View: Information Systems
 Working Group: Information Security and Safety
Description of the group
"System dependability is trying to answer a very important question, namely: "how can we make the computer systems and communication networks that we increasingly rely on more dependable?" Our lives have become critically dependent on the correct operation of these systems as we surf the web, fly in airplanes, drive our cars, manage our finances, and even heat our homes. The traditional concerns of the dependability community (e.g., inadvertent faults, errors, and failures) have now been enlarged by the massive connectivity provided by the Internet to include malicious exploitation of imperfect systems and networks, and intentional cyber-attacks on them. How can we build systems that are not vulnerable to such threats, systems that users can depend upon in transportation, financial, and e-commerce transactions, medical healthcare and other sectors depending on critical systems. Dependability is the extent to which a critical system is trusted by its users. By dependability we usually mean a system that at least has some of the characteristics reliability/availability, security, safety, robustness etc. The group will try to identify and discuss which driving forces, technologically, politically, economically and ethically that will influence system dependability."



Position paper
 
Slide Show

System dependability and the future - INFOSAM2020

Torbjørn Skramstad, IDI, NTNU

Position paper for INFOSAM2020, IME, NTNU, April 14th 2004

 

“Where a calculator like the ENIAC today is equipped with 18,000 vacuum tubes and weighs 30 tons, computers in the future may have only 1,000 vacum tubes and perhaps weigh only 1,5 tons.”

---Popular Mechanics, March 1949, p. 258

Introduction

This paper discusses the trends expected with respect to system dependability towards 2020. System dependability is trying to answer an important question, namely: "how can we make the computer systems and communication networks that we increasingly rely on more dependable?" Our lives have become critically dependent on the correct operation of these systems as we surf the web, fly in airplanes, drive our cars, manage our finances, and even heat our homes. The traditional concerns of the dependability community (e.g., inadvertent faults, errors, and failures) have now been enlarged by the massive connectivity provided by the Internet to include malicious exploitation of imperfect systems and networks, and intentional cyber-attacks on them. How can we build systems that are not vulnerable to such threats, systems that users can depend upon in transportation, financial, and e-commerce sectors?

 

It is said that it is easy to be overoptimistic with what you can obtain in two years, but you normally underestimate the amount of changes that will occur in a ten year period. Trying to draw up the trends towards year 2020 will therefore be an extremely uncertain prediction, although, some trends can be observed. From history we know that things develop “linearly” for some time, and is then influenced by disrupt changes, due to new inventions, new technology and new markets

 

Dependability is the extent to which a (often critical) system is trusted by its users. By a dependable system we usually mean a system that has at least some of the characteristics reliability/availability, security, safety, robustness etc. We therefore start with a short description of what we mean by these terms.

Safety and security - what is it?

By  a safe system we mean a system that can perform its intended function without failures that might lead to dangerous or catastrophic situations. Safety is concerned with ensuring that the system cannot cause damage irrespective of whether it conforms to its specification. By security we mean the ability of a system to protect information against unauthorised access and intentional misuse. Security includes characteristics such as authentication, authorisation, confidentiality, integrity, privacy, non-repudiation and availability. Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.

 

Security is an essential prerequisite for reliability, availability and safety, and thus also dependability.

Some economical, political and technological trends

It is expected that the economic growth will continue in the Western World throughout the period, and that that the trend towards deregulation and privacy will continue. People will have more spare time and will spend more time on travel, health care etc. There will also be a pressure for increasing productivity, and for shorter development times. Increased efficiency.

 

We will experience an increase in the terror threat towards computer intensive systems as these get more and more important for the modern societies.

Globalisation: more and more software and hardware will be developed in low cost countries such as India and China. The same will apply to Computer Operations Centres and Research as well as many office based services [1].

Some expected trends related to safety

Safety has for a long time been considered seriously and carefully within many traditional industries such as process control, oil and gas production, transport systems such as railways, and airplanes, and nuclear power plants. The systems were safe because technology developed slowly, and one could learn from near accidents and accidents. During the last 10-20 years computers and software has taken over more and more for electromechanical devices (such as relays and servos) and hydraulics. Traditionally, special computer hardware has been used in such applications. The software development has been very burdensome with focus on well-behaved software development processes, extensive testing and validation. The ongoing trend within these industries is that general purpose cheap processor chips are used more and more, and we see an increased use of COTS (i.e. using standard operating systems such as Windows XP and Unix) is forced in use mainly for reducing development times and costs. We also see that the systems are being more and more distributed, often over public communication networks such as Internet. Examples of this is “Remote Oil Production” where more and more of the offshore installations are being operated from onshore via complex/multifunction communication networks. It is also a trend towards interoperability – systems that are operated in close cooperation. We also see that propulsion and control systems onboard large marine vessels are developed for being operated by 40-50 crew in order to be safe enough, while modern ships mostly are manned with less than 10 crewmembers.

