NCVO
Cyber Essentials Certified

Geek.Zone

During 2020 and 2021 many people in the UK suffered mental health issues and the Institution is pleased to work with Geek.Zone to help both the Institutions and Geek.Zone’s members.

Geek.Zone is the community for geeks! They come together through our shared interests, so no matter what your hobby or passion is, you are sure to find likeminded people at Geek.Zone. They are a not-for-profit mental health charity. Find out more at Geek.Zone/About.

They run events in the community to promote social inclusion and mental well being by giving members a like minded social network to become part of.

Launch of the UK Cybersecurity Council

Today sees the launch of the UK Cybersecurity Council

https://youtu.be/UteK1aQqj1U

The Institution of Analysts and Programmers was a founding member of the Collaborative Alliance for Cyber Security, and worked hard with it’s partners in the design and delivery of the new UK Cyber Security Council on behalf of the UK Governments Department for Digital, Culture, Media & Sport (DCMS).

The Alliance is a consortium of organisations that represent a substantial part of the cyber security community in the UK. Its members include:

(ISC)²
BCS, The Chartered Institute for IT
Chartered Institute of Information Security (CIIS)
CIPD
CompTIA
Council of Professors and Heads of Computing (CPHC)
CREST
Chartered Society of Forensic Sciences (CSFS)
Engineering Council
Information Assurance Advisory Council (IAAC)
The Institution of Analysts and Programmers (IAP)
The Institution of Engineering and Technology (IET)
Institute of Measurement and Control (InstMC)
ISACA
Royal Academy of Engineering
Security Institute
techUK
The Worshipful Company of Information Technologists (WCIT)

When Software Goes Wrong

In 2000 the Post Office introduced a new accounting system ‘Horizon’ to manage all its branches. Over the next few years hundreds of sub-postmasters/postmistresses were prosecuted for theft, fraud and other charges as the system identified money was missing from the accounts.

Many of these people went to prison, even a pregnant woman and others had their lives ruined, disowned by their families, divorced. One poor soul even committed suicide, several others have died since.

The Post Office a bastion of trust with the UK population testified in court that the computer system system was correct and it was the sub-postmasters/postmistresses that were the criminals.

Over the last few years cracks began to show, a report by Second Sight specialists in fraud investigation who were brought in to vet the system, found it seriously flawed and the Horizon system was not ‘Fully Fit for Purpose’. Documents that would have showed accounting errors, were hidden and supressed by the Post Office and then they produced a document to counter Second Sights report, knowing they were already on shakey ground.

Last week the Court of Appeal overturned the convictions of nearly all of these law abiding people.

Sam Stein QC – representing some of the former sub-postmasters – said the Post Office’s failure to investigate and disclose serious problems with Horizon was “the longest and most extensive affront to the justice system in living memory”.

He said the Post Office “has turned itself into the nation’s most untrustworthy brand” by attempting to “protect” Horizon from concerns about its reliability.

The Post Office’s “lack of disclosure within criminal cases perverted the legal process”, This leads to the big question now is what will happen next, will the Post Office managment be brought to book, with court cases for falisifying evidence? Will Paula Vennells who was the CEO of the Post Office at the time, be tried for her part in the affair. Her life is now beginning to unravell with her losing her jobs at Morrisons, Dunelm and suspending her career as a Church of England minister.

So what went wrong?

As someone who worked on financial systems for many years, I suspect flawed testing and management pressure to deliver the software into production was a primary problem. If it works and the system errors are low, then release it. We can fix any shortfalls later. This is not uncommon in the business world but can be a minefield further down the line (Companies like Microsoft have operated like this for many years).

If we has system discrepancies we would run the systems through, re-processing the data we had in a test/debug environment and see if we could

  • a) reproduce the error
  • b) identify the point it would go wrong.
  • c) fix it
  • d) test it (including all the previous testing)
  • e) release the new version to production.

It should have been obvious to the Post Office management that they would not suddenly have that many fraudsters on their hands and it should have raised a red flag about the Horizon system. Of course if they knew that this number of fraudulent sub-postmasters/postmistresses is/was the norm then the Post Office must be in really bad shape.

In this case the Post Office were almost Judge, Jury and Executioner, they could bring prosecutions without referral to anyone like the DPP, their evidence was of their own making and some people have said the evidence was a a fabrication.

It’s important here that people are aware that computer systems are fallible, and that incidents like this should not make you think that your local retailer is a crook, they may or may not be, but proper systems, procedures and controls need to be in place to insure impartiality.

The Institution of Analysts and Programmers is working hard ‘Improving Software for Society’ with schemes like FURST and our Academic Partnerships. It is difficult when large organisations do not even follow the basics of software development practice.

The moral here is to TEST, TEST, TEST and then TEST again! and trust your end users, they are usually annoyingly right.

Alan Turing Features On £50 Bank Note

New £50 Bank of England Note

Andrew Bailey, the governor of the Bank of England, said: “He was a leading mathematician, developmental biologist, and a pioneer in the field of computer science.

It is 10 years since the steam engine pioneers James Watt and Matthew Boulton appear on the current £50 note. The new bank note will be issued on 23rd of June this year.

