Self Diagnosing and Self Healing Systems

Posted on : 27-03-2013 | By : richard.gale | In : Innovation

Tags: , , , , , , , , , , ,

0

Medical internet sites are leading the charge on self-diagnosis – working through a set of symptoms to produce a number of likely outcomes. In automotive and aeronautical industries the concept of voting based systems for ‘mission critical’ decisions are well established (the Airbus has three sets of applications performing the same function developed and tested by separate teams. 99.9% of the time they all make the same decision correctly but if there is a dispute the majority ‘wins’).

Many business systems rely on an army of people to change, fix, tune and oil the huge number of systems, applications and processes that reside in organisations. Why have the ideas used in other disciplines not been transferred to general business?

We think that there is a lot of long term potential but there is long way to go and the reasons are as follows:

Homogeneity  – most systems use similar components or software but the business complexities result in very diverse implementations and one firm’s trade processing flow will look very different from another. So the ability to produce a generic solution for understanding issues and resolving them automatically currently outweighs the benefits. One major bank we know has identified that 70% of its risk systems across investment banking and corporate have the same functions but is not going to consolidate through a combination of politics, strategic focus and potential regulatory impacts. If it did have the desire (and nerve!) to do this it would be a perfect opportunity to build in some simple feedback and decision making abilities into the applications (we think anyway…)

Impact – although large they do not generally have the same impact or coverage. A medical self-diagnosis system requires human interaction but also will be generally the same for seven billion people, if an Airbus 320 crashes due to systems failure then the number of people directly impacted is low but the effect on the manufacturer, airline and air travel generally is very visible and high.

Desire – Most of these systems are ‘good enough’ and it is accepted practice to utilise a large team to support an application. Organisations look for efficiencies through standardisation, scaling, outsourcing and generally using lower cost staff to support them. Organisations benchmark themselves against their peers and if similar organisations are doing things a similar way then then the desire for radical changes can be reduced.

Risk – or fear of the unknown. There has been a great deal of research and experimentation with self diagnosis/healing in electronic control systems but the field is still young in the business applications space. Being an early-mover could result in a very expensive failure and so risk adverse CIOs are unlikely to step up to this challenge without one of their peers going first.

Knowledge – this is, perhaps, the deciding factor in the usage of self-diagnosis – electronic system that control planes, although being immensely complicated usually only have a small number of potential outcomes, financial systems with multiple forms of inputs, transformations, calculations, manual overrides, legacy and diverse systems can have an almost infinite number of outcomes or issues. No trading system is fully tested before it goes live as the complexity of the testing process would mean the system would be obsolete before it was signed off. Couple that with a 10 year old accounting engine written by 100 people (95 of which who have left the company), a bought in messaging system and an outsourced settlement function and it is little surprise why the inventive, creative minds of experienced human resources are needed to identify and resolve the myriad of issues emerging from the infrastructure.

So, for the short term at least, we think the armies of support staff across IT and business support are here to stay. But as technology continues to move forward we think there is a great opportunity for organisations to make a step-change in their support models and start building in self diagnosis and correction into their applications. The results in terms of operational efficiencies and reduced costs through errors and manual intervention could be enormous.

 

 


The evolution of the cyber criminal

Posted on : 27-03-2013 | By : john.vincent | In : Cyber Security

Tags: , , , , , , , , , , ,

2

It has been a while since we wrote about cyber crime, the impacts to technology risk management and The Five Principles to Modern Malware Protection back in our April 2011 blog. Our clients are increasing concerned about the cyber threats and during that time not only the industry awareness has increased, but also news coverage and the government response.

Indeed, this week the UK security services announced it would set up a new unit in London to work with businesses to combat the growing threat of cyber attacks from areas such as China and Iran.

Agents and analysts from MI5 and GCHQ will work alongside private sector counterparts in a new government “fusion cell”. So far there are 160 companies from finance, defence, energy, pharmaceuticals and telco are involved in the scheme, creating what officials are calling “a secure Facebook for cyber threats”.

Under the Cyber Security Information Sharing Partnership (CISP), private firms will be given access to a secure web portal. It will operate on social network lines, in which more than a dozen analysts, based at a secret location in London, can choose who they share information with.

