4-Oct-85 14:11:02-PDT,14232;000000000000 Mail-From: NEUMANN created at 4-Oct-85 14:07:29 Date: Fri 4 Oct 85 14:07:29-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-1.18 Sender: NEUMANN@SRI-CSLA.ARPA To: RISKS-LIST@SRI-CSLA.ARPA RISKS-LIST: RISKS-FORUM Digest Friday, 4 Oct 1985 Volume 1 : Issue 18 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS Peter G. Neumann, moderator Contents: Lack of a backup computer closes stock exchange (Marty Moore) DPMA survey on computer crime offenses (J.A.N. Lee) Ethics vs. morality (Marty Cohen) The Mythical Man-Month of Risk (Stavros Macrakis) Risk Assessment by real people (Mike McLaughlin) CRTs again, solution to one eye-problem (Mike McLaughlin) Failure of Mexican Networks (Dave Flory) Technical Reports Lists (Laurence Leff) Summary of Groundrules: The RISKS Forum is a moderated digest. To be distributed, submissions should be relevant to the topic, technically sound, objective, in good taste, and coherent. Others will be rejected. Diversity of viewpoints is welcome. Please try to avoid repetition of earlier discussions. [Note: Despite SRI-CSL having had a nasty disk controller wipe-out [Sun-Mon] which prevented this issue from coming out on Monday, and despite my being East, here is RISKS-1.18.] (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA) (FTP Vol 1 : Issue n from SRI-CSL:RISKS-1.n) ---------------------------------------------------------------------- Date: Mon, 30 Sep 85 11:44:49 CDT From: mooremj@EGLIN-VAX Subject: Lack of a backup computer closes stock exchange To: risks@sri-csl.arpa When Hurricane Gloria was approaching the New York area, the New York and American Stock Exchanges did not open. The Midwest Exchange, located in Chicago, opened on schedule; unfortunately, it had to close 40 minutes later, when its nationwide computer system failed. Where is the central computer of that system located? New York, of course. The Director of the Exchange was quoted as saying, "Well, this has got to change." ------------------------------ Date: Wed, 2 Oct 85 15:39 EST From: Jan Lee To: RISKS@sri-csl.arpa Subject: DPMA survey on computer crime offenses Peter ... here are the proper figures on Computer Crime Offenses as reported by the DPMA from a survey taken by COMP-U-FAX (TM) and reported 1985 May 27: (It doesn't say how many people were surveyed -- just that DPMA is an organization of 50,000 members.) 21% reported one or more abuses in past 3 years in their workplace. 2% of these offenses were committed by outsiders (so much for the Hacker myth!!). The reasons for the abuses were: 27% ignorance of proper professional conduct 26% playfulness 25% personal gain 22% maliciousness Only 45% of respondents worked for a company who had a full-time or part-time data security person. Only 2.2% of abuses were reported publicly (does that mean reported to the news media or the legal authorities?). The surveyor was Detmar Straub, Grad. School of Business Admin., Indiana University. (In a note I got from Donn Parker, Donn seems to cast some aspersions on the validity of this survey, but I haven't had chance to do anything other than read the press release myself.) JAN ------------------------------ Date: Fri, 27 Sep 85 13:18:47 PDT From: Marty Cohen To: risks@SRI-CSL.ARPA Subject: Ethics vs. morality "Morals: Society's code for individual survival" "Ethics: An individual's code for society's survival" From Theodore Sturgeon, "More Than Human" ("Baby is Three" is one part of the book), page 177 of the Ballentine books paperback. ------------------------------ Date: Thu, 3 Oct 85 19:14:56 EDT From: macrakis@harvard.ARPA (Stavros Macrakis) To: risks@sri-csl Subject: The Mythical Man-Month of Risk In reference to the discussion on the Wilson article: > ... formula that measures risks [as] ... seconds of life lost ... In discussing risks, whether from computer systems or other causes, it would surely be desirable to have some reasonable guidelines. Wilson's basic point was that we should be able to calculate costs and benefits; a point with which I am in fundamental agreement. However, this calculation has many difficulties. In this note, I should like to sketch (in a somewhat disorganized way) some of these difficulties. It is often useful to reduce complicated facts to simple unidimensional measures for comparison. But such reduction loses a great deal of information in general; and also ignores variation in personal utility