On August 20, 2008, 154 people died when Spanair Flight 5022 crashed right after takeoff in Spain. A preliminary report, discussed in an article in the Spanish daily newspaper El Pais indicates that a diagnostic computer should have detected problems with multiple systems on the aircraft. Had the problems been detected, the takeoff would have never been attempted. The computer was infected with a virus or other malware.
In theory, if the malware had not infected the diagnostic computer, the problem with the aircraft system would have been discovered, and those 154 people would still be alive.
Will viruses and other malware contribute to injuries and deaths? Imagine diagnostic imaging machines, like X-rays and CAT Scanners, exposing patients to too much radiation due to a virus. Traffic lights not functioning properly, especially on a highway with high speed limits, could lead to a horrible crash. Emergency services may already be delayed in their response due to computer malfunctions. The airline industry has plenty to worry about. What if trains fail to stop and crash into another train or the end of the line?
Apparently the Spanair diagnostic computer does not connect to the Internet so the infection likely came from an infected USB device, CD-ROM, or some other form of removable media.
Just last month, control systems manufacturer Siemens, who manufactures control systems, warned that malware called Stuxnet is spreading through infected USB devices to penetrate industrial control systems. I wonder if there are any control systems at nuclear power plants infected yet.
More and more regulations and laws are forcing organizations to wake up to the fact that IT security is very important.
Business executives and IT professionals alike must realize:Viruses and other malware do not necessarily make themselves obvious for the simple reason that, if you know a computer is infected, you are likely to have a qualified IT professional fix the problem.
- Anti-virus programs do not always catch all viruses
- Firewalls are not perfect either
- End users can, accidentally or on purpose, bypass some of the best security you set up
How many more people will need to die, how much more money will be lost, before people become aware of the importance of IT security?
Please post your comments on this blog.