Growth in Internet of Things technology across all areas of society and industry will see a huge increase in the diversity of software developed to support it. At the same time, the domination of traditional developers such as Microsoft and Adobe is being challenged by thousands of ‘one-man-bands’ able to get in on the act via app stores for mobile devices.
An open, fairer playing field generally makes for a more fertile, creative space. However, we must be sure to tread carefully, writes Tony Dyhouse of TSI. Up to 90% of today’s data breaches are caused by software vulnerabilities and in the last year we have seen a spate of flaws exposed in IoT systems, raising further concerns.
With a more diverse, less regulated developer community free of some of the pressures of reputational damage, the temptation to prioritise performance over the key pillars of trustworthiness: – – safety, reliability, availability, resilience and security — have never been greater.
Public Good Activity
Recognition of a need for proactive action to address this issue has reached the upper echelons of government who have established a Public Good Activity to improve the quality of software developed and produced in the UK. When it comes to IoT, the Trustworthy Software Initiative (TSI) can play a significant role in improving the usability and performance of new machine-to-machine (M2M) systems. With a mission statement extending beyond security compliance, TSI believes its guidance can provide the platform for successful disruptive IoT innovation, cementing our position in the global market and hopefully ending the era when problems could be blamed on vague ‘computer glitches’.
Whilst the TSI is keen to demonstrate the positive commercial benefits of creating high quality products, there is also a strong safety rationale should the worst case scenario come to bear. Consider, for example, the simple act of taking a patient’s blood pressure, which used to be the domain of medical centres. Given the plethora of wearable devices that can now do this, IoT will lead to active decisions being taken on the basis of such data – making it critical that we can all trust the underpinning software.
Whether averting worst case scenarios or simply improving performance to drive commercial success, the change required is far from radical, time-consuming or expensive. The TSI has collated all existing guidance, relevant standards and best practice into its Trustworthy Software Framework (TSF), providing anyone with a means to quickly identify the information and advice they need to build, procure or work with trustworthy software.
With the collaboration of the British Standards Institution, the concepts from the framework have also been formalised into a Publicly Available Specification PAS 754:2014 Software trustworthiness – Governance and management – Specification. The standard includes technical, physical, cultural and behavioural measures alongside effective leadership and governance techniques to address trustworthiness.
The IoT will change the way we work and live by saving time and resources and opening new opportunities for growth and innovation. However, confidence in it and the positive impact it can have on our lives can only be fulfilled if we take steps from the outset to ensure quality of product rather than speed to market is the driving force behind future innovation.
The author of this blog is Tony Dyhouse, director of Knowledge Transfer at the Trustworthy Software Initiative and a former Cyber Security director at QinetiQ and the UK Knowledge Transfer Network