functions. For that matter, statistical measures should differentiate between associations and causation. Among the figures cited, there were several misleading measures along these lines. For instance, although perhaps cigarette smokers ought to allocate 12 minutes of their lives per cigarette, a lung cancer death is typically far harder than an automobile accident death. On the other hand, car accidents subtract years by killing fewer, younger, people; cancer by killing more, but older, people. How to compare 5 x (lifespan 25-70) with 25 x (lifespan 63-70)? Is each 175 man-years? I have no answer, although I have certain intuitions--in particular, `losing' the 69 man-years 1-70 seems far less tragic than losing the 69 man-years 3 x (47-70) (`struck down in the prime of life'): but the Wilson extract did explicitly talk only of 25+-year-olds. Economics has various answers: discounted productivity contribution; market value attached to hazardous jobs; .... None is satisfactory, but all are useful for separating grossly different risks. As for correlations, why is it that living in New York is hazardous? Perhaps it is the pollution. But if it is the poverty or the street crime, then poverty or bad neighborhoods (regardless of city) probably relate far better statistically and surely causally than does residence. New York just has many poor people and bad neighborhoods. A statistical analysis that excludes such correlated hazards is surely non-trivial. `Post hoc ergo propter hoc' seems especially implicated in the case of unmarried males. There are likely advantages to being married, but perhaps inability to find or keep a wife indicates other problems. Then there is the presumption of linear additivity. Even the risks which are not strongly correlated may combine: consider asbestosis and smoking. Of course, in other cases the unidimensional metrics may be far more useful. In the case of the costs of unreliable funds transfer, the cost to the bank can be calculated quite precisely. In cases where these errors affect customers, it may also be reasonable to estimate that damage (e.g., you may lose $100 of annual profits per error of type X if a retail customer takes his business elsewhere). If you're a materials supplier to a just-in-time manufacturer, the monetary consequences may be far more serious: still, a monetary measure may be meaningful. In conclusion, it seems to me useful to develop a range of measures of cost and benefit, and not try to reduce them to single numbers. If one wishes to be ultra-cautious, one will then weigh the minimum expected benefit against the maximum expected cost. If one is a `rational' gambler, perhaps the average benefit against average cost. If one is an optimist or a gambler, perhaps the maximum benefit against the minimum cost. I believe Howard Raiffa (among others) discusses such issues (although I'm afraid I can't provide a reference). Risk-free systems are unlikely. We need good ways of evaluating risks and benefits. -s ------------------------------ Date: Sat, 28 Sep 85 16:05:48 edt From: mikemcl@nrl-csr (Mike McLaughlin) To: RISKS@SRI-CSLA.ARPA Subject: Risk Assessment by real people Ellen Goodman's column in The Washington Post, Saturday, 28 Sep 85, (c) 1985, The Boston Globe Newspaper Company, is worth reading. Title is: "AIDS: The Risks We'll Take." No, it doesn't mention computers. It really isn't much about AIDS, either. What it is about is people, and how risks are assessed by real people - not by computers, or calculators, but by the folks that would die of boredom reading this forum... or might die of something else if *we* do not understand how *they* evaluate risks. "In California, members of a family cut back on sugar in the decaffeinated coffee they drink in their house - on the San Andreas fault." "Another friend drinks only bottled water these days, eats only meat un- touched by steroids and spends weekends hang-gliding." "The AIDS story... is a tale about experts and the public, about the gap between our skepticism and our longing for certainty." Ms. Goodman also quotes an article in October's Science '85: "We may be much more willing to accept higher risks in activities over which we have control, such as smoking, drinking, driving or skiing, than things over which we have little control, such as industrial pollution, food additives and commercial airlines." Her summation is very relevant to *us*, who read and write