Worlds Collide*: From Plane Crashes to Stuxnet
“I wonder if I’ve been changed in the night? Let me think. Was I the same when I got up this morning? I almost think I can remember feeling a little different. But if I’m not the same, the next question is ‘Who in the world am I?’ Ah, that’s the great puzzle!”
-Alice in Lewis Carroll’s “Alice and Wonderland”
“Aim at heaven and you will get earth thrown in. Aim at earth and you get neither.”
“Pathetic earthlings. Hurling your bodies out into the void, without the slightest inkling of who or what is out here. If you had known anything about the true nature of the universe, anything at all, you would’ve hidden from it in terror.”
-”Ming the Merciless” in Flash Gordon
Once upon a time, economies in one geography were isolated with distance and time factors that were massive; and this led to independent adaptation to local factors, sometimes convergent, sometime divergent and sometimes parallel as chance might have it. In biogeography, we see the same thing with respect to the evolution and development of species.
Occasionally, we see worlds collide* and systems interpenetrate and begin to influence one another as happened when Europeans came to North America, when rabbits were introduced to Australia or when Zebra mussels came to the Great Lakes (picking three completely random examples). Right now it appears that technologies from multiple, divergent paths are colliding again now in new ways that are both hallmarks of our age and a wake-up call to us as professionals and as citizens of the Information Era.
What am I talking about? Our IT infrastructures are as real as any road, ship or city in the world today. They have the ability to directly influence and interact with the real world in as real and impactful a way as any object in the physical world. Let’s try saying that another way to be really clear: the world of information is as real and interchangeable and impactful to us as the world of guns, germs and steel (this is an allusion to the excellent book by Jared Diamond).
Let me give you an : take this Spanair case…where 154 people died, and it might have had to do with a Trojan!
Now, I am not a believer in FUD, but the degree to which we have overlaying emissions and transmissions, complex systems converging that were never designed to interact tells me that we need to do our homework very carefully. Another example is Stuxnet, which started life as a simple piece of malware that had a “low touch” vector for transmission and then branched out to attack SCADA systems…and that’s really ominous. Mark Underwood commented on it well (and many others have too) on TechRepublic: http://blogs.techrepublic.com.com/networking/?p=3210. I’ll cite a little of what he wrote here:
Sometimes with mind-numbing frequency, patches and security advisories from Microsoft, Adobe, and Apple compete for an ever-increasing amount of attention from administrators. Little wonder then, that most will have greeted with a mild yawn the latest announcement of another zero day attack — this one named the “Stuxnet Attack.” Just as I was about to file this latest message under “Priority – To Be Reviewed,” the sender’s name jarred me to attention: Managing Automation…Managing Automation is a periodical with a healthy web presence that tends to cover topics from the supply chain, manufacturing, process control, and product lifecycle management.
Now SCADA systems are normally networked, as Mark points out; but that’s changing with the “smartening” of our critical infrastructure. This is a big deal, and in a world where viruses can affect airplanes, we are now exposing manufacturing, power generation, defense systems, satellites and more to not just one or two influence but all influences all at once.
As I said, I don’t believe in FUD; so this isn’t meant to scare anyone. It is meant to say that we are not only living in interesting times in IT but that the interaction between the Physical and Logical is more real and more tangible than ever before. We need to really work on hardening systems, sharing best practices with new and unlikely folks and look very carefully before we metaphorically introduce Australia’s rabbits into our networks.
* The phrase Worlds are Colliding is one of my favorites from Seinfeld, and the clip is here on YouTube
[...] away from my colleagues who have recently written on it, like my friend Sam Curry at RSA – whose blog entry on Stuxnet really gets to the heart of the threat and that “worlds have [...]