Results tagged “resilience”

"The day the Internet stopped" - revisited: How often do you get the spasm of fear when your connection falters?

| More
Yesterday's comments on the problems some faced when downloading the new Apple Operating system provoked interesting comment in the Washington Post - on why Apple's on-line services are not that good .I will not comment on the views expressed by various "experts" on their security - compared to that of others. My focus today is more on resilience - where recent outages for well-known cloud services have caused concerns among those who are not worried that their transactions are being monitored by the Edward Snowden's of this world.  

I first blogged on "The Day the Internet stopped" back in April 2008, Two months later South Park reached a rather wider audience on the same theme . In 2010 John Walker did me a more thoughtful piece on the need to address Internet resilience . Last week Channel Four (Blackout) reminded us that the Internet cannot be relied on in a "real" emergency as well as of the importance of taking cybersecurity rather more seriously. I would add that back in 2010 my advice (in the footnote to John's guest blog for this blog) was NOT to tell the neighbours that you have a standby generator and food supply.

Would it be such a very bad idea if the telecommunications engineers who created the ITU were to have rather more of a say in the future of the Internet?

That said, we should also remember that the politician who wields the national vote at the ITU is commonly a relative of the President, the Head of the Secret Police or both: the latter being a tradition set by Britain in when Charles II gave the postal monopoly, previously run by John Thurloe (Cromwell's spymaster) to his brother James: who looked after "internal security" and "put down" the first Penny Post as much because he could not steam open the letters, as because of his loss of revenue.

P.S. Those of you who are attending the Party Conferences should attend at least one of the Big Brother Watch events. I suspect that the fieriest will be on 30th September, at 13.30 in the Barbirolli Roomon the Bridgewater Hall on: Porn, Perverts and Predators: Who in their right mind opposes internet regulation? with a panel that includes John Whittingdale MP (Chairman of the Culture, Media and Sport Select Committee) and Paul Staines (alias Guido Fawkes).

Rebuilding Trust in the On-Line World

| More

The collapse of the Internet and of mobile phone networks as Hurricane Sandy hit New York and New Jersey mirrors that when Katrina hit New Orleans. Trust is earned by those who deliver whatever the circumstances. The struggles of those who sought to keep their New York services going last week illustrate what that can mean. But how many "best efforts" services fall well short - and what are the implications as we move towards the always-on world of ubiquitous computing and the Internet of Things.

Widespread publicity for security compromises and the scale of on-line impersonation and fraud have led to a crisis of confidence in the on-line world in parallel with that in financial institutions as a result of the banking crisis and the scandals that have accompanied it. The financial crisis can be seen as a failure of information governance. The systemic weaknesses which enable criminals to organise computer assisted fraud arise from similar failures of technology governance. Such failures cross professional, cultural and regulatory boundaries. Now add the effects of the collapse of on-line banking and transaction systems, mobile phone networks, search engines or cloud services for hours, or even day on end when faced by fire, flood , severed cables  or even simple digititis (finger trouble) let alone major denial of service attacks .

Back in August I blogged on plans for a competition on "the meaning of trust in the on-line world" . The Ethical and Security panels of the IT Livery Company   have now held two linked round tables (one each)

By the end of the second meeting we had turned the question on its head: how do we enhance trust in the online world, given that we cannot (and probably will never) agree what trust actually or how it is gained across a truly multi-cultural and socially inclusive Internet - where most users do not accept the values of the Starship Enterprise

We also agreed that this is not a one off exercise and had turned our plans into a pilot for a three year project - which might well be extended if successful.  The draft definition of "success" for the pilot being:

  • Universities enhancing industry partnerships with participating employers
  • Students earning apprenticeships/internships/posts with employers they would not have considered
  • Good ideas for helping enhance the competitiveness of the UK/EU (we should not neglect the need to bring about attitudinal change among those who set the EU regulatory frameworks within which we operate) as a base of choice for globally trusted on-line products and services
  • Participants ready and willing to work together to build on what has been learned.

We are now galloping to get the pilot under way in time for the thousand or so masters students likely to produce relevant dissertations to attract support from potential employers. The first stage includes rephrasing and publicising the high level "question" because Masters students are expected to set their own questions and the issues can be addressed from a variety of perspectives, technical, behavioural, legal, ethical and cultural. More-over the supporters of the exercise have different objectives and the key to "success" will be to exploit the overlap so that these can be achieved at the same time as generating research and recommendations that will help bring about changes in attitudes and priorities and lead to effective action.

