Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

FAA Ground Stop due to Technical Debt? | Don’t Do DIY Crypto!

By: on Leave a Comment

Welcome to The Long View—where we peruse the news of the week and strip it to the essentials. Let’s work out what really matters.

This week: The FAA’s NOTAM database gets corrupted, and Threema shows why DIY cryptography is bad.

1. 1/11 Ground Stop: Catalyst for Change?

First up this week: Why planes were grounded yesterday. Early reports say a database file got corrupted and the version on the standby failover system was also corrupt.

Analysis: Technical debt crashes plane system

The FAA’s decades old NOTAM dissemination system solves a fairly simple problem set by today’s standards. However, it’s mission critical. That probably explains why the FAA daren’t modernize it: The agency is—understandably—highly risk averse.

Gregory Wallace and Pete Muntean: A corrupt file led to the FAA ground stoppage

An example of aging infrastructure
Officials are still trying to figure out exactly what led to the Federal Aviation Administration system outage on Wednesday but have traced it to a corrupt file: … “Our preliminary work has traced the outage to a damaged database file. At this time, there is no evidence of a cyberattack.”

[A] source familiar with the Federal Aviation Administration operation [said that] when air traffic control officials realized they had a computer issue late Tuesday, they came up with a plan … to reboot the system when it would least disrupt air travel, early on Wednesday morning. [This was] a significant decision, because the reboot can take about 90 minutes, according to the source. … The system, according to the source, “did come back up, but it wasn’t completely pushing out the pertinent information that it needed for safe flight.”

That’s when the FAA issued a nationwide ground stop at around 7:30 a.m. ET. … The source said the NOTAM system is an example of aging infrastructure due for an overhaul: … ”I assume now they’re going to actually find money to do it.”


Even so, that’s quite the over-reaction. huslage begs to differ:

You … think this is similar in value or operation to a web app? It is not. It is a safety-critical system that requires very stringent operational and development guidelines.

The idea that the FAA shouldn’t be risk averse in this system is absolutely ridiculous. The complexity of operating the airspace of an entire nation is nothing to scoff at and the importance of the NOTAM system should not be minimized in any way. … There are hundreds of thousands of lives at stake every day.


It’s still unclear what the problem really was. xevioso listens to a game of Telephone:

Entering something incorrectly into a database using some standard system the FAA would use to do so isn’t “corrupt.” Downloading or transferring data or a file, and having that transfer interrupted, resulting in the loss of or alteration of data, is “corrupt” in the technical sense.

Sometimes we are far far far removed from the description given from the IT folks involved to their superiors. I’m sure the issue would be pretty clear to us in technical terms, but a public-facing answer such as “a file got corrupted” is ****ing nonsense.


What does this NOTAM system look like? Yet Another Anonymous coward makes an edumacated guess:

I’m betting a 2000s era IBM mainframe emulating a 1980s IBM mainframe running an IBM mainframe OS from the 60s with an app written in System360 Assembly.


How to repay the technical debt? JCM9 waxes gung-ho:

The NOTAM system is something that a room full of decent engineers could easily build from scratch … in a short time. It’s essentially just a database of categorized posts with some APIs for sending entries and and returning them when requested.

That’s not speaking poor of the [FAA] engineers (which in my experience can be very good) but of the management and innovation culture. … They would say they are “risk averse,” but as yesterday highlights their poor approach to this creates a ton of risk.


Meanwhile, a change is as good as a rest for Brandon Vigliarolo:

A corrupted database makes a nice change from the usual suspects: DNS or BGP.

2. Threema Messenger Made Many Mistakes

In other news, the Swiss answer to Signal and WhatsApp has been found full of flaws in its end-to-end encryption. Cryptography is hard, yo.

Analysis: Don’t do DIY encryption

It’s proof—as if proof were needed—that rolling your own encryption is bad. Use standard libraries, as Threema did, but learn to use them properly. Or you might easily fall into the famous trap described by Messers Dunning and Kruger.

Jessica Lyons Hardcastle: Threema messaging app was full of holes

Bespoke cryptographic protocols
A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs – possibly for a long time – before an audit by [the] ETH Zurich … applied cryptography group. … The vulnerabilities, if exploited, could have allowed miscreants to clone accounts and read their messages, as well as steal private keys and contacts and even manufacture compromising material for blackmail.

The three researchers – computer science professor Kenneth Paterson and PhD students Matteo Scarlata and Kien Tuong Truong – noted “[We] believe that all of the vulnerabilities we discovered have been mitigated by Threema’s recent patches.” [But] their discovery still highlights the difficulty in assessing “security claims made by developers of applications that rely on bespoke cryptographic protocols.”


I can hear MMarsh’s eyes rolling from here:

People who know what they’re doing — like the team that built Signal, for example — take components and protocols that have already been through that testing, and glue them together in well-understood, well-documented ways. Sometimes, a few of these people will find a specific problem with existing protocols, and will then spend a truly insane amount of effort coming up with a new and better protocol, which then goes through all that testing.

People who say “I’m a gonna go build me some totally new unbreakable encryption from scratch and call it the cat’s pyjamas and put it right into the app store and it’ll make me a million euros,” generally have just enough knowledge to dig themselves into big holes, and pull a few others down with them.


Ah but it’s fine, says Threema GmbH, because they’ve replaced that old, busted codebase with a totally new, shiny one. Naturally, u/atoponce ain’t impressed:

What concerns me is the fact that while Threema used well-tested sound cryptographic libraries to build their protocol, they didn’t put the pieces together correctly. … Now that their ibex protocol has replaced the old, how do we know this new protocol doesn’t suffer from similar security concerns?

The Moral of the Story:
Don’t settle for what life gives you—make life better and build something

—Ashton Kutcher

You have been reading The Long View by Richi Jennings. You can contact him at @RiCHi or tlv@richi.uk.

Image: Anete Lūsiņa (via Unsplash; leveled and cropped)