25-May-86 12:45:21-PDT,10389;000000000000 Mail-From: NEUMANN created at 25-May-86 12:41:54 Date: Sun 25 May 86 12:41:53-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.54 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Sunday, 25 May 1986 Volume 2 : Issue 54 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Meteorites (Larry West) Meteorites, Chernobyl, Technology, and RISKS (Peter G. Neumann) London Stock Exchange Computer System Crash (Lindsay F. Marshall) Backup (Fred Hapgood, Bruce O'Neel) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j stored in SRI-CSL:RISKS-i.j. Vol 1: MAXj=45) ---------------------------------------------------------------------- From: west@nprdc.arpa (Larry West) Date: 21 May 1986 2309-PDT (Wednesday) To: RISKS@SRI-CSL.ARPA Subject: Meteorites An article on page 11 of the Wed 21 May New York Times raises an issue I haven't quite seen raised here before. It's only partly related to automation, but that relation is a threatening one. The article is titled ``Consequences Weighed of Meteorite Explosion'' and reports on the semi-annual meeting of the American Geophysical Union in Baltimore. The article is by Walter Sullivan and is too well-written to condense satisfactorily, but I'll try: ::::: Meteoric explosions on the scale of the 1908 event in Siberia (12 Megatons) are expected about once per century, and somewhat smaller (but still in the range of nuclear explosions) events should happen more frequently. Although the US, USSR and Europe could ``probably'' detect that the explosion was non-nuclear, and thus avoid an inappropriate reaction, this would be less true in, say, the Middle (Near) East or India & Pakistan. ``Also, [specialists] said, the response of highly automated systems, such as the proposed Strategic Defense Initiative, could not be predicted.'' Even without a military response, the after-effects could be devastating: filling the atmosphere with sun-blocking particles and curbing food production. Currently, there is roughly a 70-day supply of food on hand in the world [which surprises me -- LW] but a very large meteor could reduce sunlight for two years. Further, the most energetic explosions will come from those meteors travelling the fastest (and sometimes coming from outside the solar system), and thus the most difficult to predict. ``The discussion took place at a session on natural hazards ... Presiding was Dr. Joseph V. Smith of the University of Chicago, who has been calling for an Internation Decade for Hazard Reduction that would begin in 1990. That effort would be aimed at reducing loss of life, particularly from catastrophes that are on a very large scale but sufficiently rare to have been largely ignored. The plan was first suggested in 1984 by Dr. Frank Press, now president of the National Academy of Sciences.'' ``Dr. Smith .... also urged the initiation of an International Decade on Stockpiling for Survival, including development of new techniques for effective, economical storage of ... foods'' Various methods of dealing with a meteor were mentioned, including nuking it and firmly pushing it aside. The main problem is being prepared and being able to reach the meteor in time. ::::: Hope this hasn't gone too far afield from the focus of this mailing list... Larry West USA+619-452-6771 Institute for Cognitive Science non-business hrs: 452-2256 UC San Diego (mailcode C-015) La Jolla, CA 92093 USA ARPA: or DOMAIN: or ------------------------------ Date: Sun 25 May 86 11:27:51-PDT From: Peter G. Neumann Subject: Meteorites, Davis-Besse, Chernobyl, Technology, and RISKS To: RISKS@SRI-CSL.ARPA Larry West wonders whether his Meteorite contribution has strayed too far afield for RISKS. I think not. One of the biggest risks of using computers in critical environments is that we tend to trust them blindly -- even if the models on which the systems are based are incomplete. In connection with an article on the 46 US Senators who are seeking to cut back the SDI budget, Senator William Proxmire is quoted in the Washington Post of Friday 23 May 1986: "Challenger and Chernobyl have stripped some of the mystique away from technology." Some of the blind trust naively placed in technology may lessen for a while after such incidents as the Challenger (together with the other recent NASA difficulties) and Chernobyl. But it always seems to return fairly rapidly, and the lessons are quickly forgotten -- by those who use, depend upon, operate, administer, and regulate the technology. Anticipating the events that might follow the appearance of such a giant meteorite is vital [to avoid administering last Meteor-Rites?]