The framework below is therefore intended to stimulate discussion and thought. It is not intended to be the list of questions that the entrants agree with their supervisors and supporters.

The core question (dodged by almost all who look at the issues) is:

How do we bring about attitudinal and behavioural change: including by using technology to make it easier to follow good practice and harder to follow bad practice etc.?

Awareness and education programmes? Regulatory or compliance regimes? Civil or criminal law? Publicity? What are the roles of industry players, professional bodies, trade associations, self-regulators, statutory regulators, governments, auditors. Insurers? What are the roles of the technology and people processes in facilitating security, privacy, good practice, trust, by design/default?

The second question, at the heart of the original motivation for the competition is:

How do we enhance trust in the London, the UK as a location for globally trusted services and reap the rewards.

What is the role, if any, of the EU? How does improving on-line trust fit into the overarching objective of improving trust in the City/UK plc? Who (Financial Institutions, Government, Regulator, Professional Bodies, Trade Associations, Interest Groups) should do what?

Other high level questions might include:

How do you produce meaningful testing that deals with the claims made for the product or services i.e. not just tick box compliance with an "accreditation"?

Is improving trust that services will not fail (e.g. fire, flood, power or "failed upgrade" bringing down a system or network) more important than routines for reducing the risk of incidents (e.g. known or suspected security breaches)?

How could/should trade-offs between cost, privacy, resilience, reliability and security be handled?

How could/should "trust" be "arbitraged" across identity and transaction systems run by different organisations, in different ways and to different standards?

What is informed choice and informed consent? Does this change according to time/circumstance? Who can be trusted to ensure/record that choice was given, changed or revoked? Can consent be revoked?

There are, however, many subsidiary questions that also need to be addressed,

What is the meaning of Trust?

What are the determinants and components of trust - both on-line and off-line? Is there a difference and if so why? What is the current state of trust "ecosystems", including who trusts whom with their identity and/or personal information. How do we distinguish between exercising trust and being trustworthy. How do you build trust online? How do you rebuild trust after a failure? What about trusted technologies/devices? Is there a difference between trust at the wholesale level (institution to institution) and retail (institution to individual customer)?

What is the meaning of "My word is my bond" in the on-line world?

Who am I? - Issues of identity (personal, legal, etc.), registration, reliance, liability, authorisation, impersonation and anonymity: not only is identification irrelevant to many transactions but some market transactions require anonymity in order to avoid distortion.

What is my word? - Issues of authentication, translation, in a contractual, cultural and legal context. How is trust in "my word" affected by complex and conflicting product and service terms and conditions? Are these meaningful or enforceable? Would standard terms, streamlining, standardisation and  harmonisation improve trust?

What is my bond? Issues of responsibility, liability, governance etc. Does civil law, adjudicated in London, provide a better recourse against abuse than criminal law? Legislation covering the City of London Police is different to the rest of the UK. This enables cooperation across legal boundaries which cannot not organised elsewhere. How could/should better use be made of the consequent potential? What about the differences between common, roman, jewish and shariah law (bearing in mind that all are used in London)  and their attitudes towards on-line transactions?

What, if anything, is different about the on-line world and why? Multi-cultural, multi-lingual centres like London have been handling transactions between people who never physically meet for centuries. So what really is different: problems, threats and opportunities?

I will not go into the judging criteria in detail save that for round one they are those for a Masters Dissertation: a mix of information collection and analysis in support of an innovative answer to an interesting question. For round two is for presentations by those producing innovative answers which help the competitiveness of UK plc. There may be cash prizes in both rounds but "real" prizes in are the degree and contact with potential employers and/or research sponsors (in Round One) and publicity for student, university and industry supporters in addressing issues of concern to sponsors in (Round Two).

I welcome e-mails (to from employers wishing to enhance their university and identify and support potential recruits. I also welcome e-mails from on-line banking, retailing, transaction, service and security providers who would like to use publicity for their participation to demonstrate that they take the protection of their customers and those in their supply chains seriously and also wish to ensure that the UK is a globally competitive base for themselves and their most reputable competitors.

I should perhaps add that I personally hope that most of the latter will also decide to join the Digital Policy Alliance with a view to using the material and ideas that emerge to help bulldoze out of the way the UK/EU regulatory overheads that do nothing to enhance trust and drive on-line transactions off-shore and out of the EU.

Do the recent riots make a new business case for Cloud computing

| More

In his blog on the impact or otherwise of the recent Cloud outages caused by lightning strikes in Ireland, Cliff Saran points out the small size of one of the best known Cloud operations - selling surplus capacity on a global on-line retail operation. I have blogged before on the amorphous nature of Cloud computing and the way is used to embrace almost anything from a repackaging of the operations that EDS (now part of HP) and IBM have been running for the US Department of Defence for over 40 years to an on-line test environment.

The torching of businesses over the last few days by the rioters who looted them has opened up a new business case for the on-line, off-site, data back-up that is an integral feature of cloud computing. I had thought the torching was to destroy the evidence (including locally stored surveillance video) but it now appears it was also an anarchic revenge on all who had refused them jobs and "respect".

Either way, whether the smoking heap of wreckage was a small business in a city centre, a superstore in a retail park or a national distribution depot for consumer goods, the case for having off-site processing and data storage has suddenly become much stronger. But the vulnerabilities of data centres to power problems and of communications networks to similar disruption (including lightning strikes and cable theft) also need much greater attention.

Hence the importance of the Information Society Alliance (EURIM) work on Shared Infrastructure issues as part of the policy study on Opening Britain for On-line Business.  I am particularly glad that one of the main UK suppliers of Cloud Computing has just volunteered  to help lead the work on the inter-operablity interfaces needed to help support resilient and secure services, with fewer of the vulnerabilities than other parts of the world.   

How many died when West London lost its networks?

| More
As yet it is unclear how many lost their phone and broadband connections and for how long, as a result of the flood and fire at the Paddington exchange yesterday but it is reported to have affected over 400 exchanges. HMG has just released its long awaited Cyber Crime Strategy but we should never forget that fire, flood and digititis (finger trouble) still a more common threat to those who place over-reliance on technology than is criminal attack. Hence the need for anyone whose business, let alone life, depends on always-on adopt a genuinely multi-channel approach to resilience.

Digital Britain - charge the Elephant not the dying donkey

| More
The Digital Britain Report contains much that is to be welcomed and it will be unfortunate if debate focuses on the weakest section: the proposals for funding the roll out of broadband, particularly the levy on the local loop. The Internet advertisers, who will benefit most appear to have got away with paying least.    

The day the Internet Stopped

| More

On July 4th 2008 the frogmen of the Global Privacy Alliance cut TATnn and Helvetica, removing 80% of currently operational Internet capacity between the United States and Europe. Simultaneously they struck PCn and PACnn, with similar effect on trans-Pacific capability ...

How resilient is your infrastructure

| More

Yesterday I received the following "Update" from Ofcom

"New Ofcom notification service - advanced notice of possible interuption to Global Positioning Systems: The Ministry of Defence conduct occasional tests on military systems which may result in some loss of service to civilian users of the Global Positioning System (GPS) including in-car navigation devices and networks which rely on GPS signals. Ofcom has today launched a new email update notification service to give advanced notification of these tests - To sign up for these email updates please register here:

The missing ghost at the Party Conferences

| More

Over 400 delegates attended a fringe meeting addressed by the Secretaries of State for Trade and Industry (Patrick now Lord Jenkin) and Education and Science (Norman, now Lord Tebbit) on the critical importance of IT to the UK economy at the Conservative Party Conference in 1982. Over twenty IT companies had stands outside to reinforce that message

Then IT was seen as the "metatechnology" of the future. Today it really does underpin society. But the only IT-related fringe meetings at the conference this year appear to be those on the need to balance the war against terror and civil liberties within the ippr , programme, on the perils of electronic voting from the Openrights Group and on Avoiding Computer Aided Catastrophe (alias the need for a joined up approach to information assurance), organised by the Conservative Technology Forum . Few ICT suppliers are exhibiting at the conferences and most no longer have any public affairs or political relations staff to send.

LIttle wonder we do not have well informed political debate on matters IT


Find recent content on the main index or look in the archives to find all content.


Recent Comments


-- Advertisement --