| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
The software failure incident involving security problems and reliability issues with the digitization effort of the U.S. Census Bureau occurred with the system built by Pegasystems Inc. The Pega-built website was hacked from IP addresses in Russia during testing of census systems, raising concerns about cybersecurity vulnerabilities. The incident prompted multiple meetings to address security concerns and led to considerations of reverting to an in-house system called Primus [93231].
(b) The software failure incident having happened again at multiple_organization:
There is no specific mention in the provided article about the same software failure incident happening at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the case of the U.S. Census Bureau's digitization project. The decision to outsource the development of the system to Pegasystems Inc instead of building it in-house led to serious reliability and security problems. The Pega-built website was hacked from IP addresses in Russia during testing, indicating vulnerabilities in the design and development of the system [93231].
(b) The software failure incident related to the operation phase is evident in the security incidents that occurred during the testing of the census systems. Hackers accessed the system from Russian IP addresses and launched a domain name system attack, highlighting operational vulnerabilities and the ability of the security contractor, T-Rex Solutions, to defend against cyberattacks. The lack of adequate forensic capability and security compliance deficiencies also point to operational challenges in maintaining system security [93231]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident related to the U.S. Census Bureau's digitization project involved both within_system and outside_system contributing factors.
Within_system:
- The Pega-built website for the census project faced serious reliability and security problems, with its projected cost doubling to $167 million and experiencing hacking incidents during testing [93231].
- The decision to choose an outside contractor, Pegasystems Inc, over building the system in-house led to challenges with the off-the-shelf solution requiring extensive customization, escalating costs, and reliability concerns [93231].
- The in-house system, Primus, was considered as a backup due to the escalating costs and reliability concerns with the Pega-built system [93231].
Outside_system:
- The Pega-built website was hacked from IP addresses in Russia during testing, indicating an external security threat to the system [93231].
- The domain name service attack on the census site during testing also highlighted external vulnerabilities that could impact system performance and security [93231].
- The broader struggle faced by the Census Bureau in executing the digitization project included security mishaps, missed deadlines, and cost overruns, indicating external challenges impacting the project [93231]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident involving the U.S. Census Bureau's digitization project faced serious reliability and security problems, including being hacked from IP addresses in Russia during testing of census systems. The incidents included a domain name service attack causing a sharp increase in traffic. These incidents did not result in system damage or stolen data but raised alarms about the ability to defend against cyberattacks [93231].
(b) The software failure incident occurring due to human actions:
The decision to outsource the digitization project to Pegasystems Inc instead of building the system in-house was a human action that led to escalating costs and reliability concerns. The choice of Pega's off-the-shelf solution required extensive customization, leading to increased costs and potential unreliability. Additionally, the decision to conduct testing in settings vulnerable to hackers despite identified risks by the in-house security team was a human action that stoked internal tensions and ultimately led to security mishaps [93231]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- The article does not mention any specific hardware-related issues contributing to the software failure incident reported by Reuters [93231].
(b) The software failure incident occurring due to software:
- The software failure incident reported by Reuters [93231] is primarily attributed to software-related issues. The incident involved serious reliability and security problems with the Pega-built website used for the U.S. Census Bureau's digitization effort. The system faced hacking attempts from IP addresses in Russia, security vulnerabilities, and concerns about the ability to defend against cyberattacks. Additionally, there were issues with the cost overruns and the performance of the software systems provided by contractors like Pegasystems Inc and T-Rex Solutions. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The software failure incident related to the U.S. Census Bureau's digitization project involved malicious factors. The incident included a hack from IP addresses in Russia during testing of census systems, where an intruder bypassed a firewall and accessed restricted parts of the system. Additionally, there was a domain name service attack that caused a sharp increase in traffic. These incidents raised alarms about the ability to defend against cyberattacks and prompted multiple meetings to address security concerns [93231].
