The WannaCry attack reinforces a point that I have made before: we can no longer draw a clean distinction between information technology (IT) and cyber-physical (CPS) systems. WannaCry targeted traditional IT systems but it disrupted the operation of hospitals. Last year's IT failures at major U. S. airlines were caused by equipment failures, not attacks, but they disrupted flight operations.
<p>
Perhaps it's time for IT operations to design to higher levels of fault tolerance. It seems that applying fault-tolerant methods to the system core isn't enough---we should apply those techniques to the entire distributed system.
<p>
Design diversity should be an important part of fault-tolerant design for critical systems. We have put our eggs in a very small number of software baskets. The Morris worm of the 1980s provided an early example of the benefits of design diversity when the original Unix lab was protected from the worm because they ran their own mailer.
No comments:
Post a Comment