U.S. IT Infrastructure Highly Vulnerable

An anonymous reader writes "The President's Information Technology Advisory Committee in their February 2005 report to GW writes "...infrastructure of the United States, which is now vital for communication, commerce, and control of our physical infrastructure, is highly vulnerable to terrorist and criminal attacks." It goes on to say that "fundamentally new approaches are needed to address the more serious structural weaknesses of the IT infrastructure" and finally offers "four key findings and recommendations on how the Federal government can foster new architectures and technologies to secure the Nation's IT infrastructure." Here is yet another, not surprising, bleak outlook for cyber security in the United States. The full 72-page report can be found here."

Yeah

Secure, is what IT ain't!

At Least they are talking about it

[Fox_1]

I don't know if this is just to increase paranoia or not in the US, but if there are security issues it is better that they talk about them, bring them out into the "open" so to speak. There is nothing they couldn't dream up as a terrorist or other attack on the IT infrastructure that hasn't been thought up already by others, even in the terror game it is hard to be truely original. And at least by going through the exercise of thinking like an attacker they may help spur the development of better defenses, traps, early warnings, recovery procedures , what have you.

Re:At Least they are talking about it

[misleb]

When an Internet worm destroys two buildings in New York City and kills thousands of people, THEN maybe you can compare 13 year old boys with too much time on their hands with terrorists. Until then, lets leave terrorism out of this. Ok? There is no comparison. I dont' care how much money Internet worm X costs companies, it doesn't compare to shit blowing up and people dying.

-matthew

Re:At Least they are talking about it

[ShieldW0lf]

I don't know why they refer to it as a terrorist attack in the first place. A terrorist attack has as it's motivation the creation of chaos and fear. Attacking a shopping center or an amusement park or a bus would be terrorism. The attacks that occurred against the US on Sept 11th 2001 weren't terrorist attacks at all. They were attacks on the control centers for the military and the economy and on the commander in chief. Those aren't "chaos and fear, nothing is safe" targets, they are logical military targets, somewhere you shouldn't realistically expect NOT to be a target.

Stop perpetuating the "terrorist" propaganda, will you? It's in your best interest to do so... you're just facilitating the wild-west style power grab going on in your country.

Re:At Least they are talking about it

[orthogonal]

"Any type of attack nowadays will be labeled terroristic."

You mean like Republican Majority Leader Tom DeLay calling removing brain-dead Terry Schiavo's feeding tube medical terrorism?

(The link is to Delay's own site: he's proud of invoking the spectre of terrorism to justify unprecedented government intrusion into personal medical decisions. DeLay also threatened to hold a judge in contempt of Congress for quashing a Congressional subpoena issued to compel the brain dead woman to testify. (Since removed form a conservative web site).

Now, before some winger decides to mod this off-topic, let me spell out what has this to do with IT security.

Very simple: our current "leaders" have shown they'll label anything -- even the legally uncontroversial, medically backed decisions of US judges -- as "terrorism", just in order to win points with their core fundamentalist Christian constituency.

If they'll do it about the private medical decisions of a family, they'll sure as hell do it about IT, if they think they can gain something by so doing. And they've shown that even if that "terrorism" label is obviously bunkum of the first order, they'll go ahead and use it.

Hey, it worked to get us into a pointless war in Iraq: remember when we were told about WMDs and Saddams "ties" to terrorists?

Like the boy who cried wolf, it should be clear by now that when a leading politician (and Delay is only one step away from being Speaker of the House of Representatives, the third in line of presidential succession, he's no fringe politician ) calls something "terrorism", we need to understand he's doing it to whip up our fears -- not to make us safer, but to get what he wants.

Re:At Least they are talking about it

[zogger]

The anthrax attack caused passage of the Patriot Act, which was stalled in the senate at the time (kinda). They rushed it through, zillion pages, none of them cretins who voted for it even read it. The stuff used was US dot mil brand biological war prepped cooties. Should be sorta obvious what's going on.

but you are correct on "spontaniety" and such like, and relative ease of assymetrical warfare. And it's fairly telling that since then there have been zero attacks despite how many dozen warnings of impending attacks and code whatever color "alerts" and protestations for years there were 'terrorist sleeper cells" hanging about. Them boys been real asleep it appears......

