On Wednesday, an hour-and-a-half-long reservation system failure grounded United Airlines flights, the New York Stock Exchange was down for almost four hours, and the Wall Street Journal’s website suffered intermittent outages. At an intelligence committee hearing that afternoon, Sen. Barbara Mikulski firmly told FBI Director James Comey, “I don’t believe in coincidences.” But no matter how hack-like the situation seemed, all three companies and law enforcement have been adamant that bad actors were not behind the failures. And that’s just as scary.
A United representative told the Los Angeles Times that a router issue had “degraded network connectivity for various applications,” causing the company’s system problems. And after consistently but opaquely claiming that there weren’t bad actors behind the stock exchange outage, NYSE said in a statement on Thursday that a software update was to blame. “As is standard NYSE practice, the initial release was deployed on one trading unit … [but] there were communication issues between customer gateways and the trading unit with the new release.” NYSE attempted to correct the problem, but this caused new complications and “the decision was made to suspend trading.” The Wall Street Journal is still investigating the cause of its outages, with some speculating that heavy Web traffic brought the site down.
Between the Office of Personnel Management hack and the breach at Sony, the idea of large-scale malicious cyberattacks has become markedly more real for consumers in recent months. But Dave Chronister, who founded the cybersecurity firm Parameter Security and formerly did IT management at financial institutions like A.G. Edwards, points out that there doesn’t have to be a bad actor on the other end for something to be a cybersecurity problem. “We’re in a hypersensitive time right now where everybody’s worried about the malicious attacker, but the chances are you’re going to have a lot more incidents like [those on Wednesday] than actual attacks,” he said. “These were security incidents. The systems went down. It didn’t matter that it wasn’t an attack.”