Pittsburgh, PA
October 18, 2021
    News           Sports           Lifestyle           Classifieds           About Us
The Dining Guide
National Job Network
Commercial Real Estate
Place an Ad
Headlines by E-mail
Home >  Business Printer-friendly versionE-mail this story
The Private Sector: Sustainable computing

It is vital to rectify our ubiquitous information systems, which are dangerously insecure and undependable

Tuesday, December 10, 2002

By William Guttman

When asked about the central lesson of 9/11, National Security Adviser Condoleeza Rice replied, "Do not let dangers gather."

(Illustrated by Stacy Innerst, Post-Gazette)

As the world's leading economy and the target of a growing terrorist threat, it is vital that our nation take steps now to make our information systems more secure and dependable -- qualities that today are dangerously lacking.

Our society and economy have become utterly dependent on information technology. Each day, software is deployed into more and more critical applications upon which lives depend -- from air traffic-control systems to automated-medication dispensers in intensive-care units. Yet, remarkably, we have little idea about the presence -- or absence -- of quality and security attributes in most software applications. There is no "Good Housekeeping" seal of approval for software. We operate systems without the safety nets of objective criteria, quantitative measurement, certification or inspection. In other words, we often just cross our fingers and hope for the best. It is estimated that defective software accounts for 45 percent of downtime and costs U.S. companies alone more that $100 billion a year.

Indeed, when it comes to software and IT, all of us are complicit in a kind of "culture of cynicism." Do users expect their computer systems to work flawlessly and to protect them from viruses? On the contrary, we have come to expect these systems to fail.

The very software bugs that cause routine crashes and corruption also enable more than 95 percent of all security breaches. The San Francisco Chronicle reported recently that 53 percent of IT purchasers are dissatisfied with their products, with 29 percent reporting that they continue to use IT products only because they are "trapped." Security problems continue to grow at more than 100 percent, year over year. And yet, we have no Plan B in place for the day when a digital equivalent of Mrs. O'Leary's cow kicks over a lantern, and sets the network on fire.

Not surprisingly, we are not doing nearly enough basic research in software engineering or in the economics of information security. The chief information officers of the nation's leading companies lack even basic data and analysis on the value of quality and security in the systems they purchase. Traditional market incentives and rational economic decision-making are woefully absent. Largely missing are the market mechanisms we expect in other complex engineered product sectors -- warranties, insurance and other tools that help to mitigate risk.

Three decades ago, American business executives arrogantly concluded that manufacturing quality control through statistical analysis was nothing but an added expense, rather than an essential business process. So the noted statistician and business consultant, W. Edwards Deming, packed his bags and went to Japan. Only after the Japanese began clobbering American automakers in the marketplace did quality become "Job 1."

Our attitudes toward software dependability and cybersecurity are now in a state comparable to those early and wrongheaded days in the struggle for manufacturing quality. Today, software's wise men travel to India and to China, while America's leading companies, in the memorable phrase of the National Security Council's Richard Clarke, spend less protecting their infrastructure than they do serving coffee. Will it take another invasion to wake us up?

The good news is that history has shown us that in every industry, users invariably demand increasing levels of reliability and security over time. Buildings get sprinklers and fire-retardant materials; cars get seat belts and crush zones. Likewise, as our technology infrastructure matures, those characteristics that maximize short-term profits at the expense of the public good will become increasingly difficult to sustain, not to mention sell. So things will change.

The President's National Strategy to Secure Cyberspace, now in draft, is an important step in the right direction. As noted in that report, "For the national economy and, in particular, the information technology industry, the dearth of trusted, reliable secure information systems is a barrier to future growth."

Carnegie Mellon University launched a major "sustainable computing" initiative this year to improve the dependability and security of IT systems. Carnegie Mellon is uniquely equipped to tackle this issue, given its success with other high-visibility initiatives, including the Software Engineering Institute, the Computer Emergency Response Team, the Center for Computing and Communications Security and the Sustainable Computing Consortium.

But it's going to take a lot more than the federal government and Carnegie Mellon to get this job done. "Sustainable computing" must move from the computer room to the boardroom. Unlike other nations, our national infrastructure is in private hands -- our financial resources, energy, oil, water and manufacturing of all types. It is the fundamental responsibility of private industry to join in stepping up to the challenge of creating dependable, stable and secure information technologies.

The risks of not doing so are palpable. Like manufacturing quality before it, computing sustainability is no less than a new management paradigm, whether we make, or simply consume, information technology. And in the aftermath of 9/11, it is quite simply a matter of national security.

William Guttman of Shadyside is a professor and director of the Sustainable Computing Consortium at Carnegie Mellon University.

Write us

To submit a letter or an essay for consideration for The Private Sector, please send it via e-mail to business@ post-gazette.com or via regular mail to Post-Gazette Business Section, Private Sector, 34 Blvd. of the Allies, Pittsburgh 15222. Please include your telephone number, municipality and return address for verification.

Back to top Back to top E-mail this story E-mail this story
Search | Contact Us |  Site Map | Terms of Use |  Privacy Policy |  Advertise | Help |  Corrections