risks@CSL.SRI.COM (RISKS Forum) (10/23/89)
RISKS-LIST: RISKS-FORUM Digest Sunday 22 October 1989 Volume 9 : Issue 33
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Earthquake preparedness in computing (PGN)
Air-Traffic Disruptions (PGN and Robert Dorsett)
Railroad Level-Crossing Monitoring (Brian Randell)
Sometimes touch-screens aren't user-friendly (Jeffrey Mogul)
UK Banking Error (Brian Randell)
Quotron gores the bears and bares the bulls (PGN)
Quotron software timing error (David B. Benson)
Re: latest stock market crash (David Gursky)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
TO FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
cd sys$user2:[risks]<CR>get risks-i.j . Vol summaries now in risks-i.0 (j=0)
----------------------------------------------------------------------
Date: Sun, 22 Oct 1989 12:35:32 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Earthquake preparedness in computing
Tuesday's Loma Prieta earthquake continues to have a devastating aftermath,
particularly in parts of Santa Cruz, Hollister, San Francisco and Oakland.
However, there have been some encouraging success stories of organizations with
computer/communication contingency plans that worked successfully following
Tuesday's earthquake (17 Oct 89). Furthermore, it appears that the area was
spared much greater devastation because of anticipatory construction
improvements.
The San Francisco Chronicle kept publishing despite a complete power outage at
the newspaper's headquarters, which ground their computer and main printing
facility to a halt. Material for the Wednesday and Thursday editions was
assembled using Macintosh disks and an emergency generator.
There was building damage at SRI. Most of the SRI Computer Science Lab
computer facility survived. However, the RISKS file server was down until
Thursday; when it was resurrected, the disk on which RISKS operates was
discovered to be messed up as well, so I could not put an issue out until now.
------------------------------
Date: Sun, 22 Oct 1989 12:24:07 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Air-Traffic Disruptions [with contributions from Robert Dorsett]
For the second time in a week air traffic at Dallas-Forth Worth International
Airport was disrupted. The Thursday 19 October computer outage (1950s-vintage
computer system) lasted at least twelve hours, and caused delays. [Source:
Washington Post, 21 Oct 89, p22]
FAA officials said Thursday's breakdown happened when one of four data proces-
sors on the computer failed to start after routine maintenance. The processors
feed specific information about each plane from the radar to the controllers'
screens. Flights continued at a reduced rate during the outage.
The previous week's outage, on 14 Oct 89, lasted for 19 minutes. It was traced
to a technician who mistakenly tried to program a radar computer from the wrong
terminal.
Tony Dresden, a spokesman for the National Association of Air Traffic Control-
lers, said the FAA is trying to upgrade computer systems across the country.
But the process is painstakingly slow, he said. "I think if you go to any
terminal across the country you'll find some older equipment mixed in with some
new equipment," Dresden said. "So this is not just confined to terminals at
the Dallas-Fort Worth airport, but to terminals across the country."
Norm Scroggins, tower manager at D-FW airport says the FAA is looking into the
problem. "We're in an interim mode," Scroggins said. "I don't think it's
particularly useful that any government agency is unable to stay up with the
technological industry. It's just hard to get the stuff in. "And you have to
keep in mind that this same equipment is working quite well in Houston. They
just don't have the demands that we (D/FW) have."
[Excerpted by PGN from an article from the The Austin-American Statesman, 21
Oct 89, provided by Robert Dorsett (@rdd@rascal.ics.UTEXAS.EDU)]
------------------------------
Date: Tue, 17 Oct 89 19:08:36 BST
From: Brian Randell <Brian.Randell@newcastle.ac.uk>
Subject: Railroad Level-Crossing Monitoring
[This is interesting as an experiment in using AI - or more specifically neural
networks - in a safety-related application, though not in any safety-critical
fashion.]
BR USES `COMPUTER VISION' TO MONITOR LEVEL CROSSINGS
The Independent, 17 Oct 1989, by Mary Fagan, Technology Correspondent
British Rail will use computers to monitor level crossings to see if cars
should be allowed to cross them, in an attempt to assess how artificial
intelligence and `computer vision' can be used more widely on the rail network.
As part of a major experiment to be announced today, computers emulating the
human brain will monitor the level crossings, deciding when it is safe to lower
and raise gates, and when cars and pedestrians should be allowed to pass
through.