We reported a while ago that Mark Carney Governor, ex governor of the Bank of England announced that Alan Turing would be the subject of the reverse side of the new £50 bank note.

This is a great result for the memory of Alan Turing and also for the world of computing.

Alan Turing who is famous for many things including his brilliant ideas that led to the modern era of computing and also his suicide after being forced to taking a drugs to suppress his homosexual tendencies which were illegal at the time. Although most people remember for his work at Bletchley Park on decrypting the German Enigma machine.

Born in 1912 his education was not necessarily exceptional until he attended Sherbourne School and his maths and science abilities began to unleashed.

From 1931 until 1934 he went to Cambridge University and his dissertation earned him a Fellowship, he was 24 years old.

In 1936, Turing presented a paper, “On Computable Numbers, with an Application to the Entscheidungs problem,” in which he presented the notion of a universal machine (the “Turing machine”) capable of computing anything that is computable: It is considered the foundation to the modern computer era.

After obtaining his Phd at Princeton in the United States he returned to Cambridge and eventually ended up working for the Government on a part time basis working on cryptography.

His war time efforts have been chronicled and many documentaries and films been made about the subject of Enigma. The Bombe is one of the best known of these efforts and well worth a visit to Bletchley to see it run. He also wrote several other papers while there on code breaking. These were so good that GCHQ only finally released the papers in 2012 as the principles were still being used then. That is nearly 60 years after he died.

Computing has evolved over the time since he died, but I think Alan would still recognise the underlying technology that has driven the human race to the point where we all carry a computer in our pockets and many homes can have a dozen or more devices within it that are computer driven.

I hope that the new £50 note will urge people to visit Bletchley Park near Milton Keynes and see how his idea’s saved millions of lives and possibly changed the outcome of the war.

While you are there, why not visit The National Computing Museum, it is situated on the same site.

Bletchley Park nearly became a housing estate until Tony Sale a good friend of the Institution led the campaign to save it for the nation. Nobody even the local council knew it had been there, 40 years after the war, it was that secret.

I heard once, that on the day Bletchley Park closed after the war, some 10,000 people left by the main gate. They had lived and been living with the local people for the duration and no one new!

Alan Turing may have committed suicide rather the continue to take the drugs he was forced to take, however it was a different time and times and attitudes have changed. He was pardoned in 2013.

Personally I think he is one of those greats in computing that along with the likes of Joseph Jacquard, Charles Babbage, Tim Berners Lee, Grace Hopper to name but a few has given us the world of computing we live in today.

John Ellis FIAP (Cmpn)

New UK Cyber Security Council

Press release

New UK Cyber Security Council to be official governing body on training and standards

The government has set up a new independent body to boost career opportunities and professional standards for the UK’s booming cyber security sector.

See the DCMS press release https://www.gov.uk/government/news/new-uk-cyber-security-council-to-be-official-governing-body-on-training-and-standards?fbclid=IwAR0_yKC1ky3I3uF4qsp6ZKtAaf9isFBt4gu7hTjk41oMlDw3SIVnoqpUAzc

Great work by all the members of the Cyber Security Alliance who made this happen.

The Institution of Analysts and Programmers is a founding member of the Collaborative Alliance for Cyber Security, and is participating in the design and delivery of the new UK Cyber Security Council on behalf of the UK Governments Department for Digital, Culture, Media & Sport (DCMS).

The Alliance is a consortium of organisations that represent a substantial part of the cyber security community in the UK. Its members include:

(ISC)² BCS,

The Chartered Institute for IT

Chartered Institute of Information Security (CIIS)

CIPD

CompTIA

Council of Professors and Heads of Computing (CPHC)

CREST

Chartered Society of Forensic Sciences (CSFS)

Engineering Council Information Assurance Advisory Council (IAAC)

The Institution of Analysts and Programmers (IAP)

The Institution of Engineering and Technology (IET)

Institute of Measurement and Control (InstMC)

ISACA

Royal Academy of Engineering

Security Institute

techUK

The Worshipful Company of Information Technologists (WCIT)

The Challenges of Agile Leadership Webinar

The Challenges of Agile Leadership

Free Online Webinar

The Institution is happy to present another online Webinar aimed at those who are involved in software development.

Giles Lindsay presents a talk that looks at the challenges that are preventing responsible agile leadership from being successful in the workplace in 2021 and beyond. As a technology and agile leader, he has identified and experienced many of these challenges throughout his 25 years’ career, of working in both small companies and large enterprises.

The talk revolves around several big and common themes, that leaders may face in the workplace and what we should try to do to overcome them, in allowing our organisational leadership to be as successful as possible.

Leadership in 2030 will be no different from today, unless we resolve these challenges first of all.

The event will be an online seminar via Microsoft Teams on the 5th of March 2021 at 2:30pm GMT.

Giles Lindsay is a technology and agile leader with over 25 years’ industry experience. He is a former CTO and is now the CEO of Agile Delta Consulting. He is also a Fellow with the Chartered Institute for IT and a Fellow with the Institute of Analysts and Programmers. Giles is a UK leading practitioner in Disciplined Agile, as well as a Certified Enterprise Agile Coach. He is currently President of the Business Agility Institute UK Chapter and is also a member of the Advisory Council of the PMI Disciplined Agile Consortium.

