RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (06/20/89)
RISKS-LIST: RISKS-FORUM Digest Monday 19 June 1989 Volume 8 : Issue 82 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Re: Microcomputers in the operating theatre (Ken Howard) Risks of missiles (Steve Den Beste) Trojan Horse in Comp.Risks? (John C Williams) Power glitches scrambling computers --- can it be avoided? (Will Dickson) Re: 'Blip' Blows Computers Back to Paper Age (William M. Bumgarner) No back-ups: Ninth Circuit's "computer error" (Clifford Johnson) Hillsborough Football -- Another Computer Connection (Charles Lindsey) Radio Control Interference (Marco C. Barbarisi) New Yorker Article (book serialization?) on radiation risks (Martin Minow) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. * RISKS MOVES SOON TO csl.sri.com. FTPable ARCHIVES WILL REMAIN ON KL.sri.com. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ... Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99). ---------------------------------------------------------------------- Date: 19 Jun 89 05:05:38 GMT From: khoward@chook.ua.oz.au (Ken Howard) Subject: Re: Microcomputers in the operating theatre (RISKS-8.79) In RISKS-8.79, Martyn Thomas says:- > Anaesthesia is a precise art and at University Hospital, Nottingham [UK] > there are moves to sharpen that precision by taking a BBC micro into the > operating theatre. > .... consultant anaesthetist [name given] plans to connect the machine to > syringe drivers and so improve control over drugs given to patients during > operations. ... Martyn addresses the obvious risk from the hardware/software reliability point of view here. The other not so obvious risk is that a BBC micro is not certified for use in an environment containing explosive gasses such as are used in anesthesia .... You could switch the machine on/off and .... [consequences left to the reader's imagination!] ---Ken--- Ken Howard, University of Adelaide, Dept. of Computer Science, G.P.O. Box 498, Adelaide 5001 AUSTRALIA. ------------------------------ Date: Mon, 19 Jun 89 10:47:28 -0400 From: denbeste@BBN.COM Subject: Risks of missiles With regard to the Minuteman system, the system is guided only in the sense that you may preprogram it for any destination. It is NOT self-correcting on its course. The main missile is solid fuel, which means that once you light it off, it will burn until it's gone (like the SRB's on the shuttle). They can control the direction of the thrust but not its intensity. At this point it is gliding until it releases its warheads. The missile has no mechanism for sensing where it is and aiming the warheads accordingly - it is just told, BEFORE LAUNCH, "point here, release a warhead, point there, release a warhead, etc." The point is that all errors in the launch are cumulative and no mechanisms exist to correct them. Which makes the following very important: All tests of the Minuteman, and there haven't been very many, have been from Vandenberg AF base in CA, aimed at an atoll in the south Pacific. The missiles rise out of the atmosphere, but never enter the Van Allen belt. The Van Allen belt, like any magnetic field, is a toroid, and if a Minuteman was really fired it would be over the pole - and it would pass through the Van Allen belt twice. It is also the case that the local gravitation field characteristics over the pole are different than they are over the Pacific. None of this matters much when you are shooting at something like a city which is miles across. It matters a great deal when you are shooting at a hardened target like a silo or a bunker. There an error of 100 yards is the difference between success and failure in knocking out the enemy target. If the last war does happen (let's hope not) there is no question that our Minuteman force can destroy all the cities in the USSR. To use them in a first-strike against silos, on the other hand, is a crapshoot. (If anything, the situation from a Trident is even worse because your starting position may not be known completely accurately.) I suspect that those in charge of our nuclear forces know this, and it is one of the reasons we haven't had the war (though hopefully not the only one). This reminds me of another story, equally interesting: Shortly after coming to office, the Reagan administration asked the Soviets to destroy a certain class of medium range missiles in Europe in exchange for a promise from us not to develop an equivalent one. The Soviets laughed. So we developed the Pershing II. It was only tested twice, and it blew up during launch both times. ...at which point, the powers that be said "That's good enough. Deploy it." So we built over a hundred of them and put them in Germany and the Netherlands (political disturbances and picketing notwithstanding). Ultimately they were traded for the Soviet equivalent class in the INF treaty. It makes you wonder whether the Pershing II ever had any other purpose, doesn't it? Steven Den Beste, BBN Communication Corporation, Cambridge MA ------------------------------ Date: Mon, 19 Jun 89 12:52:55 PDT From: jcw@wdl1.fac.ford.com (John C Williams) Subject: Trojan Horse in Comp.Risks? A contributor to Comp.Risks 8.80 (Disarmament by defect) suggests "... that the advance of computer technology into the field of the military, has made it well neigh impossible to fight any war worth its SALT." ^^^^^ (Emphasis added.) Is this an example of a Trojan Horse? John C. Williams, Ford Aerospace [The "neighs" have it. A "Nigh" for a "nigh". Note that NYACK (NY) must be NEARLY an ACKnowledgement. PGN] ------------------------------ Date: Mon, 19 Jun 89 