Dr Alan Cribbens, head of safety systems at BR, said such systems would be used
only to help and augment human control. But he hopes computer vision and
artificial intelligence may also be used for examining the condition of rail
tracks and tunnels, and for inspecting the conditions of the brakes on rolling
stock. `Computers would never be allowed to take decisions alone in the
primary safety loop, at least not in the short term.'
Level crossings are currently monitored by closed-circuit television and
controlled by an operator. There is a limit as to how many crossings one
person can cope with, and the computer monitoring could dramatically increase
the efficiency.
The experiment also acts as a tough test for computer vision, because it has to
cope with variable lighting and weather, and to decide whether a scrap of paper
or rubbish on the track constitutes a serious obstruction. The computer is a
`neural network' - a machine which attempts to emulate the way the brain works.
The network is made up of layers of tranputers, each of which is a computer in
its own right, and which represent a computer neuron or brain cell.
According to Colin Hebden of SD, the company supplying the system, the neural
network can be trained to recognise patterns and interpret images - things
which traditional number-crunching machines are not good at. The transputer is
also ideal because it communicates well with other transputers in the ntework.
The BR experiment is said to be pushing forward the frontiers of neural network
computers. `If it has potential we will have it in use as soon as possible,'
Dr Cribbens said.
Brian Randell, Computing Laboratory, University of Newcastle upon Tyne
JANET=Brian.Randell@uk.ac.newcastle UUCP=...!ukc!newcastle.ac.uk!Brian.Randell
[BR = British Rail, not Brian Randell.]
------------------------------
Date: 20 Oct 1989 1741-PDT (Friday)
From: mogul@decwrl.dec.com (Jeffrey Mogul)
Subject: Sometimes touch-screens aren't user-friendly
Last night I went into a hardware store (Builder's Emporium in Redwood City,
CA) and walked past a kiosk providing advice from "Pop Larsen", probably a
fictional character. In additional to little brochures ("How to unclog
drains") the kiosk contains a touch-screen system that apparently allows the
user to navigate through some menus to get home-repair information.
What caught my eye was that, superimposed on the flashy 3d-ish color
"buttons" on the screen, was a black & white message in a crude font:
Overflow in line 0 of module 1W4200YC at
address 328F:0501
Hit any key to return to system
Of course, hitting "any key" was difficult, given that there were none.
-Jeff
------------------------------
Date: Fri, 20 Oct 89 12:53:44 BST
From: Brian Randell <Brian.Randell@newcastle.ac.uk>
Subject: UK Banking Error
[I have used the hash symbol (#) for the pounds symbol. I am assuming that the
the story is using the term "billion" with its normal American meaning! Brian
Randell]
BANK ERROR HANDS OUT #2BN IN HALF AN HOUR
Computer Weekly, Thursday 19 October 1989, p.1, by Tony Collins,
A UK bank has accidentally transferred #2bn to UK and US companies because a
software design flaw allowed payment instructions to be duplicated. The
organisation has asked customers to return the money, which is more than the
annual profits of any clearing bank, but so far not all of the cash has been
recovered. The error, described by the Computing Services Association (CSA) as
probably the most serious to have hit the IT industry, led to the #2bn being
paid out to customers over 30 minutes.
Within an hour the bank discovered its mistake, but by then the cash had been
transferred to other banks and into accounts of corporate customers in the UK
and US. The funds were sent on the high-speed Clearing House Automated Payment
System (Chaps) which allows high value payments, typically #2m, to be
transferred in seconds from one bank to another via a computer system linked
through British Telecom's Packet Switched Service.
Although Chaps refuses to name the bank it confirms that the accidental
transferral of #2bn occurred "in the past few weeks" and involved one of its 14
memeber banks. The membership includes all major clearing banks together with
the Bank of England, Girobank and the TSB. Jim Reeves, Chaps technical
manager, says funds transferred on the network are guaranteed payments and are
technically irretrievable. "If a bank decides it has made a mistake, it is
still bound to settle the funds at the end of the day." He adds that, as far
as he knows, most of the #2bn has been recovered as a result of the goodwill of
the close-knit banking community and its corporate customers. "One bank
managed to send a number of payments it had sent the day before," says Reeves.
"It only noticed this because of a very high outflow of money early in the day.
It was a question of getting in touch with customers and asking them if they
minded payment going back."
