Wednesday, 20 June 2012

Power in Whose hands?


Across the UK computer usage is increasing, for both social and business areas, and it looks to continue to do so. This is leading to an increase in the ways in which we as individuals, households, service providers, and the organisations we work for may be attacked.  Ownership of numerous gadgets and systems that we have, all increase the technical attack surface we expose. See page 10 of the IMIS Journal (Bring Your Own phenomenon), and the Google powermeter.

Earlier this year Dave Clemente in written evidence to a Select Committee said “Protection of critical national infrastructure (CNI) is an area of significant importance and one that is becoming more difficult to analyse as inter-dependency increases between CNI sectors.”
He also says that in a conflict situation it may be necessary for the military and wider Government to operate in a degraded or insecure cyber environment. This requires acceptance that total control of ‘UK cyberspace’ – however defined – is impossible. As the late Prof Philip Taylor noted, ‘full spectrum dominance is impossible in the global information environment.’  This was meant in the context of military psychological operations, but it holds equally true when attempting to secure highly inter-dependent computer networks and information systems.

A recent Daily Mail article tells us that the Government has plans to install smart meters in our homes. Essentially a large scale Supervisory Control And Data Acquisition system. As well as the Government wanting information from these devices, people will want to access it on their various portable gadgets.

This prompted me to revisit an article the March 2012 IMIS Journal. Certification constraints and product life spans are pointed to as throwing up problems. Allan Dyer says that “New PC operating systems are released every few years, but they may be connected to systems with much longer life spans, such as line-of-business mainframe applications, or SCADA systems, or medical equipment. Medical equipment is often certified to medical standards, and the certification includes the computing hardware and software. The software may be obsolete and no longer supported by the software developers. There are Windows 98, Windows ME and Windows XP systems controlling medical systems still in daily use and the situation is ongoing”

In the case that the Daily Mail is talking about, the network linking 46 Million meters would have to be highly secure, as it could become impossible to ensure all those systems are up to date and protected against malicious hackers. As the system grows older, so the availability of protection would diminish, and the potential for infection increase. Malware disrupting the operation of just a few meters might be manageable, but malware could rapidly spread and disrupt many devices. The MIDPM article suggested that network traffic be strictly filtered so that only legitimate transactions are allowed. Maybe also there should be physical breakpoints or switches in the system to isolate parts, should the monitoring or firewall systems become compromised.

In the US, federal researchers discovered that outside hackers could take control of the generators used to produce electricity in the US and destroy them.  Presentations at a Black Hat hackers conference showed how control systems can be located with special Google searches and then ordered to shut down or speed up, potentially blowing up a power or water treatment plant.

Joseph Menn writing in the Financial Times says that “Hundreds of thousands of people in darkness, hospitals in chaos, a banking system under siege – a cyber attack on the US electricity grid could have catastrophic consequences”. See also an article in the Busines Insider.

Back in the Daily Mail Article Ross Anderson, a Cambridge computer science professor and chairman of the think-tank, said: ‘GCHQ have also told us they are worried about it.  ‘Once you have the ability to turn off meters remotely, then it becomes a strategic vulnerability. ‘If the Iranians or Chinese want to attack Britain, they could do so easily through smart meters. This is the modern day equivalent of a nuclear strike.’

How do we trade off the need/want for integrated systems against what happens if those systems become compromised? Individuals can install protection on their own systems, but what of the wider world?

Monday, 11 June 2012

P vs NP. A big Problem?


I have just been reading write up’s about a new film. The subject is perhaps not on the usual list of things we see the cinema.
http://www.travellingsalesmanmovie.com/

Complex math problems are probably near the bottom of things that people get excited about. But Travelling Salesman might just change that. The film is an, “intellectual thriller" about four mathematicians hired by the U.S. government to solve the biggest unsolved problem in computer science. Four people have jointly created a ‘system’ which means major advancement for civilisation or the destruction of humanity.
The P vs NP problem lies unsolved despite a $1 million bounty.  The problem is whether the P and NP classes are actually identical. Most researchers believe they are not.   It seems that we live in a world where some problems are fundamentally harder than others (or impossible).
Travelling Salesman takes place in a  world where Horton and colleagues prove that P = NP, This means that they can solve a range of incredibly difficult real-world problems from gene sequencing to the “travelling salesman” problem, crucial for logistics and scheduling.

According to the New Scientist article the plot unfolds after we learn that the solution enables the mathematicians to crack any cryptography system in the world, which is why their four-year research project has been funded to the tune of millions of dollars by the US government.
This was interesting as it follows on from another article in the New Scientist about Alan Turing. He invented the computer while trying to solve the above fundamental mathematical problem. By building his machine, he demonstrated that mathematics wasn't as perfect as many at the time believed, while also showing how powerful a computer could be.

Alan Turing, was one of the 20th century's most wide-ranging and original minds, and was born 100 years ago. In the New Scientist there is an article by John Graham-Cumming explaining why his ideas still matter now. Turing essentially founded computer science, helped the Allies win the Second World War with hard work and a succession of insights, asked fundamental questions about the nature of intelligence and its link with the brain's structure, and laid the foundations for an area of biology that is only now being fully appreciated and researched. I Blogged a bit about him before.