What an unexpected pleasure. I’ve been asked to give a keynote speech at this year’s IET system safety and cyber security conference. So if you want to hear me in the flesh gentle reader, come along to Manchester this October, I promise to provocative.

The recent Cisco Internet of Things (IoT) grand security challenge is a tacit recognition that the current security problems of the connected world may not be sustainable when scaled to, well, to everything…

Continue Reading…

Mars code: JPL and risk based design

One of the trophes I’ve noticed in design projects over the years is the tendency of engineers to instinctively jump from need to a singular conceptual solution. Unfortunately that initial solution rarely stands the test of time, and inevitably at some crisis point there’s a recognition that this will not work and the engineers go back to change the concept, often junking it completely.

Continue Reading…

Cognitive biases potentially affecting judgment of global risks


So if you’ve been following the Snowden leaks, you’ll understand how egregious that agencies poking and prying has become. To the point that we should probably abandon any pretense that much of the NSA’s program serves any rational purpose.

This seems to be a case of normalised deviance on a massive industrial scale. Apparently conducting black ops, with no consideration of such time honoured military principles as economy of force, all behind a veil of secrecy and legal obsfucation makes you vulnerable to that sort of collective craziness, what a surprise.

Continue Reading…

iOS-7 (Image source: Apple)

What iOS 7′s SSL/TLS security patch release tells us

While the commentators, pundits and software guru’s pontificate over Apple’s SSL/TLS goto fail bug’s root cause, the bug does provide an interesting perspective on Least Common Mechanism one of the least understood of Saltzer and Schroede’rs security principles. For those interested in the detail of what actually went wrong with ‘SSLProcessServerKeyExchange()’ click over to the Sophos post on the subject.

Continue Reading…

Linguistic security, and the second great crisis of computing

Distributed systems need to communicate, or talk, through some sort of communications channel in order to achieve coordinated behaviour which introduces the need for components to firstly recognise the difference between valid and invalid messages and secondly to have a common set of expectation of behaviour. And fairly obviously these two problems of coordination have safety and security implications of course.

The problem is that up to now security has been framed in the context of code, but this approach fails to realise that recognition and context are essentially language problems, which brings us firstly to the work of Chomsky on languages and next to Turing on computation. As it turns out above a certain level of expressive power of a language in the Chomsky hierarchy figuring out whether an input is valid runs into the halting problem of Turing. For such expressively powerful languages the question, ‘is it valid?’ is simply undecidable, no matter how hard you try. This is an important point, it’s not just hard or even really really hard to do but actually undecidable so…don’t go there.

Enter the study of linguistic security to address the vulnerabilities introduced by the to date unrecognised expressive power of the languages we communicate with.

Continue Reading…

WRESAT Tests (Image source: Australian government)

Australia is a lucky country, run by second-rate people who share its luck

At the end of WWII my country could make its own aircraft, radar sets, ships and tanks. By 1947 Ben Chifley our war-time prime minister had launched the Snowy Mountain scheme,  and by 1958 we had built HIFAR our first nuclear reactor. In 1967 we were the fourth nation to launch a satellite into orbit, and were pioneering digital computers on the Snowy scheme. So how did a nation that did all these things not because they were easy, but because it believed they were important enough to do, end up in a situation where the dying heart of our industrial might is considered to be a few foreign-owned car manufacturing plants in Victoria?

I had in mind in particular the lack of innovation in Australian manufacturing and some other forms of Australian business, banking for example. In these, as a colonial carry over, Australia showed less enterprise than almost any other prosperous industrial society.

Donald Horne

We seem to have lost the ability to imagine a tomorrow different from today,and then to act on that imagining. Instead our future is mapped out by the great and the good as little more than a large open cut mine. Nation building? We’ll have none of that, it’s all about homo-economicus, the citizen defined as consumer and the devil take the hindmost. Energy policy? Why would we need that? We’ve got plenty of coal to burn for another two centuries. Imagination and reflection? No time in the feeding frenzy media cycle that substitutes for informed and rational debate. Nor are our so called business leaders any better, an obsession with short term gain and an unwillingness to take risks has led to our best individuals and their ideas decamping overseas.

The problem is that this century is going to be even tougher than the last and any nation that lacks imagination, courage and the tenacity to stay the course will just go under. I wish I could report that I think Australians have what it takes to weather the coming storm, but viewing the puerile partisan debates swirling around the latest casualties in a long dying half century of neglectful myopia I am less than optimistic.

Monument to the conquerors of space Moscow (Copyright)

Engineers as the agents of evolution

Continue Reading…