曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
power failed an hour later.
• Reagan National Airport, 10 April 2000: main power
and backup failed for almost 8 hours; major outage.
• Westbury, Long Island ATC, June 1998: software upgrade
failed its test, but reversion to the old software
failed.
• Three main New York airports shut down, 1991: a
Number 4 ESS telephone system had a 4-hour outage;
the standby generator had been misconfigured,
and the system ran (without the generator) until the
backup batteries had been drained.
• Twenty ATC systems were shut down, 1991: a fiber
cable was accidentally cut by a farmer burying his
cow.
• El Toro (Los Angeles) ATC, 1989: 104 hardware
failures occurred in a single day, with no backup system.
More total system failures and backup (or no backup!):
• Swedish central train-ticket sales and reservation
system, 1998: hardware and backup system both
failed for an entire day.
• Washington Metro Blue Line, 1997: main system
and backup both failed, causing major delays.
• San Francisco Bay Area Rapid Transit, April 2006:
software upgrade attempts failed for three days in a
row, causing long delays. On the third day, backup
was attempted to the previous system – which failed.
• Japanese stock exchange, November 2005: the primary
system crashed, and the cutover to the backup
system failed (it was using the same software).
• 9 Mile Point nuclear power plant in Oswego, NY,
1991: a power surge shut down the plant when the
“noninterruptible” power supply failed.
• New York Public library, 1987: lost its computerized
references, for which there were no backups.
• Dutch criminal management system, 1987: a new
system failed, freed some criminals, caused arrest of
others who were innocent; the old system had been
eliminated, and no backup was possible.
Although these problems all relate to system survivability,
security issues also arise in backup systems — including
data integrity (particularly for forensic purposes
and election system disputes), data retention, long-term
compatibility of backup data, noncompromisibility of personal
data, and privacy. Furthermore, if a system and its
backup and recovery facilities are not reliable, they may
also not be secure.
In addition, backup systems must be considered in the
context of the overall systems in which they function. It
is not very helpful to claim that a backup system works
perfectly in isolation if it is never properly invoked and
never tested in conditions of actual need. Various cases
are noted of backup systems passing periodic tests and
nevertheless failing in operation. (For example, a diesel
generator stopped working because the fuel pump keeping
its tank full depended on utility power — which had
always been available during testing [2]!) Thus, backup
systems must be demonstrably trustworthy with respect to
their ability to satisfy criteria for security, integrity, reliability,
and survivability (among other requirements), and
must be tested under realistic conditions.
2
4 Unrobust Networks
Various examples of widespread propagation effects exhibit
some of the complexities inherent in distributed and
networked systems. Of particular interest to computer
networks are two cases in which global failure modes
resulted from local faults, namely the 1980 ARPANET
collapse [20] and the 1990 AT&T long-distance collapse
(e.g., see [13]). Also of interest are various massive U.S.
power outages that resulted from an initial power blip
propagating widely. Among major outages, the Northeast
power blackout in November 1965 was followed by
outages affecting 10 western states in October 1984, the
Western U.S. in July 1996, Western U.S., Canada, and
Baja Mexico in August 1996, and the Northeast in August
2003. These cases are revisited in [15], with references
in [12]. Propagating malware (e.g., viruses and worms)
such as the 1988 Internet Worm is also worth noting. Although
malware may be a direct threat to systems connected
to networks, it also may threaten the throughput
and reliability of the networks themselves. In addition,
natural causes may also cause widespread disruption, as
in the case of Hurricane Katrina.
The above cases are illustrative of the unfortunate reality
that the same kinds of failures continue to recur, despite
efforts to avoid them. This is particularly true of
the most frequent types of security flaws and propagating
outages of computer networks and power grids. The need
for real proactive measures is apparently subordinated by
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
航空资料23(104)