 

The use of computers and software is rapidly increasing within industries such as automotive and medical device industry. These industries have a little tradition for thinking safety related to computers and software and are much less mature than for instance the aircraft industry.

 

Traditional industries have to learn how to utilize modern technology to increase the efficiency without reducing the safety. The systems get more complex due to the flexibility to develop functionality through software and because several systems are integrated and due to distribution of components geographically and network-wise. In [4] Charles Perrow , argues that the conventional engineering approach to ensuring safety--building in more warnings and safeguards--fails in complex systems because systems complexity makes failures inevitable. He asserts that typical precautions, by adding to complexity, may create new categories of accidents. He further argues that new safety analysis methods have to be developed in order to manage increasing complexity and increasing speed in technology evolution.

 

Typical questions are:

-         How to assess safety of complex distributed systems?

-         Can the uncertainty related to use of COTS and software of uncertain origin in such systems be solved by redundancy and diversity. How can we assess the diversity of COTS hardware and software? As more and more components are developed in low cost countries, how can we be sure that the integrated system is safe even if each component has high quality?

-         How complex systems are we able to assess for safety? (Top Issue).

-         What are the impacts on human computer interfaces related to safety for such systems?

-         How to obtain safe communication over the Internet? Can we be sure that the responsde time is short enough? Are we sure the messages will reach the receiver fast enough and with integrity?

 

Some expected trends related to security

[2] has some interesting reflections:

-         There will be a worldwide broadband network based on fiber optics, communication satellites, cellular and microwave. Face-to-face, voice to-voice, person-to-data and data-to-data communication will be available to any place at any time from anywhere

-         Ubiquitous availability of computers will facilitate automated control and make continuous performance monitoring and evaluation of physical systems routine

-         Our homes will be integrated systems, smart and smarter integrated houses, and plugging into the communications network

 

[3] says that:

-         Emerging core computing technologies (e.g. Quantum cryptography, nanotechnologies, hybrid inorganic/biology computing) will not disrupt general-purpose, semiconductor based computing through 2010. It is expected that the introduction of quantum computing will disrupt the evolution of cryptography (with probability 0.6).

-         At the same time as general-purpose computers in the world are interconnected via the Internet billions of miniature intelligent devices already inhabit the world, with their number increasing faster than the human population. The next ten years will bring new capabilities: a) many physical objects will be coded and therefore will become uniquely identifiable, b) intelligent devices will be embedded in many physical objects, and will be networked via the (mostly) wireless Internet. Gartner calls this the “Supranet”

-          In the next ten years, a single, advanced integrated IP network will be handling the majority of the world’s communications needs. This converged, broadband, intelligent network will extend well beyond voice and data, local and long distance, supporting an ever-widening array of services, and blurring distinctions among networking, computing and applications. Driven by e-business requirements and facilitated by technological advances such as e-switching and next-generation satellites, the increasing externalization of networking will give rise to an environment where applications, content and data reside in the network and are dynamically handled by network service providers in real time, without user intervention.

-         Content is the core of business transactions, publishing and entertainment. The diversity, volume and effect of content will grow such that during the next 10 years, we will experience unprecedented levels of interactive content, driving valuable revenue streams for publishers, corporations and media companies. Content will be accessible almost anywhere via broadband and CDNs. The effects of this will stretch from the corporation into the home, as rich media content will be stored and managed in a digital asset management system. High-value content will have to be delivered securely. In the enterprise, the ongoing digitization of more and more information, including document authorization, will ease in fully digital process management for more and more business processes.

