Security News > 2000 > February > "Y2K - Private Sector Intelligence & Media Hype"
http://www.comlinks.com/mag/psimh.htm "Y2K - Private Sector Intelligence & Media Hype" by Alan Simpson President, Communication Links, Inc. Today, knowledge management, and business intelligence show companies what color tube of toothpaste, a 35 year old white male, with a BA, driving a Honda Accord, prefers to buy in Aisle 7 of a supermarket in Pittsburgh. You would expect therefore the same companies to have no problem with the simple question, we asked back in 1996 and 1997, "Will your Computers work on 1st January 2000?" We knew that Y2K was a serious problem unless solved in time, and when we had the first panel here at CSIS in June of 1998, we were amazed that many companies still couldnt answer that question. Most companies, and government departments, didnt know how much critical software they had, what it did, or why it was there. They had never given any thought either to would happen if the power failed, or to the vulnerability of their supply chain. Those same corporations knew to the cent, the size and value of their physical inventories, yet through evolution, the enormous value of software, and essential IT systems just hadnt been counted. The effect on the enterprise of a wholesale failure of those same IT functions was lost on management. The attitude being that IT will always be there, moaning, complaining and delivering its projects late, and above budget! Keep in mind the success rate of IT projects is around 14%. The first casualty of Y2K wasnt technical, it was the communication links between the enterprise, its suppliers, and their customers. Lawyers demanded "No Comment" be the response to any questions. That famine of information quickly turned to a feeding frenzy. During 1999 every major corporation was slowly sinking under the sheer weight of compliance demands. Intelligence, even common sense was replaced by Lawyers. Faced with that legal assault most corporations took their Counsels advice and said nothing! At the same time, on the same Counsels advice, they circulated volumes of demands for compliance information, they themselves were unwilling to give. The traditional PR and company spokesperson functions were deadly silent. Their well oiled machine for propagating information was reserved for good news, and news which had a measurable positive impact on the bottom line. Both Governments and major corporations played the information game as they had for hundreds of years. "When we are ready we will let you know!" Unfortunately the Internet had put an end to that era, and that means of managing information. The Internet has created an insatiable appetite for instant answers. If we do not instantly satisfy this thirst for answers, the surfing public tend to invent conspiracy theories as to why the information they seek is not there. They create a virtual void in cyberspace, which they perceive to contain the answer. Then they search the Information resources of the web to find a piece of information, or discussion thread that will fill that void. With Y2K we saw the first effects of the InfoVoid "Information will be found on the Internet to fill the InfoVoid, regardless of source, or accuracy, if it conveniently, and plausibly fits the InfoVoid" The case of Critical Infrastructure is a prime example. During 1998 industry criticized governments for not providing hard facts about the power grids, or telecoms. The information was out there if you knew where to look. Yet lack of immediately available public information was taken to mean disaster was looming, with martial law, and months without power a distinct probability. The authorities were silent. Driving this doomsday scenario from 1998, was the hoopla surrounding embedded chips, or more correctly embedded systems, slated as the reason power, water and the phone system would collapse. Talking to power engineers around the country, it became like a scene from a Monty Python sketch, with them asking "Pssst know where theres any embedded chips?" They could not find the billions of hidden embedded systems, with rogue date functions, because they did not exist! But yet the academics, and doomsayers had a field day in declaring the enormous scope of the problem. There was no intelligence available to give the correct figures. The figures were known to Pacific Rim semiconductor manufacturers, but they were keeping quiet, and watching the US squirm. Instead of the hearings on embedded systems being conducted in the Senate, they should have been done on eBay! 20,billion, 40 billion, 60 billion, 80 billion, any advance on 80 billion! This hysteria was driven by a whole army of Y2K Experts . Any Chicken Little who wanted to predict Apocalypse 2000 would get airtime. TV News loved them. I got this first hand. Producers called to ask if I would be prepared to come on TV or Radio shows and talk about the forthcoming collapse of the critical infrastructure, with months without water, power or telephone. When told that this would not happen, and 1/1/2000 would be a smooth transition, the conversation invariably ended with either a curt thank you, or a request for the names of anyone who would appear and satisfy the thirst for sensational information and entertainment. Talk radio has a lot to answer for, with Y2K. The government, and power companies did not act quickly enough to fill the InfoVoid, and satisfy the