acm-header
Sign In

Communications of the ACM

Inside risks

The Big Picture


In this column we provide a high-level overview of some of the most pressing problem areas associated with risks to the constructive use of information technology. Although this may seem repetitive to those of you who have seen particular problems discussed in previous columns, each of these topics presents numerous challenges that must be urgently confronted. The primary message of this column is that the totality of all the interrelated challenges requires concerted efforts that transcend the individual problems and that reach agreement on viable actions for the future, even where strong disagreements exist today.

System development practice. Many readers of this column have long been aware of major failures in procuring and developing large systems, such as the U.S. Internal Revenue Service modernization efforts, U.S. and U.K. air traffic control systems, and German TollCollect. Large-scale software development remains a high-risk activity.

Trustworthiness. System and network security, reliability, survivability, interoperability, predictable behavior, and other important attributes are for the most part not receiving enough dedicated attention. Our computer-communication infrastructures are riddled with flaws. In the absence of really serious attacks, governments and system developers seem to have been lulled into a false sense of security. Thus far, neither proprietary nor source-available system developers are sufficiently militant in satisfying critical needs. In mass-market software, the patch mentality seems to have won out over well-designed and well-implemented systems.

The Internet. Increasingly, many enterprises are heavily dependent on the Internet, despite its existing limitations. Internet governance, control, and coordination create many contentious international problems. Worms, viruses, and other malware are often impediments, as is the ubiquitous spam problem. The Internet infrastructure itself is susceptible to denial-of-service attacks and compromise, while the lack of security and dependability of most attached systems also creates problems (for example, open relays).

Critical infrastructures. Despite past recognition of the pervasiveness of serious vulnerabilities, critical national infrastructures are still vulnerable to attacks and accidental collapses. For example, massive power outages are still not unusual, despite supposed improvements.

Privacy. Desires for homeland security have typically postulated that it is necessary to sacrifice privacy in order to attain security, although this is highly debatable. Sacrificing privacy does not necessarily result in greater security. Furthermore, serious inroads to privacy protection have occurred that may be very difficult to reverse. Surveillance is becoming more widespread, but often without adequately respecting privacy concerns—as illustrated by the USA Patriot Act. Legitimate needs for anonymity or at least pseudoanonymity seem to be suppressed.

Accountability. Oversight of computer activities is often as weak as oversight of corporate practices. On the other hand, audit mechanisms must also respect privacy needs. As one example, we have often noted here that today's unauditable all-electronic voting systems are seriously lacking in accountability—in fact, they provide no meaningful assurances that votes are correctly recorded and processed. (The October 2004 Communications special section is devoted to the integrity of election systems.)

Intellectual property. Entertainment industry efforts have sought fairly draconian copyright policies that run counter to consumer interests—and, in the eyes of some analysts, contrary to good economics. The Inducing Infringement of Copyrights Act of 2004 (INDUCE) is highly controversial. More sensible policies are desperately needed.

Education. U.S. university curricula in software engineering and trustworthy systems seem to be less responsive to needs of critical systems than in certain other countries. Furthermore, significant decreases have recently been reported in U.S. undergraduate computer-science student enrollment numbers, perhaps because of a noticeable reduction in foreign students. This situation has serious long-term implications worldwide.

As noted here, it is the totality of these problems in the large that is of primary concern. Simplistic local approaches are not effective. (Recall the discussion of the risks of optimistic optimization in the June 2004 column.) Much greater foresight and serious system-oriented thinking are urgently needed, along with private-public cooperation.

Back to Top

Author

Peter G. Neumann moderates the online Risks Forum (www.risks.org); papers and reports on how we might overcome many of the problems discussed here are available at www.csl.sri.com/neumann.


©2004 ACM  0001-0782/04/0900  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2004 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: