Appendix B
Volatility Characteristics of Information Management and Technology Systems
The sequence of uniquely identifying information, collecting it at the point of origin, transporting it to data storage facilities, and accessing it at some arbitrary or predetermined time involves a number of transactions. Unless appropriate practices are followed, each of those transactions has the potential to introduce errors, corrupt files, or cause other negative consequences that frustrate the intent to maintain information in an accessible form. To avoid this, numerous safeguards and professional practices have been devised to address these potential erosions of information, and in modern practice this element of operations can be approached with a high level of confidence and an expectation that information can be safeguarded and retained in a highly robust and reliable manner.
Nonetheless, the points presented below identify some common examples of how the general developmental volatility characteristics over time of information management and technology systems can affect continued operability of facilities such as those that are the subject of this report. This outline should not be interpreted as a communication that any or all of the points on this list are threatening at any chemical demilitarization facility or have not been addressed at those facilities. Rather, it is intended to communicate many of the things that were considered during the committee’s review of information management at the facilities.
Application Changes. Vendors may switch formats that are used by their applications, and at some point in the future, older datasets may not be readable by the descendants of the software with which it was developed. Even if formats are generally the same, changes in feature sets can lead to this problem.
Application Elimination. Vendors may go out of business or be assimilated by other vendors, and the products used to develop and interpret information may no longer be available.
Application Incompatibility. Records developed in one application may not be functionally compatible with another application even though both have the same operating role. For example, one vendor’s CADD software may not be able to read another vendor’s CADD software data (even though the reverse transaction may be possible). As a result, migrations in applications either over time or between facilities can be problematic in operating practice. This kind of compatibility erosion can challenge continued operations.
Licensing Models. Even if legacy applications are preserved to guard against the kinds of problems noted above, vendor practices may restrict the future use of current software.
Operating System Changes. The basic platform on which an application runs or on which a particular data format has meaning may change, or that platform may disappear, rendering stored records unreadable.
Storage Media Failure. Electronic records in a storage facility exist in the form of physical media that can be compromised. Fire, explosion, contamination, electronic impulses (in some cases), flooding (in some cases), or simple long-term signal degradation (more a problem in some cases than others) can render content unrecoverable.
Storage Media Incompatibility. Electronic records preserved on a particular form of media may in the long term be unrecoverable because the physical devices that read them may disappear from common use.
Decryption Failure. Records preserved in encrypted form may be unrecoverable for reasons that include loss of passwords and unavailability of suitable decryption software. Loss of passwords may be by human error (long-term lack of message passing) or loss of password vaults (software or systems in which passwords are securely stored).
Device Failure. Every physical system has a finite life span or can be physically compromised. Mechanical or other failures of high-speed disk drives, memory, tape units, processors or other system components can arise from long-term wear or physical assault (fire, accident, flood, contamination, and so on). The probability of these events increases with time. Some of them (e.g., fire) are not directly related to continued operability, but others (e.g., component wear) are.
Device Obsolescence. The record of computing system evolution over the last decade has been unequivocally one of continued rapid improvements in competency, including speed, density of storage, and so on. This pace of evolution will continue for the foreseeable future. This has several consequences. Some are not directly relevant to the mission of continued operability. An example of an irrelevant or secondary consequence is that the expectation of performance on the part of users consistently increases to match what is currently available. In the consumer marketplace and in many business contexts, this constitutes a real motivation for change. In the context of continuing operability, as long as a component functions, it is not. There may be human implications (dissatisfaction with the working environment engendered by slow computers or outdated user interfaces), but these are not necessarily direct challenges to continued operations. An example of an evolution that may be a factor is an evolution in processor technology. Changes in instruction sets can render old hardware useless for a particular application or an old application useless on new hardware, unless manufacturers accommodate legacy requirements (in either direction). Virtual system technologies can in some cases address this kind of problem, but the phenomenon nevertheless can pose challenges to continued operation.
Human Skills Migration. As new technologies emerge and users adapt to them, there is a migration away from old skill sets. This can lead to a point where a workforce able to run a device or cope with a technology cannot be found. Even if it can be found, user preferences and expectations can change to the point where (as noted above) outdated but serviceable equipment can be perceived as ineffective. These factors can be managed to some extent with education and incentives that will develop an effective continued workforce, but they do have the potential to pose a challenge to continued operability. This is particularly true in the information management world, where the pace of change is rapid in virtually every dimension.
Evolving Electronic Threats. Computer viruses, worms, spyware, and other malicious agents are a fact of life and continually change. Continued operation requires continued diligence against this kind of attack, and this requires that systems either be carefully isolated or maintained in an up-to-date state if they are to be preserved. This is a clear complication of continued operability, in that aged equipment and legacy software systems may pose challenges if the currently available virus protection does not support them. This is to some extent countered if those same legacy systems are not compatible with current viruses, but the existence of this threat and the need to manage it remains a consideration.
Metadata Inadequacy. Stored information can for the most part be readily retrieved if it has been recently archived and the sender is available to guide the recovery process, or if the basis for keywords or tags that identify the data are well enough documented that subsequent searchers can understand the terms used and request documents accordingly. However, it is common to find in the longer term that the scheme used to identify a dataset may be incomprehensible to later users of a system who might have a different contextual basis than the person(s) who archived the information. Particularly where a system was developed with a short-term usage horizon in mind but is tasked with a long-term use period, this kind of issue can lead to data recovery problems.