"This sobering description of many computer-related failures throughout our world deflates the hype and hubris of the industry. Peter Neumann analyzes the failure modes, recommends sequences for prevention and ends his unique book with some broadening reflections on the future."
—Ralph Nader, Consumer Advocate
This book is much more than a collection of computer mishaps; it is a serious, technically oriented book written by one of the world's leading experts on computer risks. The book summarizes many real events involving computer technologies and the people who depend on those technologies, with widely ranging causes and effects. It considers problems attributable to hardware, software, people, and natural causes. Examples include disasters (such as the Black Hawk helicopter and Iranian Airbus shootdowns, the Exxon Valdez, and various transportation accidents); malicious hacker attacks; outages of telephone systems and computer networks; financial losses; and many other strange happenstances (squirrels downing power grids, and April Fool's Day pranks).
Computer-Related Risks addresses problems involving reliability, safety, security, privacy, and human well-being. It includes analyses of why these cases happened and discussions of what might be done to avoid recurrences of similar events. It is readable by technologists as well as by people merely interested in the uses and limits of technology. It is must reading for anyone with even a remote involvement with computers and communications—which today means almost everyone.
1. The Nature Of Risks.
Background on Risks.
Sources of Risks.
Guide to Summary Tables.
Problems in Space.
Robotics and Safety.
Medical Health and Safety.
Computer Calendar Clocks.
Security Vulnerabilities and Misuse Types.
Pest Programs and Deferred Effects.
Bypass of Intended Controls.
Other Attack Methods.
Comparison of the Attack Methods.
Classical Security Vulnerabilities.
Avoidance of Security Vulnerabilities.
Weak Links and Multiple Causes.
Accidental versus Intentional Causes.
Spoofs and Pranks.
Intentional Denials of Service.
Unintentional Denials of Service.
Financial Fraud by Computer.
Accidental Financial Losses.
Risks in Computer-Based Elections.
Needs for Privacy Protection.
Prevention of Privacy Abuses.
Annoyances in Life, Death, and Taxes.
What's in a Name?
Use of Names as Identifiers.
The Not-So-Accidental Holist: A System View.
Putting Your Best Interface Forward.
Woes of System Development.
Modeling and Simulation.
Coping with Complexity.
Techniques for Increasing Reliability.
Techniques for Software Development.
Techniques for Increasing Security.
Risks in Risk Analysis.
Risks Considered Global(ly).
The Human Element.
Trust in Computer-Related Systems and in People.
Computers, Ethics, and the Law.
Mixed Signals on Social Responsibility.
Certification of Computer Professionals.
Where to Place the Blame.
Expect the Unexpected!
Avoidance of Weak Links.
Assessment of the Risks.
Assessment of the Feasibility of Avoiding Risks.
Risks in the Information Infrastructure.
Questions Concerning the NII.
Avoidance of Risks.
Assessment of the Future. 020155805XT04062001