nervous public. It was the Rabid Religious Right that seized upon this shortfall and created a whole industry of Y2K misinformation. The majority of misinformation can be directly traced back to a handful of websites, newsletters, and their academic supporters. Incidentally the misinformation peaks coincided with the falling sales of newsletters, Y2K books, Y2K seminars, survival rations, and Gold. This panic was manufactured, not coincidental, and as I pointed out in papers on the GSA website, the "First World InfoWar". We have learned a lot from this carefully crafted, and effective misinformation. We have been amazed at the reactions of the public, and the number of sane people who were driven to fear the worst. It is also amazing how many legitimate organizations took this hearsay and created reports, and predictions based on the hype and hoaxes. Probably the first hoax we tracked was the Cadillac recall notice. This ricocheted around the Y2K mailing lists, chat rooms and Y2K sites, as proof that a serious embedded systems threat existed. After several weeks the original surfaced, and was circulated as proof and evidence of a major disaster looming. It was immediately recognized as a hoax. A badly scanned logo from a brochure, no address, telephone number, or name of any officer. Close examination would have stopped this hoax earlier for it declared the recall, for computer failure, of all Cadillacs from 1972 till 1998. 1972?????? Learning from this crude hoax, the next one dispensed with incriminating pieces of paper. This was the Nuclear Power Plant Catastrophe. Several of these surfaced, all from a "reliable source" who dare not give his name, "because his job would be in jeopardy." This spoke of embedded systems buried deep in the nuclear pile which contained dates, whose existence the regulators were covering up. A Chernobyl meltdown would occur when the chips failed, causing the Boron rods to drop, and a subsequent reactor meltdown. Problem, dropping Boron Rods slow down and eventually halts a nuclear reaction, and as any electronics engineer would have pointed out, nuclear reactor piles fry off-the-shelf embedded chips. They have to be kept well away from radiation. Again learning from having too many facts in a media scare, the misinformation crowd created the Chemical Armageddon. Here the same "reliable sources" with no name, whose "job again would be in jeopardy" leaked to a friend, who told an acquaintance, who was overheard in a bar, mention that major refineries, and chemical works, were set to explode at midnight on December 31st, 1999, and cause massive chemical spills, and environmental disaster. They claimed that the government was paralyzed at the thought of panic, and FEMA was preparing plans to have millions of cardboard coffins ready for the holocaust. No reassuring from the major chemical companies could quell the enthusiasm of the "Headless Chickens" to spread the bad news. People still believed it. By mid-summer 1999, the majority of the public were getting a little tired of Y2K, and so even more outlandish plots had to be created to sell doomsayer books, seminars, survival rations, and other "investments". The newsgroups and mailing lists had been completely taken over by survivalists, doomsayers and religious zealots convinced that TEOTWAWKI, The End of The World As We Know It would occur on the strike of midnight. The misinformation campaign probably reached its zenith in July /August 1999, when the secret "Pentagon Y2K Report", from the Navy was unveiled. According to one version of the myth a Chief Petty Officer supposedly handed the report to a "Y2K Expert", in a Car Park. He immediately created a web site in Tonga, that secure bastion of sensitive information. Tonga was chosen because the combined efforts of the CIA, NSA, and FBI were scouring the USA with Black Helicopters searching for this report and the report recipient feared for his life. ( Incidentally I believe the server for the Tonga .to websites is in Florida, which makes the rationale somewhat suspect.) This made the last hooray of Y2K Doomsayers suitable for a James Bond movie, should the situation arise. This Secret Report, which was claimed to be easily identified as to source, could not be released, or even seen by mere mortals for many weeks, less they would be captured and assassinated by government hit squads. Millions swallowed this, and believed this hoax, and of course ran out to buy the books and survival kits!! It was spread by the wire services, mailing lists, and doomsayer newsletters, and was picked up by newspapers around the world. John Koskinen even made statements about the hoax, saying it was "An outdated report, at least 8 weeks old." The official handling of the rebuttal was weak to say the least. A well known TV program called me and asked if I was worried about Orlando, in light of the damming report from the Senior Naval Commander, at the Navy Base. The fact that the Navy Base had been closed for several years had been missed. The report also quotes the population of Orlando as 165,000, which is about half the number in Magic Kingdom, EPCOT and Pleasure Island on New Years Eve. My suggestion was that they check the list with their local affiliates, which later confirmed that many of the bases in the report had been closed, some for a very long time. Regardless of how we look back at these hoaxes, or misinformation, they were believed by