Could the Titanic have changed course?

Posted January 6th, 2009 by

Rybolov really struck a note with me (as he usually does) with his blog entry with his decision that S.3474 was a bad thing. It reminds me of a conversation I had with a friend recently. Basically she ask me why bad thing happen even after smart people put their heads together and try to deal with the problem before facing a crisis. Intrigued with her question, I asked her what specifically she was asking about. She shared that she had been thinking about the tragedy of the Titanic sinking.

Of course she was referring to the sinking of the passenger ship RMS Titanic on the evening of 14 April 1912. She made two points, first that the experts declared that the ship was “unsinkable” – how could they be so wrong. Second, she wondered how the ship could be so poorly equipped with boats and safety equipment such that there was such great loss of life.

The Titanic’s Disaster photo by bobster1985.

Little did she know that I have had an odd fascination with the Titanic disaster since childhood and have basically read much of the common public material about the event. So, I replied that that no expert had ever declared her unsinkable, that it was basically something that was made up by the press and the dark spineless things that hang around the press. However, I added the designers and owners of the ship had made much of her advanced safety features when she was launched. A critical feature was including water-tight bulkheads in her design. This was something of an advanced and novel feature at the time. What it meant was that you could poke a pretty big hole in the ship, and as long as the whole was not spread over several of these water-tight compartments she would stay afloat. The problem was that the iceberg that she hit (the Titanic, not my friend), ignored all of this a tore a big gash along about a third of the length of the ship.

So, my friend pressed again about the lack of safety equipment, especially lifeboats. I told her that the problem here was that the Titanic indeed did meet all of the safety requirements of the time. And that a big part of the problem was that the safety requirements were drafted in 1894 at a time when there were rapid changes and in the size and design of ships of this kind. Those regulations indicated that all passenger ships over 10,000 tons required 16 life boats, and that’s how many the Titanic had. At the time the regulations were written there were hardly any ships over 10,000 tons in size. However, when Titanic was launched she was designed to be over 50,000 tons when fully loaded. The fact was that if each of these lifeboats was fully loaded they could barely hold half of the of the passengers and crew of the ship if fully loaded. What is worse, when the ship did sink, not all of the boats were usable because of speed and angle in which the ship began sinking.

So, the bottom-line was that when the Titanic was reviewed by the safety accountants, they took out their check-list and went over the ship with a fine tooth comb. When the day was done the ship fully met all the safety criteria and was certified as safe.

This is where I see the parallels between root causes of the Titanic disaster and the odd situation we find ourselves in today in terms of IT security. Security by checklist –especially out of date checklists—simply doesn’t work. Moreover, the entire mental framework that mixes up accounting practices and thoughts with security discipline and research is an utter failure. Audits only uncover the most egregious security failures. And, they uncover them at a point in time. The result is that audits can be gamed, and even ignored. On the other hand, formal reviews by experienced security professionals are rarely ignored. Sometimes not all of the resources are available to militate against some of the vulnerabilities pointed out by the professionals. And sometimes there is debate about the validity of specific observations made by security professionals. But, they are rarely ignored.

Interesting enough, because of the mixed IT security record of many government agencies, Congress is proposing – more audits! It seems to me what they should be considering is strengthening the management of IT security and moving from security audits often performed by unqualified individuals and teams toward security assessments conducted by security professionals. And since professionals are conducting these proposed assessments, they should be required to comment on the seriousness of deficiencies and possible mitigation actions. An additional assessment that the professionals should be required to report on is the adequacy of funding, staffing and higher management support. I don’t really see any point in giving a security program a failing grade if the existing program is well managed but subverted and underfunded by the department’s leadership.



Similar Posts:

Posted in FISMA, NIST, Risk Management, The Guerilla CISO | 4 Comments »
Tags:

4 Responses

  1.  Compliance != Security - the Titanic illustration | Payment Systems Blog Says:

    [...] Dr Anton Chuvakin points us to NEWS FLASH! Titanic Was Compliant a post on The Guerilla CISO located here. [...]

  2.  Graydon McKee Says:

    Excellent Post. An interesting side note is that I watched a program recently that credited the Chinese with creating vessels with watertight compartments as early as the 1100’s AD. Apparently it is believed that these compartments were created after observing how bamboo, with its numerous compartments, continues to float after one or more of these compartments is ruptured. Apparently there was also reference made to these compartments by Benjamin Franklin in 1787 and Sir Samuel Bentham in 1795. Bentham is purported to have advocated adopting watertight compartments “… as practiced by the Chinese of the present day.” Apparently English designers at the time didn’t think it was such a good idea.
    The difference is that the Chinese watertight compartments were compromised of bulkheads that extended from the keel right up to the main deck. Titanic’s watertight bulkheads didn’t (and perhaps in hindsight can be argued not to have been truly watertight compartments.)
    I think that you can also extend your analogy to illustrate the need to go beyond simple compliance. As you say the Titanic was compliant with the regulations of the day. Had her designers been more concerned with safety rather than mere compliance they might have either extended the bulkheads all the way to deck level or provisioned her with enough lifeboats for her full complement of passengers and crew.

  3.  Anton A Chuvakin Says:

    BTW, more “titanica” at
    http://chuvakin.blogspot.com/2009/01/titanic-update.html

  4.  Paul Mudgett Says:

    Compliance is often confused as security as was clearly evidenced with the Heartland Payment Systems breach. The Titanic disaster is so well known that maybe this analogy can help drive home the point that check box security doesn’t cut it. Thanks for an interesting and fun read.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: