VSJ – June 2006 – Symposium Report

As regular readers know, Council member Paul Lynham traditionally writes a report on the annual symposium to which we devote the whole of ‘IAP News’. Here’s this year’s.

The 2006 Symposium was held at Trinity House, Tower Hill in London. Chairman and IAP Vice President David Morgan welcomed everyone and introduced Mike Ryan, the Director General.

Mike pointed out that the IAP is the only specialised institution for people involved in developing software from analysis, through to programming and testing. He quoted Peter Green of the Daily Telegraph, who said at last year’s symposium that the use of computers will lead industry. Because of the continued increase in the rate of progress of technology, this will happen quicker than we may expect.

Kevin Groves, MIAP of the Kent Linux User Group was the first speaker, noting that Linux is the fastest growing operating system and that it is a common host for email and Web services. It has proved its viability for mission critical systems and is now making a leap to the desktop. There are many distributions all working from the same core, but with different configurations and specific applications. There are around 150 customised versions, which is good for choice but can be confusing for beginners. His tip was to try a version that can be booted from CD. Although running a little slowly, this will give a good feel for what can be done, without affecting any existing installed O/S. Most distributions can be freely downloaded from the Web. Kevin has been using Linux for 10 years and hasn’t missed MS Windows yet.

Kevin pointed out that Linux is an amateur system. There is a main core development committee that has very high standards. However, many of the add-on applications come from amateur developers but systems are becoming more polished. Desktops need a consistent, highly flexible and configurable user interface, such as Windows users expect. There are many of these available for Linux.

Kevin went on to detail some of the tools and languages used in Linux development, mainly traditional languages with newer ones such as Python and PHP. Free tools included Vi, Vim, Emacs, Anjuta, Bluefish and Eclipse, with commercial tools such as Delphi, Kylix, C++Builder, JBuilder and Websphere. Backend tools include MySQL, Interbase/Firebird, PostGress, SQLite, ODBC/JDBC, DB2 and Oracle.

He then discussed some disadvantages, noting licences and patents, system integration, myriad Linux distributions and GUIs as well as the ongoing SCO / IBM lawsuit.

Finally, Kevin described several case studies, highlighting cost savings for charities, for example, derived from free licences.

Graham Anderson, MIAP of BT spoke on delivering efficiency in Government with ICT. The government’s previous initiative (e-Government) was to improve access to government services. Graham had been involved with some aspects including a service provided to 80% of solicitors in Northern Ireland allowing them to access property deeds online. It had been criticised as delivering too little change or improvement in back office efficiencies.

The current service delivery agenda for government first targets citizen- and business-centric services and then efficiency savings. To the latter, £1.4 billion (approximately 10% of the total IT budget for investment) is being released. IT services will be shared and service delivery mechanisms remodelled.

Graham showed a video case study of Edinburgh Council’s planning and building control department. In 2003, it was not meeting its 40-day turnaround target on applications and it also had resource constraints. BT provided a solution. The Internet is used to access planning applications etc. You can apply, track the process and have the application turned around electronically, thus getting a complete end-to-end service. Interested parties can view plans and track progress without having to visit the office. Further benefits to the department are that plans can be accessed onsite using laptop computers. Paper-based applications are still handled. They are scanned, indexed and sent to the department within 24 hours.

BT was not paid until the service was delivered, thus reducing the Council’s risk. The city hopes to have 100% of its services available electronically by 2008.

In general, a business is modelled and processes and customer and partner interactions are examined. Each process and interaction is studied to assess where technology can produce savings. In the example above, intuitive Web content was created, so customers can contribute directly to the process with online self-assessment. Customers are encouraged to communicate electronically when making applications and existing business data are used wherever possible, pre-populating validation forms for example. Electronic documents can be attached to applications and digitised public records are maintained online.

Back office processing creates fully electronic cases, scanning documents where necessary to automate case allocation and movement, eliminating lost documents and allowing data sharing. Correspondence is produced using workflow, document templates and business data. Pre-addressed, bar-coded envelopes are provided so workflow can link responses back to the relevant case. Access to historical data is also provided.

Field staff are provided with electronic briefcase and mobile devices such as tablet PCs. Travel routes are optimised with route scheduling software and SMS reminders are used to check that customers are available for site meetings. Previously 30% of appointments were broken, entailing expensive rescheduling.

Graham summarised by noting that savings can be made at all stages.

Hugh Williams, FIAP and Andy Quested from the BBC gave a presentation on High Definition television. Hugh started with a brief history of the Corporation. Formed in 1922, its first Director General laid down its duties as to educate, inform and entertain. Today the BBC is a content provider as well as a broadcaster. It looks to additional revenues with BBC Broadcast and BBC Worldwide. Its goals include building public value and creating an inclusive digital Britain.

Hugh showed several videos demonstrating how fantastic HDTV is. Some of the footage looked like 3D and it almost felt like you were actually there, seeing the scenes in real life, rather than watching a recording.

Britons now spend an average 164 minutes per day online compared to 140 minutes watching television. People expect quality, so by 2010 all programmes will be in HDTV. Among other selected programmes, ‘Planet Earth’ was made in HDTV. This will be the subject of a trial HD broadcast later this year.

Although the cost of HDTV is decreasing, the whole infrastructure must be modernised to accommodate it. Therefore early HDTV output has to be limited, good dramas and events of historical importance being prime candidates. There is also a need for training and co-operation. The BBC is working with Europe to influence worldwide HDTV development and to share lessons and techniques.

One of the video presentations was particularly awe-inspiring. It showed a shark catching a seal, recorded at 1000 fps, so that it could be played in slow motion. After seeing the excellence of which HDTV is capable, one felt that having all broadcasts at this brilliant quality will be a great step forward.

Jonathan Harris CBE spoke about Continuing Professional Development. He explained that 25 years ago his professional body, the RICS, had introduced a membership requirement for 20 hours of CPD per year. This led him to form the Continuing Professional Development Foundation and later, the Institute of Continuing Professional Development.

Professionals like to keep up-to-date so that they can earn their living. Other drivers include the fear factor and having extra post-nominal letters.

Professional bodies have differing requirements to prove that their members are up-to-date. For example, Chartered Accountants need 150 points of CPD, while members of the Law Society require 16 points. Also the tasks that can be deemed to qualify for CPD differ. Reading a journal may not be able to be counted, but reading books may, as well as training courses and seminars. However, becoming a member of the ICPD demonstrates your commitment to staying at the peak of your profession.

To become a member, your main professional body must assess you on an annual basis to ensure that you have carried out 50% more CPD than the specified minimum. The main professional body carries out the approval and assessment process. Naturally, there has to be a formal arrangement between the ICPD and a given professional body for this to happen effectively.

Jonathan listed the organisations currently having such arrangements. These include the General Council of the Bar, the Army, the Chartered Institute of Building, the Government Economic Service and, most recently, the IAP.

Tim Benest FIAP described managing an offshore client base. He runs a software house in Jersey, mainly supporting clients in the offshore financial community. This fits his lifestyle, as he is passionate about technology and travel.

The software is written in Delphi and uses a Paradox backend, but he also uses Firebird, Python, Kinterbas DB and Reportlab PDF components. It has been deployed globally and is especially popular in the Far East.

Tim feels communication is extremely important. You need to build relationships with people and use techniques such as mind mapping, but also white boards and pictures. Awareness of differences in language (even between English speakers) is very important. He also uses NLP (neuro-linguistic programming) techniques.

He likes to keep things simple, limiting unnecessary complexity and questioning why something is done or needed. His tip was to “eat the dog food”, meaning that, if you write software, you should use it yourself. If a component gets on your nerves, your customers are likely to feel the same. Robustness is also important, so try hard to second-guess the user and develop a hacker (not a cracker) mindset.

He always prepares well in advance of any trip abroad and takes things such as category 5 cabling and assorted widgets with him, as these are nearly always required, but may be difficult to acquire in exotic locations. He highly values remote access, security and the command line, using SSH and SCP. Tim considers both psychology and technology to be key to running such a business.

