The September 2006 column (“The Foresight
Saga”) discussed failures in critical infrastructures due to lack of foresight in backup and
recovery facilities. This column considers
some of the causes and effects of another common
kind of missing foresight: inadequate infrastructure
maintenance. Civilization and infrastructure are
intimately intertwined. Rising civilizations build
and benefit from their infrastructures in a “virtuous
cycle.” As civilizations decline, their infrastructures
decay—although unmaintained vestiges, such as
roads and aqueducts, may outlive them.
Dependence on critical infrastructures is increasing worldwide. This is true not only of information
systems and network services, but also of energy,
water, sanitation, transportation, and others that we
rely on for our livelihoods and well-being. These critical infrastructures are becoming more interrelated,
and most of them are becoming heavily dependent
on information infrastructures. People demand ever
more and better services, but understand ever less
about what it takes to provide those services. Higher
expectations for services are often not reflected in
higher standards for infrastructure elements.
Engineers know that physical infrastructures decay
without regular maintenance, and prepare for aging by
requiring inspections and repairs. Proper maintenance
is generally the cheapest form of insurance against failures. However, it has a definite present cost that must
be balanced against the unknown future cost of possible failures. Many costly infrastructure failures could
have been prevented by timely maintenance. U.S.
engineers have been warning about underinvestment
in infrastructure maintenance for at least a quarter-century, but the problem is not limited to the U.S.
Neglect is the inertially easy path; proactive planning requires more immediate effort, resources, and
funding. Creating maintainable systems is difficult and
requires significant foresight, appropriate budgets, and
skilled individuals. But investments in maintainability
can reap enormous long-term benefits, through
robustness to attack, simplified maintenance, ease of
use, and adaptability to new needs.
Although computer software does not rust, it is subject
to incompatibilities and failures caused by evolving
requirements, changing environments, changes in
underlying hardware and software, changing user
practices, and malicious exploitation of discovered vulnerabilities. Therefore, it requires maintenance. Yet the
costs of maintenance are often ignored in the planning, design, construction, and operation of critical
systems. Incremental upgrades to software are error-prone. Patchwork fixes (especially repeated patches)
further detract from maintainability. Software engineers receive little training in preparing for software
aging, in supporting legacy software, or in knowing
when and how to terminate decrepit legacy systems.
Insecure networked computers provide vandals easy
access to the Internet, where spam, denial-of-service
attacks, and botnet acquisition and control constitute an
increasing fraction of all traffic. They directly threaten
the viability of one of our most critical modern infrastructures, and indirectly threaten all the infrastructures
connected to it.
As the example of New Orleans after Hurricane
Katrina shows, failure of a critical infrastructure (the
levees) can cascade into others. The very synergies
among infrastructures that allow progress to accelerate
are a source of positive (amplifying) feedback, allowing
initial failures to escalate into much larger long-term
problems involving many different infrastructures.
Ironically, such “positive” feedback often has negative
consequences. Katrina should also remind us that
remediating after a collapse often involves many secondary costs that were not foreseen. The more different infrastructures that fail concurrently, the more
difficult it becomes to restore service in any of them.
Restoring a lost “ecosystem” costs much more than the
sum of the costs of restoring each element separately.
Chronic neglect of infrastructure maintenance is not
a simple problem, and does not have a simple solution.
Technical, economic, social, and political factors intertwine; adequate solutions must involve both the public
and private sectors. People who use these infrastructures
must appreciate the importance of maintaining them.
People who understand sources of the fragilities,
vulnerabilities, and decay in our critical infrastructures
have a responsibility to educate decision makers and
the public about these risks. c
JIM HORNING ( email@example.com) is Chief Scientist of SPARTA’s
Information Systems Security Operation; see his blog at
PETER G. NEUMANN moderates the ACM Risks Forum ( www.risks.org).