14th March 2021
Not Subscribed Yet? Sign up Here!
Why the Power of Digital Transformation Comes With Huge Responsibilities
I have always had a deep-seated fear of software and its consequences. Despite more than 30 years earning a living from designing it, building solutions with it, and advising about its use, it has always been clear to me that the power that it brings has a very dark side. It can be destructive. It often contains far too many errors. It is much too easy to manipulate. And now I am also starting to believe that could well be at the core of our future downfall.
Our dependence on software has never been clearer. Beyond Marc Andreesen’s infamous “software is eating the world” comments a decade ago, we now find that software is also ”connecting the world”, “entertaining the world”, “governing the world”, and “feeding the world”. Remember that the predicted 50 billion devices that will soon be connected to the internet all depend on the software that brings them to life. From a handful of lines of code running a temperature sensor attached to a building, to the estimated 100 million lines of code embedded in a high-end car, this software is essential to so many things we do. Yet, we often know little about it, take it for granted that it is well designed, and take little care of its safe operation.
In recent days, my concerns have been heightened by spending time with the latest book by Nicole Perlroth, the cyber-security correspondent for the New York Times. In “This is How They Tell Me the World Ends”, Perlroth explores in frightening detail how and why cyber warfare, cyber terrorism, and software-driven exploitation is on the rise. She delves into the murky world of hackers and cyber-warriors and offers deep insights into the way governments such as Russia and China sponsor cyber-espionage for their own ends.
But it is simpler, everyday aspects of her story that are perhaps the most chilling. The way hacks and software exploits are bought and sold. The underground activities aimed at staying ahead in the cat-and-mouse game of finding the software weaknesses before they are patched. And the “zero day” brokers who trade software bugs the way a financial broker trades stocks and shares. Happy to create a marketplace in information that could bring down the systems intrinsic to all of our lives and capable of shutting down a power station, turning out the lights, stopping the flow of oil and gas, blocking all telecommunications, and much more. Does this sound too farfetched? Try a google search on “NotPetya” and think again.
I personally became aware of the importance of data security on a US Airforce base in Alabama over 20 years ago. I’d been working for a couple of years at the Software Engineering Institute (SEI) at Carnegie Mellon University in Pittsburgh when I was asked to lead a software architecture review on several proposed solutions for a very large military programme. But things did not go well.
As a Federally Funded Research and Development Centre (FFRDC), the SEI was set up in the 1990s in response to a growing awareness of the importance of software to the US national infrastructure. The US had just experienced a major wake-up call that came to be known as the “Morris Worm”.
Let loose by Robert Morris, a student at Cornell and the son of a cryptographer at the National Security Agency (NSA), it exploited a combination of known shortcomings in system software and poor security practices to replicate itself across the widening set of interconnected computers that were increasingly taking responsibility for critical tasks across government and military organizations.
While the Morris Worm was not written to be purposefully destructive, it caused chaos by slowing down computer operations and overwhelming the administrative resources assigned to system management. And the ease with which this occurred did not go unnoticed. Setting up the SEI was one of several responses, with the aim of bringing greater attention and professionalism to the practice of largescale software engineering across US government agencies and beyond.
Fast-forward a few years and I found myself in Montgomery, Alabama crawling through detailed design specifications for new software systems to be developed and delivered for the US Airforce. It was a steamy July afternoon, and I was perhaps not at my most attentive when 2 very burly Military Police personnel in clean, well-pressed uniforms appeared at my desk looking for a colleague. I pointed them to an adjacent desk where they proceeded to read him his legal rights as they marched him out of the building. He had shared the wrong information with the wrong people. I think it is fair to say that from that day onwards my attention to all software security matters was rather more focused.
There is no denying the importance of software and the critical role it plays in delivering digital transformation for business and society. The pandemic has highlighted just how much can be achieved when software-intensive digital technologies are put to work. But this utility and value can be exploited, as Nicole Perlroth’s book certainly reminds us. Be careful out there.
Digital Economy Tidbits
The former Governor of the UK Bank of England, Mark Carney, has written a very interesting book reminding us that what matters is not “price” but “value”. And considers how ideas of what and where to find value have shifted in recent years.
I already have this on pre-order from Amazon….should arrive on Thursday. This short extract is worth a read.
An emerging landscape of skills for all. Link.
A nice article from Linda Gratton on the skills that are needed in businesses as we go forward.
Today’s skills challenges require that companies shift corporate initiatives and resources to where they’re most needed — the jobs most vulnerable to churn. Here’s what you can do to support learning across the full pay and skills continuum.
Open source tools powering health data science. Link.
This is a nice discussion on the methods for gathering science data and making it available online. This won a design award for best use of data from DesignWeek.