We welcome you, to invite a friend or colleague to this free seminar. Just forward them this email, and they can follow the link to register themselves.

If you have any thoughts on the subject of our future seminars please let us know by contacting us at admin@iap.org.uk.

PNC data makes a dash for freedom

The Police National Computer system has lost 150,000 records from it’s database.

First reported in the Times, this is another data loss for the Police in what is starting to look like a long line of errors by it’s staff.

It is not being considered a cyber attack and no red flags appear tp have been raised by the Police or the NCSC.

As a long time systems developer, I do think it does however raise an important issue, “WHERE ARE THE BACKUPS”. I spent many of my early years as computer operator on some sizable mainframes and mini’s. The one thing we always had were backups that we could go back to, a day, a week, a month or even a year, sometimes longer. So why can the police forces IT people just not recover the data?

The upshot of this blunder is that many cases will now no longer be heard, many criminals will walk free and more crimes may be committed.

This whole issue is likely to get buried quickly as it is quite embarrasing to say the least, but somewhere heads probably should roll, or at least, be severely chastised. Maybe a night in the cells!

UPDATE 16/01/2021

Priti Patel, has annouced that engineers are looking at recovering data, but they are not sure how much can be recovered. See https://www.bbc.co.uk/news/uk-55691710 for more.

XMAS Opening 2020

With the holiday season nearly upon us, the Institutions offices will be open for business as below.

December

23rd – Open
24th – Closed
25th – Closed
26th – Closed
28th – Closed
29th – Closed (Open for Email)
30th – Closed (Open for Email)
31st – Closed

January 2020

1st – Closed
2nd – Closed
3rd – Closed
4th – Open

Wishing you all a good break.

Compealing Code Chemistry

In the forth part of this series on Compealing Code, Paul Lynham covers some of the chemistry required to achieve this goal.

Compealing-Code-Chemistry-1

Thoughts on the NHS Covid App

I recently got notified via the NHS app that we had been in contact within somone who had coronavirus. A bit of an initial shock for my wife and I as we have been quite good, since lockdown ended apart from once a week shopping we have only been out 4 times.

The next suprising thing was that we were told to isolate for just 7 days not 14 as advertised. After searching for info via Googgle, we came across an article explaining why only 7. It appears we came into contact with this person probably 7 days earlier at an undisclosed venue and time.

This led us to believe we were probably in the local super store doing our weekly shop.

The Test and Trace app apparently relies on you being within 2 metres of someone for around 15 minutes, it then tags each others phone numbers so it can be used when you log a positive result it can notify all the phones you have been near within that rule.

So it raises a few issues.

  • Bluetooth can be used as a distance gauge, but is more than a bit flakey. Ideally you need three phones to be fairly accurate. Bluetooth works upto a maximum distance of between 10-30 metres, resolution with two phones is therefore not accurate to 2 metres. Also the surrounds may block or enhance the signals.
  • The app does not log GPS data, if it did, it might be able to give you a reasonable idea of where you were on the day. I suspect this was a GDPR concern but in my mind to know where you were on a particular day would be useful.
  • Thirdly, there is no indication of time when you could have been in close proximity to the person. Again this would be useful in identifing where you were at that time.

Some problems I see here as an experienced software developer and database administrator, and even as an individual with a logical mind are :-

  • If you live in a flat and someone is above or below your position and you or they have coronavirus and your app is activated it could be possible to trip the algorithim to log your telephone numbers.
  • I live near a railway crossing that is so renown for being down for 20 mins+, it is so bad it has it’s own Twitter account! I could be in the car behind, infront or to the side with the windows closed and the telehone number could still be exchanged.
  • At the shop I could be checking out one or two checkouts from the infected person, protected by the plastic shields installed to protect the staff as well, I am equally protected but still the telehone number could still be exchanged.
  • The store has it’s own cafe, and the tables are now effectively little bubbles with plastic shields around each table blocking (hopefully) the chance of infection.

I am certainly not against the app, and Test and Trace is a necessity, but it leaves some serious concerns. If any of the three examples above could possibly trigger an alert, why or should I self-isolate? What recourse do you have to override the decision or reversed and how can the integrity of such a override be maintained.

I am fortunate that I work from home, but my wife works with the elderly and has had to stay at home as she was tagged as well.

I do think the data collected needs to include date, time and location plus the telephone number. It would at least offer some comfort to the victim who has got the alert to understand how and when they were exposed.

Also the messaging needs to reflect this, rather than just saying 7 or 14 days. That is a clear message, but we need more information.

There is of course the political and legal issues including why only 18% of those who should self-isolate do. It would need some high profile policing and fines to ensure compliance. I do not think there is the will to prosecute people though. This leaves those obeying the rules, feeling exasperated.

Finally the way to beat the system or reduce the chances of the app tagging you is to turn Test and Trace off when at home and when you believe you are in a safe zone, turning it back on when you leave the zone of safety.