Why the Power of Digital Transformation Comes With Huge Responsibilities

I have always had a deep-seated fear of software and its consequences. Despite more than 30 years earning a living from designing it, building solutions with it, and advising about its use, it has always been clear to me that the power that it brings has a very dark side. It can be destructive. It often contains far too many errors. It is much too easy to manipulate. And now I am also starting to believe that could well be at the core of our future downfall.

Our dependence on software has never been clearer. Beyond Marc Andreesen’s infamous “software is eating the world” comments a decade ago, we now find that software is also ”connecting the world”, “entertaining the world”, “governing the world”, and “feeding the world”. Remember that the predicted 50 billion devices that will soon be connected to the internet all depend on the software that brings them to life. From a handful of lines of code running a temperature sensor attached to a building, to the estimated 100 million lines of code embedded in a high-end car, this software is essential to so many things we do. Yet, we often know little about it, take it for granted that it is well designed, and take little care of its safe operation.

In recent days, my concerns have been heightened by spending time with the latest book by Nicole Perlroth, the cyber-security correspondent for the New York Times. In “This is How They Tell Me the World Ends”, Perlroth explores in frightening detail how and why cyber warfare, cyber terrorism, and software-driven exploitation is on the rise. She delves into the murky world of hackers and cyber-warriors and offers deep insights into the way governments such as Russia and China sponsor cyber-espionage for their own ends.

But it is simpler, everyday aspects of her story that are perhaps the most chilling. The way hacks and software exploits are bought and sold. The underground activities aimed at staying ahead in the cat-and-mouse game of finding the software weaknesses before they are patched. And the “zero day” brokers who trade software bugs the way a financial broker trades stocks and shares. Happy to create a marketplace in information that could bring down the systems intrinsic to all of our lives and capable of shutting down a power station, turning out the lights, stopping the flow of oil and gas, blocking all telecommunications, and much more. Does this sound too farfetched? Try a google search on “NotPetya” and think again.

I personally became aware of the importance of data security on a US Airforce base in Alabama over 20 years ago. I’d been working for a couple of years at the Software Engineering Institute (SEI) at Carnegie Mellon University in Pittsburgh when I was asked to lead a software architecture review on several proposed solutions for a very large military programme. But things did not go well.

As a Federally Funded Research and Development Centre (FFRDC), the SEI was set up in the 1990s in response to a growing awareness of the importance of software to the US national infrastructure. The US had just experienced a major wake-up call that came to be known as the “Morris Worm”.

Let loose by Robert Morris, a student at Cornell and the son of a cryptographer at the National Security Agency (NSA), it exploited a combination of known shortcomings in system software and poor security practices to replicate itself across the widening set of interconnected computers that were increasingly taking responsibility for critical tasks across government and military organizations.

While the Morris Worm was not written to be purposefully destructive, it caused chaos by slowing down computer operations and overwhelming the administrative resources assigned to system management. And the ease with which this occurred did not go unnoticed. Setting up the SEI was one of several responses, with the aim of bringing greater attention and professionalism to the practice of largescale software engineering across US government agencies and beyond.

Fast-forward a few years and I found myself in Montgomery, Alabama crawling through detailed design specifications for new software systems to be developed and delivered for the US Airforce. It was a steamy July afternoon, and I was perhaps not at my most attentive when 2 very burly Military Police personnel in clean, well-pressed uniforms appeared at my desk looking for a colleague. I pointed them to an adjacent desk where they proceeded to read him his legal rights as they marched him out of the building. He had shared the wrong information with the wrong people. I think it is fair to say that from that day onwards my attention to all software security matters was rather more focused.

There is no denying the importance of software and the critical role it plays in delivering digital transformation for business and society. The pandemic has highlighted just how much can be achieved when software-intensive digital technologies are put to work. But this utility and value can be exploited, as Nicole Perlroth’s book certainly reminds us. Be careful out there.

Source: AWB Digital Economy Dispatch #27

Alan Brown

Alan W. Brown is Professor in Digital Economy at the University of Exeter Business School where he co-leads the Initiative in Digital Economy at Exeter (INDEX). Alan’s research is focused on agile approaches to business transformation, and the relationship between technology innovation and business innovation in today’s rapidly-evolving digital economy. After receiving a PhD in Computational Science at the University of Newcastle-upon-Tyne, Alan spent almost 2 decades in the USA in commercial high-tech companies leading R&D teams, building leading-edge solutions, and driving innovation in software product delivery. He then spent 5 years in Madrid leading enterprise strategy as European CTO for IBM’s Software group. Most recently Alan co-founded the Surrey Centre for the Digital Economy (CoDE) at the University of Surrey where he led research initiatives in 4 EPSRC-funded research projects.

Explore more content

Improving in the moment

Seeing the opportunity
Read more

Being an Agile developer

Knowledge workers are key to Agile <
Read more

Unit and Integration Testing Overview

The two important types of testing <
Read more
Contact Us