-         Mobility represents the next major business and technical discontinuity facing large enterprises. While the PC and Internet revolutionized communications systems, mobility will revolutionize information flow that will affect business users, customers and partners. By the year 2007 more than 60 % of the EU and US population aged 15 to 50 will carry or wear a wireless computing and communications device for at least six hours a day, by 2010 this is expected to be more than 75 %. By 2010, less than 5 percent of global wireless subscribers will be using true 4G technology (0.6 probability), but 15 percent will be using components of a full 3G architecture based on LAN/WAN integration and IP applications (0.7 probability).

 

Gartner [5]uses a so-called Hype Cycle Graph to illustrate how new and promising technologies goes through various phases of development. The following curve shows Gartner’s curve (from 2002) for ICT related technologies. It shows the typical progression of a technology from overenthusiasm through a period of disillusionment (because of the inevitable failures arising from inappropriate application), to an eventual understanding of the technology’s relevance and role.

 

 

 

A similar graph from 2003 is shown below:

 

 

Gartner has also presented a Hype Cycle graph for Identity and Authentication related technologies. It is from 2003 and presented below:

 

The figure on the following page shows the relations between threats, threats agents, assets and vulnerabilities and safeguards as seen from the ISO17799 [7].

 
[full size figure]

By 2020 we may see a scenario like this:

 

-         A larger amount of the world’s information assets will be digitized and access able via the Internet.

-         Internet traffic will increase enormously and most human beings in the Western world will have continuous and direct access to Internet, mostly via wireless communication devices.

-         Criminals and terrorists will have at least the same access to Internet as most people. They will be better educated, more sly and will have the newest technology available. Example: On a tour on a large passenger vessel in the Oslo Fjord it turned out to be possible to get control of the ships machinery from a passenger laptop with wireless communication in the vessel’s conference room.

-         The amount of computer crime and possibly terrorism will increase significantly. Statistics from CSI/FBI shows that incidents have nearly doubled each year in the period 1997-1999. This is expected to continue. The police need to have access to and measures to avoid and investigate crime and terrorism in the Cyberspace in the same way as in the public space today (cyberspace forensics). 

-         More and more of the information stored and transported via the Internet will be of significant value to individuals, organisations and nations. Use of the Internet for communication related to safety applications will increase significantly.

-         More information has to be encrypted in order to protect sensitive information both while stored and while transported, but emerging computing technologies such as quantum computing may make contemporary encryption algorithms infeasible.

-         Biometric access technologies will dominate authorisation and authentication

 

So what are the main questions we have to face:

-         Research on better and new types of encryption technologies

-         Develop better risk analysis methods to better understand and manage the real risks in a more complex setting

-         Research on more reliable software development methods.

-         How to back-up enormous amounts of data distributed across the Cyberspace.

-         Which impact will the introduction of RFid have?

-         Research on how safety critical systems should act when disconnected from partnering systems – transmission of “plan ahead safe states”.

 

 

References and Background literature

[1]       Dagens Næringsliv, 3-4 April 2004, p. 33m

[2]        J.F. Coates, J.B. Mahaffie, A. Hines, in “Scenaries of US and Global Society Reshaped by Science and Technology, 2025”

[3]        Gartner Group, “Emerging trends and Technologies scenario, 2003”

[4]        Charles Perrow, “Normal Accidents” (1999)

[5]        DNV Research: Technology Outlook 2003 – DNV Research’s assessment of development trends, DNV 2003.

[6]        Gartner Symposium ITXPO 2002

[7]        ISO17799: Information Security, 2003

[8]        Rebecca T. Mercuri, Security Watch: Superscaled Security, Comm. of the ACM, March 2004/Vol. 47, No. 3, p. 15.

 

Acknowledgements

Stig Frode Mjølsnes (NTNU) has been a valuable discussion partner during the production of the first draft of this paper and giving comments to the first draft. Useful comments and improvement proposals have been supplied by the following individuals: Tor Stålhane (NTNU), Siv Hilde Houmb (NTNU), Lars Bratthall (DNV Research), and Jan Hovden (NTNU).



Members of the working group:
Professor Stig Frode Mjølsnes, Department of Telematics
sfm@item.ntnu.no
Professor Torbjørn Skramstad, Department of Computer and Information Science
torbjorn@idi.ntnu.no
Professor Tor Stålhane, Department of Computer and Information Science
stalhane@idi.ntnu.no
Ph.d. Student Siv Hilde Houmb, Department of Computer and Information Science
sivhoumb@idi.ntnu.no
Senior Researcher Lars Bratthall, DNV Research