Archive for the ‘technology’ Category

h1

BP and the Federal Government, Doing Just Enough to Achieve Nothing

June 18, 2010

It seems daily the news of the run-a-way oil well in the Gulf of Mexico brings information more dire than the day before.  Volume numbers that seemed extreme estimates are quickly passed and even larger estimates thrown out.  We are slowly being pulled to the reality of a disaster of proportions never before seen in the United States.

While the Deepwater Horizon rig burned, British Petroleum (BP) expressed confidence little to no crude oil would escape into surrounding waters.  After the rig sank, BP and Transocean reported the volume of crude was limited to the over 25,000,000 gallons estimated to be aboard at the time.

It was then found the pipe had a small leak but BP was sure they would have it under control and posed little environmental risk.  Next, that was changed to a 6,000 barrel a day estimate and it has been a moving target ever since now resting at 2,500,000 gallons a day.

During this time, various methods of ending the uncontrollable flow of crude oil in the Gulf of Mexico have met with failure.  BP would propose a solution, the government would stand behind it and it would fail leaving the public more and more frustrated.

The problem is the solutions proposed were destined to fail.  Since the first day, BP and the government have known or should have known they would fail.  Comments like “we are going to try a top-kill, but the long term solution is a relief well” give a huge hint to their agenda all along.  BP is simply placating the public to allow themselves time to complete the only solution they have known will work, the relief wells.

All along, it has been known that to control a run-a-way well, a relief well must be drilled.  The question is, if this is the case why is a relief wells not drilled as a natural order of business when drilling a well in the first place?  It seems the prudent thing to do.  Had BP drilled the two relief wells as they drilled the primary well, this issue would be over by now.

People affected by President Obama’s moratorium on deep water drilling rightly complain that their livelihoods are at stake.  Where were their complaints when BP was risking that livelihood?  In fairness to them, they may not have understood the risk BP was taking, a risk all oil companies take.  The moratorium must stay in place until oil companies, all oil companies, prove they have procedures in place to deal with the worst possible case.  That is the ability to kill the well and prevent it from leaking.  To claim they did not foresee this possibility is simply a lie.  All engineers know better.  Did the guy that designed the Titanic really believe it was unsinkable?  Really?

This is a case where business received what it was asking for, lax regulations.  Now they must deal with the results and pay for the mess they created.  Government must require companies to have real plans of dealing with the worst possible disaster, regardless of cost.

Other companies with deep-water operations need to start drilling relief wells today.  If they are never needed, that is great.  If they are needed, it will take a day or two to complete the job of killing a well rather than months.  It is time to use logic in dealing with operations like deep-water drilling and not leave the choice of what to do in the hands of companies trying to make a buck off the process or a government that acts as their shills.

h1

Inviting the Criminals In

April 20, 2010

In the dark of the night, the robbers approach the bank with faces concealed and little evidence of how they arrived.  Surprisingly, the men find the bank door opened and the alarms off.  They soon make their way to the ultimate prize – the vault.  Not surprisingly, they find the vault locked and the bandits can make no further progress.  At first, they seemed thwarted but this was the first of many attempts.

Night after night, the bandits return to the bank and find it open with only the vault impeding their progress.  At first, they try to cut their way in, it proves impossible.  Next, they try to tunnel under; again, they are turned back.  Then it happened, a simple stroke of genius came to mind.  They only needed to trick an employee with the combination and the contents of the vault would be theirs.  After all, human nature is much easier to manipulate than a vault door.  Needless to say, after returning through the open bank door, the vault proved no problem with its combination in hand and the bandits made off with its treasures.

Now, no bank leaves its doors open and its alarms off.  Even with the imposing vault, banks deny would-be robbers access to it.  They understand that with access, eventually a criminal will overcome whatever security they find on the inside.  In other words, banks rely on physical separation to further protect themselves from theft.  It is prudent for them to do so.

This is the lesson internet companies must learn.  As obvious as it may seem to the average person, for legitimate business concerns many internet-based companies leave the doors open and alarms off allowing hackers access to their version of a bank vault – a hard drive with sensitive information stored on it.  This is exactly what Google did when their most critical systems were hacked earlier this year in China.  In his April 19, 2010 article[1] in the New York Times, John Markoff describes the attack in detail.  In the end, hackers gained access with trickery after they were past the front door.

As Google is one of the more advanced companies in the world, when it comes to internet technology, it must be assumed that less savvy companies are even more vulnerable to such attacks.  Companies that collect large amounts of data have an absolute responsibility to safeguard it.  It is not enough to simply provide a quasi-vault door in the form of passwords.  Access must also be limited.  Had such a policy been in place at Google, this attack may have never happened.  As it stands now, security is limited in a desire to provide easy access for uses across the globe.  When is comes to safeguarding personal data and sensitive company information, perhaps a better course is less convenience.  For example, if someone wants to download the company’s user database, maybe the request needs to be in writing and approved rather than just happening.  Yes, it will slow things down but that is the one thing criminals do not want, for you to have time to think.

According to the Bureau of Justice Statistics (BJS)[2], over half of the business that participated in one of their surveys reported at least one cybercrime.  While the intent of most cybercrime is not obvious at the time, the results of such crimes cost business and people real money.  Here is a recap from BJS’s website with the 2005 results:

Among 7,818 businesses surveyed:

  • 67% detected at least one cybercrime.
  • Nearly 60% detected one or more types of cyber attack.
  • 11% detected cyber theft.
  • 24% detected other computer security incidents.
  • Most businesses did not report cyber attacks to law enforcement authorities.
  • The majority of victimized businesses (86%) detected multiple incidents, with half of these (43%) detecting 10 or more incidents during the year.
  • Approximately 68% of the victims of cyber theft sustained monetary loss of $10,000 or more .  By comparison, 34% of the businesses detecting cyber attacks and 31% of businesses detecting other computer security incidents lost more than $10,000.
  • System downtime lasted between 1 and 24 hours for half of the businesses and more than 24 hours for a third of businesses detecting cyber attacks or other computer security incidents.

The debate over the necessity for data security is past us.  Rather than try to just stay ahead of clever thieves through programming, the tried and true solution of limiting access must be incorporated into the security plans for businesses.  In addition to locking the vault, we must also lock the front door and prevent access in the first place.


[1] Markoff, John. “Cyberattack on Google Said to Hit Password System.” New York Times. 19 Apr. 2010. Web. 20 Apr. 2010. <http://www.nytimes.com/2010/04/20/technology/20google.html?src=busln&gt;

[2] “Cybercrime.” Bureau of Justice Statistics (BJS). Web. 20 Apr. 2010. <http://bjs.ojp.usdoj.gov/index.cfm?ty=tp&tid=41&gt;

%d bloggers like this: