Not Just Dumb Bugs Anymore

By Peter Coffee  |  Posted 2001-10-08 Print this article Print

When I've taught MBA classes in quantitative methods, I've always had a hidden agenda.

When Ive taught MBA classes in quantitative methods, Ive always had a hidden agenda. Yes, the syllabus has always included linear programming, forecasting and other number-crunching techniques. But Ive always managed to tuck in extra material on game theory, or "decision making with an active opponent" (to use the formal label). IT decisions must reckon with foes who have brains, tools and agendas of their own.

Game theorists would never have placed New Yorks Emergency Operations Center on the 23rd floor of 7 World Trade Center, the 47-story structure that collapsed from collateral damage suffered in the fall of the two major WTC towers. In fact, when that EOC facility was built in 1998, some experts questioned the peculiar combination of costly positive-pressure ventilation (for protection against biological weapons) with a location that could be so cheaply taken out (by "two missiles from an F-16," as Professor Ed Shaughnessy observed; reality was even simpler).

You can see the same kind of weak-link design in all too many IT installations: for example, those that derive "strong" 128-bit encryption keys from "easily remembered" six-letter passwords. Given that users tend to choose predictable passwords and that even random and case-sensitive six- letter passwords occupy only a 35-bit subset of that 128-bit space, why would anyone borrow a supercomputer for a key search? They can crack most users accounts with an online dictionary and a castoff i486 PC.

Likewise, the Internet itself is widely claimed to be "survivable" in that its resistant to the essentially random damage of natural disaster or bombing. But what about an attack by an active opponent? Someone, or something, that anticipates the means of counterattack—like the Nimda worm, reinfecting networks as if following behind the cleanup teams?

Its not enough to do IT correctly. We have to block easy modes of attack. We have to think like terrorists—because despite the appeal of theories, its no game.

Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel