Saturday, September 17, 2005

Engineering Disaster Lessons for Digital Security

I watched an episode of Modern Marvels on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 History Channel this afternoon. It was Engineering Disasters 11, one in a series of videos on engineering failures. A few thoughts came to mind while watching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 show. I will provide commentary on each topic addressed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 episode.

  • First discussed was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1944 Cleveland liquified natural gas (LNG) fire. Engineers built a new LNG tank out of material that failed when exposed to cold, torching nearby homes and businesses when ignited. 128 people died. Engineers were not aware of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 metal's failure properties, and absolutely no defensive measures were in place around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tank to protect civilian infrastructure.

    This disaster revealed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 need to (1) implement plans and defenses to contain catastrophe, (2) monitor to detect problems and warn potential victims, and (3) thoroughly test designs against possible environmental conditions prior to implementation. These days LNG tanks are surrounded by berms capable of containing a complete spill, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are closely monitored for problems. Homes and businesses are also located far away from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tanks.

  • Next came cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1981 Kansas City Hyatt walkway collapse that killed 114 people. A construction change resulted in an incredibly weak implementation that failed under load. Cost was not to blame; a part that might have prevented failure cost less than $1. Instead, lack of oversight, poor accountability, broken processes, a rushed build, and compromise of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original design resulted in disaster. This case introduced me to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 term "structural engineer of record," a person who assigns a seal to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 plans used to construct a building. The two engineers of record for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hyatt plans lost cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir licenses.

    I wonder what would happen if network architectures were stamped by "security engineers of record?" If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y were not willing to afix cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir stamp, that would indicate problems cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y could not tolerate. If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are willing to stamp a plan, and massive failure from poor design occurs, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 engineer should be fired.

  • The third event was a massive sink hole in 1993 in an Atlanta Marriott hotel parking lot. A sewer drain originally built above ground decades earlier was buried 40 feet under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 parking lot. A so-called "safety net" built under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 parking lot was supposed to provide additional security by giving hotel owners time to evacuate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 premises if a sink hole began to develop.

    Instead, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 safety net masked cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 presence of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sink hole and let it enlarge until it was over 100 feet wide and beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 net's capacity. Two people standing in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 parking lot died when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sewer, sink hole, and net collapsed. This disaster demonstrated cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 importance of not operating a system (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sewer) outside of its operating design (above ground). The event also showed how products (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 net) may introduce a false sense of security and/or unintended consequences.

  • Next came cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1931 Yangzi River floods that killed 145,000 people. The floods were cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 result of extended rain that overcame levees built decades earlier by amateur builders, usually farmers protecting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir lands. The Chinese government's relief efforts were hampered by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Japanese invasion and subsequent civil war. This disaster showed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weaknesses of defenses built by amateurs, for which no one is responsible. It also showed how ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security incidents can degrade recovery operations.

    Does your organization operate critical infrastructure that someone else built before you arrived? Perhaps it's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 DNS server that no one knows how to administer. Maybe its cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time service installed on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Windows server that no one touches. What amateur levee is waiting to break in your organization?

  • The final disaster revolved around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 deadly substance asbestos. The story began by extolling cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 virtues of asbestos, such as its resistance to heat. This extremely user-friendly feature resulted in asbestos deployments in countless products and locations. In 1924 a 33-year-old, 20-year textile veteran died, and her autopsy provided cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first concrete evidence of asbestos' toxicity. A 1930 British study of textile workers revealed abnormally high numbers of asbestos-related deaths. As early as 1918 insurance companies were relucant to cover textile workers due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir susceptibility to early death. As early as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1930s cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 asbestos industry suppressed conclusions in research cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y sponsored when it revealed asbestos' harmful effects.

    By 1972, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US Occupational Safety and Health Administration arrived on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scene and chose asbestos as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first substance it would regulate. Still, today cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are hundreds of thousands of pending legal cases, but asbestos is not banned in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US. This case demonstrated cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 importance of properly weighing risks against benefits. The need to independently measure and monitor risks outside of a vendor's promises was also shown.


I believe all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se cases can teach us something useful about digital security engineering. The main difference between cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first four cases and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital security world is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 failure in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 analog world is blatantly obvious. Digital failures can be far more subtle; it may take weeks or months (or years) for secuirty failures to be detected, unlike sink holes in parking lots. The fifth case, describing asbestos, is similar to digital security because harmful effects were not immediately apparent.

8 comments:

Anonymous said...

I wonder what would happen if network architectures were stamped by "security engineers of record?"

Interesting thought. Without going into any detail regarding how this would occur, I'd think that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re would be much simpler network designs, less ad hoc additions to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network, etc.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

Anonymous said...

I love this piece and picked it up at www.identityblog.com.

Anonymous said...

Very interesting post! The parallels with digital security and IT work in general is pretty obvious. Planning, mitigation, accountability, rushing, underbudget, untested new technologies, error trapping (or assuming a break will occur and how to deal with it)...on and on.

As always with incidents like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se, though, I always caution that hindsight is 20/20, much like New Orleans of present and 9/11 of recent past.

I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 biggest problem in IT is managers and senior mgmt who do not properly understand or give proper respect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se issues. Instead, many of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m want "insert latest buzzword here" nownownownow and at little cost. This leaves many competent admins (such as myself) with our hands tied and knowingly making inferior or incomplete efforts on projects, despite our high personal integrity of wanting to achieve high quality (which results in low morale).
-LonerVamp

Anonymous said...

Right, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 middle ground might be just as relevant; IOW, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security Engineer of Record's summary comments might express reservations or observed deficiencies in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 design. This would mean that someone would have to overrule cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 recommendations of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 designer, and essentially go on record as having done so.

Anonymous said...

It is unfortunate that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se accidents occurred because of some engineering failures. What's shocking and saddening about all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se is that people died. I hope that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se do not happen again.

Georgina Black said...
This comment has been removed by a blog administrator.
GamerCow said...

I was trained in college to be a Chemical Engineer, and a lot of what I learned in those classes came over to be useful in my IT job, and made me a better sysadmin today, I think. The "engineer of record" is a good idea, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is one large difference between civil engineering projects like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Hyatt hotel walkways, or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 LNG tanks, and that is public danger. The lives of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public are not at risk with IT networks. However, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir financial lives and identities often are at risk, and having an engineer of record would do a great deal to help secure networks and systems, and provide accountability to those who are responsible. It would also give power to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 engineers, because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would have more of a chance(hopefully) to veto a project or an idea if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y thought that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project would lead to endangering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information held/transported on said network.

Anonymous said...

New fire safety rules affecting all non-domestic premises in England and Wales came into force on 1 October 2006.

A fire risk assessment helps you to identify all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fire risks and hazards in your premises. You can cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n decide to do

something to control cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

Articles Fire Risk Assessments:
1. Fire Types & Fire Extinguishers
2. United Kingdom: Fire Departments
3. New Fire Safety Rules
4. Steps Needed For Fire Risk Assessment
5. Steps Are Needed To Save Lives
6. Fire Safety Engineering
7. Safety Rules: Fire Risk Assessment

Fire Risk Assessments
http://www.fireriskassessment.blogspot.com/