Oct 052010

There are no computer systems that are “too important to fail.” Failure, as any competent engineer will tell you, is always an option. Yet modern societies increasingly depend on systems to be foolproof. Electrical grids, air traffic control, automobile control, and medical equipment are all life-critical systems, and none of us wants to depend on life-critical systems with a high failure rate. Nobody wants to trust a large portion of his life savings to a financial trading system that is subject to unpredictable failure either. The same is true of the Internet itself. What we need to do is take a step back and study the design, architecture, and feedback control of these systems. Without such a discussion, we will experience more of these trillion-dollar flash crashes.

It is clear that interfacing in native mode (i.e., IP) over the Internet provides great flexibility for any advanced computer-based system, whether that be a smart appliance hooked up to the Smart Grid, a location device on a connected automobile, or an HFT system around the world. But it is clear that today’s Internet is increasingly vulnerable to security attacks and anything attached to it will therefore increase its vulnerability.

Then there is the question of privacy. It’s becoming clear that almost anything anyone puts on the Internet can (and will) be found and integrated with all the other data that exists about people, what they do, where they are, what they read, what they have said, and so on.

What Should We Do?

When considering the attributes of today’s increasingly complex, large-scale systems, it’s time to make risk management a priority using these three recommendations:

  1. Push for a public group equivalent to the National Transportation Safety Board (NTSB).
  2. Push for uniform privacy and confidentiality rules worldwide.
  3. Require new initiatives to produce something equivalent to an “environmental impact statement” regarding the impact of system failures and breaches of privacy, confidentially, and security.

Ken Orr

Ken Orr is a Fellow of the Cutter Business Technology Council and Government & Public Sector practice and a Senior Consultant with Cutter Consortium's Data Insight & Social BI, Business Technology Strategies, and Business & Enterprise Architecture Practices.


  One Response to “Make Risk Management a Priority for Complex Systems”

  1. avatar

    The National Institute for Standards and Technology provides that public group and forum and within their Special Publication 800 series provides for an integrated risk management framework. Under the Computing Security Resource Center one investigate a robust research resource for public domain consumption. http://csrc.nist.gov/.

    There should also be recognition that at the heart of this discussion is the need for more focus on Contigency Planning and Management. While many may use terms such as “crisis management”, “emergency management”, “risk management” all point back to Contingency planning and mangement and the need for more focus in this area as well as imrpoved training and equipping of personnel in contingency planning and execution (COOP, BCP, DRP).

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>