The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 38

Sunday 7 March 1993

Contents

o 6th Int'l Computer Security and Virus Conf
Richard W. Lefkon
o Problem with PLC Software
Lin Zucconi
o Mass electronic scanning of UK int'l telexes from London
James Faircliffe
o `Untested' Risk Management System for Nuclear Power Stations
Anthony Naggs
o Re: Evacuation plan, generators fail in WTC blast
Scott E. Preece
o Re: Where to buy emerg. stairwell lightbulbs?
Joel Kolstad
o Re: Does Publisher's Clearinghouse Use InfoAm?
Karl Kraft
o Re: Smells like Green Spirit...
Barry Salkin
o Re: The White House Communication Project
Joseph T Chew
Randall Davis
o Clinton/Gore technology policy
Bill Gardner
o Cellular Phreaks & Code Dudes [`WIRED']
John Stoffel
o Info on RISKS (comp.risks)

6th Int'l Computer Security and Virus Conf

Richard W. Lefkon <dklefkon@well.sf.ca.us>
Thu, 4 Mar 1993 12:52:02 -0800
 SIXTH INTERNATIONAL COMPUTER SECURITY & VIRUS CONFERENCE and Exposition
          sponsored by DPMA Fin.Ind.Chapter in cooperation with
ACM-SIGSAC, BCS, CMA, COS, EDPAAph, ISSAny, NUInyla, IEEE Computer Society
       Box 894 Wall Street Station, NY NY 10268 (800) 835-2246 x190


     FINANCIAL FIRMS OPEN MEETING THURSDAY ON TRADE CENTER RECOVERY

To address the technical side of network and computer terrorism recovery while
information systems personnel are interested, a special public forum of
industry leaders has been scheduled for next Thursday March 11, entitled,
"Trade Center Crisis Recovery."  The in-depth panel will include eight
industry representatives - from four affected financial firms that
successfully resumed business after Friday's disaster, and four suppliers that
helped them.

The panel will be housed in next week's Sixth International Computer Security
& Virus Conference at the Madison Square Garden Ramada, co-sponsored by the
eight computing and networking societies.

With damage estimates already in the multi-billions, Sally Meglathery, Elec-
tronic Security Head for the New York Stock Exchange and a scheduled panelist,
warns financial data keepers:  "Review [your] restart recovery procedures to
be sure that you have adequate backup to recover from an attack."

Other than state and federal offices, the main corporations inhabiting the
famed skyscraper are indeed banks (First Boston, Sumitomo, Dai-ichi), brokers
(Dean Witter, Shearson, Salomon, Mocatta and the Commodities Exchange) and
insurance companies (Hartford and Guy Carpenter).  Each type will send a
representative, as will some service firms.

William Houston, Eastern Region Head for Comdisco Data Recovery, notes that
"This is the second time in three years an electrical disaster has completely
shut down" the famed twin skyscraper.  His firm helped rescue the computer,
networking and "back office" operations of two dozen downtown firms in response
to the August 13, 1990, electrical substation fire.

"We have some major customers in the Towers," notes Houston, "and while pre-
serving their anonymity I intend to plainly tell the Thursday audience just
what worked this time and what didn't."

Michael Gomoll, an executive with competitor CHI/COR Information Management,
says the terrorist act will have three key results:  "Direct loss of
revenues, effects on global markets and businesses, and concerns of the
business insurance profession."  Ironically, CHI/COR, a firm specializing
in disaster recovery, was itself assaulted by the crippling Chicago flood
of April 13, 1992.  As part of his presentation, Gomoll intends to explain
how cable conduits played an important role in both disasters.

Last fall, the conference now hosting this "Trade Center Crisis Recovery"
roundtable, received what now seem prophetic words in its greeting from Mayor
David Dinkins:  "As the telecommunications capital of the world . . . we are
also extraordinarily susceptible to the various abuses of this technology."

