The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 2 Issue 54

Sunday, 25 May 1986


o Meteorites
Larry West
o Meteorites, Chernobyl, Technology, and RISKS
Peter G. Neumann
o London Stock Exchange Computer System Crash
Lindsay F. Marshall
o Backup
Fred Hapgood
Bruce O'Neel
o Info on RISKS (comp.risks)


Larry West <>
21 May 1986 2309-PDT (Wednesday)
An article on page 11 of the Wed 21 May New York Times raises an issue I
haven't quite seen raised here before.  It's only partly related to
automation, but that relation is a threatening one.

The article is titled ``Consequences Weighed of Meteorite Explosion'' and
reports on the semi-annual meeting of the American Geophysical Union in
Baltimore.  The article is by Walter Sullivan and is too well-written to
condense satisfactorily, but I'll try:


  Meteoric explosions on the scale of the 1908 event in Siberia (12 Megatons)
  are expected about once per century, and somewhat smaller (but still in the
  range of nuclear explosions) events should happen more frequently.

  Although the US, USSR and Europe could ``probably'' detect that the
  explosion was non-nuclear, and thus avoid an inappropriate reaction, this
  would be less true in, say, the Middle (Near) East or India & Pakistan.
  ``Also, [specialists] said, the response of highly automated systems, such
  as the proposed Strategic Defense Initiative, could not be predicted.''

  Even without a military response, the after-effects could be devastating:
  filling the atmosphere with sun-blocking particles and curbing food
  production.  Currently, there is roughly a 70-day supply of food on hand in
  the world [which surprises me -- LW] but a very large meteor could reduce
  sunlight for two years.

  Further, the most energetic explosions will come from those meteors
  travelling the fastest (and sometimes coming from outside the solar system),
  and thus the most difficult to predict.

  ``The discussion took place at a session on natural hazards ...  Presiding
  was Dr. Joseph V. Smith of the University of Chicago, who has been calling
  for an Internation Decade for Hazard Reduction that would begin in 1990.
  That effort would be aimed at reducing loss of life, particularly from
  catastrophes that are on a very large scale but sufficiently rare to have
  been largely ignored.  The plan was first suggested in 1984 by Dr. Frank
  Press, now president of the National Academy of Sciences.''

  ``Dr. Smith .... also urged the initiation of an International Decade on
  Stockpiling for Survival, including development of new techniques for
  effective, economical storage of ... foods''

  Various methods of dealing with a meteor were mentioned, including nuking it
  and firmly pushing it aside.  The main problem is being prepared and being
  able to reach the meteor in time.


Hope this hasn't gone too far afield from the focus of this mailing list...

Larry West              USA+619-452-6771
Institute for Cognitive Science     non-business hrs: 452-2256
UC San Diego (mailcode C-015)
La Jolla, CA  92093  USA
ARPA:   <west@nprdc.ARPA> or  <west@ucsd.ARPA>
DOMAIN: <>  or  <>

Meteorites, Davis-Besse, Chernobyl, Technology, and RISKS

Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Sun 25 May 86 11:27:51-PDT
Larry West wonders whether his Meteorite contribution has strayed too far
afield for RISKS.  I think not.  One of the biggest risks of using computers
in critical environments is that we tend to trust them blindly -- even if
the models on which the systems are based are incomplete.  In connection
with an article on the 46 US Senators who are seeking to cut back the SDI
budget, Senator William Proxmire is quoted in the Washington Post of Friday
23 May 1986:

           "Challenger and Chernobyl have stripped some
            of the mystique away from technology."

Some of the blind trust naively placed in technology may lessen for a while
after such incidents as the Challenger (together with the other recent NASA
difficulties) and Chernobyl.  But it always seems to return fairly rapidly,
and the lessons are quickly forgotten -- by those who use, depend upon,
operate, administer, and regulate the technology.  Anticipating the events
that might follow the appearance of such a giant meteorite is vital [to
avoid administering last Meteor-Rites?].  (This possibility recalls the old
case of BMEWS at Thule "recognizing" the moon as an incoming missile.)