And they still haven't finished the lawsuits filed by some government whistleblowing agents who got warned off investigating after they started getting some real evidence, embarrasing evidence that pointed upstream to white guys in dark suits. Again, sorta obvious what's going on. And the 9-11 whitewash committee, pretty funny if it wasn't serious.

I think it's all right to say it, it's been a pretty spiffy coup d'etat. Just a little smoother than your typical third world coup, that's all, lot more media sound bites and slick advertiseoganda pieces on the newzzzzz.

Re:At Least they are talking about it

[el-spectre]

True, but consider the fact that economic damage is very real and serious.

If a company (and it's reputation) get sufficiently hurt, it may have to close or fire staff. These folks may lose their homes quite easily, especially if many flood the marketplace due to mass firings.

While it may sound cold, the death of 3000 folks on that day was incidental to the major damage done. The US economy was rebounding, that got stalled. Shipping got more expensive (due to increased security and energy costs). Personal freedom was significantly limited. The US persued a foreign policy that has us potentially overextended.

THESE are the major damage caused by the attacks on 9/11. I'm not dismissing the lives of the dead, but they were all beyond pain and terror within 90 minutes. 3 and a half years later the world is still reeling from the economic effects of that day.

Imagine someone compromises Visa in a major way. Or Bank of America. Ya still think the impact is small?

Re:At Least they are talking about it

[ScentCone]

When an Internet worm destroys two buildings in New York City and kills thousands of people, THEN maybe you can compare 13 year old boys with too much time on their hands with terrorists.

First, let's define what a terrorist is. Where do you draw the line? 3000 people dead? 300? 30? 3? I say that someone who deliberately sets out to cause havoc, knowing that their actions will cost jobs, induce fear, require cleanup, new security measures, etc.... that person is terrorizing their audience/victims, and is a terrorist. Some are more effective at smashing store windows during witless demonstrations than they are killing people, and some are more effective at burning cash in the economy as businesses, schools, and grandmas fight malware, and some manage to kill thousands of people - but they all, by choice and deed, are causing pain, expense, suffering, and sometimes death. Those are terrorists, varying only in scope and effectiveness.

Now, is the 14 year old kid that's in to model rocketry a terrorist when his latest experiment goes sideways and catches someone's hayfield on fire? An idiot, perhaps, but not arguably someone that set out to terrorize the farmer or cost the township thousands of dollars to put out the blaze. Is the 14 year old kid that's deliberately looking for malware to kiddie-script into his own flavor and set loose in an attempt to be cool or flail against "corporations" (while using corporately made computer parts, listening to his decidedly not made-by-old-world-artisans iPod, wearing his corporately made clothing, and still alive past childbirth and unafflicted by polio and other nasties because of corporately made medical supplies) the same? No. He's intent on damage, and on making the news. He's a terrorist, just a lame one. But he's in the same camp as the guys who would blow up bridges or poison wells: chaos, fear, damage - all in the name of recognition.

Don't think hackers can physically damage things? Right here is someone's copy-and-paste of a recent article about infrastructure threats from hackers. The director of the federal agency tasked with worrying about this stuff "wished he was wearing a diaper" while watching a demo of a guy hacking a SCADA-controlled turbine at a power generating plant. Just a few clicks, turn off the lube oil pump, and you're out millions of dollars of equipment and have a piece of the grid down for weeks or months. Multiply that times several power plants at the peak of a hot August Friday night across, say, most of California, and you're going to get deaths from failed safety equipment, chaos and social damage as often happens in those circumstances, and a huge economic upheaval.

Where do the folks with an axe to grind get the chops for that stuff? From young, net-savvy kids with, as you put it, "too much time on their hands" who are disaffected, susceptible to bent ideolgies because of the feeling of inclusion, and easily intimidated. Whether young people like that are tools, or have it in them to dream up and execute stuff like this on their own, for their own Columbine-like revenge fantasy reasons, don't dismiss it as just kids' stuff. The consequences for millions of lives, jobs, and for history could be huge.

Lastly, if you (as you do seem to) consider the 9/11 attacks as terrorism - what would you have been willing to tolerate, law-enforcement-wise, intelligence-gathering-wise, to prevent them? What should the people in Spain have been willing to put up with at their train stations before 3/11? Would any of us have tolerated the preventative measures before that stuff happened? Will we have the same conversation after a large municipal drinking water supply gets raw sewage pumped into it by a cranky ex-employee who knows that the SCADA system controlling the treatment plant still has the factory default password set? Or, posts that info on some forum where a 13-year-old kid with "too much time on his hands" decides to try his hand at it?

