Washington Can't Fix Computer Glitches
Wednesday’s NYSE and United Airlines problems wouldn't have been avoided if there had been a cybersecurity information-sharing law in place.
At a time when high-profile state-sponsored cyberattacks often grab headlines, tensions were high Wednesday after computer problems temporarily brought down the New York Stock Exchange and United Airlines.
The interruptions, according to the companies, were the result of internal computer glitches that happened to have worldwide consequences.
But Washington immediately turned to the security question. After the stock exchange went down, Sen. Bill Nelson told reporters that the incident had "all the appearances of a cyberattack." He later tweeted a call for Congress to act on cybersecurity legislation.
Members of Congress, presidential candidates, and President Obama have thrown their weight behind cybersecurity legislation that would facilitate cyberthreat-information sharing between the government and the private sector.
Wednesday's events, however, could not have been avoided even if an information-sharing law was in place. The problems that plagued United and NYSE on Wednesday were not caused by foreign hackers—they were the result of computer errors.
And that's the rub for lawmakers. They're quick to point to proposed legislative solutions to patch security holes, but preventing computer errors is a much harder task for Washington to address.
Given the complexity of the computer systems we rely on daily, these sorts of problems are inevitable, said Costis Toregas, associate director of the Cyber Security Policy and Research Institute at George Washington University.
"Our life, our business, our playtime, our education have become very much subordinated to the whims of machines. We have to be prepared for the loss of continuity, the loss of convenience, the loss of the comfortable 'one click and you're inside something wonderful,'" Toregas said. "Whatever the reason is, whether it's a malicious attack or a stupidity attack."
Without contingency plans, Toregas says, we are left high and dry, like the hundreds of passengers stranded at Chicago O'Hare International Airport after the United glitch.
United's trouble began at about 8:30 a.m., when a problem with its automation systems grounded all its airplanes for more than an hour, causing delays that would affect travelers for hours and pushing down the airline's stock price by 1.6 percent during morning trading. United is the largest airline in the U.S.
The stop was lifted before 11 a.m., and a United spokesman said the airline was working to restore normal operations and accommodate the affected passengers.
Then, at around 11:30 a.m., the New York Stock Exchange suspended trading over an "internal technical issue." The breakdown came as traders were dumping Chinese stock in an ongoing selloff. Trading resumed after about three and a half hours.
The NYSE's official account tweeted that the issue "is not the result of a cyberbreach," and FBI Director James Comey told the Senate Select Intelligence Committee that his agency has not made "any connection to a cyberbreach or a cyberattack" in either event.
Sen. Richard Burr, a member of the Senate Select Intelligence Committee, also said it was unlikely that the events were the result of hacks.
"From everything I can gather in a short period of time, there's nobody in the intelligence community that believes a cyberattack had anything to do with it," Burr told National Journal."Just coincidence."
Outside of preparedness, the options for preventing these problems are few. Toregas said an overwhelming focus on cybersecurity can blind organizations to the basic risks of running essential services on computer systems, and that a day like Wednesday is a good reminder that "disruptions are sometimes of our own making, not a bad guy behind the closet."
"A legislative approach could not have prevented what happened today, knowing what I know," Toregas said, but a loose framework that encourages cooperation between the government and the tech sector—a model of coordination like the one Obama pitched during a February visit to Stanford University—would be a valuable step.
But sometimes, said Toregas, the problem is "not only security, but also stupidity and bad designs of systems."