March 27, 2008

Black Hat: Computers plus people equals risk, says professor

Northern Rock near collapse should serve a lesson

By Jeremy Kirk, IDG News Service

---

Companies are relying too much on technology to run their businesses, a trend that doesn't account for unpredictable situations that humans still deal with better than machines, a technology expert said Thursday.

The corporate carnage over the last few years should serve as a guide, from the near-collapse of financial institutions such as Bear Stearns, an investment bank in the US, and Northern Rock, a UK lender, said Ian O. Angell, a professor of information systems at the London School of Economics.

Angell is known for his dark predications about the ramifications of technology. "Whenever I smell flowers, I think funeral," Angell said to a crowd of information security analysts at the Black Hat conference in Amsterdam.

The problem is that business information systems make assumptions that don't necessarily follow what happens in real life. Then, that data is used to make decisions, which can mean false conclusions.

"When companies use the tools of technology to solve a problem, they may or may not succeed, but what is certain is that completely unexpected phenomena happen," Angell said.

Angell, who has been at the London School of Economics since 1986 and previously taught computer science at Royal Holloway College in the UK, argued that digital security has to be redefined. The problem is that only in hindsight do the marginal events that eventually cause a security problem become evident.

But "every organisation must keep the commercial, social, and technological feedback and some semblance of control," Angell said. "This is what a security manager does."

The executive boards of many companies, however, are recognizing the impacts when their IT - and employees - perform poorly. It can mean fines, or at worse, prison, such as what happened to Jeffrey Skilling, CEO of Enron, who was sentenced to 24 years for fraud in 2006.

"No wonder security grabs their attention," Angell said.

The good news is that even in the face of ever powerful, more complex computer systems, smart humans still play a vital role. The conclusions made by machines are only as good as the numbers put into them, which can often be skewed or misleading. And people have come to believe whatever is on the screen, a sort of "glass cockpit" effect, Angell said.

Angell's advice: expert uncertainty. And be careful while you're crunching data. As an example, Angell showed a video where six people, three dressed in white shirts and three in black, tossed basketballs among one another.

He asked the crowd how many times the people with white shirts passed the balls. One answer offered was 14 times. Angell said the answer doesn't matter. He told the crowd to watch the video again and focus on watching the middle of the ball-tossing.

A person in a gorilla costume walked through the ball tossers, which was missed by everyone counting balls.

"If you count, you miss the most obvious things," Angell said.

Newsletters

Sign up to our Weekly Round-Up for the past week’s not-to-be-missed news analysis and insight delivered straight to your inbox.