| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the lack of software to verify the digital signatures on e-Passports has happened again within the same organization, the United States Customs and Border Protection (CBP). The article mentions that the CBP has failed to deploy the software needed to verify the digital signatures on e-Passports despite having known about the issue for at least eight years [67870].
(b) The software failure incident related to the lack of software to verify the digital signatures on e-Passports has also happened at multiple organizations. The article highlights that more than 100 countries offer passports with digital chips, but fewer than half of them include the capability to verify the integrity of data using a digital signature. This indicates that the issue of not verifying digital signatures on e-Passports is not limited to the United States but is a widespread problem across multiple countries [67870]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the failure of the US Customs and Border Protection (CBP) to deploy the software needed to verify the cryptographic signature on e-Passports. Despite having over a decade to implement this crucial security measure, CBP has not fully realized its e-Passport program, leading to a significant vulnerability where a skilled hacker could alter data on an e-Passport chip without detection [67870].
(b) The software failure incident related to the operation phase is highlighted by the fact that CBP does not currently verify the country certificate of an e-Passport, even though it compares the data on the chip with the information on the biographical page of the passport during entry into the US. This operational failure leaves room for potential exploitation, as attackers could manipulate the information on an e-Passport's RFID chip without physical alteration, potentially bypassing border security checks [67870]. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident related to the e-Passport system's lack of signature verification can be categorized as within_system. The failure was due to the US Customs and Border Protection's failure to deploy the necessary software to verify the cryptographic signature stored on the e-Passport chips [67870]. This failure originated from within the system itself, as the CBP did not have the capability to fully verify the digital signatures despite having known about the problem for at least eight years [67870]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurred due to non-human actions, specifically the lack of deployment of the software needed to verify the cryptographic signature on e-Passports by US Customs and Border Protection [67870].
(b) The software failure incident also occurred due to human actions, as highlighted by the failure of the US Customs and Border Protection to fully implement the e-Passport program despite knowing about the issue for at least eight years and not prioritizing the necessary software enhancements for signature verification [67870]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The failure in this incident does not seem to be directly related to hardware issues. The main issue highlighted in the articles is the lack of software implementation to verify the digital signatures on e-Passport chips, which is a software-related problem [67870].
(b) The software failure incident related to software:
- The software failure incident in this case is primarily due to the lack of software implementation to verify the digital signatures on e-Passport chips. Despite having the technology in place for over a decade, the US Customs and Border Protection failed to deploy the necessary software to actually verify the integrity of the data stored on the e-Passport chips [67870]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident described in the articles is non-malicious. The failure is attributed to the lack of deployment of software by the US Customs and Border Protection to verify the digital signatures on e-Passports, despite having the capability to prevent tampering and forgeries. This failure was not due to malicious intent but rather a crucial shortcoming in the implementation of the e-Passport program [67870]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident:
The software failure incident related to the e-Passport system was primarily due to poor decisions and lack of implementation by the US Customs and Border Protection (CBP). Despite having over a decade to deploy the software needed to verify the cryptographic signature on e-Passports, CBP failed to fully realize its own e-Passport program. The Government Accountability Office highlighted the need for implementing signature verification for e-Passports as early as 2010, but nearly a decade later, the necessary software was still not rolled out [67870].
Furthermore, CBP acknowledged that they do not verify the country certificate of an e-Passport at the time of the incident, indicating a lack of proactive measures to address the security gap. The delay in implementing the necessary software for signature verification despite knowing about the issue for years reflects poor decision-making and prioritization within the DHS and CBP [67870]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident in the article is related to development incompetence. The failure occurred due to the lack of professional competence by the US Customs and Border Protection (CBP) in deploying the software needed to verify the cryptographic signature on e-Passports. Despite having over a decade to implement the necessary software, CBP failed to fully realize its e-Passport program, leading to a critical shortcoming in verifying the integrity of data stored on the e-Passport chips [67870].
(b) The failure was not accidental but rather a result of the development incompetence and lack of prioritization by the DHS and CBP over the years. |
| Duration |
permanent |
The software failure incident related to the e-Passport program's lack of software to verify the digital signatures on the e-Passport chips can be considered a permanent failure. This failure has been ongoing for a significant duration, as highlighted in the articles:
1. The failure has been known for at least eight years, as mentioned in a report by the Government Accountability Office in 2010 [67870].
2. The DHS Inspector General's list of ongoing projects still does not include rolling out the software for signature verification, nearly a decade later [67870].
These points indicate that the software failure incident in verifying the digital signatures on e-Passport chips has persisted over a long period, making it a permanent failure. |
| Behaviour |
omission, other |
(a) crash: The software failure incident described in the articles does not involve a crash where the system loses state and does not perform any of its intended functions. The failure is related to the lack of implementation of software functionality to verify the digital signatures on e-Passport chips, allowing for potential tampering without detection [67870].
(b) omission: The software failure incident falls under the category of omission, as the system omits to perform its intended function of verifying the digital signatures stored on e-Passport chips. Despite having the capability to enhance security through digital signature verification, the US Customs and Border Protection has not deployed the necessary software to carry out this crucial verification step, leaving a significant gap in the security of e-Passports [67870].
(c) timing: The failure is not related to timing issues where the system performs its intended functions either too late or too early. Instead, the issue lies in the lack of implementation of the necessary software functionality to verify digital signatures on e-Passport chips, which has persisted for over a decade [67870].
(d) value: The failure is not due to the system performing its intended functions incorrectly. Rather, the issue stems from the system's failure to perform a critical function – verifying the digital signatures on e-Passport chips – which is essential for ensuring the integrity and security of the passport data [67870].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, where the system behaves erroneously with inconsistent responses and interactions. The primary issue highlighted in the articles is the lack of software implementation to verify digital signatures on e-Passport chips, leading to potential security vulnerabilities [67870].
(f) other: The behavior of the software failure incident can be categorized as a failure resulting from a significant oversight in implementing crucial security measures. Despite the availability of technology to enhance the security of e-Passports through digital signature verification, the failure lies in the omission of deploying the necessary software to perform this verification, leaving the system vulnerable to potential tampering and forgeries [67870]. |