There are very good reasons for this move to strengthen the response capability. Attacks have changed dramatically with the passing of each decade. In December of 2012 it was reported by the head of City of London Police, that Britain is effectively losing the war on internet crime after it emerged that it cost the UK businesses around £205 million in lost revenue. Couple that with the increased sophistication and potential for environmental and cyber terrorist exploits and you can see the scale of the problem.

So who are these people? Cyber attackers have evolved from lonely hackers passing time to fully “employed” online assailants who target their online assaults on an individual, an organisation or even a government. What is their aim? Who employs them?

Going back to the 1980’s and through to the late 1990’s the threats were predominantly from students or people looking for “personal fame”. The potentially serious nature of security breaches was often brushed over by the media and even somewhat glamorised in films. However, from the late 1990’s things changed with criminal gangs after personal gain and “cyber spies” operating on behalf of national interest.

You can consider three levels of threats;

  1. Layer 1 : All Organisations – threats less targeted such as former disgruntled employees, careless users, botnets, compromised websites and less experienced hackers
  2. Layer 2 : Targeted/For Profit – threats directly aimed at targets such as Financial Institutions, Political Organisations and companies with significant IPR collateral
  3. Layer 3 : Espionage / State Sponsored – threats aimed at governments, critical networks and infrastructure, defence systems and high value R&D organisations

According to the Verizon Data Breach Investigation Report (DBIR) 2012, only 8% of security breaches are detected by the organisation themselves and, of that, only 15% actually detect within a week.

This is startling, but not entirely surprising. Most organisations have invested significant resources in defence mechanisms. The problem is that sophistication of malware and cyber criminals have stayed one step ahead of the traditional perimeter defences.

So a new approach is needed to combat these APT’s – Advanced Persistent Threats;

“…refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity” 

Without getting “down in the technical weeds”, the issue is that once these APT’s have sailed merrily past the numerous layers of security they then employ evasion tactics such as being polymorphic (self-modifying), creating several iterations on multiple machines and removing the infection trail.

So what are the tell-tale symptoms? Well, according to FireEye, the leader in malware threat protection, the following are some to look out for;

  • Finding system exploit code embedded in email attachments or delivered via web pages
  • An increase in elevated logons late at night
  • Outbound connections to “Command and Control” servers
  • Large, unexpected flows of data from within the network
  • Discovery of large data files appearing in places where that data should not exist

The problem is often that most companies will have some form of compromised security, even if it has sat dormant on the internal network for many months or years. The challenge is to stay close enough to the new cyber crime techniques and their evolution for the foreseeable future.

 

Broadgate Consultants are a FireEye partner. If your organisation would like to explore how we can help improve your organisations cyber protection, please email jo.rose@broadgateconsultants.com.

 

Broadgate Predicts 2013 – Survey Results

Posted on : 27-03-2013 | By : jo.rose | In : Data, Finance, General News, Innovation, IoT

Tags: , , , , , , , ,

0

In January we surveyed our clients, colleagues and partners against our predictions for 2013. We are pleased that we have now the results, the highlights of which are included below.

Key Messages

Infrastructure as a Service, Cloud and a shift to Data Centre & Hosted Services scored the highest, outlining the move from on-premise to a more utility based compute model.

Strategies to rationalise apps, infrastructure and organisations remains high on the priority list. However, removing the technology burden built over many years is proving difficult.

Many commented on the current financial constraints within organisations and the impact to the predictions in terms of technology advancement.

Response Breakdown

 

 

 

 

 

 

 

 

 

 

Of the total responses received, the vast majority concurred with the predictions for 2013. A total of 78% either “Agreed” or “Strongly Agreed” (broadly in line with the 2012 survey).

Ranking

 

 

 

 

 

 

 

 

 

 

The diagram above shows the results in order from highest scoring to lowest. The continued growth in Infrastructure as a Service had the top overall ranking with 91% and the least was Crowd-funding with 53% agreement.

Respondents

 

 

 

 

 

 

 

 

 

 

We sent our predictions out to over 700 of our clients and associates. Unlike our previous years’ survey, we wanted to get feedback from all levels and functions, so alongside CIOs, COOs and technology leaders we also surveyed SMEs on both the buy and sell side of service delivery organisations.

We would like to thank all respondents for their input and particularly for the many that provided additional insight and commentary.

If you would like a copy of the full report, please email jo.rose@broadgateconsultants.com.