precedence: bulk Subject: Risks Digest 21.66 RISKS-LIST: Risks-Forum Digest Monday 17 September 2001 Volume 21 : Issue 66 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and by anonymous ftp at ftp.sri.com, cd risks . Contents: 11 September 2001 in retrospect (PGN) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 17 Sep 2001 16:27:43 PDT From: "Peter G. Neumann" Subject: 11 September 2001 in retrospect *********************************** *********************************** ** 11 September 2001 ** *********************************** *********************************** "THE RISKS ARE OBVIOUS." BUT PERHAPS NOT OBVIOUS ENOUGH. 11 September 2001 will be painfully remembered by most of the planet's population for the coordinated hijacking of four jetliners and the ensuing surprise attacks on New York City's World Trade Center and the Pentagon, with thousands of lives lost and enormous consequential after-effects. Our hearts go out to everyone close to those who were so irrevocably affected -- including the crash victims, the firemen and other emergency workers in New York City, and especially the UA93 passengers whose efforts evidently saved the lives of others. We are once again reminded how fragile our lives and civic infrastructures are, and how interdependent we all are. Although violent and sudden large-scale termination of people's lives has previously been all too familiar in many countries of the world, many of us have hitherto largely taken too much for granted. Hopefully, the aftermath of this fateful day will dramatically increase public awareness of some of the vulnerabilities in our lives and risks to our freedom. However, the events should come as no surprise, because many warnings have been widely ignored. For example, the President's Commission on Critical Infrastructure Protection of the previous U.S. Administration identified serious vulnerabilities in telecommunications, electric power and other energy sources, transportation, financial services, emergency services, and government continuity. It noted how interdependent these critical infrastructures are, and how they are all related to information technologies. It also observed difficulties in coordination among and within different infrastructures, and perhaps most relevant, a general lack of public awareness. In many respects, complacency has been seen across the board in response to that report. In addition, the White House Commission on Safety and Security (the Gore Commission) identified many serious risks in aviation. (Also, see my paper , presented at the January 1997 International Conference on Aviation Safety and Security, co-sponsored by that commission and George Washington University.) Various analyses of commercial aviation and air-traffic control over the past 18 years within the Department of Transportation have identified potentially serious vulnerabilities that merit closer attention. More recently, a U.S. General Accounting Office report identified many serious problems in airport security. But, perhaps because the risks and threat levels seemed low, or possibly because institutional bureaucracy is so deeply entrenched, very little action was deemed necessary. Unfortunately, some of the issues recognized therein have now come home to roost. As a society, we in the U.S. seem to be unwilling to take certain prudent precautions -- perhaps because they would cost too much, or be too inconvenient, or would seriously degrade service. Apparently, we suffer from a serious lack of foresight. The Risks Forum has persistently considered risks associated with our technologies and their uses, but we often note that many of the crises and other risk-related problems have resulted from low-tech events, misguided human behavior, or malicious misbehavior. In short, the typical search for high-tech solutions to problems stemming from social, economic, and geopolitical causes has frequently ignored more basic issues. Over-endowing high-tech solutions is riskful in the absence of adequate understanding of the limitations of the technology and the frailties and perversities of human nature. Whereas there are high-tech solutions that might be effective if properly used, we should also be examining some low-tech and no-tech approaches. One pervasive theme in the Risks Forum over the past 16 years has been the ubiquity of systemic vulnerabilities relating to security, reliability, availability, and overall survivability, with respect to human enterprises, society at large, and to systems, applications, and enterprises based on information technologies. Evidently, we still have much to learn. Let us seek to build a better world, and remain true to our human values and constitutional foundations. Also, let us beware of seeming solutions -- technological or otherwise -- that result in further escalation of the risks. Sadly, because of the inherent vulnerabilities in those seeming solutions, we are always at risk, whether we realize it or not. Peter G. Neumann ------------------------------ Date: 12 Feb 2001 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo@CSL.sri.com . [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. INFO [for unabridged version of RISKS information] There seems to be an occasional glitch in the confirmation process, in which case send mail to RISKS with a suitable SUBJECT and we'll do it manually. .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 20" for volume 20] http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. Lindsay Marshall has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r http://the.wiretapped.net/security/info/textfiles/risks-digest/ . http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/ ==> PGN's comprehensive historical Illustrative Risks summary of one liners: http://www.csl.sri.com/illustrative.html for browsing, http://www.csl.sri.com/illustrative.pdf or .ps for printing ------------------------------ End of RISKS-FORUM Digest 21.66 ************************