The last blog post of 2010 appearing in the Risk Factor concerned American Honda Motor Co. warning some 4.9 million Honda and Acura owners that their email addresses were potentially compromised because of a security breach at one of its vendors; the final story of 2011 involves an admission by the New York Times that it mistakenly sent out 8.6 million emails to subscribers Wednesday afternoon informing them that, "Our records indicate that you recently requested to cancel your home delivery subscription."
The email note - which I received - also said that the Times hoped the recipient would reconsider their cancellation request and that the newspaper was offering a 50% reduced rate for 16 weeks as an inducement not to cancel, but one had to act now.
However, a few hours later, the Times sent out another email saying, "This e-mail was sent by us in error. Please disregard the message. We apologize for any confusion this may have caused."
But by then, it was too late and confusion reigned supreme among the paper's subscribers (at least for awhile). The Times didn't help matters by initially saying via Twitter that the original email was spam and wasn't from the paper ("If you received an e-mail today about canceling your NYT subscription, ignore it. It's not from us.") , which the Times soon had to embarrassingly admit instead that it was.
An AP story in the San Francisco Chroniclereported that the email should have been sent out to only to a few hundred people. It also said that the Times "... initially honored the discount, even to people who were already paying full price and had no plans to cancel," but stopped doing so later in the day, to the anger of some of the paper's subscribers and the delight of the paper's competitors.
The "oops" moment at the New York Times wasn't an uncommon one in 2011. There were many more that I blogged about this year, with the Massachusetts lottery glitch probably being my favorite for 2011.
In reviewing the 220 or so entries in the Risk Factor blog this year, the stories that stick most in my mind, however, are those related to the myriad of data breaches, especially those involving Sony, RSA, Comodo, DigiNotar and South Korea's Nonghyup Bank. These breaches in particular highlighted the worldwide fragility of IT security, even for those organizations who were (once) perceived to be highly experienced in the subject.
Next on my list of notable Risk Factor 2011 posts have been the on-going sagas involving the US Secure Border Initiative and the UK NPfIT, both of which were finally canceled this year after lingering on for what seemed like forever, as well as the Queensland Health payroll system fiasco that began in March 2010 and is still reverberating even today. How long it takes to terminate a major IT program, as well as fix one that has gone bad, just seems to increase every year.
And, of course, the New York City CityTime project is in a league of its own. To me, it's story profoundly illustrates the absolutely low expectations that exist in regard to IT system acquisitions and developments.
Finally, my favorite story of 2011 was one that I have been following for years over at ComputerWeekly involving the two pilots in the Mull of Kintyre Chinook crash of 1994 finally being cleared. Justice delayed, but at least justice finally being done.
The 2011 was to me the year of the IT security breach, and I don't see any let up in that arena in 2012. I think that we'll see more issues arising with electronic health record systems in the US and elsewhere, as their deployment increases. And I also think we'll see some major IT outages in 2012 in several different market sectors as outdated IT infrastructure starts to fall apart.
As is traditional, a number of the IT journals and magazines have published their IT-related lists of 2011 failures, foul-ups and security breaches. For those interested in seeing their lists: both PC World and Info World have put out a list of 2011 ERP project failures; Information Week has a list of its top 10 government IT flops of 2011; Business Computing World has a list of its top 2011 software failures while CRN has a list of the top 10 security breaches of 2011. There have also been a host of 2011 technology flop lists, but these are too numerous to mention.
Hopefully we'll see you again next year.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.