Ian Walker FIAP spoke about e-Crime, which he defined as ‘any crime committed using a computer, a network or hardware device as an agent, facilitator or target of the crime’. He went on to consider phreaking, malware, spyware, phishing, pharming, embezzlement, fraud, theft, industrial espionage, ID theft, unauthorised access, skimming and denial of service.

There are two categories of e-criminal, internal and external. External culprits include organised criminal gangs, people spread across the globe exploiting poorly protected systems. Internally, there are former or disaffected employees, who take advantage of poor IT security policies.

Malicious code is a very big threat at present, with bots being used to infect computers, often as part of a combined attack. Worms account for 90% of malicious code, with more than 21,000 new (or modified) threats launched in 2005.

Ian then gave a number of interesting facts. Spam email accounts for 60% of all messages sent, over 5% being phishing attempts. Last year, Symantec Corporation blocked 2.54 billion phishing attempts. 32% of Spam is health related.

He then demonstrated a phishing site. This was identical to the real Barclays Bank site. Indeed, some phishing sites are better than the real sites.

Much e-Crime is committed because criminals target money – where money is, criminals are not far behind. Worldwide, Internet trade is valued at $8 trillion. UK trading in the period up to Christmas 2005 was £5 billion and annual turnover is £19 billion. Only 1 in 8 e-crimes is reported in the UK.

Criminals target the maximum amount of money with the minimum effort and chance of capture. The hottest targets include personal bank accounts (35%), SMEs (31%), IT (9%), Education (5%) and Financial Services (4.5%). In 2005 the UK accounted for 27% of bot-infected computers, with the US having 22.5% and China 8%.

The average time between discovery and exploitation of a vulnerability is 6.8 days, the fastest being less than a day. However, the average time for a patch to be issued is 49 days, thus giving criminals a massive window of opportunity. To make things worse, there was a 40% increase in vulnerabilities in 2005 over 2004, with 13,900 documented spybots. To put this in perspective, there are 11,000 new Internet connections per day in the UK. The cost is estimated at £2.44 billion for large UK corporations with £1.77 billion due to ID theft.

What can be done about this? e-Crime Wales action plan was launched last year, the first in Europe. There is a National High Tech Crime Unit (NHTCU) and there was an e-Crime congress in London in March. Look at the security page of your O/S on the Web for further ideas. At home, avoid unsupervised access to the Internet for children and ensure you have good Internet security software, firewall, anti virus, anti spyware and anti Spam software. It is always worth thinking about the physical security of your PC, such as not leaving it next to the front window of your house, where passers by can clearly see it. Keep Internet security and O/S software up to date and continually question why personal information is being requested. Avoid leaving notebook computers in your car and if you do, turn off all radio devices, as criminals can detect them.

Ian said that this type of security must be taught at school as part of the IT curriculum. Other areas that need to be considered include establishing an IT security policy, using hard and soft firewall protection and having a good disaster recovery system in place. Issues include 1 dimensional security, using 2D and 3D security for sensitive systems and using personal data storage devices in sensitive areas (you can now get biometric encrypted data sticks). Invest in hardware systems to protect sensitive data, such as the Lenovo Systems range of notebook PCs. Consider how to handle disaffected employees and their access to your systems. Report all incidents to the police and the NHTCU.

During software development, test to the extreme to ensure your software provides the right balance between functionality, performance and security. Consider the use of external testers and simplify software design to make it easier to detect problems.

Ian summarised by saying, “be aware, be safe and be in business”.

The final speaker was Ed Gibson, Microsoft’s UK Chief Security Advisor who was previously a FBI agent assigned to the US embassy in London. He gave a short talk on the back of Ian’s presentation and his main tip to improve security was to harden the environment.

Finally, after a few words from IAP President Jim Bates, we retired to the Piano and Pitcher to debate topics that came out of a thoroughly enjoyable day.

Comments are closed.