Re:At Least they are talking about it

[Fox_1]

9/11 wasn't the worst thing one group of humans has done to another. Let us be honest about what we really are, in fact more people died in Rwanda through the 90's by 13 year old boys carrying guns, then in 9/11. The word genocide is used to describe that. I understand the holier then thou attitude, but remember the point of my post was to point out that it isn't just terrorists (which the original article/report focuses on) but any group or individual dedicated enough to attacking the infrastructure that we should consider. The US (9/11)Terrorism card may be played too often and despite how much you show your wounds and carry your scars in public, other things happen in this world that affect people just as much if not more. I don't mean to minimize the tragedy, I lost a friend myself that day, but the distinction between terrorism, nationalism, and revolution is so hard to define that I would rather we avoid it and just talk about the actions themselves, without loaded words.

Re:At Least they are talking about it

[mickyflynn]

Saddam, bona fide, had ties to terrorists. He gave money to encourage and fun suicide bombings in Israel by groups like Hammas and Islamic Jihad. Al Qaeda is not the only terrorist group. Furthermore, Israel is a US ally. As far back as Rome, "an attack on my ally is an attack on me." It's the logic behind NATO and Warsaw Pact.

Secondly, the first Gulf war never ended. We signed a contingent cease-fire agreement, not a peace. Iraq shot at US and British aircraft enforcing the no-fly zones almost every day. We bombed them almsot every day under Clinton and the early days of Bush before the all-out war. Violtating a cease-fire constantly is grounds for resumption of hostilities. This is the same war, different battle.

Fuck this shit about "WMDs" and "Terrorists" though. Fuck it to hell. Saddam was a bad guy and was our enemy. There is no logical reason to allow ones enemies to persist. 3 wars between Rome and Carthage before Rome just said "enough"and totally obliterated them ought to tell us something. Two world wars against Germany, also. He was our enemy and no he's gone. His country is being turned into a US client State and part of the Imperium. Iraq is now our Bitch, and the rest of them are not far behind. We just need to take the golves off and kick the shit out of these "insurgents" instead of tip-toeing through the tulips so as not to offend them.

Rome never managed to get past Palestine and stay. Rome lacked the logistical support for a multi-front war. We do not. I have no dilusions that we are doing this to spread "freedom" and "democracy," but we can spread our own peace -- where the others are pacified and we can then go about living our lives, and to hell with their freedom. I suspect we both belive that is what is happening. Only for some reason you seem to think its a bad thing. Well guess what, bub, you're going to benefit too, and one must break some eggs to make an omlet.

We also must both know that the majority of people (and not just americans, mind you), are easily duped. As my American Romanticism professor says, "The mob demands idols." and that is true. But as much as they want something above them to worship, they want something to fear. Fear breeds strength, it also breeds control. Yes, give the mob spectacle and they will love you. Inform them of danger and they will need you. they will also be willing to do what they must.

That is where this "terrorism" shit comes in. I don't believe in terrorism because I am not affraid, therefor by definition, there are no terrorists in my world view. No, I am not afraid. I just don't like them. They have demonstrated they are against "us", and "i" am part of "we," and so they are against me. I'll do my part to crush our enemies. But those who are week and fear, well, i don't really find them useful. But they are controllable, and perhaps that is enough.

Besides, it's not just republicans. It's all politicians. they all play the fear game against atheists, communists, big bad perscription drug stealers, whatever. Don't trust any of them because they'll all stab you in the back just as soon as they can. There is no honour or loyalty in their world. They are weak people who do not deserve to govern. Weak leaders voted for by a weak populous who does not deserve to vote.

Re:At Least they are talking about it

[Stop+Error]

First off those targets in New York were civilian facilities. They were filled with civilians, simply going to work. They where not making bombs devising battle plans or scheming to rob the middle east of it's money.

Secondly the planes the hit the buildings where civilian planes filled with civilians. These attacks closed the skies of the US for the fist time in history. Nobody felt safe, the nation was gripped in fear.

As for the military factor if they were attempting to knock out our command and control centers they knew that taking out 3 targets would come no where close. Not to mention the only reason I could think of for disrupting the said channels (from a tactical stand point) would be to faicilite a military attack or a retreat. (there was no on going conflict to attack or retreat from at the time)

Then you have them claiming responsibility. What military advantage is there in that? They wanted nothing else than to kill Americans, put fear in people.

They did both, they were terrorists.

It would be a...

[Phidoux]

... true indication of the US governments commitment to security if they moved away from M$ operating systems.

Re:It would be a...

[matria]

Over 10 years ago, when Microsoft was pushing itself into the server market, and the university hospital where I worked was moving away from their IBM servers to PCs with Microsoft (and managed to lose most of a year's worth of doctor's dictated medical procedure reports within a few months of moving them), I told the IT department that this trend would eventually cause the destruction of a large part of the US IT infrastructure. I still believe that. And, funny thing is, I don't see the huge savings in IT spending that this was supposed to bring about...

Sick of hearing about cyber-terrorism.

[GeorgeMcBay]

Seriously, the whole "cyber-terrorism" boogeyman is one of the worst things to be exploited after 9/11, and that's saying something considering how much exploiting people have been doing. Honestly, terrorists are NOT interested in cracking databases and DDOSing the Internet. They just aren't. That doesn't spread FEAR or TERROR, just annoyance.

I'm not doubting that this report is accurate in so far as systems are insecure, but the real danger is from script kiddies and other such people, NOT TERRORISTS. Using the word so far out of context to drum up interest (and thus funding) is despicable.

Re:Sick of hearing about cyber-terrorism.

[Matilda+the+Hun]

...but the real danger is from script kiddies and other such people...

Actually, the real danger are the federal employees who don't update their horribly vulnerable software, open random attachments to their emails, click on the pop-up ads telling them their computer is insecure, and give their passwords out to social engineers over the phone. Which, of course, make it easy for the script kiddies and other such people to run well-known and documented but apparently still dangerous exploits because people are too stupid and lazy to do anything about them.

Re:Sick of hearing about cyber-terrorism.

[pitc]

Actually, the real danger are the federal employees who don't update their horribly vulnerable software, open random attachments to their emails, click on the pop-up ads telling them their computer is insecure, and give their passwords out to social engineers over the phone...

I get frustrated everytime I hear a comment like this. If I leave my door unlocked and get robbed it does not remove blame from the thief or make it my own fault that my own was robbed. (It just makes me an idiot.)

These 'dangerous' federal workers aren't dangerous at all. They're clueless and don't know any better. The dangerous ones are the script kiddies doing the attacking and the 3l1t3 h4x0r's writing the exploit scripts.

Perhaps I'm just paranoid but...

[bmw]

It always worries me when I see the current administration saying things like this...

highly vulnerable to terrorist and criminal attacks."

fundamentally new approaches are needed to address the more serious structural weaknesses of the IT infrastructure

It isn't that they aren't right... It's just that whenever they go on and on about terrorists threatening our way of life it seems all they really want is to implement new ways of taking away our rights without actually protecting us at all.

Sure wish I could actually read the article. :-\

Re:Perhaps I'm just paranoid but...

[Ohreally_factor]

Because we haven't seen as naked a power grab since. . .ever?

At least you knew that Clinton wouldn't get away with too much in the way of hurting our civil liberties, because the Republicans controlled Congress for most of his Presidency. And despite Clinton's fiscal conservatism, he was a liberal at heart, so he wasn't interested so much in curtailing civil liberties as he was in growing social welfare programs, i.e., growing the "feel good" side of government, often at the expense of defense programs. One of the things I respect about Clinton is that he was at least realistic about fiscal responsibility, so we could actually pay for the programs he wanted. (Just a note: I'm not totally against social welfare programs, I just suspect the liberal tendency to go overboard on them and attempt to solve all of our problems.)

Bush, on the other hand, might talk a good game of conservatism, but his actions speak differently. And so it is with his and congress's actions to "protect our liberty. Bush pays lip service to conservative ideals, but at heart he is a criminal who will do anything to gain more power for himself or his friends.

There are many many examples, far too many to list. So, I'll just mention the latest in a long line of power grabs, some minor, some major. Schiavo.

Excuse to go forward with Trusted Computing?