millions, and thousands purchased generators, survival rations, and expected to spend 2000 without power or critical infrastructure. They fitted the InfoVoid, of worried cyberparents, and those least able to dig deeper for accurate information. It wasnt just the public who were drawn into the hysteria. Presented with all this "evidence" crafted to fit the scenario, and with the suspicions of the public, and enough emotion and intrigue to make it entertaining, the mass media eagerly embraced the misinformation, and fulfilled their objectives, entertainment first, and news second. The worst predictors of doom and destruction were surprisingly enough the religious broadcasters, who appeared at times to be reveling at the thought of Armageddon. TV Networks, in their defense, did call the CEOs and CIOs of industry, and government, and posed the same question I used to open this presentation. "Will the computers Work?" The answer was "We dont know?" Facing a need to fill the InfoVoid they gave airtime to the self styled "Y2K Experts" who predicted doomsday, except of course to those who bought their books, attended their seminars, or purchased their investments. But that was not the only goal of many of the doomsayers. Behind this Chicken Little mantle there was a serious message. Many openly preached the end of fractional banking, the collapse of the economy, and of Wall Street. Many openly advocated armed resistance, and thousands of handguns and rounds of ammunition were purchased specifically for Y2K. Not everyone prophesying the doomsayer side of Y2K were doing it for the sake of book sales! In the end Y2K was fortunate, it ended on a bang, on a known date, with no more opportunities to create chaos, and with a spectacular firework display. The finite point that had been the dread of Y2K turned out to be its blessing. On January 2nd it was all over in the eyes of the public. They enjoyed the fireworks, enjoyed the entertainment, and were bracing themselves for the winter storms. The IT departments said "We have found and fixed most programs, and those bits we missed, we will fix when they become a problem." There was no way anyone could extend the misinformation campaign. Throughout industry many CEOs are beginning to question the amount spent on Y2K. Many believe it was all a hoax, and many believe there should be inquiries into the doomsayer predictions. Already lawsuits are being filed against Consultants, claiming misleading hype. They forget the huge reengineering leap that Y2K has achieved, and the level of cooperation created between industry, local and central governments. Y2K was a serious problem, and through hard work has been fixed, for now. We still have to tell the majority of computers that it really isnt 1972, but that is a long way off. What have we learned from Y2K: 1. Private Sector Intelligence is more than analyzing toothpaste sales on Aisle 7. A corporation must constantly examine the relationship it has with suppliers, and the support infrastructure, essential for business continuity. It must be aware of any threat, external and internal, to its ability to operate. 2. Corporations must have well developed contingency plans, and these contingency plans must cater to multiple failures at the same time. Just planning to use the same backup service as everyone else, is not a good practice. 3. Utilities, financial institutions, and major corporations need to critically examine their external information systems, and the procedures they adopt to give out bad news, as well as glowing promotional publicity releases. Customers are critical and should be kept in the information loop. 4. Trade Associations must be able to accurately asses the numbers, impact and scope of any computer threats or events on their industry. No more guessing at numbers. 5. Governments need to overhaul how they manage information, as well as improving economic and infrastructure intelligence. The Information Age is Real Time as regards information, and the old techniques of in-depth analysis of potential problems, highly classified, and compartmentalized, no longer work. Unless an immediate, informed response is available, the public will search to fill the InfoVoid, from the most plausible source, that is readily available. In times of serious crisis that could lead to significant damage to the government. Manipulated it could undermine a stable Information Age government. It is easier to do billions of dollars economic damage to a country, than it is to do millions of dollars of military damage. And what about the threat from Hackers. The Hackers, unlike the FBI, had read Sun Tzu, The Art of War, and declined to attack the enemy camp, when he knew the exact time, and place of their attack, had all defenders on alert, all traffic reduced to a minimum, and anti-virus safeguards in place. Unfortunately this as resulted in a false sense of security and invincibility, in many System Administrators offices. There are still many unanswered questions concerning offshore remediation, and armies of unknown consultants combing through critical code. Finally, beware of the InfoVoid! Governments and Corporations need to quickly provide the answers the public seeks and deny external organizations the opportunity. If allowed to multiply it is the first Weapon of Mass Destruction of the information Age! == ISN is sponsored by Security-Focus.COM
News URL
http://www.comlinks.com/mag/psimh.htm