[CII] Advocatus Diaboli

Joe St Sauver joe at oregon.uoregon.edu
Wed Dec 2 13:57:07 UTC 2009 

Felix mentioned:

#If you need it more clearly cut, how about a full failure of BGP
#routing software. Let's suppose someone finds a flaw in the route
#selection algorithms of BGP->RoutingTable. It's relatively unlikely but
#would cause the effect I'm looking at.

I'm not sure that *any* new BGP vulnerability is required for BGP-based
failures... The sheer vulnerability of BGP to hostile announcement of
more specific routes is already sufficient to make BGP a major potential 
point of failure. See, for example, http://www.uoregon.edu/~joe/fall2006mm/

#> Satellite communications can take over but do you remember how slow
#> that can get?
#
#On top of it, everyone gets to see your down-link, so you may not be
#happy with that option or cause confidentiality problems that you did
#not have before, making this option worthless to you.

I'd flag *both* throughput *and* latency issues. Satellite is not a 
fungible replacement for fiber either for applications that are highly
interactive, or for applications that need to quickly move large files.

Encryption can potentially reduce the eavesdropping issue.

#When thinking of that thought experiment, I did assume that stock
#market trading would be suspended immediately, just as it was a couple
#of times in recent years when a major crisis started. 

You don't have to look years back, consider the LSE experience in November:

www.thelondondailynews.com/computer-problems-crash-london-stock-exchange-damage-londons-image-p-3507.html
http://www.ft.com/cms/s/0/960aa0ae-daf5-11de-933d-00144feabdc0.html

#Suspension has been the tool of choice in any event that could negatively 
#affect stock prices lately.

Suspensions are... interesting... in a world where there are multiple 
exchanges in operation, particularly when it comes to how pending orders
are handled following a suspension. Consider, for example:

-- I submit an order to sell a couple thousand shares of <foo>, but while 
   that order is pending, the exchange crashes.

-- The price of that stock begins to drop precipitously (for example,
   hypothetically assume that <foo> provided the systems that crashed :-))

-- Do I endeavor to sell those shares "again" on a different exchange
   that is still up? If so, can I positively cancel the pending 
   transaction on the original exchange? (Or could I end up selling
   the same shares twice?)

-- If my primary exchange "loses" my original transaction, and I don't 
   use an alternative exchange that's still up, is it possible that
   I might end up not selling any of my shares at all?

-- What if my primary exchange honors my original transaction, but
   does so at the (now far lower) price that is in effect at the 
   time the exchange comes back up?

#But as long as the VoIP systems don't use the Internet
#for transport (which, AFAIK, they don't), you should be able to call
#your people in the same town.

VoIP providers do use packet networks for transport. Trivial example:
many consumer-grade VoIP users connect over existing consumer broadband
connections, and VoIP providers routinely use packet transport for
long haul trunks.

#So, assumed medical institutions have routed all their stuff over the
#Internet and it doesn't work anymore, what impact would that have on
#their ability to perform their function (i.e. doctors working)? I don't
#see how that lack of Internet would limit them.

Most pharmacies, including most hospital pharmacies, limit the quanitity
of drugs they carry at any given time (huge number of SKUs, wasting asset
that goes bad if not used by expiration date, some products cost (literally)
thousands of dollars/dose (example: a single syringe/single dose of 
Neulasta, a drug used to boost white blood cell counts in patients
undergoing chemotherapy for cancer, can cost US$7,000), etc.). And then 
there are things like radiopharmaceuticals, which again are ordered on an
as-needed basis, or medical gases (oxygen, obviously, but also gaseous
anesthesia agents, and even liquid helium to cool some advanced imaging
devicees). 

As a result, as a business decision, pharmacies order and receive new (and 
critically needed) supplies of drugs literally on a daily basis. That sort 
of "just-in-time" inventory processing requires tight supply chain 
integration that would quickly become impossible if the Internet were to 
go away.

And it's not just drugs... consider medical and surgical supplies (there's 
a tremendous amount of stuff that gets used for any procedure or 
examination, ranging from Tyvek gowns and drapes, to gloves and masks, 
sterilizing agents, housekeeping supplies, x-ray film, contrast agents, 
casting supplies for broken bones, orthopedic implants and screws, urine 
specimen cups, blood collection tubes, tongue depressors, swabs, you 
name it). Non-pharmaceutical medical and surgical supplies are HUGE as a 
supply chain issue. 

#> Military
#
#Same applies here, what function of the military organisation will fail
#without Internet transport? 

The same b*tch that all too often keeps fighting men and women from doing 
their jobs: logistics (supply). Moving fuel, ammunition, food and medicine 
to keep up with a highly mobile fighting force is largely coordinated over 
the network these days. 

Likewise, sharing tactical intelligence gets a whole lot harder if the
network isn't up, just to mention a second example. 

Regards,

Joe

More information about the CII mailing list