Yesterday, a “breaking news” tweet at 1:07 PM EDT from the Associated Press reported that two explosions had occurred at the White House and President Obama had been injured. The news immediately sent the Dow Jones Industrial Average down 143 points, as this graph at the London Telegraph shows. There’s also a lovely animated display of the “flash crash” by market research firm Nanex LLC. … Partial blame for the rapid sell-off of stocks is being given to computer-driven trading algorithms that depend on machine readable news (pdf). This is an issue I raised back in 2007 when the Thomas Corporation announced it was pushing hard to deliver such machine readable stories within 0.3 seconds of publication. –IEEE Spectrum
What I find interesting about this story isn’t how the hacker (cracker?) got in (apparently through a phishing attack), nor what new security measures the AP intends to take to keep this from happening in the future. Instead, consider the implications of disparate systems, owned and maintained by two different organizations, with two different goals, that are interconnected in a somewhat surprising way. In fact, in a way that the owners of those systems might not even want you to know about.
There are clear applications in the larger network design and security worlds, primarily revolving around a simple idea:
Interconnected systems often exhibit interesting and unpredictable modes of breakage.
A lot of these failure modes, in fact, are related to the idea of unintended consequences. You push this piece of the network over here, and while your back is turned, you’re actually making that piece over there more fragile. In a sense, each time you tune your network a little more finely, each time you add another little piece of security, each time you add another layer of complexity, each time you deploy something that interacts with or relies on a number of other already deployed systems — you are ossifying your network. It’s a lot like the process of making a knife blade; if you make the steel as hard as you can, the blade will break the first time you drop it on a concrete surface. It’ll hold an edge like no other knife in the world, but in practical terms, it’s useless because it’s just too brittle.
This is a major problem in modern networks because of our tendency to build out extremely complex protocols and equipment, deploy them in very complex designs, and then run complex applications on top of the entire mess. And if that’s not enough, we just have to mess around with adding layers of virtualization on top, don’t we?
In the security world, this shows up as heavily automated systems that interconnect in complex ways, particularly those that minimize or even remove human intervention. Humans aren’t as fast as machines, but they are more flexible.
Yes, I know, I’ve not given you any specific ideas on how to balance the two. Which means two things:
First, as I run across specific examples, I’ll post them here on the PP blog.
Second, it’s your turn — if you can think of any examples, or any general design “rules of thumb,” you think would be useful to avoid this type of problem in either design or security, put ’em in the comments. I’m all ears.