Another irony has to do with the "Meet the Experts" reception at the
Empire State Building Observatory following the forum.  In previous years,
the hosting conference has had its skyline reception at Top of The World,
located within the Trade Center.  That spot will not open this month.
also extraordinarily susceptible to the various abuses of this technology."


Problem with PLC Software

"Lin Zucconi" <lin_zucconi@lccmail.ocf.llnl.gov>
3 Mar 1993 16:50:50 U
People using Modicon 984 Series programmable controllers with Graysoft
Programmable Logic Controller (PLC) software Version 3.21 are advised to
contact Graysoft (414) 357-7500 to receive the latest version (3.50) of the
software.  A bug in Version 3.21 can corrupt a controller's logic and cause
equipment to operate erratically.  PLCs are frequently used in safety-related
applications.  Users often assume that if their "logic" is correct then they
are ok and forget that the underlying logic is implemented with software which
may not be correct.

Lin Zucconi  zucconi@llnl.gov


Mass electronic scanning of UK international telexes from London

James Faircliffe <I_USERID_4@prime1.central-lancashire.ac.uk>
Fri, 26 Feb 93 17:30:55
    [Originally in Computer Privacy Digest Sat, Volume 2 : Issue: 021,
    27 Feb 93, contact comp-privacy-request@PICA.ARMY.MIL.  PGN]

A few months ago, a well-respected British TV documentary show (might have
been 'World in Action') discovered that all out-going telexes from the Uk were
electronically scanned by British Telecom (the main phone company) personnel,
supervised by the security services.  Direct scanning by the security services
would have been illegal.  They were looking for words like 'terrorist' &
'bomb', but the civil liberties implications are far-reaching.  Obviously,
this could affect the privacy of American telexes to the U.K.

J.F. Faircliffe.  i_userid_4@uk.ac.uclan.p1


`Untested' Risk Management System for Nuclear Power Stations

Anthony Naggs <AMN@vms.brighton.ac.uk>
Thu, 4 Mar 93 13:10 GMT
Headline: Sacked expert fears nuclear safety risk
Byline: Paul Brown, Environment Correspondent (The Guardian, 4 March 1993)

A computer system created to make Britain's nuclear reactors safer could fail
at a vital moment because it has not been tested properly, according to the
man who designed it.

Bob Hodson-Smith, who has been sacked by a company commissioned by Nuclear
Electric to design a back-up safety system for nuclear power station
controllers, says the system might not perform adequately at precisely the
moment it was needed because "bugs" had not been removed from the programming.
He has expressed his fears to Nuclear Electric, the state owned company that
runs [all commercial] nuclear power stations in England and Wales.  It is
understood that the company is seriously concerned at the implications.

The firm which sacked him, Active Business Services (ABS), of Sheffield, has
described his fears as irrational.  But Mr Hodson-Smith says: "I could no
longer live with the fact that safety might be compromised and I had done
nothing to warn anyone."

The Safety Related Plant Status Monitoring System, as Nuclear Electric
describes the system, has been in operation at a Magnox power station at
Oldbury-on-Severn in Gloucestershire for aa year.  Similar computer systems
are being brought into operation at Dungeness A in Kent and Hinkley Point A in
Somerset.

Status, as the system was called, was designed to prevent the kind of
accidents that occurred at Three Mile Island nuclear power station in the
United States and the Piper Alpha oil platform disaster.  In both cases shift
workers faced with a breakdown in equipment switched to substitute systems,
unaware that they had been taken out of service by a previous shift.

Status was designed to prevent this happening.  Staff log into the computer
every item of safety-related equipment in the nuclear station, so operators
can see at a glance whether it is in proper working order.  Safety at nuclear
stations relies on all vital equipment being duplicated at least twice so any
defective equipment can be bypassed.

Mr Hodson-Smith's alarm is based on the belief that the computer system might
be relied on in times of emergency when "bugs" in the programming had not been
removed.  In memos he warned ABS that he was not satisfied the system was
safe, and urged the company to inform Nuclear Electric of his fears.

In a memo to ABS managing director, Paul Sellars, he said he was aware he
would be "fired" if he published the information but "I am not prepared to
present a false picture to Nuclear Electric.  I believe that what is being
done with the Status project is not morally tenable."

Mr Hodson-Smith said he was not prepared to supply the newer Advanced Gas
Cooled Reactor [AGR] (at) Hinkley Point B with a similar system unless Nuclear
Electric were fully informed of the potential difficulties with Status at the
other stations.  He insisted that the system be thoroughly debugged, which
could only be done by writing a technical manual explaining the system and
cross-checking it.  This had not been done.

In a memo he said that if it was a computer system for a bank "it would be
acceptable to stick together a functionally complete version, install it and
hope it was right.  If it failed then it can be fixed as required.  However,
it is simply not acceptable to do this for a nuclear power station control
room system related to safety."

Mr Sellars, managing director of ABS, responded by suggesting that Mr
Hodson-Smith consult a psychiatrist, Dr James Conway in Sheffield.  Dr
Conway's view of his patient was that "he exhibited symptoms of anxiety and
overwhelming worry which would be understandable ... if his fears were
well-founded.  He believes there is little communication with the management
at present."

In a letter Mr Sellars told Mr Hodson-Smith that the Status system would not
become fully operative until fully tested.  "The company does recognise the
nature and extent of its responsibilities."

The company and Mr Hodson-Smith remained at loggerheads.  He was
subsequently dismissed, and has begun an action for unfair dismissal.

Mr Sellars said: "Mr Hodson-Smith had a very good brain but his behaviour has
become irrational.  He was not involved in the commercial area.  He had become
impossible to manage."  Mr Sellars said there were no bugs in the system,
which was being fully tested.  Technical manuals on how the system was
constructed were being written and would be provided to Nuclear Electric.

Mr Hodson-Smith has sent papers detailing his fears to the three nuclear
stations involved and Nuclear Electric is studying them.

Nuclear Electric emphasised that the computer system had not yet been fully
integrated into the control system for the reactors.  Safety had therefore not
been compromised.

Nuclear Electric said that the system was a management tool for checking
equipment.  In the case of an emergency the reactor would be shutdown
automatically, independently of the Status system.

  [A few of the risks covered: reliability of risk management systems; risk of
  bringing a system into disrepute by the actions of disruptive staff; risk of
  using a system for a year before full testing and manuals are complete; ...
  Anthony Naggs, Software/Electronics Engineer,  PO Box 1080, Peacehaven,
  East Sussex  BN10 8PZ  UK    +44 273 589701  amn@vms.brighton.ac.uk


Re: Evacuation plan, generators fail in World Trade Center blast

Scott E. Preece <preece@urbana.mcd.mot.com>
Thu, 4 Mar 93 14:20:50 -0600
|        [An old story, eh?  Security is almost always considered
|        too expensive until AFTER the disaster...   PGN]

Now let's be fair.  How many other buildings got the same advice and
have not been bombed?  What is the expected benefit, over all major
buildings, of ensuring against an event with probability x?

In any case, what difference would it have made?  It would made the
evacuation a little smoother and less traumatic, but I doubt it would
have saved any lives or gotten the buildings re-opened any sooner.

Managers are always paid to decide how much risk is acceptable when weighed
against how much expense.  There is always some level of disaster against
which you are not protected (suppose it had been a nuclear device).  Maybe
their decision was rotten and they just lucked out in not having a much larger
loss of life; on the other hand, maybe their decision was pretty good and they
had really bad luck in the placement of the bomb coupled with really good luck
in not having any coincident problems to raise the death count.  I don't know
enough to know whether they acted correctly; I doubt that either the author of
the note or the moderator know, either.

scott preece, motorola/mcg urbana design center, 1101 e. university, urbana,
il 61801  uunet!uiucuxc!udc!preece  preece@urbana.mcd.mot.com   217-384-8589


Re: Where to buy emerg. stairwell lightbulbs? (Carlson, RISKS-14.37)

Joel Kolstad <kolstad@cae.wisc.edu>
Tue, 2 Mar 93 15:45:18 cst
>Help keep my building from suffering from 'World Trade Center Syndrome'
>(lack of emergency lighting)... Point me in the right direction please!

