T 0.26 Malfunction of Devices or Systems

Devices and systems that serve for information processing, today often have many functions and are therefore of accordingly complex design. This applies generally to both hardware and software components. Due to this complexity, there are many different sources of error in such components. As a consequence, it happens that devices and systems do not function as they were intended to and this gives rise to security problems.

There are many causes of malfunctions, such as material fatigue, manufacturing tolerances, design weaknesses, exceeded limits, unintended conditions of use or lack of maintenance for instance. Since there are no perfect devices and systems some residual probability of malfunctions must always be accepted.

A malfunction of a device or system can affect all the basic parameters of information security (confidentiality, integrity, availability). In addition, malfunctions may under certain circumstances remain unnoticed for a longer period. It may therefore happen that, for example, calculation results are false and not corrected in time.

Examples:

• A blocked ventilation grid causes overheating of a storage system, which does not fail completely, but just malfunctions sporadically after that. It has been noticed only a few weeks later that the information stored there is incomplete.
• A scientific standard application is used to perform a statistical analysis of previously collected data stored in a database. According to the documentation, the application does not support the database product concerned. The analysis seems to work, spot-checks however show that the calculated results are wrong. The reason for the problem was identified as incompatibility between the application and the database.