On January 28, 1986, the Space Shuttle Challenger exploded, killing all seven crew members aboard. But what does a space accident from 38 years ago have to do with information security in 2024? As it turns out, a lot.
In 2014, General Michael Hayden, former Director of the National Security Agency, said that “we kill people based on metadata.” In Challenger: A True Story of Heroism and Disaster on the Edge of Space (Simon & Schuster), author Adam Higginbotham shows that while the Challenger disaster has nothing to do directly with information security, the metadata and lessons around it certainly do.
Higginbotham has written a fascinating and engaging account of what led to the Space Shuttle Challenger disaster. In a nutshell, the decision to launch was made under significant pressure from NASA, and many people argued that it should not have occurred. But it was not just that, that led to the disaster.
Engineers from O-ring manufacturer Morton Thiokol articulately shared their concerns about the effect of low temperatures on the resilience of the O-rings, a critical safety component of the shuttle. Morton Thiokol engineers said they did not have enough data to determine if the O-rings would be effective. The Morton Thiokol vice president of engineering also recommended against launching. However, due to external and incessant pressures from NASA, their voices weren’t heard, with devastating consequences.
Anyone who has worked in information security for more than a few months can attest to the many pressures security teams and professionals have to deal with. It’s no joke the observation that CSO really stands for Chief “Scapegoat” Officer.
Dr. Eugene Spafford, known as Spaf, is a distinguished professor of computer science at Purdue University. His first principle of security administration is that “If you have responsibility for security but have no authority to set rules or punish violators, your own role in the organization is to take the blame when something big goes wrong.”
The same pressure and risks that the space shuttle faced are those that many in information security face on a daily basis.
There are countless lessons from the Challenger disaster that security professionals can learn from. Some of the lessons learned include, in no particular order:
Decision to Launch |
|
Follow Manufacturer Instructions |
|
Set Realistic Goals |
|
External Pressures |
|
Don't Ignore Vulnerabilities |
|
Incident Investigation |
|
Redesign |
|
Challenger broke apart over the Atlantic Ocean 73 seconds after launch, resulting in the death of seven astronauts. Adam Higginbotham has written a fascinating book that details what led to that and uncovers significant details only uncovered here. For anyone involved in information security, there is a lot that can be learned from the disaster.
The Challenger disaster was a turning point for NASA. There are many lessons that CIOs, CTOs, CISOs, and others can learn from Challenger. No one should wait for a disaster to take action. Sadly, the individuals and organizations detailed in Challenger: A True Story of Heroism and Disaster on the Edge of Space did. For those who want to avoid that predicament, this is a great read and a call to action.