan and the ensuing tsunami remind us once
again about how globally interrelated everything has become. For example,
the fishing fleet in Crescent City, California was essentially destroyed by
the tsunami – all the way across the Pacific. Just-in-time parts supplies
for various automobile manufacturers were disrupted in many different
countries. Many airport schedules were dramatically affected. Radiation
concerns abound in Japan, and are echoed around the world with respect to
other potentially susceptible nuclear power plants.
Planning for worst cases is seemingly a losing battle under serious
emergencies in which the design and operational assumptions are dramatically
exceeded. That certainly compounded the long-term future of the affected
Japanese reactors. It also reminded us that backup systems can present
serious risks, especially when they are also wiped out and when the standby
power runs out.
Massive propagating electrical outages have recurred since 1965, despite
continual reassurances that they can no longer happen.
With respect to trustworthy computing, the Department of Homeland Security
Cybersecurity Roadmap discusses eleven topic areas in which extensive work
is needed with respect to research, development, test, evaluation, and
technology transfer (http://www.cyber.st.dhs.gov/documents.html). An
Appendix to that report (Disclaimer: I wrote that appendix) illustrates the
remarkable extent to which each of those eleven areas can depends on the
successful operations in the other areas.
But even more remarkable is the
extent to which all of the critical national infrastructures depend on
computer-communication systems and of course in most cases the Internet
itself. This may be old stuff to RISKS readers, but too many others do not
seem to get it. When push comes to shove, we wind up with short-sighted
approaches. The counter argument says that risk analysis showed that what
was done was prudent. Prudent, schmoodent. We still don't build systems
and applications that are trustworthy even under ordinary circumstances.
(((Well, yeah.)))
Thus, we are all in this together. To paraphrase John Dunne (and to
acknowledge Bob Morris, who in September 1988 at a CSTB meeting in
Washington DC said that ``To a first approximation, every computer in the
world is connected with every other computer.''),
No system is an island, in spite of itself.
Every mishaps diminishes me – and potentially many others.
I'm donne with my soape boxe. However, it is worth noting that the
Japanese are probably better prepared for major earthquakes than any other
nation. For example, consider this item from Nic Pottier in Dave Farber's
IP distribution:
Fantastic take on the Japanese Earthquake
Covering all the million things that went fantastically well:
http://www.kalzumeus.com/2011/03/13/some-perspective-on-the-japan-earthquake/
——————————
(((I always like it when there is an impassionated theoretical lecture, followed by a plonking real-world example. Why are German state toilets electronic? So that the plumbing can fail when the electricity fails – just like nuclear plants fail when their own electricity fails.)))
(((That said – is there any likelihood that today's complexified gizmo toilets will become simply mechanical again? No. Almost zero likelihood. You oughta look at the incredible circuitry involved in getting that water to the toilet in the first place. Ever heard of SCADA? Like, in Stuxnet SCADA? Yeah, that stuff.... You're lucky that the toilets don't yet have an IP address for every working part.)))
——————————
Date: Wed, 09 Mar 2011 08:15:19 +0100
From: Debora Weber-Wulff
Subject: German Parliament in the Dark
On 8 Mar 2011, shortly after 9 am, a Berlin ditch-digger managed a coup that
would have made a terrorist proud. He found the single point of failure -
the three electrical mains cables that run into the Bundestag. The mains
were cut, and suddenly the parliament building and three office buildings in
the immediate neighborhood were plunged into darkness.
(((Imagine this done deliberately during a genuine global emergency.)))
They swore. They waited a bit. They twittered - at least the mobile
telephones still had juice, ever if the computers and coffee pots had
died. Then an announcement came through by megaphone: Don't use the toilets!
It seems that the modern toilets in the German parliament are all electronic
flush deals. No juice, no flush.
Minutes dragged on to hours. There was still no electricity. Luckily, it
was not a day in which parliament was meeting, there were just the workers
around who were told to go home.
The chancellor, it seems, was in a better position. Her offices have an
emergency electrical system that actually worked. So Germany was not
completely thrown into anarchy for half a day, if something important had
happened in the world, it would have been possible to get the chancellor on
the phone, although she couldn't reach her important files that were on a
server somewhere deep in the blackout.
So we are back to the simple risks: Single point of failure.
Will they never learn?
Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin +49-30-5019-2440
[email protected] http://www.f4.htw-berlin.de/people/weberwu/
——————————
