# Failing badly

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Failing_badly
> Markdown URL: https://mediated.wiki/source/Failing_badly.md
> Source: https://en.wikipedia.org/wiki/Failing_badly
> Source revision: 1330984499
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{short description|Fails with a catastrophic result or without warning}}
'''Failing badly''' and '''failing well''' are concepts in systems security and [network security](/source/network_security) (and engineering in general) describing how a system reacts to [failure](/source/failure). The terms have been popularized by [Bruce Schneier](/source/Bruce_Schneier), a [cryptographer](/source/cryptography) and security consultant.<ref name="ATLANTIC">[http://charlesmann.org/articles/Homeland-Insecurity-Atlantic.pdf Homeland Insecurity] {{Webarchive|url=https://web.archive.org/web/20110928002928/http://charlesmann.org/articles/Homeland-Insecurity-Atlantic.pdf |date=2011-09-28 }}, ''[Atlantic Monthly](/source/Atlantic_Monthly)'', September 2002</ref><ref>{{cite book |author=David Hillson |date=29 March 2011 |title=The Failure Files: Perspectives on Failure |publisher=Triarchy Press |page=146 |isbn=9781908009302 |url=https://books.google.com/books?id=mz4z4diInBgC&q=%22failing%20badly%22%20schneier&pg=PA146 }}</ref>

==Failing badly==
A system that fails badly is one that has a [catastrophic](/source/catastrophic_failure) result when failure occurs. A [single point of failure](/source/single_point_of_failure) can thus bring down the whole system. Examples include:
* [Database](/source/Database)s (such as [credit card](/source/credit_card) databases) protected only by a [password](/source/password). Once this security is breached, all data can be accessed.
* [Fracture critical](/source/Fracture_critical) structures, such as buildings or bridges, that depend on a single column or truss, whose removal would cause a chain reaction collapse under normal loads.
* Security checks which concentrate on establishing identity, not intent (thus allowing, for example, [suicide attackers](/source/Suicide_attack) to pass).
* [Computer network](/source/Computer_network) having access provided by a single [service provider](/source/Internet_service_provider).  If the provider's [network](/source/computer_networking) fails, all Internet connectivity is lost.
* Systems, including social ones, that rely on a single person, who, if absent or becomes permanently unavailable, halts the entire system.
* [Brittle](/source/Brittle) materials, such as "over-[reinforced concrete](/source/reinforced_concrete)", when overloaded, fail suddenly and catastrophically with no warning.
* Keeping the only copy of data in one central place. That data is lost forever when that place is damaged, such as the [1836 U.S. Patent Office fire](/source/1836_U.S._Patent_Office_fire), the American 1973 [National Personnel Records Center fire](/source/National_Personnel_Records_Center_fire), and the [destruction of the Library of Alexandria](/source/destruction_of_the_Library_of_Alexandria).

==Failing well==
A system that fails well is one that compartmentalizes or contains its failure. Examples include:
* Properly designed compartmentalized hulls in watercraft, ensuring that a hull breach in one compartment will not flood the entire vessel.
* Databases that do not allow downloads of all data in one attempt, limiting the amount of compromised data.
* Structurally [redundant](/source/redundancy_(engineering)) buildings conceived to resist loads beyond those expected under normal circumstances, or resist loads when the structure is damaged.
* Computer systems that restart or proceed to a stopped state when an invalid operation occurs.<ref name=failsecure />
* Access control systems that are locked when power is cut to the unit.<ref name=failsecure>{{cite web|author=Eric Vanderburg|title=Fail Secure – The right way to fail|url=http://www.pcsecurityworld.com/313/fail-secure-the-right-way-to-fail.html|website=PC Security World|date=February 18, 2013|author-link=Eric Vanderburg|access-date=November 11, 2014|archive-date=October 27, 2014|archive-url=https://web.archive.org/web/20141027212841/http://www.pcsecurityworld.com/313/fail-secure-the-right-way-to-fail.html|url-status=dead}}</ref>
* [Concrete](/source/Concrete) structures which show [fracture](/source/fracture)s long before breaking under load, thus giving early warning.
* Armoured [cockpit](/source/cockpit) doors on airplanes, which confine a potential hijacker within the cabin even if they are able to bypass airport security checks.<ref name="ATLANTIC" />
* Internet connectivity provided by more than one vendor or discrete path, known as [multihoming](/source/multihoming).
* [Star](/source/Star_network) or [mesh network](/source/mesh_network)s, which can continue to operate when a node or connection has failed (though for a star network, failure of the central hub will still cause the network to fail).
* [Ductile](/source/Ductile) materials, such as "under-[reinforced concrete](/source/reinforced_concrete)", when overloaded, fail gradually {{Ndash}}they yield and stretch, thus giving some warning before ultimate failure.
* Making a [backup](/source/backup) copy of all important data and storing it in a separate place. That data can be recovered from the other location when either place is damaged.

Designing a system to 'fail well' has also been alleged to be a better use of limited security funds than the typical quest to eliminate all potential sources of errors and failure.<ref>''[http://www.apogee.co.nz/docs/FailingWell.pdf Failing Well with Information Security] {{Webarchive|url=https://web.archive.org/web/20081014044940/http://apogee.co.nz/docs/FailingWell.pdf |date=2008-10-14 }}'' - Young, William; Apogee Ltd Consulting, 2003</ref>

==See also==
* {{annotated link|Fail-safe}}
* {{annotated link|Fault tolerance}}
* {{annotated link|Fail-deadly}}
* {{annotated link|Resilience (network)}}
* {{annotated link|Resilience (engineering and construction)}}

==References==
{{Reflist}}

Category:Engineering failures
Category:Systems theory
Category:Security engineering

---
Adapted from the Wikipedia article [Failing badly](https://en.wikipedia.org/wiki/Failing_badly) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Failing_badly?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
