NCVO
Cyber Essentials Certified

The IAP Becomes a Founding Member of the UK Cyber Security Council

The Institution of Analysts and Programmers have become a founding member of the UK Cyber Security Council. This follows on from the work we have done with our other partners in the Cyber Security Alliance and the Cyber Security Council project board to create this body.

“The UK Cyber Security Council supports the professional development of those working in or aspiring to work in the cyber security profession. It seeks to support employers and individuals as they make career-shaping decisions, with advice on cyber security skills, professional development, and recognotion through certification and Chartered Status.”

The Institution recognises that cyber security is becoming key to protect society and marries up well with our aim of ‘Improving Software for Society’, by addressing key issues at the design stage of software development, rather than at the time of delivery.

For more information visit the UK Cyber Security Council website.

CyberOSPAs

The IAP is proud to support the CyberOPSAs. If you are a member and our decide to take part, please let us know.

For more information see the pdf flyer below.

Cyber-OSPAs-promo-flyer

Debt, Laws and Smells by Paul Lynham

2015-Debt-Laws-and-Smells-Paul-Lynham

Geek.Zone

During 2020 and 2021 many people in the UK suffered mental health issues and the Institution is pleased to work with Geek.Zone to help both the Institutions and Geek.Zone’s members.

Geek.Zone is the community for geeks! They come together through our shared interests, so no matter what your hobby or passion is, you are sure to find likeminded people at Geek.Zone. They are a not-for-profit mental health charity. Find out more at Geek.Zone/About.

They run events in the community to promote social inclusion and mental well being by giving members a like minded social network to become part of.

Launch of the UK Cybersecurity Council

Today sees the launch of the UK Cybersecurity Council

https://youtu.be/UteK1aQqj1U

The Institution of Analysts and Programmers was a founding member of the Collaborative Alliance for Cyber Security, and worked hard with it’s partners in the design and delivery of the new UK Cyber Security Council on behalf of the UK Governments Department for Digital, Culture, Media & Sport (DCMS).

The Alliance is a consortium of organisations that represent a substantial part of the cyber security community in the UK. Its members include:

(ISC)²
BCS, The Chartered Institute for IT
Chartered Institute of Information Security (CIIS)
CIPD
CompTIA
Council of Professors and Heads of Computing (CPHC)
CREST
Chartered Society of Forensic Sciences (CSFS)
Engineering Council
Information Assurance Advisory Council (IAAC)
The Institution of Analysts and Programmers (IAP)
The Institution of Engineering and Technology (IET)
Institute of Measurement and Control (InstMC)
ISACA
Royal Academy of Engineering
Security Institute
techUK
The Worshipful Company of Information Technologists (WCIT)

When Software Goes Wrong

In 2000 the Post Office introduced a new accounting system ‘Horizon’ to manage all its branches. Over the next few years hundreds of sub-postmasters/postmistresses were prosecuted for theft, fraud and other charges as the system identified money was missing from the accounts.

Many of these people went to prison, even a pregnant woman and others had their lives ruined, disowned by their families, divorced. One poor soul even committed suicide, several others have died since.

The Post Office a bastion of trust with the UK population testified in court that the computer system system was correct and it was the sub-postmasters/postmistresses that were the criminals.

Over the last few years cracks began to show, a report by Second Sight specialists in fraud investigation who were brought in to vet the system, found it seriously flawed and the Horizon system was not ‘Fully Fit for Purpose’. Documents that would have showed accounting errors, were hidden and supressed by the Post Office and then they produced a document to counter Second Sights report, knowing they were already on shakey ground.

Last week the Court of Appeal overturned the convictions of nearly all of these law abiding people.

Sam Stein QC – representing some of the former sub-postmasters – said the Post Office’s failure to investigate and disclose serious problems with Horizon was “the longest and most extensive affront to the justice system in living memory”.

He said the Post Office “has turned itself into the nation’s most untrustworthy brand” by attempting to “protect” Horizon from concerns about its reliability.

The Post Office’s “lack of disclosure within criminal cases perverted the legal process”, This leads to the big question now is what will happen next, will the Post Office managment be brought to book, with court cases for falisifying evidence? Will Paula Vennells who was the CEO of the Post Office at the time, be tried for her part in the affair. Her life is now beginning to unravell with her losing her jobs at Morrisons, Dunelm and suspending her career as a Church of England minister.