Richard Allen, chief executive of the Association for Payment Clearing Services
(Apacs), which controls Chaps, says security and reliability have become
increasingly important in payment mechanisms, especially as more institutions
began using such systems. "This is particularly so in high value mechanisms
such as Chaps," he says. Reeves says the #2bn involved mostly foreign exchange
and money market transactions.
The error was due to a software flaw which allowed the system to choose a date
for payments rather than insisting that the operator made the selection.
In the event the system chose the wrong date.
The software has since been redesigned to avoid a repetition of the incident.
Brian Randell, Computing Laboratory, University of Newcastle upon Tyne
JANET=Brian.Randell@uk.ac.newcastle UUCP=...!ukc!newcastle.ac.uk!Brian.Randell
------------------------------
Date: Tue 17 Oct 89 15:36:20-PST
From: Peter G. Neumann <NEUMANN@CSL.SRI.COM>
Subject: Quotron gores the bears and bares the bulls. Oxidentally.
Following the wild drop on the NY Stock Exchange on Monday, Quotron reported at
10:30 AM on Tuesday, 17 October 1989, that the Dow Jones industrial average was
DOWN 71 points. An unwitting NYSE VP announced this figure live on CNN, which
caused quite a stir. However, almost all of the stocks (except the American
and United Airlines companies) were UP, and the average should actually have
been UP about 20 points.
Quotron gets live feeds from the market mainframes, and calculates the averages
every 15 seconds. However, the heavy volume on the NYSE "overloaded" Quotron's
software. The problem apparently corrected itself half an hour later.
"Nonetheless, the incident underscored how modern telecommunications have come
to tie investors and markets together around the globe and the threats to
market stability when the systems malfunction." (John Burgess, Washington
Post, 17 October 1989)
------------------------------
Date: Wed, 18 Oct 89 15:48:45 PDT
From: dbenson@cs2.cs.WSU.EDU (David B. Benson)
Subject: Quotron software timing error
Excerpts from:
Traders Who Can't Believe Their Eyes Win Vindication
Heavy Stock Volume Makes Some of Quotron's Data Veer
Away From Reality
by Georgette Jasen,
Staff reporter of The Wall Street Journal
The Wall Street Journal, October 17, 1989, page c23
Traders ... were stunned to see the Dow Jones Industrial
Average plummet 99 points in seconds. A minute later
it soared 128 points, then zoomed back down 113 points,
69 below Friday's close.
...
Quotron Systems Inc., a Citicorp unit, blamed the 30-minute
foul-up on "a timing problem in our software" caused by
the enormous early volume -- about 145 million shares in the
first hour of New York Stock Exchange trading. The prices
of the individual stocks that make up the average were correct,
Quotron said, but the average was wrong. ...
It was the second time in less than a week that Quotron has
had problems calculating the industrial average. ...
[The earlier problem was attributed in a previous article to human error.]
A Quotron spokeswoman said recent software changes may have
contributed to yesterday's problems. She said Quotron
switched to a backup system until the problems were corrected.
------------------------------
Date: Tue, 17 Oct 89 21:50:35 EDT
From: dmg@lid.mitre.org (David Gursky)
Subject: Re: latest stock market crash
In Risks 9.32, Olivier Crepin-Leblond <zdee699@elm.cc.kcl.ac.uk> asks if the 13
October 1989 drop in the average price of stocks on the New York Stock Exchange
could have been triggered by electronic vandalism of some form (he specifically
asks about a virus).
The possibility does exist, but (1) in this instance I do not believe that was
the case and (2) if it were the case, we would know about it by now I should
think.
Friday's plunge (as I understand it) was caused by preprogrammed selling of
stock by computer. The rules and conditions under which these programs
operate are well understood. If those programs had made transactions "outside
of their envelope", the institutions that set the rules for the programs would
be screaming bloody murder, and we would see the SEC all over the evening news.
Expanding this a bit, I find it less than likely (although I doubt it is
impossible) for electronic vandalism (viruses, logic bombs, or time bombs) to
effect these applications unnoticed. [I might add that when I say "less than
likely", the basis of my comparison is the computing community in general,
which is far more open than the NYSE's computers.] Again, preprogrammed
trading occurs only under known conditions. It should be possible to put in
some minimal amount of safeguards to prevent these automated trades to occur
outside of their defined envelopes. This is not to say NYSE has done so
though.
------------------------------
End of RISKS-FORUM Digest 9.33
************************