G 0.26 Malfunction of Equipment or Systems

Devices and systems used for information processing today often have many functions and are therefore correspondingly complex. In principle, this affects both hardware and software components. Due to this complexity, there are many different sources of errors in such components. As a result, devices and systems repeatedly fail to function as intended, causing security problems.

There are many causes of malfunctions, for example material fatigue, manufacturing tolerances, design weaknesses, exceeding limit values, unforeseen operating conditions, or lack of maintenance. Since there are no perfect devices and systems, a certain residual probability of malfunction must always be accepted anyway.

Malfunctions of equipment or systems can compromise all fundamental values of information security (confidentiality, integrity, availability). In addition, malfunctions may remain unnoticed for an extended period of time. This can mean, for example, that calculation results are falsified and not corrected in time.

Examples:

• Due to a clogged ventilation grille, overheating of a storage system occurs, which does not fail completely but only exhibits sporadic malfunctions. Only several weeks later is it discovered that the stored information is incomplete.
• A standard scientific application is used to perform statistical analysis on a data set previously collected and stored in a database. According to the documentation, however, the application is not approved for the database product used. The analysis appears to work, but spot checks reveal that the calculated results are incorrect. The cause was identified as compatibility issues between the application and the database.