11:43:50 BST From: Will Dickson <will@robots.oxford.ac.uk> Subject: Power glitches scrambling computers --- can it be avoided? Several recent articles in RISKS have mentioned computer failures due to various glitches on the power supply lines. At the same time, many companies are advertising Uninterruptible Power Supplies (UPS's) claiming that they safeguard against these problems, or at least that they provide enough time for a graceful shutdown in the event of a power failure. What is the actual situation? Are these UPS's capable of doing what they claim? If so are they not used because of the cost, or because people do not feel that they are needed? Or are there other issues? Will Dickson. Robotics Research Group, Department of Engineering Science, Oxford University, Oxford OX1 3PJ, England. JANET: will@uk.ac.ox.robots ------------------------------ Date: Sun, 18 Jun 89 19:19:30 -0400 (EDT) From: "William M. Bumgarner" <wb1j+@andrew.cmu.edu> Subject: Re: 'Blip' Blows Computers Back to Paper Age A momentary electrical 'blip' is a dangerous thing; I lost my computer to one this morning. Last night, there was an electrical storm in the area-- no close strikes or power problems. But this morning (clear skies), i heard a crack/ explosion like a transformer blowing out. Immediately following this was a momentary (less than one second) loss of power. Later, when I went to use the computer (Mac Plus w/a flaky video board anyway), the video had been reduced to a 3 millimeter wide strip up the middle of the screen (Horizontal scan gone?) Whether or not the storm had any connection with the 'blip' is questionable, but the blip definitely nailed my computer. BTW: the logic board is fine... only the video was lost. Questions: What is the best way to protect against a blip (UPS? isolation transformer?)? What measures have been taken to protect against such blips in critical systems? How much of a threat are 'blips' to hardware? b.bum wb1j+@andrew.cmu.edu ------------------------------ Date: Sun, 18 Jun 89 11:14:21 PDT From: "Clifford Johnson" <GA.CJJ@Forsythe.Stanford.EDU> Subject: No back-ups: Ninth Circuit's "computer error" After an oral hearing in the appeal of my old lawsuit (re launch on warning and the question as to whether that capability delegates a decision to declare war to the military and its computers), I asked for a transcript of the hearing. I was told over the phone that it had been located and would be transcribed, but then received a form stating, without apology or explanation, that it was "unavailable." I asked why this was the case, on the phone to the clerk, and was transferred to someone who told me that the transcript was not available due to "computer error." She explained that only in the past few months (*"this year"*) had the taping of hearings become the procedure, that my tape had mysteriously disappeared ("probably someone with access didn't want it published", she supposed), and that this loss had caused the court (Ninth Circuit court of appeal, San Francisco) to realise for the first time the need for back-up tapes. Accordingly, procedures had been changed so that originals would be kept securely henceforth, she stated, pleading that it was ignorance of the new computer (tape-recorder = computer in her books) technology that caused the problem. However, there was no problem finding the tape of a hearing I had in the same court some *three years* earlier. ------------------------------ Date: Mon, 19 Jun 89 15:27:43 +0100 From: Charles Lindsey <charles@unix.computer-science.manchester.ac.uk> Subject: Hillsborough Football -- Another Computer Connection In the UK, we recently had a major disaster at the Hillsborough football ground in Sheffield, in which 95 people died after being crushed against the steel barrier which is supposed to prevent the spectators from invading the pitch. It is estimated that the pressure per person on the fence, due to the weight of the people behind surging forward, was in excess of one ton. [The computerized turnstile problem was noted in RISKS-8.60. PGN] Now the official enquiry into the disaster is sitting, and the papers are full of reports. At some point, it seems the Police decided they needed cutting gear to use on the fence, and telephoned the Fire Brigade for it to be sent. Clearly, its need was EXTREMELY URGENT. Note that Hillsborough is the major football ground in Sheffield. It must occupy something the size of a city block, and it can be approached from several roads. The following is quoted from the Daily Mail for June 14. Two vital minutes were wasted in helping victims of the Hillsborough tragedy. The fire brigade refused to send vital cutting gear until they knew what street the football stadium was in. Four times telephone operator Susan Davies demanded the address. Then she asked five times what the equipment was needed for. Yesterday Miss Davies told the enquiry ... that the fire service computer would not recognise the Hillsborough ground as a place. 'It needs a specific address and district in order to determine what pumps are required to attend', she explained. 