The Public Eye with Eric Chabrow

Trio of Outages: What Happened?

Glitches, Not Hacks, Caused Systems to Shutter
Trio of Outages: What Happened?
The floor of the New York Stock Exchange.

It could have been a field day for cybersecurity conspiracy theorists: three major American institutions - the New York Stock Exchange, United Airlines and the Wall Street Journal - experienced computer disruptions within hours of each other. But all three incidents apparently were caused by technical glitches, not nefarious activities.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

"In my business, you don't love coincidences," FBI Director James Comey told Congress on July 8, according to the Associated Press. "But it does appear that there is not a cyber-intrusion involved."

Though breaches apparently did not cause the computer shutdowns, the three systems failures are connected to a fundamental precept of information security: availability. At the core of information security is the familiar acronym CIA, which stands for confidentiality, integrity and availability. And, in each incident, computers weren't available for the businesses to operate normally.

"Regardless whether this was a cyber-terrorist attack or a glitch, the results are still the same: The institutions have to deal with the consequences," says Al Berman, president of the Disaster Recovery Institute, a not-for-profit organization that promotes disaster recovery and business continuity preparation.

Causes and Consequences

Three major American companies, one by one, faced the consequences of online outages on July 8.

The first glitch occurred at United Airlines, with the carrier blaming "router degraded network connectivity for various applications" for causing operational disruptions. The airline said it canceled 61 flights, mostly on its regional carrier, United Express. But the outage caused another 615 regular United flights to be delayed for an average of one hour and 547 United Express flights to be delayed for an average of 27 minutes. "We fixed the router issue, which is enabling us to restore normal functions," a spokeswoman said.

Later Wednesday morning, a "technical problem" at the New York Stock Exchange halted trading for 3½ hours. "They told us they did some software updates overnight and tested it without problems, but this morning something happened," floor trader Peter Costa told the Wall Street Journal.

A short time later, "technical difficulties" at the Journal's website, WSJ.com, sent readers to a temporary site while the paper worked to fix the problem. The cause of the problem wasn't immediately known, although some speculation centered on the site being unable to handle overwhelming traffic from investors seeking news about the NYSE computer failure.

Keeping Pace with Technology

"The problem is humans can't keep up with all the technology they have created," Avivah Litan, an analyst at the IT advisory firm Gartner, told the AP. "It's becoming unmanageable by the human brain. Our best hope may be that computers eventually will become smart enough to maintain themselves."

Berman of the Disaster Recovery Institute told me it's critical for these three businesses to figure out what caused the outages and fix them quickly because their customers could go elsewhere to book flights, trade stocks or read financial news.

It's a point with which NYSE President Thomas Farley concurs. "Do we need to change our protocols? Absolutely," Farley told CNBC. "This can't happen again. We can't put ourselves in this position again. Exactly what those changes are, I'm not yet prepared to say."

NYSE, United Airlines, the Wall Street Journal and all other organizations need an effective, well-tested business continuity plan to function in today's fast-paced world. Availability is critical; it's not an option.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.