[Anti-Trend]

I haven't RTFA (who can, it was /.'ed almost instantly), but this sounds a bit like a segway into trusted computing -- or paladium, or whatever MS is calling it. I would love to believe they'd get the clue and go OSS, but with the amount of sugar-daddy financial pull MS has with our government officials, I just can't put any hope in that theory.

Re:Slashdot 1, .gov 0

[caino59]

God I know thats probably dripping with sarcasm - and 10 years ago, it would be modded as funny...

but damn - we aren't far off. these days, that post is insighful.

scary.

Does it matter?

Is it to the political benefit of the Bush administration, or the neoconservative agenda, to in some way react to the widespread and systematic vulnerability in the IT infrastructure of the U.S.?

Is there some personal gain they can derive from it, some personal goal that responding to this knowledge is convergent with?

No?

Then it doesn't matter. This advisory committee will be ignored, just as the committees and others who warned the Bush administration about the insecurity and threats in our nation's (and our nation's air travel system's) security were ignored in the weeks and months before September 11, 2001.

And if anything were to happen because of the vulnerability in the IT infrastructure, then just as before, the media, the world, will shrug and say there is nothing that could have been done, there was no way this could have been seen coming, it was not a failure of intelligence but of imagination.

Re:Education

[isolation]

The states run the education system. Its just the federal government that shoves money at the problem. When has throwning money in to a fire every helped to put the flames out.

Crying Wolf

[schmobag]

This all seems a little alarmist. Our IT infrastructure is far more secure than our physical infrastructure, because our IT infrastructure has grown up under constant threats from script kiddies, trojans, and worms. 9/11 was possible because we have (or had) a basically open, trusting society. That's not true online.

Servers across the internet are under constant attack from all kinds of viruses, worms, and malicious hackers. Even the most successful viruses amount to little more than annoyances, and can be easily protected against by any systems administrator worth his salt. Like the human immune system, continuous exposure to cyber-pathogens results in our information infrastructure growing increasingly good at resisting and fending off attacks.

There's no reason to think that Islamic terrorists would be any more competent virus writers than those that currently plague us. In fact, given the backwardness of the arab countries where most islamic terrorists come from, I think there's good reason to think they would be less competent as computer programmers than people from other parts of the world. The only significant difference between cyber terrorists and today's virus writers is motivation. Most virus writers are interested in the technological challenge, and want to show off their prowess. They don't really want to do any damage. Others are more sinister, and try to install keystroke loggers or bots in order to steal your credit card numbers or extort money from people threatened with having their servers brought down by an attack from an army of compromised computers. Cyber-terrorists, on the other hand, would want to cause some spectacular failure that would grab all the headlines. Unfortunately for them, the systems that the terrorists would like to bring down are administered by professionals, people who are a lot more sophisticated than a grandma who forgets to update her anti-virus definitions.

Finally, two more features of our information infrastructure make it resistant to catastrophic failure. First, it is resilient. Our information infrastructure is largely owned by private industry, and is supported by an army of trained to quickly get systems back up and running should they ever be brought down. Second, and more importantly, the systems that comprise the infrastructure are diverse. No program can run natively on a Cisco router, an Apache webserver, and a Microsoft SQL server. It's therefore extremely unlikely that a single program could bring the nation's cyber infrastructure to its knees.

Major Security Hole

[Doc+Ruby]

You're not praying hard enough.

+5 Useful Bounty

[idsfa]

First person to set up a BitTorrent for the PDF gets a +5 CoolAssMoFo from me. (Useless, but cool)

Re:Slashdot 1, .gov 0

True, but if the state unilateraly decides to withdraw my rights I can unilateraly decide to cancel my obligations. Fair's fair.

A solid foundation is required

[Linker3000]

The startpoint for a decent environment should be a way to interconnect (or 'internetwork'?) various computer systems and local networks using data links with redundant, multiple pathways (or 'routes') so that the failure of a single route would not affect the overall functionality of the internetwork.

Since the US government is worried about this, maybe one of their own divisions - say the Department of Defense? - should look into this.

In the end, maybe technology spin offs from this could be used for the benefit of the civilian population too?

Just an idea.

Vulnerable indirectly, too

[PhotoGuy]

Even an attack which wasn't targeting the IT infrastructure (Sept 11th), made the net (and phone infrastructure) pretty much unusuable for an extended period of time. An emergecy broadcast system for information during a major attack, it's not.

