Today, devices and systems used for information processing often have many functions and therefore have a correspondingly complex structure. In general, this applies both to hardware and software components. Due to this complexity, there are many different sources of error in these components. As a result, devices and systems often do not function as intended, resulting in security problems.
There are many causes of malfunctions, for example material fatigue, manufacturing tolerances, conceptual deficiencies, exceeded limit values, application conditions that were not defined or lack of maintenance. Since there are no perfect devices and systems, a certain residual probability for malfunctions must always be accepted anyway.
Malfunctions of devices or systems may impair all fundamental information security values (confidentiality, integrity, availability). In addition, malfunctions may also remain undetected over a longer period of time. It is therefore possible that calculation results are corrupted and cannot be corrected in a timely manner.
Examples:
- A clogged ventilation grille leads to the overheating of a storage system which, as a result, does not fail completely, but malfunctions only sporadically. It is only discovered a few weeks later that the information stored is incomplete.
- A scientific standard application is used to carry out a statistical analysis of a previously collected set of data that is stored in a database. According to the documentation, however, the application has not been approved for the database product used. The analysis seems to work, but random checks showed that the calculated results are incorrect. Compatibility problems between the application and the database were identified as the cause.