Issues and risks

Security risks and dangers of reliance on computer systems

As more and more of our lives becomes computerised, and the number of systems which rely on computer systems increases, so too does the level of risk associated with those systems.

Criminals and terrorists

Computer systems are high profile targets of criminals and terrorists (cyber crime). For example, the targets are attractive for:

• Data theft – data can be sold or used for blackmail, or to cause harm to a business (releasing company secrets)
• Destruction of data – an organisation can be brought to its knees by the destruction of valuable data
• Denial of service – cybercriminals can target systems with DoS attacks, where the aim to to flood servers with requests leading to their inability to process the requests. This disables any system which relies on those services
• Fraud – data can be used to commit identity theft, for spear phishing, or financial misappropriation

Existing internal systems

Any link between systems must be maintained. The more complex the systems become, the greater the number of dependencies between systems. Integration testing is extremely important, as any change to one system could inadvertently affect another separate system.

External systems

As well as the same issues that interconnection with internal systems bring, use of external systems also bring security into focus. For example, when interfacing with external systems it is wise to consider:

• Who needs to access the external system – should it be available to all, or do requests need to come complete with authorisation credentials?
• How secure are the external systems? Are you submitting data or any confidential information?
• How secure is the data transfer process? Should data be encrypted to prevent snooping?

Mission critical systems

As complexity increases and more and more systems are computerised, the number of mission critical systems increases. Examples of mission critical systems include military systems, or aircraft management software. As an example, Boeing aircraft recently suffered from two fatal crashes which resulted from software faults that arose from the interoperability between flight systems.

Classification of mission critical systems

Ambulance service suffers IT failure

Reliability and redundancy

As already alluded to above, ensuring a system is fully tested, and able to gracefully handle faults and errors is extremely important. In the worst case scenarios, failure can result in death or serious injury (The Smiler at Alton Towers is another example). The more complex a system becomes, the more difficult it is to ensure full coverage in tests.