(b) The software failure incident also involved non-malicious factors. The Census Bureau faced serious reliability and security problems with the Pega-built website, leading to cost overruns and missed deadlines. The project had security mishaps, missed deadlines, and cost overruns, indicating non-malicious contributing factors such as technical challenges, mismanagement, and inadequate system testing [93231]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident related to the U.S. Census Bureau's digitization project can be attributed to poor decisions made in the selection of external contractors and the approach taken for the technology overhaul. The bureau chose to outsource the project to Pegasystems Inc. and T-Rex Solutions, believing it would be cheaper and more effective than building the system in-house [93231]. However, the Pega-built website faced serious reliability and security problems, with the projected cost doubling to $167 million, significantly higher than the initial cost projection for an in-house system [93231]. Additionally, the decision to go with a monolithic framework for software production, despite warnings from outside advisors to take a more modular approach, contributed to the challenges faced in the project [93231]. The escalating costs and reliability concerns with Pega's system prompted considerations to revert to an in-house system, indicating a recognition of the poor decision in selecting the external contractor [93231].
(b) The software failure incident also involved accidental decisions or unintended consequences that led to security incidents during testing. The Pega-built website was hacked from IP addresses in Russia during 2018 testing, with an intruder bypassing security measures and accessing restricted parts of the system [93231]. Additionally, a domain name service attack caused a sharp increase in traffic during the same test, highlighting vulnerabilities that were not anticipated [93231]. The incidents raised alarms among census security staff about the ability to defend against sophisticated cyberattacks, indicating unintended consequences of the decisions made in the project [93231]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the case of the U.S. Census Bureau's digitization project. The decision to outsource the development of the census website to Pegasystems Inc. instead of building it in-house led to serious reliability and security problems. The Pega-built website was hacked from IP addresses in Russia during testing, indicating a lack of adequate security measures in place. Additionally, the system faced cost overruns and the need for extensive modifications, highlighting potential incompetence in the initial development decisions [93231].
(b) The software failure incident also has elements of accidental factors contributing to the failure. For example, during the testing of the census systems, the website experienced a domain name service attack, causing a sharp increase in traffic. This incident, along with the hack from Russian IP addresses, was not intentional but rather accidental events that raised alarms about the system's vulnerability to cyberattacks. These accidental incidents highlighted the need for better security measures and incident response capabilities [93231]. |
| Duration |
permanent, temporary |
The software failure incident related to the U.S. Census Bureau's digitization project involving Pegasystems Inc and T-Rex Solutions can be categorized as both temporary and permanent.
Temporary: The incident involving the hack from IP addresses in Russia during the 2018 testing of census systems can be considered a temporary failure. The system was breached, and unauthorized access was gained, but no system damage or stolen data resulted from the incident. This incident raised alarms about the system's security and the ability to defend against more sophisticated cyberattacks [93231].
Permanent: The broader struggle faced by the Census Bureau in executing the digitization project, including security mishaps, missed deadlines, and cost overruns, can be seen as a more permanent failure. The problems with Pega and T-Rex reflect a systemic issue in the project's execution, indicating a failure due to contributing factors introduced by all circumstances [93231]. |
| Behaviour |
crash, value, other |
(a) crash: The software failure incident related to the U.S. Census Bureau's digitization project involved a crash as the Pega-built website was hacked during testing, with an intruder bypassing a "firewall" and accessing parts of the system that should have been restricted to census developers. This incident led to a panic within the Census Bureau and prompted multiple meetings to address security concerns [93231].
(b) omission: There is no specific mention of a software failure incident related to omission in the provided article.
(c) timing: The software failure incident related to timing is not explicitly mentioned in the provided article.
(d) value: The software failure incident related to the U.S. Census Bureau's digitization project involved a failure in terms of value as the Pega-built website, which was supposed to be a cost-effective solution, faced serious reliability and security problems. The projected cost of the project doubled to $167 million, about $40 million more than the bureau's initial cost projection for building the site in-house [93231].
(e) byzantine: The software failure incident related to the U.S. Census Bureau's digitization project did not exhibit a byzantine behavior as described in the provided article.
(f) other: The software failure incident also involved security mishaps, missed deadlines, and cost overruns, reflecting a broader struggle in executing the digitization project. The effort was marred by various issues, including vulnerabilities to cyberattacks, lack of forensic capability, and concerns about the ability to defend the system against sophisticated attacks [93231]. |