As another example of blind trust, the WashPost of Sat 24 May had an article
reassessing the Davis-Besse Nuclear Power Plant emergency shutdown last
June.  "[E]xperts say, Davis-Besse came as close to a meltdown as any U.S.
nuclear plant since the Three Mile Island accident of 1979.  Faced with a
loss of water to cool the reactor and the improbable breakdown of FOURTEEN
separate components, operators performed a rescue mission noted both for
skill and human foible:  They pushed wrong buttons, leaped down steep
stairs, wended their way through a maze of locked chambers and finally saved
the day last June 9 by muscling free the valves and plugging fuses into a
small, manually operated pump not designed for emergency use."  [Emphasis on
FOURTEEN is PGN's.]  The article goes on to describe prior power-company
foot dragging and bureaucratic wrangling, despite the lack of a backup pump
having been identified as an intolerable risk long beforehand.

The WashPost of Thursday, 22 May 1986 shed a little more light on what
happened at Chernobyl.  (In case you could not guess, I was in DC for the
week.)  Could an experiment have gone awry?  Human error and/or system error?

  The Soviet Union was conducting experiments to check systems at
  Chernobyl's fourth nuclear reactor when a sudden surge of power touched off
  the explosion last month, a Soviet official said ... Soviet officials have
  said that the explosion happened when heat output of the reactor suddenly
  went from 6 or 7 percent to 50 percent of the plant's capacity in 10
  seconds.  The power had been reduced for a prolonged period in preparation
  for a routine shutdown...  "We planned to hold some experiments, research
  work, when the reactor was on this level," Sidorenko [deputy chairman of
  the State Committee for Nuclear Safety] said today [21 May].  "The
  accident took place at the stage of experimental research work."

Peter G. Neumann

London Stock Exchange Computer System Crash

"Lindsay F. Marshall" <>
Fri, 23 May 86 09:40:23 gmt
The other day I saw a headline that said the London Stock Exchange had
been disrupted by a system crash. There were no more details. Does anybody
know anything more??

Lindsay F. Marshall, Computing Lab., U of Newcastle upon Tyne, Tyne & Wear, UK
  ARPA  :
  UUCP  : <UK>!ukc!cheviot!lindsay


Sat 17 May 86 08:32:13-EDT
    What is needed here is a service that will automatically come
into your computer at 4 a.m., or whenever, look around inside your hard
disk, make a record of the bytes that have changed since the previous
night's checkup, and download those to some off-site storage device.
Such a system would have the double advantage of being totally automatic
and of storing backups off-site, safe from the effects of user stupidity,
which is a much better reason for off-site backups than fire or burglary.
People worried about security can have the system encrypt everything
before the service is allowed in.

   [The Get-Rite Backup Company provides an off-the-shelf program that you
    might want to try.  Unfortunately, they were the lowest bidder, and
    took a lot of shortcuts -- the most important of which is that nothing
    is ever actually saved.  Of course this never bothers you unless you need
    to retrieve something.  Unfortunately, the program was sabotaged by
    Get-Rite's competitor, Trojan-Horses-for-Stud (to whom "backup" has an
    entirely different meaning).  They lived up to their name, and managed
    to install a Trojan Horse that, upon first request by you to retrieve a
    file, simply deletes ALL of your on-line files and then disappears into
    the woodwork.  I hear that they will also take large bribes if you want to
    wipe out other users' files on demand.  PGN]


Sat, 17 May 86 12:51 EDT
Re: Management monitoring of backups.

I have a feeling that in educational institutions where the choice is given
between hiring someone to do backups for people and "forcing" people to do
the backups themselves, hiring someone (undergrad student) will get the nod.

Just a small thought.

bruce (zwbeo@vpfvm.bitnet)

         [A THIRD choice usually wins: Do nothing at all until after
          you get wiped out.  PGN]

Please report problems with the web pages to the maintainer