The September 2006 column ("The Foresight Saga") discussed failures in critical infrastructures due to lack of foresight in backup and recovery facilities. This column considers some of the causes and effects of another common kind of missing foresight: inadequate infrastructure maintenance. Civilization and infrastructure are intimately intertwined. Rising civilizations build and benefit from their infrastructures in a "virtuous cycle." As civilizations decline, their infrastructures decay—although unmaintained vestiges, such as roads and aqueducts, may outlive them.
Dependence on critical infrastructures is increasing worldwide. This is true not only of information systems and network services, but also of energy, water, sanitation, transportation, and others that we rely on for our livelihoods and well-being. These critical infrastructures are becoming more interrelated, and most of them are becoming heavily dependent on information infrastructures. People demand ever more and better services, but understand ever less about what it takes to provide those services. Higher expectations for services are often not reflected in higher standards for infrastructure elements.
Engineers know that physical infrastructures decay without regular maintenance, and prepare for aging by requiring inspections and repairs. Proper maintenance is generally the cheapest form of insurance against failures. However, it has a definite present cost that must be balanced against the unknown future cost of possible failures. Many costly infrastructure failures could have been prevented by timely maintenance. U.S. engineers have been warning about underinvestment in infrastructure maintenance for at least a quarter-century, but the problem is not limited to the U.S.
Neglect is the inertially easy path; proactive planning requires more immediate effort, resources, and funding. Creating maintainable systems is difficult and requires significant foresight, appropriate budgets, and skilled individuals. But investments in maintainability can reap enormous long-term benefits, through robustness to attack, simplified maintenance, ease of use, and adaptability to new needs.
Although computer software does not rust, it is subject to incompatibilities and failures caused by evolving requirements, changing environments, changes in underlying hardware and software, changing user practices, and malicious exploitation of discovered vulnerabilities. Therefore, it requires maintenance. Yet the costs of maintenance are often ignored in the planning, design, construction, and operation of critical systems. Incremental upgrades to software are error-prone. Patchwork fixes (especially repeated patches) further detract from maintainability. Software engineers receive little training in preparing for software aging, in supporting legacy software, or in knowing when and how to terminate decrepit legacy systems.
Insecure networked computers provide vandals easy access to the Internet, where spam, denial-of-service attacks, and botnet acquisition and control constitute an increasing fraction of all traffic. They directly threaten the viability of one of our most critical modern infrastructures, and indirectly threaten all the infrastructures connected to it.
As the example of New Orleans after Hurricane Katrina shows, failure of a critical infrastructure (the levees) can cascade into others. The very synergies among infrastructures that allow progress to accelerate are a source of positive (amplifying) feedback, allowing initial failures to escalate into much larger long-term problems involving many different infrastructures. Ironically, such "positive" feedback often has negative consequences. Katrina should also remind us that remediating after a collapse often involves many secondary costs that were not foreseen. The more different infrastructures that fail concurrently, the more difficult it becomes to restore service in any of them. Restoring a lost "ecosystem" costs much more than the sum of the costs of restoring each element separately.
Chronic neglect of infrastructure maintenance is not a simple problem, and does not have a simple solution. Technical, economic, social, and political factors intertwine; adequate solutions must involve both the public and private sectors. People who use these infrastructures must appreciate the importance of maintaining them. People who understand sources of the fragilities, vulnerabilities, and decay in our critical infrastructures have a responsibility to educate decision makers and the public about these risks.
©2008 ACM 0001-0782/08/0600 $5.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
No entries found