[Source: *LA Times* article, 16 Sept 2004, by Ricardo Alonso-Zaldivar, Eric Malnic and Jennifer Oldham, PGN-ed] http://www.latimes.com/news/local/la-me-faa16sep16,1,5928253,print.story ?coll=la-home-headlines Two separate human errors caused a breakdown in radio communications around 4:30 pm on 14 Sep 2004 that lasted for three hours and brought Southern California's major airports to a near-stop. There were at least five instances in which planes came too close during the first 15 minutes of the communications breakdown. The FAA's radio system in Palmdale shut itself down because a technician failed to reset an internal clock -- a routine maintenance procedure required every 30 days by the FAA. Then a backup system failed, also as a result of technician error, officials said. (The Palmdale radar system did not shut down.) FAA officials said they had known for more than a year that a software glitch could shut down radio communications and were in the process of fixing it. In the meantime, they required manual resetting of the communications system -- a process they described as similar to rebooting a personal computer. The problem so far has been corrected only in Seattle, one of 21 FAA regional air-traffic control centers that have used the system since the mid-1990s. [This is the same problem that was discovered over a year ago in the Atlanta ATC facility.] About 30,000 passengers were affected, with 500 or 600 spending the night in the terminals. The backlog of incoming flights was not cleared until 3 a.m. Wednesday. At LAX, 450 flights were diverted or canceled and another 150 were delayed. An additional 32 were canceled Wednesday morning because the aircraft did not arrive Tuesday night. Neighboring airports also experienced significant delays.
I was struck by the details at the end of the *Los Angeles Times* article [PGN-ed herewith]: http://www.latimes.com/news/local/la-me-faa16sep16,1,3729661.story ?coll=la-home-headlines ... As originally designed, the VSCS system used computers that ran on Unix. The VSCS system was built for the FAA by Harris Corp. of Melbourne, Fla., at a cost of more than $1.5 billion. When the system was upgraded about a year ago, the original computers were replaced by Dell computers using Microsoft software. Baggett said the Microsoft software contained an internal clock designed to shut the system down after 49.7 days to prevent it from becoming overloaded with data. Software analysts say a shutdown mechanism is preferable to allowing an overloaded system to keep running and potentially give controllers wrong information about flights. Richard Riggs, an advisor to the technicians union, said the FAA had been planning to fix the program for some time. "They should have done it before they fielded the system," he said. To prevent a reoccurrence of the problem before the software glitch is fixed, Laura Brown, an FAA spokeswoman, said the agency plans to install a system that would issue a warning well before shutdown. Greg Martin, the chief FAA spokesman in Washington, said the failure was not an indication of the reliability of the radio communications system itself, which he described as "nearly perfect."
According to a report I heard this morning on KCRW, the system shut itself down on purpose because it had not received its regular 30-day preventive maintenance! At first glance this seems crazy: a nicely functioning system comes to a halt because some calendar flipped over. There were several close calls on Tuesday because a 30-day timer expired. However, a coworker of mine made a good point on the likely reason the system designers took the 30-day time period so seriously: Records. These systems record radar data and radio transmissions. After 30-days the tapes (or whatever they use) are probably full. That's pretty serious. It *is* a safety concern, but probably not something worth halting over. It is instead a situation to be avoided. I suggest that several days before the clock is up the system should complain loudly, and probably complain to the air traffic controllers who are in a position to notice and to do something about it. Were this a modern system (doesn't the FAA periodically try to build a replacement and fail?) I would suggest that there also be e-mailed warnings, and that if the limit is reached, the system start overwriting old data instead of shutting down. As it is, the system might not be capable of either. However, be wary of systems that degrade gracefully, for unless they inflict some pain in an attempt to right their hurt, they will tend to always operate in a degraded state.