So what went wrong?

As someone who worked on financial systems for many years, I suspect flawed testing and management pressure to deliver the software into production was a primary problem. If it works and the system errors are low, then release it. We can fix any shortfalls later. This is not uncommon in the business world but can be a minefield further down the line (Companies like Microsoft have operated like this for many years).

If we has system discrepancies we would run the systems through, re-processing the data we had in a test/debug environment and see if we could

  • a) reproduce the error
  • b) identify the point it would go wrong.
  • c) fix it
  • d) test it (including all the previous testing)
  • e) release the new version to production.

It should have been obvious to the Post Office management that they would not suddenly have that many fraudsters on their hands and it should have raised a red flag about the Horizon system. Of course if they knew that this number of fraudulent sub-postmasters/postmistresses is/was the norm then the Post Office must be in really bad shape.

In this case the Post Office were almost Judge, Jury and Executioner, they could bring prosecutions without referral to anyone like the DPP, their evidence was of their own making and some people have said the evidence was a a fabrication.

It’s important here that people are aware that computer systems are fallible, and that incidents like this should not make you think that your local retailer is a crook, they may or may not be, but proper systems, procedures and controls need to be in place to insure impartiality.

The Institution of Analysts and Programmers is working hard ‘Improving Software for Society’ with schemes like FURST and our Academic Partnerships. It is difficult when large organisations do not even follow the basics of software development practice.

The moral here is to TEST, TEST, TEST and then TEST again! and trust your end users, they are usually annoyingly right.

Alan Turing Features On £50 Bank Note

New £50 Bank of England Note

Andrew Bailey, the governor of the Bank of England, said: “He was a leading mathematician, developmental biologist, and a pioneer in the field of computer science.

It is 10 years since the steam engine pioneers James Watt and Matthew Boulton appear on the current £50 note. The new bank note will be issued on 23rd of June this year.

We reported a while ago that Mark Carney Governor, ex governor of the Bank of England announced that Alan Turing would be the subject of the reverse side of the new £50 bank note.

This is a great result for the memory of Alan Turing and also for the world of computing.

Alan Turing who is famous for many things including his brilliant ideas that led to the modern era of computing and also his suicide after being forced to taking a drugs to suppress his homosexual tendencies which were illegal at the time. Although most people remember for his work at Bletchley Park on decrypting the German Enigma machine.

Born in 1912 his education was not necessarily exceptional until he attended Sherbourne School and his maths and science abilities began to unleashed.

From 1931 until 1934 he went to Cambridge University and his dissertation earned him a Fellowship, he was 24 years old.

In 1936, Turing presented a paper, “On Computable Numbers, with an Application to the Entscheidungs problem,” in which he presented the notion of a universal machine (the “Turing machine”) capable of computing anything that is computable: It is considered the foundation to the modern computer era.

After obtaining his Phd at Princeton in the United States he returned to Cambridge and eventually ended up working for the Government on a part time basis working on cryptography.

His war time efforts have been chronicled and many documentaries and films been made about the subject of Enigma. The Bombe is one of the best known of these efforts and well worth a visit to Bletchley to see it run. He also wrote several other papers while there on code breaking. These were so good that GCHQ only finally released the papers in 2012 as the principles were still being used then. That is nearly 60 years after he died.

Computing has evolved over the time since he died, but I think Alan would still recognise the underlying technology that has driven the human race to the point where we all carry a computer in our pockets and many homes can have a dozen or more devices within it that are computer driven.

I hope that the new £50 note will urge people to visit Bletchley Park near Milton Keynes and see how his idea’s saved millions of lives and possibly changed the outcome of the war.

While you are there, why not visit The National Computing Museum, it is situated on the same site.

Bletchley Park nearly became a housing estate until Tony Sale a good friend of the Institution led the campaign to save it for the nation. Nobody even the local council knew it had been there, 40 years after the war, it was that secret.

I heard once, that on the day Bletchley Park closed after the war, some 10,000 people left by the main gate. They had lived and been living with the local people for the duration and no one new!

Alan Turing may have committed suicide rather the continue to take the drugs he was forced to take, however it was a different time and times and attitudes have changed. He was pardoned in 2013.