'My training is not to assume what an address is. It's up to me to ascertain that from the person calling'. As far as she was concerned, she added, there could have been several football grounds at Hillsborough. ... The conversation ... went like this: Police: Can we have cutting gear for Hillsborough please straight away? Fire: Just a minute. Right, what's the address? Police: Cutting equipment for Hillsborough football ground straight away. Fire: Hillsborough football ground? Police: Yes, Hillsborough football ground. Fire: What road is that on, do you know? Police: There has been a major accident, all the ambulances are there. Fire: What road is it on? Police: I have no idea. Hillsborough football ground. Fire: What road is it on, do you know? Police: Hillsborough football ground, what road is it on? (this to someone in police control). Penistone Road. Fire: Penistone Road? Police: Penistone Road, OK. Fire: Penistone Road, just a minute. What's exactly involved? Police: It's football, a big match, Liverpool v Nottingham Forest. Fire: Yes, but why do you want us? You said it was an RTA (Road Traffic Accident). Police: No, major incident inside the ground. Fire: Major incident inside. Do you know exactly what it is? Police: No I don't. They want all the cutting gear. Fire: For what, do you know? Police: Hang on a sec. Police: (another voice) Hello. Fire: Hello, now you want some cutting gear. What exactly is it for? Police: ... full explanation ... Fire: Right. OK. Leave it with us. ------------------------------ Date: Mon, 19 Jun 89 14:53:17 CDT From: marco@ncsc.navy.mil (Barbarisi) Subject: Radio Control Interference (Re: RISKS 8.75 and 8.80) Micheal Berkley recently (RISKS 8.75) described a now infamous accident in which a radio controlled mining machine killed a man after receiving an interfering signal. In RISKS 8.80, Robert Horvitz suggested a possible fix in which the transmitter command is headed by a coded signal recognizable only by the receiver. Radio sets are readily available which feature pulse code modulation (PCM) and employ a header code ("password", if you prefer). They are commonly used to control model aircraft. If a spurious signal interferes with a PCM receiver, it goes into a preprogrammed "failsafe" mode until contact with the matching transmitter is restored. The user usually has at least some control over what happens during failsafe mode. The default for most airplane systems is to neutralize (i.e., return to a center position) all control servos. Hopefully, this results in neutralized control surfaces and a 1/2 throttle setting on the engine. Of course, if the airplane is pointed at the ground when it goes into failsafe mode, it usually will end up back in kit form. In the case of radio controlled heavy machinery, the failsafe settings must be more carfully chosen and programmed. Is power cut off? Are brakes applied? What are the position control presets? Does the failsafe mode depend on the most recent mode of the machine? I'm assuming that the users of such equipment will have enough sense to employ PCM. They've shown no such sense so far. A construction company in Texas has petitioned the FCC to employ 75 MHz frequencies to operate heavy machinery. These frequencies are attractive because they are license-free and the only currently authorized users are radio control car and boat operators. In the spirit of commericial exploitation of the airwaves, the construction company wants to SHARE those frequencies! That's right - your kid's toy Baja racer may be on the same frequency as a 10 ton bulldozer. On a related topic, the proposed "person-finder" transmitters, used to locate missing persons, will operate on the same frequencies (72 MHz) as model aircraft. Again, the obvious advantages for those selling such devices are that the frequencies are license-free and the current users are not employing them to make money and so lack political clout. As mentioned by Mr. Horvitz, current FCC policy is to encourage any and all commercial use of the airwaves, without regard to safety or the interests of current users. Currently, frequency control for model aircraft occurs at club fields and is strictly enforced in accordance with AMA (Academy of Model Aeronautics) regulations. Such control will be moot if the frequencies are shared by "person-finder" transmitters. This is in addition to the previously mentioned (RISKS ?.?) potential for abuse of such devices by employers and the government. The AMA is petitioning the FCC to block frequency sharing. Caveat: this note was written by a radio control flyer who is a member of the AMA. Marco C. Barbarisi (AMA # 204356), Naval Coastal Systems Center, Panama City, Florida 32407 Disclaimer: The opinions expressed above are my own and do not necesarily reflect those of the Government, my employer, or the AMA. ------------------------------ Date: 18 Jun 89 10:03 From: minow@thundr.enet.dec.com Subject: New Yorker Article (book serialization?) on radiation risks Risks Digest readers might find an article series in the current New Yorker interesting. Written by Paul Brodeur, the three-part series is titled "The Hazards of Electromagnetic Fields." The first part, published in the June 12 issue, dealt with power-line magnetic fields and fields generated by high-voltage transmission lines. These are low-level effects that manifest themselves in long-term changes in cancer (primarily childhood) rates. The current (June 19) issue is concerned primarily with pulsed-microwave fields, especially those from the PAVE PAWS distant early warning radar installations. The last installment isn't out yet. One frightening aspect of the problem is the way "scientists" cook their research to suit the "needs" of their funding agencies. For example, Air Force researchers measured the *average* emission of PAVE PAWS, which is a multi-megawatt *pulsed* beam, rather than its instantaneous intensity. Martin Minow minow%thundr.dec@decwrl.dec.com The above does not represent the position of Digital Equipment Corporation. ------------------------------ End of RISKS-FORUM Digest 8.82 ************************ -------