From the news I've seen, I got the impression that the emergency lighting was
controlled by a central computer somewhere, although each separate
light/battery pack had a little bit of intelligence of its own.  However,
whoever programmed the emergency light microbrains had a panic routine that
just sat around trying to re-establish contact with the main controller if the
main controller had blown up.  But apparently it skipped the programmer's mind
that, if the main controller had blown up, it just might be a good idea to
turn on the emergency lights.

Does anybody know if this is true?  If so, it's some really poor
programming!  Perhaps comp.risks would be a good place to take this.

                    ---Joel Kolstad


Re: Does Publisher's Clearinghouse Use InfoAm? (Beckman, RISKS-14.37)

Karl Kraft <karl@ensuing.com>
Thu, 4 Mar 93 12:01:56 -0800
More likely, they use a service called National Change of Address.  A
well-known company will (for a fee), update a mailing list to reflect any
changes in address in the last three years.

The well-known company?  The United States Postal Service.

Karl Kraft     karl@ensuing.com


Re: Smells like Green Spirit... (Sorensen, RISKS-14.37)

Barry Salkin <bsalkin@nyx.cs.du.edu>
Fri, 5 Mar 93 09:39:26 GMT
>  A patient in Manchester Royal Infirmary in England was found unconscious
>  after she mixed up the nurse's call button with the one to give herself more
>  painkiller and pressed the latter button impatiently for several minutes.

It is usual practice with Patient Controlled Analgesia (PCA) to have a lockout
on the syringe driver, so that the patient cannot give themselves repeated
doses without sufficient time between them. This not only prevents overdoses,
but also means one bolus (dose) of painkiller has time to act before the
patient is able to give themselves another dose, so that if the first dose is
effective, the second, later, dose will not be administered by the patient.

However, if the syringe driver wasn't set up with the time lockout .....

Barry.   bsalkin@nyx.cs.du.edu or zchag12@ucl.ac.uk


Re: The White House Communication Project (RISKS 14:37)

Joseph T Chew <jtchew@Csa3.LBL.Gov>
Fri, 5 Mar 93 08:09:15 PST
Regarding Bill Clinton's electronic mail, Shellie Emmons
<sme46782@uxa.cso.uiuc.edu> asks, as reported here by
David Daniels <0004381897@mcimail.com>:

>  (1)  When you get thousands of messages a day, how do you
>       respond effectively?

Same way you respond to thousands of letters or phone calls a day: delegate it
to staff members who are trusted to (at least) winnow out whatever wheat there
may be and respond to the chaff with a polite virtual form letter.  There are
480 minutes in a working day; even assuming that our energetic Mr. C. puts in
more than an 8-hour day, he clearly isn't going to give even a cursory
acknowledgement, much less a thorough reading and thoughtful reply, to
thousands of messages.

If any good ideas are received, he could take a "That'll teach 'em to suck
eggs!" approach: have the White House staff find some aide or advisory-panel
opening and invite his tormentor to work toward analyzing and implementing the
idea.  Citizens who envision government policymakers as putting in a six-hour
day in a brandy-and-cigars atmosphere will learn their lesson right quick.  :)

>  (2)  How do you make a public e-mail system inclusive
>       and accessible?

Figure out how to ape Minitel in the context of our technological and cultural
base?  Ignore the problem entirely, given that the older means of
communicating with the government will remain available?

>  (3)  What would happen if e-mail became the primary
>       mode of(mediated) access to government?