Personally I think he is one of those greats in computing that along with the likes of Joseph Jacquard, Charles Babbage, Tim Berners Lee, Grace Hopper to name but a few has given us the world of computing we live in today.

John Ellis FIAP (Cmpn)

New UK Cyber Security Council

Press release

New UK Cyber Security Council to be official governing body on training and standards

The government has set up a new independent body to boost career opportunities and professional standards for the UK’s booming cyber security sector.

See the DCMS press release https://www.gov.uk/government/news/new-uk-cyber-security-council-to-be-official-governing-body-on-training-and-standards?fbclid=IwAR0_yKC1ky3I3uF4qsp6ZKtAaf9isFBt4gu7hTjk41oMlDw3SIVnoqpUAzc

Great work by all the members of the Cyber Security Alliance who made this happen.

The Institution of Analysts and Programmers is a founding member of the Collaborative Alliance for Cyber Security, and is participating in the design and delivery of the new UK Cyber Security Council on behalf of the UK Governments Department for Digital, Culture, Media & Sport (DCMS).

The Alliance is a consortium of organisations that represent a substantial part of the cyber security community in the UK. Its members include:

(ISC)² BCS,

The Chartered Institute for IT

Chartered Institute of Information Security (CIIS)

CIPD

CompTIA

Council of Professors and Heads of Computing (CPHC)

CREST

Chartered Society of Forensic Sciences (CSFS)

Engineering Council Information Assurance Advisory Council (IAAC)

The Institution of Analysts and Programmers (IAP)

The Institution of Engineering and Technology (IET)

Institute of Measurement and Control (InstMC)

ISACA

Royal Academy of Engineering

Security Institute

techUK

The Worshipful Company of Information Technologists (WCIT)

The Challenges of Agile Leadership Webinar

The Challenges of Agile Leadership

Free Online Webinar

The Institution is happy to present another online Webinar aimed at those who are involved in software development.

Giles Lindsay presents a talk that looks at the challenges that are preventing responsible agile leadership from being successful in the workplace in 2021 and beyond. As a technology and agile leader, he has identified and experienced many of these challenges throughout his 25 years’ career, of working in both small companies and large enterprises.

The talk revolves around several big and common themes, that leaders may face in the workplace and what we should try to do to overcome them, in allowing our organisational leadership to be as successful as possible.

Leadership in 2030 will be no different from today, unless we resolve these challenges first of all.

The event will be an online seminar via Microsoft Teams on the 5th of March 2021 at 2:30pm GMT.

Giles Lindsay is a technology and agile leader with over 25 years’ industry experience. He is a former CTO and is now the CEO of Agile Delta Consulting. He is also a Fellow with the Chartered Institute for IT and a Fellow with the Institute of Analysts and Programmers. Giles is a UK leading practitioner in Disciplined Agile, as well as a Certified Enterprise Agile Coach. He is currently President of the Business Agility Institute UK Chapter and is also a member of the Advisory Council of the PMI Disciplined Agile Consortium.

We welcome you, to invite a friend or colleague to this free seminar. Just forward them this email, and they can follow the link to register themselves.

If you have any thoughts on the subject of our future seminars please let us know by contacting us at admin@iap.org.uk.

PNC data makes a dash for freedom

The Police National Computer system has lost 150,000 records from it’s database.

First reported in the Times, this is another data loss for the Police in what is starting to look like a long line of errors by it’s staff.

It is not being considered a cyber attack and no red flags appear tp have been raised by the Police or the NCSC.

As a long time systems developer, I do think it does however raise an important issue, “WHERE ARE THE BACKUPS”. I spent many of my early years as computer operator on some sizable mainframes and mini’s. The one thing we always had were backups that we could go back to, a day, a week, a month or even a year, sometimes longer. So why can the police forces IT people just not recover the data?

The upshot of this blunder is that many cases will now no longer be heard, many criminals will walk free and more crimes may be committed.

This whole issue is likely to get buried quickly as it is quite embarrasing to say the least, but somewhere heads probably should roll, or at least, be severely chastised. Maybe a night in the cells!

UPDATE 16/01/2021

Priti Patel, has annouced that engineers are looking at recovering data, but they are not sure how much can be recovered. See https://www.bbc.co.uk/news/uk-55691710 for more.