informa
3 min read
News

Rethinking Vulnerabilities

In an increasingly networked world, it's time to take a closer look at distributed systems security

The September 8 issue of The Economist has a very interesting article on the recent attacks on German and U.S. government computers, which are presumed to have been directed by the Chinese military.

Now, I am not about to discuss where those attacks came from. But the article does go on to make an interesting point: The increasing connectivity of the world makes attacks on civilian infrastructures particularly devastating, both in real economic terms and in the court of public opinion. One lesson that the United States has learned (or, arguably, failed to learn) from conflicts in Vietnam and Iraq is that public opinion is at least as important in war as military strategy.

The story cites the recent attacks on Estonian systems, which seems to have been retaliation for the removal of a Soviet-era statue. A more recent event – the possibly accidental disruption of Skype service – illustrates the particular vulnerability of systems that are relied upon by the public.

There is a debate over the cause of the multi-day Skype system disruption. A script was posted to Bugtraq, purporting to be the exploit responsible. The official announcement from Skype blamed the outage on a mass of reboots following Microsoft’s Patch Tuesday, combined with a shortage of network resources that exposed a flaw in a core algorithm.

These two arguments aren't mutually exclusive. The official explanation is vague about why Patch Tuesday created a problem – it simply makes it clear that the fault did not lie with Microsoft. Perhaps the script did, in fact, create the shortage of network resources that allowed the mass of reboots to so seriously disrupt the network.

In any case, this is the sort of problem that lurks in many major systems, just waiting for the perfect conditions to strike. Just as the economics of modern lending appears to be beyond the ken of the people managing financial networks, there are a great many networked IT systems – particularly those that are distributed – that are really beyond the ken of those who manage them.

This is not to say that these systems should be shut down – far from it. But it is important to ask why these types of problems remain undetected.

While security people have become very good at finding faults in monolithic systems, very little practical work is being done to monitor security properties in distributed systems. And this doesn’t simply apply to "pure" IT systems like Skype. The collapse of the power grid in the northeastern U.S. a few years back strikes me as a related problem. In all distributed systems, there needs to be much more evaluation of potential single points of failure – and the conditions in which single faults can cascade into systemic failures.

There is no shortage of people out there to start working on such problems. They just need to be convinced that it is more important to investigate problems in distributed systems than it is to find yet another failure in the alpha version of the PHP-based calendar application that is only used by five sites worldwide.

— Nathan Spande has implemented security in medical systems during the dotcom boom and bust, and suffered through federal government security implementations. Special to Dark Reading