Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
An unarmed Tomahawk cruise missile malfunctioned and landed unexpectedly
during a test launch at Eglin AFB last Saturday (8/2/86). The missile,
launched from the battleship Iowa at 10:15 am CDT, flew successfully for 69
minutes before deploying its recovery parachute for reasons not yet
determined. The missile made a soft landing in an uninhabited area 16 miles
west of Monroeville, Alabama. No injuries or property damage were reported.
The cause of the failure is not yet known. The missile, which suffered no
apparent external damage, was recovered and returned to the General Dynamics
works in San Diego for investigation. The missile was the second in four
launches to land outside the 800-square-mile Eglin reservation. Last December
8, the first Tomahawk launched at Eglin landed near Freeport, Florida. The
cause of that failure was a procedural problem which caused portions of the
missile's flight control program to be erased during loading.
Saturday's failure followed a successful Tomahawk launch on the previous day.
A missile launched from the destroyer Conolly successfully flew a 500-mile
zigzag course over southern Alabama and the Florida Panhandle before landing
at the designated recovery point on the Eglin range.
— Martin J. Moore
To: Art Evans <Evans@tl-20b.arpa>
cc: Risks@csl.sri.com
Subject: Re: Aircraft simulators and risks
Date: Tue, 05 Aug 86 09:45:51 -0800
From: Gary Wemmerus <gfw@ICSE.UCI.EDU>
I heard a story about the DC-10 crash at O'Hare in 1979 that might
be the one you mentioned.
After the crash, they programmed that sequence of events into the
simulator and tried out pilots on it. Every one of the pilots that followed
the correct procedures as listed in the MANUAL for that sequence of events
CRASHED. The problem was that the sequence of events did not include loss
of an engine, just loss of engine power, and did not take into account total
loss of hydraulic power. I have heard that there are no instruments on the
DC-10 that would tell a pilot that the engine was gone, just that there was
no power from it.
When pilots tried a different way or responding to the sequence of
events, I believe that a successful landing was achieved 80% of the time. I
think that there was no problem with the simulator, but there were two sets
of events that led to one set of indicators to the pilot, and the manual
listed the correct procedure for the other set of events. My guess is that
they never expected the sequence that occurred and have now come up with a
way to distinguish between the two events.
-gfw
PS. A lot of this is from second-hand sources, so I cannot totally vouch for
its accuracy.
Along with the problems of wrong model is the problems with not
testing at proper extremes or making bad assumptions. About 15 years
ago a new shopping mall was being built in Salt Lake City. The
engineers (and architects?) from California consulted their data
books (or ran their CAD systems) and determined the amount of weight
the building needed to support to make it through a desert winter.
Even though Utah is a desert, we get 1 foot snowfalls in twelve-hour
periods. The roof caved in at the first big snowfall of the season.
Luckily the mall hadn't opened yet. They did fix it and the mall
hasn't had any problems since.
Brad Davis
Larry Van Sickle asks the question "Is it doable?" regarding the use of an "expert system" to screen out or to identify potential espionage agents. From my sixteen years of experience in positions which require a security clearance and actually access to classified defense information, I conclude "NO!" The reason is that potentially millions of government as well as contractor employees have clearances with access to national defense information. I find it incredible to belive that any "expert system" could realistically factor in all the variables which might cause an individual to be recruited for espionage or to recruit him or herself for such activity. Second, while the news media has reported the apparent "greed" of the most recent batch of US citizens involved in espionage against their country, I would surmise that there were probably equally compelling personnel and philosophical reasons for their actions. Whenever there is an in-depth damage assessment of espionage cases "after the fact," it seems historically that there are many motivations at work. Third, if "disaffection" might be one of the causes of a successful espionage recruitment, then the problem is magnified by the very bureaucracy that employs individuals with security clearances. For example, there has not been a President or Executive Branch since 1970 which has not proposed that the Federal workforce is a collection of lazy, misfits who could not be employed anywhere else. There has never been a sustained call for "excellence" in the government on the assumption that this is a contradiction in terms. How could any "expert system" factor in cuts in salary, retirement and benefits without-- perhaps with some exaggeration-- potentially disqualifying the entire workforce. The defense contractor side of the house experiences the same sort of problems as it goes through one cycle after another in which today we build the B-1 bomber and the next day we shut down the line. Finally, although I do not have the benefit of reading the actually article which Larry mentions, it does appear that the so-called "former intelligence analyst" has confused the issues of "suitability" and "loyalty". Just because an individual has financial problems does not necessarily mean that he will spy against the US. While "suitability" factors may appear in actual espionage cases to have had some influence on "loyalty," they are usually never the sole reason. Indeed, if "greed" alone were a factor, why have so many people "sold" themselves so cheaply?
Date: Tue, 5 Aug 86 21:41:12 edt
From: decwrl!decvax!LOCAL!utzoo!henry@ucbvax.Berkeley.EDU
To: LOCAL!CSL.SRI.COM!RISKS
Subject: Computer and Human Security
Lindsay F. Marshall writes, in part:
> I feel that there are significant differences between the quality of the two
> sorts of security... there are many instances where computer
> security seems very much more superficial than human security...
