Professor Ross Anderson - 15th MarchTitle: Are the real limits to scale a matter of science, or engineering, or of something else?Abstract
As people get excited about the latest idea for "Big Data" and the "Internet of Things", computer people often shake our heads and say "It won't scale." Pessimism isn't always justified: we have been able to scale up quite a number of tasks, from connectivity through search to social media. But other applications are recalcitrant, from energy management to medical records. The conventional computer-science view is that scaling systems is about computational complexity; about whether the storage or communications required for a task grows more than linearly in the number of users. Over the past thirty years we've developed a pretty good theory of that, but we're learning that it's nowhere near enough.
In this talk I present a complementary view, based on over thirty years' experience of security engineering, that the real limits to scale are usually elsewhere. Even where the data are manageable and the algorithms straightforward, things can fail because of the scaling properties of the social context, the economic model or the regulatory environment. This makes some automation projects much harder than they seem. When it comes to safety and privacy many of the attacks that are easy to do in the lab are rare in the wild, as they don't scale either. But others surprise us; no-one in the intelligence community anticipated a leak on the Snowden scale. In short, scaling is now a problem not of computer science but of systems engineering, economics, governance and much else. Conceiving problems too narrowly makes failure likely, while good engineering will require ever more awareness of context. The implications for research, education and policy bear some thought.
Questions and answers
About the speakers
Martyn Thomas CBE FREng (Introduction)
Martyn Thomas is a software and systems engineer specialising in safety and security. He is Livery Company Professor of Information Technology at Gresham College and visiting Professor of Software Engineering at the University of Oxford.
He is a member of the Defence Scientific Advisory Council and a Non-executive Director of the Health and Safety Executive where he is also Chair of the Science and Engineering Assurance Committee.
He was founder of the software engineering company Praxis and has been a partner in Deloitte & Touche, a council member of EPSRC, and a Director of the Serious Organised Crime Agency.
In 2007 he received a CBE for services to software engineering.
Professor Ross Anderson
Ross Anderson is distinguished for his many contributions to building security engineering into a discipline. Security engineering is about building systems to remain dependable in the face of malice, error or mischance. It focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.
He was a pioneer of the peer-to-peer movement with his ‘Eternity Service’, a fore-runner of freenet and gnutella. He was also one of the designers of prepayment electricity meter mechanisms, used to electrify millions of homes worldwide; and of HomePlug AV, which carries broadband over power lines and is used as a wireless LAN extender. In the world of finance, he documented many ways in which payment systems can fail. He pioneered the study of API security, which led to the redesign of most of the hardware security modules used to protect bank PINs. He also made important early contributions to the tamper-resistance of smartcards and the robustness of copyright marking systems.
However his highest-impact work has been to the economics of dependability and security. Fifteen years ago he realised that information systems failed more often because of perverse incentives than because of poor design. If one firm was responsible for guarding a system while another bore the costs of failure, then trouble was likely to follow. This has led to contributions to policy debates on topics from the measurement of cybercrime through surveillance and privacy to the dependability of the Internet. Incentive compatible mechanisms are essential if we are to engineer security at global scale.
Ross is a Fellow of the Royal Society and the Royal Academy of Engineering, and wrote the standard textbook "Security Engineering -- A guide to building dependable distributed systems".
Andy Hopper (Vote of thanks)