The Golden Age of Unix Nerds, that's for sure. :) Seriously, one needs some
analysis of the modes currently used before this question can be answered.
Again, perhaps the key would be to deliberately keep the older modes
available: mail, irate phone calls to one's Congressperson, riding through the
Rose Garden on horseback and shouting at the upstairs windows, whatnot.  With
all due respect to the people who are afraid of disenfranchising the
computer-illiterate, I can't see the new medium drastically changing the way
the government receives input, unless the individual representatives and
staffers *choose* to ignore other forms of input, from letters to phone calls
to lobbyists.

The real RISK, of course, is that the President would discover Usenet News!
:)
     Joe


Re: The White House Communication Project (Daniels, RISKS-14.37)

Randall Davis <davis@ai.mit.edu>
Thu, 4 Mar 93 19:57:21 est
  >From: Shellie Emmons <sme46782@uxa.cso.uiuc.edu>
  >I am currently involved in a research project that is trying to aid the
  >Clinton Administration in making effective use of computer-mediated
  >communication to stay "in touch" with the public.  ...

There are a number of confusions tangled up in this message; I'll summarize.
Ms. Emmons is an undergraduate the UIUC who was asked by a professor to set up
an email list for a research project.  She posted a message about the project
to three newsgroups (comp.human-factors, comp.society, comp.mail-misc),
suggesting more by the description than is entirely correct, and called it
"The White House Communication Project", even tho it has no official
connection to the White House.  The name of the project will be changed.  Jack
Gill is not the name of the White House person who is involved in efforts to
get email running there.

Any email that does go to an address used by Media Affairs Office of the White
House is printed out and handed to the folks who handle ordinary White House
mail; those folks add that letter to the other fifteen thousand (15,000)
letters that the White House gets every day.  Eventually someone may reply
(via US Mail) to the message in exactly the manner that they reply to all of
their hardcopy mail.

There are a number of organizations trying to help the government use email,
one of them is a consortium of researchers led by the MIT AI Lab.

The original message above is of course an example of a computer risk: the
ability to attract a considerable amount of attention and excitement in a very
short period of time; the medium amplifies the message.

Randall Davis, Associate Director, AI Lab


Clinton/Gore technology policy

Bill Gardner <wpg@ethics.med.pitt.edu>
Sun, 28 Feb 93 13:57:32 EST
This is a comment on the technology policy statement announced by Clinton and
Gore on 2/22/93.  The policy initiatives include the substance of the
National High Performance Computer Technology Act that Gore had previously
sponsored in the Senate (e.g., S. 1067 in the 101st Congress).  Central to
that act and the new initiative is the National Research and Education Network
(NREN), a plan to increase the bandwidth of the internet and develop software
for its utilization.  I am concerned that the technology policy does not
adequately address privacy or other concerns about the social implications of
computing, including concerns raised by its proposed initiatives.

In the hearings on the High Performance Computing Act, medical informatics was
one of the applications envisioned for the NREN.  It's also part of the
Clinton technology policy.  The (brief) discussion of medicine in the 2/22
statement is interesting:

         "This information infrastructure -- computers, computer data
  banks, fax machines, telephones, and video displays -- has as its
  lifeline a high-speed fiber-optic network capable of transmitting
  billions of bits of information in a second....
        "The computing and networking technology that makes this
  possible is improving at an unprecedented rate, expanding both our
  imaginations for its use and its effectiveness.  Through these
  technologies, a doctor who needs a second opinion could transmit a
  patient's entire medical record -- x-rays and ultrasound scans
  included -- to a colleague thousands of miles away, in less time
  than it takes to send a fax today."

Well, imagine that ("Hey Sue, lookit chromosome 17 on this guy from the
Farber! 20 bucks at 7 / 5 sez he's malignant in 5 years.  Bet he hopes his
insurer never sees this, har har.").  Without having any expertise here, I
find it plausible that network consults using computerized medical records
would have many benefits for patients.  But it's also clear that implementing
a network-mediated record system that provided secure confidentiality would be
a challenging engineering task.  I mean social as well as computer
engineering, it's the communication among people that is problematic here.

