Operations at the New York Stock Exchange, United Airlines and Wall Street Journal were severely impacted on Wednesday by what officials say are unrelated technical glitches in their respective computer systems. While authorities say the issues do not appear to have been caused by hackers, the fact that they were able to grind to a halt a significant portion of the nation’s financial and transportation infrastructure has raised questions about the security of these highly-critical systems and their ability to be brought back online in the event of a significant cyber terror attack.
Jerry Irvine, a member of the National Cyber Security Task Force and CIO of Chicago-based IT services provider Prescient Solutions, said that while the outage at the NYSE, which officials there say appears to be the result of a software issue, is not hard to believe, the computer problem suffered by United, which the airlines claims was the result of a single router failure, seems much less plausible.
“For a single router, as they’re saying, to affect an entire enterprise organization globally is really difficult to comprehend,” said Irvine. “That’s not a realistic excuse or reason for what happened. If an entire datacenter had gone down that was coordinating the communications for their facility then potentially I could see that, but to claim that a single router brought down their entire enterprise then either their systems are built incorrectly and their staff is incapable or there was something else going on and I don’t believe the first two scenarios. They’ve got great systems and they’ve got great staff, so I think something else is at play.”
Just last month, the Polish airline LOT was forced to ground 10 flights after hackers infiltrated their IT systems.
Pierluigi Stella, chief technology officer of managed network security services firm Network Box USA, also had difficulty believing that the United Airlines outage was strictly a technology issue and said that, more than likely, it was the result of human error in which someone may have broken the configuration of the router.
“Therefore, the issue isn’t really our dependency on technology, but rather, our dependency on those who maintain and configure said technology,” said Stella.
However, he wasn’t so quick to discount the idea that a single point of failure could be responsible for such widespread disruption.
“The internet is so interconnected that a small error in one place can rapidly bring many other things to a screeching halt,” added Stella. “In 2005, someone in the Czech Republic made a small mistake on a router and took down half the internet for several hours. Yes, we are that interconnected. In this morning’s case, the issue affected only United, so it was an internal router; but it still demonstrates the fact that technology needs to be operated with caution and that, ultimately, the human element is always the weakest link. No matter how many redundancies you set in place and how much money you invest, if someone makes a mistake in a configuration, you end up with some serious problems.”
Irvine said that one of the reasons that the computer networks of airlines and other critical infrastructure providers remain ripe for cyber-attacks is due to the fact that some of them are still using outdated systems which oftentimes remain unpatched against new and evolving threats.