How to Build Resilience in Critical Infrastructure

Back to Chemistry Class

No matter what area of engineering you study, chemistry will be involved. The whole world is made out of chemicals, after all.

One of the more interesting sections of my chemistry classes was part of a semester on metallurgy. Some was what you would think of as classical chemistry: the proportions of iron to carbon, oxygen, and other metals. But some was physical chemistry. This deals with material properties at a scale much larger than molecules, as in, say, organic chemistry.

With ferrous (or iron-based) metallurgy, a lot of this has to do with temperature. Not just “get it hot”, and more than just heating the material to some precise temperature. The properties you want depend on the changes in temperature, and the rates of those changes.


You want to make a strong tool.” (or sword, or whatever) The naïve plan is to make it harder. Heat a high-carbon steel above 800°C, keep it at that temperature for a brief time, then cool it rapidly by immersing it in water. This is quenching and it’s old technology. Homer mentioned it in the Odyssey:

“… as when a man who works as a blacksmith plunges a screaming great axe blade or adze into cold water, treating it for temper, since this is the way steel is made strong, even so Cyclops’ eye sizzled about the beam of the olive.”

Bust of Όμηρος or Homer, near his tomb on the Greek island of Ios.
Bust of Όμηρος or Homer, near his tomb on the Greek island of Ios.

Ah, Homer, you just fell into the trap. Quenching makes metal harder, more resistant to scratching and bending. But this means that it’s brittle. It’s likely to break or even shatter if you hit it the wrong way.

Our tool (axe, adze, whatever) needs tempering. Heat and quench it first to form very hard crystals throughout the material. Then heat it to a lower temperature and cool it slowly. This relieves internal stresses and reduces brittleness. The resulting material is ductile, able to slightly deform without cracking or breaking. It is strong but flexible. Hard enough to keep an edge but flexible enough on a larger scale to bend instead of break.

We Need Ductile Cyber Systems

Systems must be designed for graceful degradation. Not brittle. Strong enough, but flexible.

This includes cyber systems — operating systems, application programs, and networking protocols.

We need defense in depth.. There mustn’t be any case where you could say: “Everything relies on this single component. If it fails, we lose (or lose control of) the data (or the connection, or the ability to do the computing work).” Single points of failure are the definition of brittle design.

For example, backups. Keep more than just the most recent copy! What if you discover today that you lost data a few days or weeks ago? Maybe some ransomware like CryptoLocker came in through one user’s account two weeks ago. They didn’t notice, or maybe they didn’t want to admit to clicking on the link that led to an intrusion. However it went down, you just realized that your most recent backup contains useless ciphertext.

Make sure that you can reach back in time to earlier backups. Earlier this year I told you about using Amazon’s Glacier service, a good way to use their cloud service for extremely reliable archiving with a very attractive price.

Resilience Comes From Careful Design

If you design systems, make them resilient. If you select systems for purchase, insist on resiliency.

Modern vehicles don’t have a computer, they have dozens of computers connected through cables, fibre, and wireless links. The devices and their links should be designed for ductile response, individually and collectively.

Compare the experiences of the manufacturers Chrysler and Tesla over the past year and a half.

A vulnerability discovered in the Jeep Cherokee design led to a recall of various Jeep, Dodge, and Chrysler models. I’ve read that the recalls and upgrades will likely cost 14 billion dollars.

A vulnerability discovered in Tesla’s Model S led to the company pushing out an automated software fix. Tesla had built PKI (or Public-Key Infrastructure) into their systems, so each vehicle could verify the identity of the factory system pushing out the patches, and then verify the integrity of the patch itself.

I’ll tell you more about the different experiences of Chrysler and Tesla next week. Meanwhile, check out Learning Tree’s System and Network Security Introduction course for examples of how brittle system failures open cyber security holes.

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.