The other side of this coin is that there are many instances where human
security is very much more superficial than computer security. How many
times have you been waved through a gate by a guard who knows you? Does
he really consider the possibility that your pass might have been revoked
yesterday? Yes, I know, they're supposed to always check, but it often
doesn't work that way in practice. Especially if there is something else
distracting them at the time. An electronic pass-checker box, on the other
hand, does not get distracted and doesn't get to know you. Human security
can be bribed, coerced, or tricked; these tactics generally don't work on
computers. Their single-minded dedication to doing their job precisely
correctly and ignoring everything else blinds them to "out-of-band" signs
that subversion is taking place, but it also blinds them to "out-of-band"
methods of subversion.
The best approach is to combine the virtues of the two systems: use
computers for mindless zero-defects jobs like checking credentials, and
use humans to watch for improper use of credentials, attempts to bypass
credential checking, and anomalies in general. One gray area is checking
the match between credentials and credential-holders: this generally has
to be done by humans unless the credentials are something like retinagrams.
Henry Spencer @ U of Toronto Zoology
{allegra,ihnp4,decvax,pyramid}!utzoo!henry
I talked to one of our bio-geo-chemists. There is a popular article which
he feels is a good introduction to the players of this research including
good references:
Nature, 321, June 19, 1986, pp. 729-730
To reiterate: all of the postings I have seen on Risks almost make this
sound like either a conspiracy or foot dragging by the earth science
community. Eight years is nothing in the span of research in the earth
sciences. That was also the length of time involved in the Palmdale Bulge
research which turned out to be erroneous.
My contact, Greg, has seen papers suggesting natural mechanisms for ozone
depletion in the Antarctic. There is insufficient money and time to
research long-period phenomena. Note: this brings up the issue of fast
developing trends with slow thinking scientific communities, but that is
another issue.
--eugene miya, NASA Ames
[The AAAS Science article is on page 1602 of the 27 June 1986 issue.
It points out the increasing depletion (now 50%) in the ozone layer
for a short period in October compared with the 1979 norm. It does
not deal with the reported software problem. PGN]
There was an item on the ITV News at Ten last night about the record 62-point fall of the Dow Jones Index about a month ago. Since it was on TV, I can't report it verbatim, but the gist was as follows: "Experts are convinced that the record fall was almost entirely due to the use of computer programs that automatically sell stock when certain conditions are triggered. [...stuff about the cash index falling below the futures index...] Whereas a fall of this magnitude would have been disastrous a few years ago, nowadays it hardly causes a hiccup. The big shareholders are quite capable of withstanding a swing of 40 points or more in a day, although the small investor suffers. Although computers are blamed for this sort of instability, they are also credited with keeping the market at its high level over the last 6 months. However, members of the public would be concerned if they were aware of the increasing use of technology, not just because of the problems of the small investor but also because decisions are now being taken based solely on movements within the market, without consideration of external economic factors." I also saw something in The Times suggesting that the fall was "aggravated" by the use of such programs a few days after the incident occurred - maybe ITV were reporting the result of an investigation into the causes. There has been a recent trend towards relaxing controls and regulations in the financial markets. There will shortly be what is known as the Big Bang in the UK and this has caused a great deal of activity in the City with companies that have traditionally performed separate functions being allowed to merge, and several giant financial organisations forming. There has been a lot of headhunting with astronomical (by British standards :-) salaries being offered, first for dealers but more recently for those with computing experience. Sophisticated computer systems are planned, and apart from just displaying information, I expect there will be more programs to buy and sell automatically. Another aspect of the mergers will be the need to establish what are called Chinese Walls within institutions to prevent the unethical use of confidential information. For example, one part of an institution may be giving financial advice to some company which another part of the same institution could use to speculate - the same institution would not have been allowed to perform both roles under the regulations before the Big Bang. The Chinese Wall problem is really a standard security problem with the computing system being divided up into multiple partitions between which information flow is not allowed. Human leakage is likely to be more of a problem. Increasing dependence on technology has obvious reliability implications, but I am more concerned about whether automatic trading is likely to have a destabilising influence. Modern telecommunication has made it possible to have a 24 hour world currency futures market in which vast sums (1 billion/day) are traded rapidly for minute gains. This is pure speculation, creating money out of nothing with no connection to the outside world, (unlike other futures markets which at least have some basis in reality providing a guaranteed market for some commodity). I feel that programs will be able to react too quickly for the wrong reasons with possibly disastrous consequences. Equally, they could create a false sense of security and an artificially inflated market by buying instead of selling. Although some of these concerns are political rather than technical, and I am in no sense a financial expert, I would appreciate a discussion of these issues and some information about the heuristics and safeguards built into these automatic trading programs. Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne. ARPA robert%cheviot.newcastle@ucl-cs.ARPA UUCP ...!ukc!cheviot!robert JANET robert@newcastle.cheviot
Message undelivered after 14 days — will try for another 1 day:
RISKS@DOCKMASTER.ARPA: Cannot connect to host
[The Dockmaster IMP was hit by lightning several weeks ago. It still
has not recovered. The thundering of undelivered mail messages
rains down upon me as my mailer merrily retries at intervals. PGN]
Please report problems with the web pages to the maintainer