An emergency condition is induced resulting in behavioral
changes that reduce or alter protection to the advantage of the attacker.
Examples include fires, during which access restrictions are often changed
or less rigorously enforced, power failures during which many automated
alarm and control systems fail in a safe mode with respect to some -
possibly exploitable - criteria, and computer incident response during which
systems administrators commonly deviate - perhaps exploitably - from their
normal behavioral patterns.
Complexity: In most cases, emergency procedures
bypass many normal controls, and thus many attacks are granted during an
emergency that would be far more difficult during normal operations. No
complexity measure has been made of this phenomena to date.
fc@red.a.net