Tuesday, March 06, 2007

Lessons from USAir??

Since I am in Charlotte NC, I am right smack in the middle of the USAir ticket kiosk fiasco. This morning I was being interviewed on the local News Talk radio, 1110 WBT, on the Charlotte's Morning News, about the Daylight Savings Time issue, when I was asked about US Air and what I would have done differently. My answer was, test the migration well before deploying it in production.

That being said, it made me start thinking about just how complex software is, how easy it is to break and just how easy it would be for someone to intentionally do damage that way. Now, this is fiction, but why couldn't a disgruntled programmer or admin at US Air have purposely sabotaged the code or the kiosk OS to cause this massive headache for the airline? The answer is obviously they could have. Now as a forensic analyst I have all kinds of tools and methods to go back and discover and prove such actions after the fact, but what is there out there that could prevent such a problem or even worse ones. After all this was just the reservation/ticketing system, not air traffic control or flight scheduling.

I am sure the IT folks from USAir are working around the clock and as hard and diligently as they can to solve this "glitch", but isn't this an ideal place for live forensics? Shouldn't there be an effort to get at crucial information that has already been installed and stored on these kiosks at the same time the "fix" effort is going on? When they fix it, most all of the previous install and evidence will be gone. This would be valuable if it was a simple code error or especially if it was malicious. Again, I'm not implying this is any kind of malicious act, I'm just using it as an example of the kind of problems malicious acts could cause.

I believe companies must get onboard with live forensic examinations. Too much valuable information that could go toward solving an incident or at least documenting a policy violation or a hole in procedures is being lost in the real world. Our infrastructure security and the security of corporate concerns is at risk. In the end, it is a matter of bottom line, and the expense is well worth it.


At 4:26 PM, Blogger Keydet89 said...

While I agree with the sentiment of your post, the issue in the real world is how do you get companies to start doing this? How do you get companies to invest money and resources into something that we believe (but they don't) that they should have?

At 8:20 PM, Blogger Bill Ethridge said...

It has to be a bottom line improving solution. The nature of what we do is seen as an expense, and an unneeded one mostly required by govt intervention to most decision makers,

But if you can give them insight into a real bottom line increase, whether it is increased revenue pr decreased losses, you can get buy in.

Granted its an uphill fight, but I think live acquisition or live analysis can make it make a difference,


Post a Comment

<< Home