Nothing new, of course. If one is going to share a network with the world, and have no meaningful controls or security, the result is almost always going to result in the following type of news item. Only 7,345 viruses in a day or two? Not all that bad, is it, if they were all stopped and did no damage, and we do NOT know what was defined as a virus, nor whether the code was viral, or simply backdoors and other junk. South Korea's Incheon International Airport was reported to be highly vulnerable to online attacks from hackers and viruses. Incheon's computer network is vulnerable because it's shared by private airlines and tourist agencies located in the airport. The National Intelligence Service said in a report that 7,345 computer viruses were detected May 3-4 in 116 businesses operating within the airport, and that electronic glitches could lead to flight crashes or other accidents. "There is a high possibility that Incheon International Airport will be exposed to online attacks like computer viruses and direct hacking." [Source: UPI via *Korea Times*, 4 Sep 2004, PGN-ed]
Cyber attacks are increasing in frequency and impact. These attacks continue to demonstrate that there are extensive vulnerabilities in information systems and networks, many with the potential for serious damage. In an effort to reduce these vulnerabilities, the Department of Homeland Security's Science and Technology Directorate (DHS S&T) has issued a Broad Area Announcement (BAA 04-17) [see http://www.hsarpabaa.com/] for the research, development, and deployment of technologies to protect our nation's cyber infrastructure. DHS S&T intends to evaluate cyber security technologies for use in operational units within DHS, as well as federal, state, and local sectors -- for the purpose of increased homeland security. Many of these technologies will address security needs in the larger public Internet as well. HSARPA anticipates that up to $4.5M in funding in FY 2004 will be available for multiple awards via the solicitation, with a total anticipated amount of $12-15M over the next 36 months. Copies of the BAA may be downloaded from the FedBizOpps web site at www.FedBizOpps.gov or at www.hsarpabaa.com. The HSARPA CSRD BAA 04-17 solicits proposals that address at least one of the seven technical topic areas: TTA 1 - Vulnerability Prevention TTA 2 - Vulnerability Discovery and Remediation TTA 3 - Cyber Security Assessment TTA 4 - Security and Trustworthiness for Critical Infrastructure Protection TTA 5 - Wireless Security TTA 6 - Network Attack Forensics TTA 7 - Technologies to Defend against Identity Theft In addition, HSARPA will hold an Industry Day and Bidders Conference for the CSRD BAA on September 23rd at the Hilton Crystal City in Arlington, Virginia. All interested attendees must register online at https://www.enstg.com/signup/passthru.cfm?ConferenceCode=DHS26146 or linking from www.hsarpabaa.com. Douglas Maughan, Ph.D., Program Manager, Cyber Security R&D Department of Homeland Security, Science and Technology Directorate Homeland Security Advanced Research Projects Agency 1120 Vermont Avenue, NW, 8th Floor, Washington, DC 20528 Phone: 202-254-6145 Fax: 202-254-6170 Cell: 202-360-3170 E-mail: Douglas.Maughan@dhs.gov [I thought this item would be of interest to many RISKS readers -- not just those of you who might write proposals, but to the rest of you who have a keen sense of the vulnerabilities and threats that desperately need to be addressed more systematically. PGN]
Computer woes keep many students from class sign-up By Hiawatha Bray, *The Boston Globe*, 14 Sep 2004 For 25,000 students and faculty on the Amherst campus of the University of Massachusetts, last week's start of the new term was even more hectic than usual, thanks to a computer malfunction that prevented many students from signing up for classes. ... The university uses software from PeopleSoft Inc. to manage student registration. During the summer, campus computer administrators installed the latest version of the software but apparently something went wrong. http://www.boston.com/business/technology/articles/2004/09/14/registration_nightmare_at_umass/
In the 1980s, when it was discovered that the wife of the leader of the free world was using an astrologer to chart her husband's political career, it was noted that the exact same practice was predicted by Robert A. Heinlein in his book, "Stranger in a Strange Land" which was published more than a generation before the revelations about Nancy Reagan. Robert Heinlein also showed how you can steal an election without anyone being the wiser: you use a computer system to count votes, where the computer system's integrity is trusted and there is no means to provide a reliable audit trail outside of the computer system. He wrote about that in "The Moon is a Harsh Mistress" which was first published in 1966. And nearly 40 years later, (almost) nobody seems to have remembered yet another of the late, great Bob Heinlein's prophetic views. "The lessons of history teach us -- if the lessons of history teach us anything -- that nobody learns the lessons that history teaches us."
Nevada $9.3 million voting system worked well in last week's primary. California official Marc Carrel, who observed the election, says, "They were incredibly organized. I think California could pull off a similar election if we had adequate training and education programs for poll workers and voters." Printers attached to the systems offer assurances that elections can be fully audited, and a spokesman for Sen. Dianne Feinstein says, "The Nevada election demonstrates that you can have efficient electronic voting machines yet at the same time have a paper trail so voters can be assured they've voted accurately and their vote is being recorded accurately." But Georgia elections director Kathy Rogers warns that the printers could have unintended consequences, allowing unethical poll workers to determine how individuals voted: "We seem to have traded a secret ballot for this piece of paper." [AP/*USA Today*, 13 Sep 2004; NewsScan Daily, 13 Sep 2004] http://www.siliconvalley.com/mld/siliconvalley/9647591.htm
The Chief Election Officer ("CEO") of Ontario has produced a report "Access, Integrity and Participation: Towards Responsive Electoral Processes for Ontario" http://www.electionsontario.on.ca/usr_files/election_report_2003_en.pdf in which he calls for the examination of "21st century automation" such as electronic and Internet voting. I'm not sure what problem they're trying to fix. Cringely has said "My model for smart voting is Canada" because of our simple paper-based, hand-counted system. http://www.pbs.org/cringely/pulpit/pulpit20031211.html Unfortunately, many Canadian elections officials seem determined to bring in electronic voting technologies anyway. There has already been Internet voting in Markham Ontario. http://tinyurl.com/2sv8j New Brunswick's chief electoral officer also is interested in electronic voting, which has already been tried in Saint John NB. http://tinyurl.com/7x3nj There doesn't seem to be any organized opposition to electronic voting in Canada. I have written a summary of the current situation in my blog about the issue, Paper Vote Canada. http://tinyurl.com/3vqqu http://blog.papervotecanada.ca/2004/06/summary-of-canadian-electronic-voting.html (This story has also been submitted to Slashdot.) Richard Akerman <firstname.lastname@example.org> http://www.akerman.ca/
Maryland's highest court has rejected demands to allow citizens who distrust TouchScreen voting machines to use paper ballots to ensure the paperless devices are accurate and secure. Ryan Phair, attorney for the defeated plaintiff group called TrueVoteMD, complains: "We're basically playing Russian roulette. We know there is vulnerability. It is just a matter of time until it happens." TrueVoteMD vows to continue its legal battle to force the state to use printers on electronic machines in future elections. [AP/*San Jose Mercury News*, 14 Sep 2004; NewsScan Daily, 15 Sep 2004] <http://www.siliconvalley.com/mld/siliconvalley/9662979.htm>
Washington State was forced to implement a primary that required the voter to declare a party preference before voting for that party's candidates. In addition, the ballot contained a nonpartisan section that all voters were supposed to be able to use, whether or not they declared a party preference. News story: http://seattletimes.nwsource.com/html/localnews/2002036002_primary15m.html <http://seattletimes.nwsource.com/html/localnews/2002036002_primary15m.html> After the machine returned his ballot, a poll supervisor at Hobart Community Church asked whether he had chosen a political party (he had not) and whether he had deliberately not chosen a party. His ballot was accepted only after the supervisor opened the machine and pressed a button overriding its programming. "So much for secret ballots," said Sterling, who claims that yesterday's voting procedures violate the state constitution's guarantee of "absolute secrecy" in preparing and depositing ballots. At some King County polling places, the override button either didn't function properly or workers didn't know how to use it. Stephen McCloskey watched a frustrated nonpartisan voter declare a party preference at St. Anne Church in Seattle because a poll worker couldn't find any other way to get a machine to accept the woman's ballot. When a voting machine wouldn't accept David Miller's nonpartisan ballot at Crown Lutheran Church in Seattle, a poll worker put his ballot on the side of the machine to be counted later. "This leaves my ballot unprotected for marking at a later time," Miller said.
As an IEEE member, I recently received my ballot to vote for various offices. The paper ballot very carefully says that "The order of candidate names indicates no preference. Ballots have been prepared so that the order randomly varies." You then have the option of voting on the paper ballot by traditional mail or voting electronically. Feeling adventurous, I went the electronic route and surprise, the electronic ballot has the candidates' names for each office in alphabetic order. The risk? The two voting methods (paper vs electronic) may provide different results, based on the spelling on the candidates' name. It's well-known that candidates listed at the top have an advantage over those listed further down. If my name were John Adams, I'd be pushing for people to vote electronically. Jim Meade / Systems Engineer
Standard GPS is nowhere near accurate enough for this sort of application. It's possible that the designers assumed that they would be able to use EGNOS-enhanced GPS signals, which will give 1-2 metre accuracy, but at the time of writing, I don't think that the UK falls within the footprint of any EGNOS-transmitting satellite, due to a combination of EGNOS system implementation delays and a satellite launch problem (both well-known RISKs, of course). The discussion as to whether or not a system with even this degree of accuracy, and the complexity of manual override described, is a good idea, is of course still equally valid.
The Department of Defense is handing out contracts for a project to record what soldiers see and do in battle zones. The new initiative closely resembles another, called LifeLog, that the Pentagon scrapped months ago. Wired.com article by Noah Shachtman: http://www.wired.com/news/privacy/0,1848,64911,00.html?tw=wn_story_mailer
When the Red Cross started asking for SSN, long before identity theft and data mining hit the popular lexicon, I refused and they just assigned an in-house number. What I remember is the nurse's immediate response: "Do you work for IBM?". When queried, she said that at blood drives at the IBM division headquarters none of the engineers and programmers would give their SSNs. When I suggested that perhaps they knew something she didn't, she acquired a rather thoughtful expression that lasted through the rest of the interview.
