1993-07-29 - Jurrasic revisited

Header Data

From: Brian D Williams <talon57@well.sf.ca.us>
To: cypherpunks@toad.com
Message Hash: d415dc527dcfec2be9321c8795e21d1d8a9ced0aecb6afaf9899a62c38575e22
Message ID: <93Jul29.092656pdt.13933-1@well.sf.ca.us>
Reply To: N/A
UTC Datetime: 1993-07-29 16:28:41 UTC
Raw Date: Thu, 29 Jul 93 09:28:41 PDT

Raw message

From: Brian D Williams <talon57@well.sf.ca.us>
Date: Thu, 29 Jul 93 09:28:41 PDT
To: cypherpunks@toad.com
Subject: Jurrasic revisited
Message-ID: <93Jul29.092656pdt.13933-1@well.sf.ca.us>
MIME-Version: 1.0
Content-Type: text/plain




   This is from this weeks Network World, I thought we'd all enjoy it.

The following text is Copyright (c) 1993 by Network World. All rights
reserved.

Permission is granted by the copyright holder and the author to
distribute this file electronically or otherwise as long as the entire
file is printed without modification (other than cosmetic or formatting
changes).

<<begin text>>

Velocihackers and Tyrannosaurus superior

by M. E. Kabay, Ph.D.

Director of Education
National Computer Security Association
10 South Courthouse Avenue
Carlisle, PA 17013
Tel 717-258-1816
Fax 717-243-8642


The current hit movie "Jurassic Park" stars several holdovers from 65
million years ago. It also shows errors in network security that seem
to be as old.

For those of you who have just returned from Neptune, "Jurassic Park"
is about a dinosaur theme park that displays live dinosaurs created
after scientists cracked extinct dinosaur DNA code recovered from
petrified mosquitoes. The film has terrific live-action dinosaur
replicas and some heart-stopping scenes. It also dramatizes awful
network management and security. Unfortunately, the policies are as
realistic as the dinosaurs.

Consider a network security risk analysis for Jurassic Park. The
entire complex depends on computer-controlled electric fences and
gates to keep a range of prehistoric critters from eating the tourists
and staff. So at a simple level, if the network fails, people turn into
dinosaur food.

Jurassic Park's security network is controlled by an ultramodern Unix
system, but its management structures date from the Stone Age. There is
only one person who maintains the programs which control the security
network. This breaks Kabay's Law of Redundancy, which states, "No
knowledge shall be the property of only one member of the team." After
all, if that solitary guru were to leave, go on vacation, or get eaten
by a dinosaur, you'd be left without a safety net.

Jurassic Park's security system is controlled by computer programs
consisting of two million lines of proprietary code. These critical
programs are not properly documented. An undocumented system is by
definition a time bomb. In the movie, this bomb is triggered by a
vindictive programmer who is angry because he feels overworked and
underpaid.

One of the key principles of security is that people are the most
important component of any security system. Disgruntled and dishonest
employees cause far more damage to networks and computer systems than
hackers. The authoritarian owner of the Park dismisses the programmer's
arguments and complaints as if owning a bunch of dinosaurs gives him
the privilege of treating his employees rudely. He pays no attention to
explicit indications of discontent, including aggressive language,
resentful retorts, and sullen expressions. If the owner had taken the
time to listen to his employee's grievances and take steps to address
them, he could have prevented several dinosaur meals.

Bad housekeeping is another sign of trouble. The console where the
disgruntled programmer works looks like a garbage dump; it's covered in
coffee-cup fungus gardens, historically significant chocolate bar
wrappers, and a treasure trove of recyclable soft drink cans. You'd
think that a reasonable manager would be alarmed simply by the number
of empty calories per hour being consumed by this critically important
programmer. The poor fellow is so overweight that his life expectancy
would be short even if he didn't become dinosaur fodder.

Ironically, the owner repeats, `No expense spared' at several points
during the movie. It doesn't seem to occur to him that with hundreds of
millions of dollars spent on hardware and software--not to mention the
buildings and grounds and an entire private island--modest raises for
the staff would be trivial in terms of operating expenses but
significant for morale. 

In the movie, the network programmer is bribed by competitors to steal
dinosaur embryos. He does so by setting off a logic bomb that disrupts
network operations completely. The network outage causes surveillance
and containment systems to fail, stranding visitors in, well,
uncomfortable situations. Even though the plot is not exactly
brilliant, I'd like to leave at least something to surprise those who
haven't seen the movie yet.

When the systems fail, for some reason all the electric locks in the
park's laboratory are instantly switched to the open position. Why
aren't they automatically locked instead? Normally, when a security
controller fails, the default should be to keep security high, not
eliminate it completely. Manual overrides such as crash bars (the
horizontal bars that open latches on emergency exits) can provide
emergency egress without compromising security.

As all of this is happening, a tropical storm is bearing down on the
island. The contingency plan appears to consist of sending almost
everyone away to the mainland, leaving a pitifully inadequate skeleton
crew. The film suggests that the skeleton crew is not in physical
danger from the storm, so why send essential personnel away?
Contingency plans are supposed to include redundancy at every level.
Reducing the staff when more are needed is incomprehensible.

At one point, the systems are rebooted by turning the power off to the
entire island on which the park is located. This is equivalent to
turning the power off in your city because you had an application
failure on your PC. Talk about overkill: why couldn't they just power
off the computers themselves?

Where were the DPMRP (Dinosaur Prevention, Mitigation and Recovery
Planning) consultants when the park was being designed? Surely
everybody should know by now that the only way to be ready for
dinosaurs, uh, disasters, is to think, plan, rehearse, refine and
update. Didn't anyone think about what would happen if the critters got
loose? Where are the failsafe systems? The uninterruptible power
supplies? The backup power generators? Sounds like Stupidosaurians were
in charge.

We may be far from cloning dinosaurs, but we are uncomfortably close to
managing security with all the grace of a Brontosaurus trying to type.

I hope you see the film. And bring your boss. 

<<end text>>


     Best wishes,

     Mich

     Michel E. Kabay, Ph.D.
     Director of Education
     National Computer Security Association

<<end file>> 


                                                          Brian Williams
                                                          Cypherpunk





Thread