Friday, August 19, 2005

US Customs systems compromised by a virus

Touching on 3 issues near and dear to my heart comes this story on the US Customs Service's computer systems being shut down due to a virus:

::::::::A virus caused the U.S. Customs computer system used to process passengers arriving on international flights to shut down for several hours Thursday, leaving long lines of impatient travelers, officials said.

Homeland Security spokesman Russ Knocke said the virus impacted computer systems at a number of airports, including those in New York, San Francisco, Miami, Los Angeles, Houston, Dallas and Laredo, Texas.

The worst delays appeared to be at Miami International Airport, where as many as 2,000 people waited to clear immigration, airport spokesman Marc Henderson said.

At New York's airports, customs officials processed passengers by hand during the shutdown. In Los Angeles, they used backup computer systems to keep passengers moving.

The computer problem originated in database systems located in Virginia and lasted from around 6 p.m. until about 11:30 p.m., said Zachary Mann, spokesman for U.S. Customs and Border Protection in southern Florida.

"Unfortunately with technology you have periods where things happen," he said.

Oh, sure. These things happen. Multi-billion dollar government systems housing critical-to-national-security information are completely exposed to viral infection, get compromised, and go completely off-line for hours at a stretch all the time. As a professional network designer and engineer, let me say right now: bullshit. I have personally designed and implemented networks and systems where this kind of event is not only planned for, it's expected. Both in policy and design they are redundant and protected from being completely compromised. The term "mission critical" has a meaning beyond looking great on a marketing slick - it means that the information system in question does not simply go down. Ever. It is never not available because if it is, the "mission" fails. That's what "mission critical" means. My apologies, but I think that if a system going dark translates into a couple of thousand people not being able to move in our transit system, then the system qualifies as being mission critical. That such a system can be designed in such a way that it's 1) even exposed to a virus at all and 2) not redundant so as to provide capability even in the event of a compromise like this is just unbelievable to me, personally. Sounds we need a design review over there, and fast.