 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ |
1986:
5ESS: 5mins downtime in 25 years
|
|
|
|
– |
Including
routine maintenance
|
|
|
|
– |
Included
backup batteries, power fail detection, and “scream for
|
|
help”
facilities for unattended (switching bunker) operation.
|
|
|
| ¨ |
Mother’s
Day, 1988, Hinsdale Illinois
|
|
|
|
– |
Switching
center fire disrupts service to 35,000 customers
|
|
|
|
– |
This
was a triple failure: ambiguous alarm design, simultaneous
|
|
|
low
probability alarms (power, fire), failure of alarm circuits to
|
|
|
reset
correctly.
|
|
|
| ¨ |
Threat
model was (needless to say) revised…
|
|
|
|
SECURITY IS A PROCESS,
|
|
|
|
NOT A SOLUTION!
|
|