Establishing Digital Trust: Don't Sacrifice Security for Convenience
On Wednesday, July 8, 2015, a series of apparent technical glitches took down the website for the Wall Street Journal, grounded thousands of United Airlines flights, and halted trading on the New York Stock Exchange.
The Los Angeles Times reports that Homeland Security Secretary Jeh Johnson said that "the malfunctions at United and the NYSE were not the result of any nefarious actor," and a Wall Street Journal spokeswoman said the WSJ outage is still being investigated.
On Twitter, the NYSE stated, "The issue we are experiencing is an internal technical issue and is not the result of a cyber breach. We chose to suspend trading on NYSE to avoid problems arising from our technical issue."
In a statement published the following day, the NYSE said its problems had been the result of the rollout of a new software release. "As is standard NYSE practice, the initial release was deployed on one trading unit," the NYSE stated. "As customers began connecting after 7am on Wednesday morning, there were communication issues between customer gateways and the trading unit with the new release."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The Sydney Morning Herald reports that a message on the Wall Street Journal's homepage stated that the site was experiencing "technical difficulties" and would "return shortly."
And in a statement provided to NBC News, United said, "We experienced a network connectivity issue this morning. We are working to resolve this and apologize to our customers for any inconvenience."
Still, the hacker group Anonymous spooked a lot of people by tweeting on Tuesday, July 7, the day before the outages, "Wonder is tomorrow is going to be bad for Wall Street.... we can only hope."
Tim Erlin, director of IT security and risk strategy at Tripwire, told eSecurity Planet by email that, regardless of the cause, the technical issues should serve as a reminder of how dependent the global economy now is on interconnected technology. "That means that any failure, malicious or not, has the potential to create economic repercussions," he said.
"There are many layers of technology between the consumer and the services we depend on, from the individual smartphone that you use to access a service, to the vendor who provides the networking equipment used by the telecommunications company to provide connectivity to the company providing the service," Erlin added. "The level of complexity can be staggering, and this means an error made by a developer half-way around the world somewhere in the supply chain of a service can impact the operations of major businesses like United."
And Securonix chief scientist Igor Baikalov said by email that the collection of failures on the same day indicates that our technical foundation is in bad shape. "To have vital transportation, financial, and media companies, that are heavily dependent on technology, experience disrupting 'glitches' in their busiest hours is something that only [a] global war game scenario can envision," he said. "It’s just not something that one plans for in real life."
Every enterprise, Baikalov said, needs to plan better for business continuity and disaster recovery. "The problem is that High Availability (minimum downtime) and especially Fault Tolerance (no single point of failure) is very expensive, and for as long as the cost of implementation exceeds the cost of outage, businesses are not going to do it," he said. "Something has to be said on the maturity of change management processes too: it’s not the first rodeo for NYSE, and why there were no staged rollout and rollback plans in place is hard to comprehend."