Corporate Blogs

Convenience, vulnerabilty and upgradeability in innovative product development

By Alan Richardson - Last updated: Friday, November 4, 2011

A growing theme in innovative product developments of the last decade is exploiting the benefits of connection. The public has shown time and again that it values the convenience of connection very highly. But there is a sometimes implicit trade-off. For instance, the rise of internet banking has been a gold mine for organised crime.

The implicit trade-off is between parameters like convenience, vulnerability and upgradeability. Upgradeability allows convenient remote fixing of problems and addition of features – but the fact that the application can be changed creates an opportunity for someone to insert code that does something malicious. In the banking area, in many cases, the cost of on line fraud has been borne by financial instituitions rather than the individual so the individual has not had to bear the cost of the vulnerability so many consumers implicitly value the convenience and don’t have to ascribe much of a cost to the vulnerability.

But where is this all going? Connected systems can provide useability benefits in alomost every area, but at the cost of vulnerabilities. For instance, many countries have ambitious programs for smart metering. These include customer benefits like remote meter reading calling time on the typically inaccurate estimated bills that are often generated by the computers of the major energy companies. But in some countries the plans are more ambitious; so, for instance with a smart meter with a two way radio link, a remote command can be used to switch off the energy supply, which is perceived to be a benefit by the energy companies in managing difficult customers who can’t or won’t pay for their energy. This creates vulnerabilities like if a vulnerable person’s energy is switched off during winter, they might die of hyperthermia before the bureaucracy can decide to solve the problem and of course some of the energy companies are not renowned for sensitive and efficient customer service.

And this is not limited to finance and energy. Demographic changes mean that we are all living longer and surviving longer with chronic healthcare conditions. Mounting costs drive innovation in medical devices that enable them to provide self-administered therapies  and with the addition of connection, remote patient compliance monitoring. This can lead to security vulnerabilities that might endanger patient health or confidentiality.

From a technological point of view, it is possible to design extremely secure connected  systems, but that needs to be designed in at the outset not retrofitted. The vulnerabilities in these systems are almost always an arms race, where malicious attacks have to be responded to with upgrades. In general the higher the complexity, the more the vulnerabilities and too often systems are made over-complex and overlook the vulnerabilities created. So going back to the smart meter example – if you extend a remote meter reading provision through remote switch off and finally to a connected smart grid, you may be able to manage a greener infrastucture, but you may also open yourself to a hacker attack that takes down isolated or large parts of that supply network. Lack of clarity about the scope and reasons for the extension of scope tend to exaccerbate these vulnerabilities.


AuthorAlan Richardson

Subscribe to blog feeds:

Recent Posts

Posts by categories