With proper routing, redundancy, spare capacity, it could be more robust, but there is no mandate for that, but mainly pressure to drive costs lower and lower. So you get an internet which is very low cost, and very powerful, but not very resilient to major problems.

How to Destroy an IT Infrastructure

1. Allow companies (who have a vested interest in profit over security) to develop products that bastardize existing standards, or create ones that are not operable with others. Allow the masses using these products to freely connect to the internet and cause all sorts of havoc.

2. Allow companies (and gov't agencies) to outsource maintenance, development and support of IT functions to second and third-world countries -- none of which have a vested interest in keeping our infrastructure safe and secure -- let alone our citizenry.

3. As a result of step 2, enrollment in IT/CS related fields plummet. U.S. no longer a leader in CS.

Re:Slashdot 1, .gov 0

[MadMartigan2001]

You not only have rights, you also have obligations. Part of being a citizen is the acceptance of those obligations. You have to pay taxes and serve on juries.

That's an interesting point. In fact, the king of England said those exact same things to the American colonists just before the war of Independence. And a funny thing happened, the people we call the founding fathers of the United States, you know, those guys who said that "all men are created equal", told the king to stuff it.

So by that example, it appears that freedom loving people, who care about their country and their fellow citizens, have the "obligation" to voice their opposition to oppressive laws, rules and regulations, and refuse to submit if their conscience dictates so.

If the Congress decides that it is necessary, you may be drafted into military service.

If the congress decides? Where did you get that idea from? Where, in the Constitution or the bill of rights, does it says anything about submitting to a draft?

In fact, I see that the 13Th amendment to the Constitution specifically says that "involuntary servitude" is not acceptable in the United States.

Yes, we have a draft, but perhaps you should research where the draft originated and the ramifications it has on your freedom, or lack of. A draft means you can be drafted for any reason that, according to you, the congress deems appropriate. You know, not long ago it was legal to own black people, and illegal for women to vote. Would you gladly "serve" your country if the congress drafted you to repress blacks and women? Hmmmm?

There is no free lunch.

No, there is not. But there is this little thing called freedom. A concept that seems to be hard for some people to comprehend. A concept which requires people to think for themselves and make their own decisions and allow others the same privilege.

With one statement you just trampled on the inalienable rights of every citizen of the United States and allowed for the possibility that each and every one of us could be drafted against our will and forced to kill other human beings, simply because a small group of people (the congress) decries it.

The icons of history are those who stand up for principles of freedom and equality. Does anyone remember the names of the 1000's of police officers who did not think for themselves and simply enforced the segregation laws? No, we remember Martin Luther King. Does anyone remember the names of millions of men who repressed women for decades and did not allow them to vote or own property? No, we remember Susan B. Anthony and Elizabeth Cadey Stanton.

Will anyone remember your name?

Having worked on .gov systems as a contractor

[Exter-C]

Having worked on some .gov systems over my time the bigget problem is often that the resources are spread very thinly across the country. They really need each department to invest in people that will just focus on keeping things upto date.

Primary focus can be desktop and internet facing systems. This can be made alot easier. Windows update for example is much more reliable than it has been in the past (not perfect but better). And most unix systems are compatable with systems like pkgsrc which would make it much easier to at least try and resist incoming attackers.

Having centralised management and control over all systems would be a great start. Thats something that many countries have however from my experience many american departments have different staff in different offices/regeons making the mismatch in staff quality and skillset diverse enough to affect security.

What about the bigger problems?

[Oriumpor]

The security of a network is a combination of factors:
Technological
Physical
Social

We can fight the battles in the technological front till we're blue in the face, but the temp at the front desk is a hole you'll probably never close.

In my head obvious questions this document failed to address are as follows:
How many people have access to your data center?

How many people have access to your most remote networked buildings?

Scrolling through this document there is no mention of the greatest security challenges facing IT today. Worms have been around since before the public internet, and as IT warriors we fight those battles constantly.

Ignoring the other aspects of "cyber" security is folly and tantamount to IT security suicide.

imagine TCPA ENABLED malware

[alizard]

running as "trusted code" immune to any possible attempts by the user to make them stop short of unplugging the computer.

And they want to make ISPs require TCPA for Internet access?

I'm sure that TCPA advocates will be telling us that this is impossible...

Of course, the Titanic was unsinkable, too.