I reported in RISKS-23.51 on the Siemens 65 family of mobile phones that suffer from, if you will, terminal screaming (a painfully loud sound when the battery is empty). Siemens rushed to put an update on its site, bringing down the wrath of many mobile phone providers who had had to pull the phones off their shelves and had not yet tested the update. They forced Siemens to remove not just the link but also the files until they were happy with the fix. On 9 Sep 2004, Siemens blanketed the print media with a very unconventional ad  - "Oops, that was our moose test" (DaimlerBenz had some problems 1997 with tests they performed on their A-class cars  - when doing the 'moose test', i. e. swerving to miss a big thing in the middle of the road, the cars had an annoying tendency to flip over). In a very friendly, humorous but rueful tone the ad describes the "little technical problem" that is "extremely seldom", but we owe it to our customers etc. who expect quality products etc. etc. It then goes on: "We have learned that nobody is perfect. But one can learn from errors, and react honestly, openly, and fairly." [translations dww] This is an amazingly open ad from a company that prefers rather cool, calm, and collected, buttoned-up ads. So even with the technical problems the company has had, they seem to have hired some good spin doctors. The software update is at  - there are *10* different versions, one for each type of mobile phone. Wouldn't it make business sense to have just one sort of basic kind of program that was modular and would work on all of the different kinds of phone?  http://www.krisennavigator.de/mafa4-d.htm  http://www.gwa.de/modules/news/index.php?show=all&news_id=1439&pos=0  http://www.siemens-mobile.de/cds/frontdoor/0,2241,de_de_0_66868_rArNrNrNrN,00.html Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin +49-30-5019-2320 http://www.f4.fhtw-berlin.de/people/weberwu/
The woes of the German TollCollect (RISKS-23.51) continue as the German government sues the consortium of Telekom and DaimlerChrysler to the tune of 4.5 billion Euros for damages arising because the toll system, which was supposed to start in August 2003, has now slipped to January 2005. The consortium vigorously denies needing to pay anything. The *Berliner Zeitung* from 10 Sep 2004 quotes an internal report by DaimlerChrysler that states "The possibility of a late deployment was clear from the very beginning." These are normal, well-known "risks for the project development and project implementation". So we don't know how to do it any better? The article goes on to report that both the German transport ministry and TollCollect now no longer doubt the technical feasibility of the system. (If they did have doubts, why were they building such a complicated and expensive system with tax dollars in the first place?!). The reliability testing is now said to be at 99% (up from 97% 2 weeks ago, if this is indeed based on a test and not on a reporter's exaggeration). There need to be about 500 000 OBU (On Board Units) installed on trucks by the beginning of next year. Two weeks ago we had 37000 reported installed, now we have 45000 units reported installed. There are 15 more weeks in the year, so if they continue at this rate they will only have to put in about 280 000 units between Christmas and New Year's to have a functioning system.... Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin +49-30-5019-2320 http://www.f4.fhtw-berlin.de/people/weberwu/
Germany seems to be a hotbed of stuff like this at the moment. There is a monstrous disaster brewing over the new unemployment system. At the rate at which the politicians are assuring people that everything will work just fine on 1 Jan 2005, I am sure that it will be in the class of the toll collect woes. This one might just bring down the government, though, because the mob is angry. And if they don't get their unemployment checks cut on time, there will be hell to pay....
In response to Dan's story about air travel without an ID - here is a similar one originating in Seattle. Last September (2003), my SO and I were flying from SEA to Charlotte NC where we planned to pick up a car and drive down to Georgia. When we were about 15 minutes from SeaTac -- and 20 minutes from home with a little more than an hour before our flight -- Mike realized he had left his wallet at home. We ride motorcycles, and he had put his wallet in his gear because he needed to buy gas. He forgot to put it back in his pants. I phoned the airline, even though we knew we'd never make it if we drove home, got the wallet, and returned -- unless the plane was running late (an unusual occurrence for a red-eye flight). The person on the other end (United) said that the decision to let him fly or ground him would be made by both the check-in desk and security: in other words, two gauntlets. He did have his Microsoft photoID, because he wears it on a retractable clip and it lives on his pants. Unlike Dan, Mike had NO ID other than his MSFT badge -- no credit cards, no SS card, not even a business card. Fortunately, I'd made the flight arrangements (and had ID and CC) and we had our boarding passes, which were printed at home. Like Dan, Mike was shuttled through a more invasive security check in. "No ID?" was the question that greeted him as well. No other questions, even though he sports a ponytail. We had a friend overnight mail the wallet (yeah FedX) the next day, because we were to be gone for a week, and we didn't want to chance his not being able to fly out of Charlotte. And yes, there were risks, there, too, but at the time, we thought they were the lesser of the two sets. Kathy E. Gill, Department of Communication, University of Washington http://faculty.washington.edu/kegill/
Please report problems with the web pages to the maintainer