Sergey Nivens - Fotolia

Failure of NYSE, United and systems raises concerns

Outages show the vulnerability of major IT systems to disruption and the need to focus on resiliency when designing and deploying such systems

The simultaneous failure of IT systems at the New York Stock Exchange (NYSE), United Airlines and the Wall Street Journal’s (WSJ) website raised concerns in the US, highlighting the importance of resilience.

But US homeland security chief Jeh Johnson has given assurances that the events are not connected by “nefarious activity”, according to Reuters.

A computer glitch forced the NYSE to stop trading for nearly four hours on 8 July 2015, which coincided with other computer problems that forced United Airlines to ground more than 90 aircraft for two hours, while 504 gateway timeout errors indicated server problems at WSJ’s website.

While the outages were not linked to any cyber attack, some security commentators said all three incidents indicate the vulnerability of major IT systems to disruption and the need to focus on resiliency when designing and deploying systems.

However, the simultaneous failure of key national infrastructure networks is a concern for governments because of the potentially massive combined impact that could have.

“There is virtually no part of our global economy that isn't dependent on interconnected technology today, and the level of interdependence continues to increase steadily, which means that any failure, malicious or not, has the potential to create economic repercussions,” said Tim Erlin, director of security at Tripwire.

“There are many layers of technology between the consumer and the services we depend on, from the individual smartphone that you use to access a service, to the supplier that provides the networking equipment used by the telecommunications company to provide connectivity to the company providing the service,” he said.

Erlin said the complexity can be staggering, and can mean that an error made by a developer halfway around the world somewhere in the supply chain of a service can affect the operations of major businesses.

“Collectively our goal should not be to eliminate errors; instead we should focus on providing resiliency in the face of known instability. From a cyber security perspective, the obvious disruptions to service might not be what we need to worry about. Instead, we should be detecting the nearly invisible infiltration of valuable systems,” he said.

Read more about resilience

The WSJ redirected visitors to a temporary site while the main site was restored, but has not yet given any official reason for the disrupted service.

According to the Guardian, the outage at the NYSE was attributed to a “configuration problem” which NYSE president Farley said may or may not be linked to a system update.

“We found what was wrong and we fixed what was wrong and we have no evidence whatsoever to suspect that it was external,” he told CNBC.

Farley said there would be an overnight investigation into what protocols need to change, but he declined to give any further details.

The outage revives questions about the automation of Wall Street, said the Guardian, with some traders raising concerns about the dependency on machines, unintended consequences and having recovery systems in the case of a true disaster.

United Airlines officials cited a network connectivity issue resulting from a faulty router. “An issue with a router degraded network connectivity for various applications, causing this morning's operational disruption,” United said in a statement to USA Today. “We fixed the router issue, which is enabling us to restore normal functions.”

United has had three CIOs since 2011 and has been hit by several technology lapses in that time, reports Phys.Org. Most recently, the airline briefly halted all take-offs on 2 June 2015 because of a problem in its flight-dispatching system, affecting about 150 flights.

United also experienced a series of computer outages in 2012 after switching to the passenger information system of Continental Airlines after that carrier merged with United. 

After a 2010 merger, United elected to combine many computer systems and frequent-flier programmes all at once rather than adopt a phased approach.

United is not the only US airline to experience IT problems in recent months, with American Airlines being forced to ground dozens of flights in April when a flight plan tablet app stopped working.

Read more on Business continuity planning