The Infosec Game Has Changed – 154 Dead!

It may not be the first instance, but it is probably the incident that will change the game on software security assurance going forward.

An August 20, 2010 article, “Malware implicated in fatal Spanair plane crash: Computer monitoring system was infected with Trojan horse, authorities say,” by Leslie Meredith at describes how a 2008 (yes, two years ago in 2008!) crash of a Spanair aircraft was likely caused by a malware infection. According to a preliminary investigation by the U.S. National Transportation Safety Board, the crash, which resulted in 154 deaths and 18 survivors, was apparently caused by a failure of the “… systems delivering power to the take-off warning system …”

The article isn’t very clear about whether it was a systemic Trojan that affected all planes or whether it was specific to this plane. It might appear that it was specific since it is not reported that other planes were affected … but that could just be due to a lack of information.

For a long time, focus has been on physical catastrophes rather than on cybersecurity. It is as though everyone believed in some sort of blood-brain barrier between the two. Yes, there have been instances of compromise of SCADA (Supervisory Control and Data Acquisition) systems managing sewage systems and electricity grids. But these were inconvenient, not fatal.

Coincidentally, I recently became interested in the engineering of high-integrity safety-critical software systems. I’ve been doing a fair amount of reading on the specific languages and intensive validation and verification that generally accompany the development and deployment of such systems. Operating in isolation, these systems offer a high level of trust in their operating consistently and safely over long periods of time. But the fear is (and the Spanair incident justifies such fear) that, as these high-assurance systems are brought into contact with the Internet and loosey-goosey commercial systems that are full of vulnerabilities and constantly subject to attacks, the original safety characteristics of these critical control systems will be increasingly compromised.

Post a Comment

Your email is never published nor shared. Required fields are marked *