C. Warren Axelrod

Y2K – Event, Nonevent? – Which Was It?

The largely successful remediation of the Y2K “bug” arguably led to the worst of outcomes for the credibility of cybersecurity risk. Many believe that Y2K was all a hoax perpetrated by software consultants and vendors in order to generate income, which it certainly did. Others, who had a better understanding of the technical issues, knew that we in fact dodged a very big bullet.

It was therefore very amusing to read these opposite views in a single magazine that appeared more than a decade after the fact. The publication is a special issue of Scientific American, with a September 2010 date and the brief, but disconcerting, title “The End.”

On page 40, in a piece “Eternal Fascinations with The End,” staff editor Michael Moyer writes:

“… captains of industry shelled out billions preparing for the appearance of two zeros in the date field of computer programs too numerous to count; left alone, this tick of the clock would surely have shaken modern civilization to its foundations.”

Yet, on page 93 of the same magazine, there is an excellent article on “The Age of Digital Entanglement” by Danny Hillis, who, it is noted, “…predicted widely that the Y2K ‘problem’ would be a nonevent.”

 I mention this Y2K. paradox in a several columns, mostly notably “Cybergeddon … Ho Hum” posted on March 29, 2010. From my position in the National Information Center in Washington, DC, I observed firsthand what actually took place on that unique weekend. The attempted denial-of-service attacks, the systems that did in fact fail but were not widely publicized, and the ones that would have crashed were it not for the remediation effort and the precautions that so many businesses, government agencies and individuals took.

One Comment

  1. Dave Funk Nov 19, 2010 at 10:50 am | Permalink

    Mr. Axelrod, Yes, and you have it in your power to do something about it. You stated that you saw on the evening of Dec 31, 1999 the DOSes, and failed systems that no-one knows about. That would be part of the problem, no one knows about them. No one knows about the the Honker Union of China and the Great Patriotic Hackers War, No one talkes about the current state of cyberwarfare with China. Or the attacks on Estonia. In front of Pentagon City shopping center is Grace Murray Hopper park. I’ll bet you knew her, but who else does today. We Have No History. Not because IT is a young field, it is almost 50 years old and more has happened in IT in the last two years than in accounting in the last 1,000. But we don’t talk about history, we don’t expect our younger practioners to know it. When things are happening, there is too little introspective. Yes, really. What percentage of CISSP or CISA holders know technical details of the TJX attacks? You know the answer, almost none. Why? Not because it wasn’t published, it was. We don’t care if our practioneers know it. We have no histroy because we don’t care. If IT people knew what happened to TJX, they would be more interested in WEP over WAP2; Tripwire wouldn’t be able to cut DCs fast enough to keep up with sales. Too few of the stories get out. And of those that do, we (the old farts) don’t expect the younger guys to know it. This is all the more damaging because, in many ways, that history is the only decent metric we have in computer security. How many of the Federal agencies that got beat up with DOS attacks this year had FISMA ‘A’ scores (you know who I’m talking about). How is this not in every BLOG, in the Washington Post? Why is this not a subject for every computer security conference. So if you are not willing to tell everyone just what happened, don’t cry to me that no one cares. No one knows enough to care. And you are in a position to do something about it.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*