From Y2K To NYC Parking Meters: Have We Learned Anything About Complacency In Cybersecurity?

Cybersecurity Complacency

This past January – in what seems like a different world now – a story briefly hit the headlines and was seen as more of a quirk than a threat. It was soon eclipsed by the enormity of the COVID-19 pandemic, which has occupied the world’s attention ever since. But this story should not be forgotten, because it has roots that extend far back into the past and, more importantly, has serious implications for computing and threat management far into the future. And it starts with some parking meters in New York City.

The problem – as small as it might seem to some – was that immediately after New Year’s Day 2020, some parking meters in NYC stopped accepting credit and parking cards. At fault was the credit card payment software built into the meters. According to the manufacturer, its anti-fraud system had not been updated, which meant the software essentially expired as the calendar turned to January 1, 2020. Technicians were dispatched to manually adjust the individual meters, one at a time, and in the meantime, New Yorkers were still able to pay using coins.

But dismissing this story as a mere quirk would be like walking across a frozen lake and shrugging your shoulders at a small crack that radiates out from your footstep. Small cracks inevitably lead to larger ones and tend to grow exponentially.

The NYC parking meter software bug serves as a very real reminder that the applications and networks we rely on for every part of our lives are still inextricably interconnected, and much of this connectivity includes legacy technology that was built and deployed in an earlier time, usually with a finite life that is quickly approaching its end or may already have done so.

The biggest of these was, of course, the Year 2000 Problem. Collectively known as Y2K, this revealed the hundreds of thousands of systems worldwide using a two-digit date system that meant a move beyond 1999 would be a move backward to 1900. There were worries of aircraft falling out of the sky, power grid shutdowns and all manner of destructive events to come. Fortunately, enough skilled programmers, many brought out of retirement, were martialed, and enough money was spent – estimated at $500 billion globally – to thwart most of the problems.

The fact that nothing bad happened on January 1, 2000, was not hailed as a victory of proactive crisis management, but more like a disappointment that the entire thing had always been a nonevent, and perhaps was overstated from the start. This is a problem that happens with human beings in general. Being wired for reaction and not pro-action, it becomes exceedingly difficult to comprehend threats until they are actually upon us. Endless case studies will be written on this topic by people observing different countries’ responses to the COVID-19 pandemic, climate change, earthquake preparation and much more.

Software glitches will continue to plague us. In 2036 and 2038, two separate computer systems that rely on time-codes will roll over into potential chaos if they are not upgraded or replaced. The 2038 problem affects 32-bit systems relying on time-codes that max out on January 19 of that year, and before that a rollover is expected in 2036 for Network Time Protocol systems.

In all likelihood, the affected systems will have been replaced within the next 16 years, but the dangers still exist. The most obvious place where they exist will be legacy systems once again, following years of patches and layering. But the other and more pressing circumstance may be cases where advance calculation of expiry dates is needed. This may result in computing failures or physical defects in products long before the year 2036 comes around.

The elephant in the room is not so much the software glitches themselves, but the complacency that influences decision making at all levels within an organization. In addition to shrugging away potential risks, humans also tend to avoid situations that make them fearful or uncomfortable. On a personal level this is called procrastination, but on a corporate and strategic level, proactive change may be suppressed due to financial concerns, or potential damage to a reputation. An airline, for example, will likely never want to go to the press to describe a software glitch that may affect flight safety, even if it is being fixed.

These are examples of challenges, both past and future, that organizations need to be aware of. There will be many more – not just in terms of calendar-specific software glitches, but also in terms of data security, as networks continue to connect with IoT devices, phishing crimes grow in sophistication, and threat actors exploit artificial intelligence and machine learning to dig through stored legacy data to find new and innovative ways to prey on organizations worldwide.

Safety and preparation come from having a team of people who understand threats and also know how to speak the language of decision makers whose priorities might lay elsewhere. It is not enough to just be good with cybersecurity. Communication skills and strategic awareness are vital components of this battle. This is why (ISC)² does what they do. Their mandate is to teach and certify cybersecurity professionals who are able to not only understand technical challenges and threats, but who can also play a more involved role in proactive governance of an organization.

For more information, read the Proactive Cybersecurity Beyond COVID-19 white paper.

By Steve Prentice

Evelyn Min 180x180

The Companies That Know The Most About You

The Tracking Era (Updated: 11.03.2020) Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the General Data Protection Regulation. As a board advisor at Universal Patient Key, we've ...
Signal Messenger: How to Successfully Resist Wiretapping Attempts

Signal Messenger: How to Successfully Resist Wiretapping Attempts

Successfully Resist Wiretapping Attempts Against the backdrop of events in the US, the popularity of the Signal secure messenger has grown sharply - from 6,000 to 26,000 downloads per day. This software uses strong cryptography ...
Kamal Maggon

Mining Business Value – Accelerating a US Company’s Cloud Transformation

Mining Business Value Traditional industries like mining have been slow to adapt to changing IP technology.  Of course, coal and other mining types have adopted new technologies starting with mechanical drills powered by pistons, then ...
AI and ML: Key Drivers to Building a Resilient Business

AI and ML: Key Drivers to Building a Resilient Business

The future is here. It’s 2021 and it’s already time for businesses to ready themselves for the new decade. The previous year has shown us that you have to be prepared for both expected and ...
Jim Fagan

Behind The Headlines: Capacity For The Rest Of Us

Capacity For The Rest Of Us We live in the connected age, and the rise of cloud computing that creates previously unheard of value in our professional and personal lives is at the very heart ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.