By John Schwartz
September 12, 2007
NOTHING was moving. International travelers flying into Los Angeles
International Airport more than 17,000 of them were stuck on planes for
hours one day in mid-August after computers for the United States
Customs and Border Protection agency went down and stayed down for nine
Hackers? Nope. Though it was the kind of chaos that malevolent computer
intruders always seem to be creating in the movies, the problem was
traced to a malfunctioning network card on a desktop computer. The
flawed card slowed the network and set off a domino effect as failures
rippled through the customs network at the airport, officials said.
Everybody knows hackers are the biggest threat to computer networks,
except that it aint necessarily so.
Yes, hackers are still out there, and not just teenagers: malicious
insiders, political activists, mobsters and even government agents all
routinely test public and private computer networks and occasionally
disrupt services. But experts say that some of the most serious, even
potentially devastating, problems with networks arise from sources with
no malevolent component.
Whether its the Los Angeles customs fiasco or the unpredictable network
cascade that brought the global Skype telephone service down for two
days in August, problems arising from flawed systems, increasingly
complex networks and even technology headaches from corporate mergers
can make computer systems less reliable. Meanwhile, society as a whole
is growing ever more dependent on computers and computer networks, as
automated controls become the norm for air traffic, pipelines, dams, the
electrical grid and more.
We dont need hackers to break the systems because theyre falling apart
by themselves, said Peter G. Neumann, an expert in computing risks and
principal scientist at SRI International, a research institute in Menlo
Steven M. Bellovin, a professor of computer science at Columbia
University, said: Most of the problems we have day to day have nothing
to do with malice. Things break. Complex systems break in complex ways.
When the electrical grid went out in the summer of 2003 throughout the
Eastern United States and Canada, it wasnt any one thing, it was a
cascading set of things, Mr. Bellovin noted.
That is why Andreas M. Antonopoulos, a founding partner at Nemertes
Research, a technology research company in Mokena, Ill., says, The
threat is complexity itself.
Change is the fuel of business, but it also introduces complexity, Mr.
Antonopoulos said, whether by bringing together incompatible computer
networks or simply by growing beyond the networks ability to keep up.
We have gone from fairly simple computing architectures to massively
distributed, massively interconnected and interdependent networks, he
said, adding that as a result, flaws have become increasingly hard to
predict or spot. Simpler systems could be understood and their behavior
characterized, he said, but greater complexity brings unintended
On the scale we do it, its more like forecasting weather, he said.
Visit the InfoSec News Bookstore