I find much to like in the technology policy, so I would love to be proven
wrong.  Unfortunately, I see little evidence that privacy has sufficient
priority in the current policy or the former High Performance Computing Act.
I would appreciate hearing from others whether the policy adequately covers
other aspects of socially responsible computing.  The technology policy ought
to include a statement of ethics concerning computerized information.  I also
believe that the NREN should follow the example of the NIH's Human Genome
Project, which devotes 5% of its research budget to a program for studies of
the Ethical, Legal, and Social Implications of human genetic research.

William Gardner, Psychiatry Dept, School of Medicine, University of Pittsburgh
Pittsburgh, PA 15213  412-681-1102  wpg@ethics.med.pitt.edu  FAX:412-624-0901


Cellular Phreaks & Code Dudes

John Stoffel <john@wpi.WPI.EDU>
Thu, 4 Mar 1993 18:15:08 -0500
I picked up the premiere issue of a new magazine called "Wired" which
is trying to spread the word about the Digital Revolution.  And
editorial blurb from the inside page is repeated here:

============
WHY WIRED?

Because the Digital Revolution is whipping though our lives like a Bengali
typhoon - while the mainstream media is still groping for the snooze button.
And because the computer "press" is too busy churning out the latest
PCInfoComputingCorporateWorld iteration of its ad sales formula cum parts
catalog to discuss the meaning or context of SOCIAL CHANGES SO PROFOUND their
only parallel is probably the discovery of fire.

There are a lot of magazines about technology.  "Wired" is not one of them.
"Wired" is about the most powerful people on the planet today - THE DIGITAL
GENERATION.  These are the people who not only foresaw how the merger of
computers, telecommunications and the media is transforming life at the cusp
of the millennium, they are making it happen.

OUR FIRST INSTRUCTION TO OUR WRITERS: AMAZE US.

Our second: We know a lot about digital technology, and we are bored with it.
Tell us something we've never heard before, in a way we've never seen before.
If it challenges our assumptions, so much the better.

So why not now?  Why "Wired"?  Because in the age of information overload, THE
ULTIMATE LUXURY IS MEANING AND CONTEXT.

Or put another way, if you're looking for the soul of our new society in wild
metamorphosis, our advice is simple.  Get "Wired".

-LR [jfs: Louis Rossetto]

You can reach me at 415-904-0664 or lr@wired.com
================

Along with this they had an interesting article on "Cellular Phreaks and Code
Dudes" by John Markoff (markoff@nyt.com), which discusses how the latest rage
of Silicon Valley hackers is Cellular phones.  He gives an example of how two
phreaks hacked into an OKI 900 cellular phone and some of the features they
discovered:

  o how to use it as a cellular scanner.

  o the manufacturer's interface so you can attach the phone to a
    portable computer.

  o one of the phreaks wrote some software to track other portable
    phones as they move from cell to cell, this allows him to display the
    approximate locations of each phone since he knows the geographical
    locations of each cell.

  o having the phone watch a specific number, and when that number is
    used, pick up and by using a simple sound activated recorder, you've
    made an instant bugging device!  Maybe all the spies in Common Market
    who were worried about having point to point encryption on cellular
    phones didn't think of this trick?

I found this article to be worth the cost of the magazine, as it ties in
directly with RISKS readers here have been talking about.  Now if it is this
easy to hack this phone, how hard would it be to hack into the general
cellular phone service machines, those that handle the passing of phones from
cell to cell?

The down side was the really annoying format, which seems to be
"Techno-babble-obnoxious" with arbitrary changes in typeface, orientation, etc
as you flip through pages.  I felt that this detracted from the overall look
of the information they were trying to present, making it harder to
assimilate.  I'd be interested in talking to anyone else who has read this
magazine too.
        John

Please report problems with the web pages to the maintainer

Top