A programming glitch in GPS satellite software grounded planes in China and other countries. But what does it tell us about the security of the Internet of Things? Bill Malik of Trend Micro joins us to discuss.
You’ve no doubt heard about (or lived through) the Y2K crisis. You remember: Y2K was the software “dragon” that lurked just beyond midnight on December 31st 1999, threatening to destroy civilization as date counters rolled over from 99 to 00. Maybe you spent New Year’s Eve in a bunker instead of at a party.
But have you been following the Y2019 scare? That went down (quietly) on April 6 of this year, when older Global Positioning System (GPS) satellites rolled over a critical date counter that is used to calculate the satellite’s position in orbit.
The rollover prompted the satellites to feed unreliable data to earthbound systems, grounding Boeing 787 planes in China and causing other disruptions globally.
As it turned out the Y2019 issue wasn’t the disaster some expected. That might be due to the fact that it wasn’t the first time the world had encountered this problem. An identical rollover occurred in the fall of 1999. Also: many, newer GPS satellites use a much more robust date counter and were not affected by the flaw.
But don’t get too comfortable. Our guest this week, William Malik, the Vice President of Infrastructure Strategies with Trend Micro, says that the rollover problem with GPS satellites is a small example of a much more widespread problem. Namely: poorly architected cyber-physical systems. Decisions about architecture made decades ago can have long term and often unexpected consequences today, he notes. Even worse: poor decision making in the design of connected products today could bite the world on the backside decades hence.
The big question going forward, says Malik, is what other date counters or similar features are out there ready to rollover, expire or otherwise barf? As we move to the Internet of Things, we are living more and more in a system of systems in which any malfunction can have a cascading effect and cyber-physical consequences.
In this conversation with The Security Ledger, Bill and I talk about the recent GPS rollover and the bigger problem of securing operational systems for the long term.