about SDI, the use and non-use of computers, and so on: "This is, after all, a country that bans saccharin and builds nuclear bombs. We argue and will go on arguing about risk in two different languages: numbers and emotions, odds and anxieties." If *we* cannot make ourselves understood by *them* when we discuss what matters for the survival of *all of us*, then this forum is just a modern form of omphaloskepsis. - Mike ------------------------------ Date: Sat, 28 Sep 85 16:25:57 edt From: mikemcl@nrl-csr (Mike McLaughlin) To: RISKS@SRI-CSLA.ARPA Subject: CRTs again, solution to one eye-problem CRTs can cause eye strain in users who wear glasses. Distance lenses won't focus at closer than arm's length. Reading lenses focus too close. Bifocals require you to hold your head in one of two specific positions... neither of which works. What to do? I already done it. Several years ago. So much a part of my computerized life that I didn't think of it while reading/writing via computer about CRT usage. Got "intermediate lenses" - an Rx for glasses optimized for my CRT/ VDT viewing habits. Got comfy in front of the tube & keyboard, had a friend measure distance from bridge of nose to CRT screen. Averaged several tries. Gave the distance to my opthamologist - he turned out an Rx in short order. Bought frame & lenses. Expensive. Use them *only* at office computer - don't take them home (don't have a computer at home). Declared them as a non- reimbursed business expense. IRS content, helped reduce cost. Did NOT get tri-focals, because: 1. They force you into an even more rigid head position - and I believe that rigid posture is a major cause of computer-fatigue. 2. They confused the IRS issue, which was quite clear with intermediate- only glasses. 3. I'm not old enough to wear TRI-focals, for heaven's sake! Suggestion: Employers requiring use of CRT should consider paying for intermediates; should resist paying for trifocals (or even the incremental cost of tri- over bi-focals). An acceptable alternative might be bifocals, distance/intermediate or inter- mediate/reading, depending upon the user's eye condition and job content. - Mike ------------------------------ Date: Wed 2 Oct 85 13:43:03-EDT From: Shadow Subject: Failure of Mexican Networks To: Risks@sri-csl.arpa This doesn't refer to computer networks, but it is similar. According to Fred Goldstein on Telecom Digest (Telecom-Request@MIT-MC.ARPA), phone service from most of the world to Mexico City was destroyed by the collapse of the building containing the switches, frames, etc. for Mexico City's international gateway switch. Sites which are major network nodes collapsing due to earthquake/etc could result in a similar effect. David Flory ARPANET ---> flory@CORNELL-GVAX.ARPA or shadow@RU-AIM.ARPA BITNET ----> z.hxwy-f@CRNL20A.BITNET [Good engineering tends to avoid sensitivity to single-point failures and to avoid singly connected nodes. Designing for massive failures and disasters is of course much more difficult. PGN] ------------------------------ Date: Fri, 27 Sep 85 13:38:21 cdt From: Laurence Leff Subject: Technical Reports Lists To: [... all sorts of lists...] [Here is what could be a useful service if suitable indexing occurs. I have stripped Laurence's message down. SEND to him for the original. This is of course more general in scope than just RISKS, but seemed worth including. -- in case you missed it elsewhere. Respond to him, not me. PGN] I have volunteered to organize an electronic mechanism for the distribution of technical report lists from Universities and R&D labs. Some (and hopefully all) of the people producing technical reports would send a copy of the list to me. I would then send these to a moderated group on USENET as well as a mailing list for those sites on the INTERNET who do not get news (ARPANET, CSNET, etc.). I need two things from you: 1) if your organization prepares technical reports and sends them out to interested parties (perhaps for a fee), please arrange to have electronically readable copy of your lists sent to trlist%smu@csnet-relay. 2) if people at your organization would like to receive lists of tech reports produced by universities and R&D labs, please provide me an electronic address to send them to (if you are not on USENET). Send such administrative mail to trlist-request%smu@ csnet-relay. ------------------------------ End of RISKS-FORUM Digest ************************ -------