In the last 45 years, I can't remember a set of circumstances like those that stopped trading on the New York Stock Exchange and stopped United Airlines from handling their flying customers. Both of these were said to be "glitches", a term which means nothing, but is a catchall that means some technical anomaly that is not immediately identifiable. When I was younger, we called this "magic", which means the same thing, but lasts longer, because we never found out what caused some of those things.
I can't remember a time when two such anomalies occurred to two major businesses on the same day at almost the same time. The possibilities for a cause to this kind of thing are not endless.
It could be that both of these places used the same kinds of hardware and software that were modified at the same time. That does happen, but not usually with the consequence of disabling an entire network, let alone two. We used to call these "self-inflicted denial of service" to express to senior managers how stupid the patching and maintenance of software had become. What we are asked to believe is that these two services experienced the same set of conditions, by accident, on the same day. This is kind of like getting struck by lightening and hitting the lottery on your way home from work. It is possible, but unlikely.
The other possibility is one I like even less. Both of these systems were attacked in a new way that defies attribution. A new kind of attack that is delivered from inside the network, not detectable, and not repeated. This is the kind of attack that should scare us.
There is never going to be "proof" of this kind of attack. The error can be traced and will lead to a "logical conclusion" with blame being fixed somewhere on some manufacturer or service tech. In my first book, I outlined what I considered the possibilities given the Chinese manufacture of so many of the components of our infrastructure. Anytime an enemy has to be relied on for critical components, you run the risk of having something go wrong. It can be an accident or it can be on purpose. It is almost undetectable. It is almost unattributable. It is the perfect form of war.
For those who might believe this was coincidence, and that the website for the Wall Street Journal was a consequence of this coincidence, you will sleep better for that belief. For the remainder who might be more skeptical, let’s look for another possibility. One of those Made in China devices generated an attack, possibly timed or on command, that will make future incidents much less susceptible to detection and attribution. If we find it, we won’t be making our own devices soon enough.
No comments:
Post a Comment