. (This possibility recalls the old case of BMEWS at Thule "recognizing" the moon as an incoming missile.) As another example of blind trust, the WashPost of Sat 24 May had an article reassessing the Davis-Besse Nuclear Power Plant emergency shutdown last June. "[E]xperts say, Davis-Besse came as close to a meltdown as any U.S. nuclear plant since the Three Mile Island accident of 1979. Faced with a loss of water to cool the reactor and the improbable breakdown of FOURTEEN separate components, operators performed a rescue mission noted both for skill and human foible: They pushed wrong buttons, leaped down steep stairs, wended their way through a maze of locked chambers and finally saved the day last June 9 by muscling free the valves and plugging fuses into a small, manually operated pump not designed for emergency use." [Emphasis on FOURTEEN is PGN's.] The article goes on to describe prior power-company foot dragging and bureaucratic wrangling, despite the lack of a backup pump having been identified as an intolerable risk long beforehand. The WashPost of Thursday, 22 May 1986 shed a little more light on what happened at Chernobyl. (In case you could not guess, I was in DC for the week.) Could an experiment have gone awry? Human error and/or system error? The Soviet Union was conducting experiments to check systems at Chernobyl's fourth nuclear reactor when a sudden surge of power touched off the explosion last month, a Soviet official said ... Soviet officials have said that the explosion happened when heat output of the reactor suddenly went from 6 or 7 percent to 50 percent of the plant's capacity in 10 seconds. The power had been reduced for a prolonged period in preparation for a routine shutdown... "We planned to hold some experiments, research work, when the reactor was on this level," Sidorenko [deputy chairman of the State Committee for Nuclear Safety] said today [21 May]. "The accident took place at the stage of experimental research work." Peter G. Neumann ------------------------------ From: "Lindsay F. Marshall" Date: Fri, 23 May 86 09:40:23 gmt To: risks@sri-csl.arpa Subject: London Stock Exchange Computer System Crash The other day I saw a headline that said the London Stock Exchange had been disrupted by a system crash. There were no more details. Does anybody know anything more?? Lindsay F. Marshall, Computing Lab., U of Newcastle upon Tyne, Tyne & Wear, UK ARPA : lindsay%cheviot.newcastle.ac.uk@ucl-cs.arpa JANET : lindsay@uk.ac.newcastle.cheviot UUCP : !ukc!cheviot!lindsay ------------------------------ Date: Sat 17 May 86 08:32:13-EDT From: "Fred Hapgood" Subject: Backup To: risks%OZ.AI.MIT.EDU@XX.LCS.MIT.EDU What is needed here is a service that will automatically come into your computer at 4 a.m., or whenever, look around inside your hard disk, make a record of the bytes that have changed since the previous night's checkup, and download those to some off-site storage device. Such a system would have the double advantage of being totally automatic and of storing backups off-site, safe from the effects of user stupidity, which is a much better reason for off-site backups than fire or burglary. People worried about security can have the system encrypt everything before the service is allowed in. [The Get-Rite Backup Company provides an off-the-shelf program that you might want to try. Unfortunately, they were the lowest bidder, and took a lot of shortcuts -- the most important of which is that nothing is ever actually saved. Of course this never bothers you unless you need to retrieve something. Unfortunately, the program was sabotaged by Get-Rite's competitor, Trojan-Horses-for-Stud (to whom "backup" has an entirely different meaning). They lived up to their name, and managed to install a Trojan Horse that, upon first request by you to retrieve a file, simply deletes ALL of your on-line files and then disappears into the woodwork. I hear that they will also take large bribes if you want to wipe out other users' files on demand. PGN] ------------------------------ Date: Sat, 17 May 86 12:51 EDT From: Bruce O'Neel Subject: Backup To: Risks Re: Management monitoring of backups. I have a feeling that in educational institutions where the choice is given between hiring someone to do backups for people and "forcing" people to do the backups themselves, hiring someone (undergrad student) will get the nod. Just a small thought. bruce (zwbeo@vpfvm.bitnet) [A THIRD choice usually wins: Do nothing at all until after you get wiped out. PGN] ------------------------------ End of RISKS-FORUM Digest ************************ -------