Information technology and the associated computer based systems are ubiquitous within virtually every part of society and business. The impact and effects of the underlying systems may be invisible and are often taken for granted by many of the populace.
Both opportunities and challenges face the sector.
Business change projects- An important mistake that is often made is to consider “IT Projects” as an entity in themselves. In practice these activities should be considered as “Business change” projects facilitated by new IT systems. It is usual that the underlying systems are key to normal business function or are to provide new or additional business benefit. Understanding this principle helps in gaining a holistic view so enabling resources to be allocated correctly to maximise business benefit. “IT” is typically 20% of the cost of a business change project so failing to plan and budget adequately for the remaining 80% (people, process and change issues) will usually guarantee project failure.
- Current UK Government transformational projects are amongst the largest and most complex such projects ever undertaken. An example case is that of the “Smart Meter” initiative. A holistic view and special care needs to be taken in considering viability, design, test, service introduction, training, process, maintenance and end of life. Since some of these projects are so vast or ambitious, project planners/ system implementers can often find themselves in un-chartered territory that in turn can lead to unexpected costs or worse.
- Regular, candid, communication between the senior responsible owner and the board level project sponsor (stake holder) is vital.
- The availability of high quality skills in systems engineering, application architects, project management, financial management and business change are key requirements.
Personal identity and authenticationThe increasing trends by government agencies to utilise online services drives a need to provide robust, secure and reliable means of asserting identity to the necessary degree. Some of the typical issues faced are;
- The citizen should not be required to disclose more personal information than is necessary for a particular purpose.
- For most purposes, policy should move away from proving identity and towards establishing authority to access or transact. Proof of absolute identity is seldom really required, only entitlement as part of a group. For example, a young person may need to prove they are over 18 to buy alcohol but not their name and other details.
- Any business case involving identity management should give a clear statement of the intended benefits, how they are to be realised and how any risks to individuals are to be minimised.
- It is essential that IT systems for proving identity are built using sound engineering principles. Aspects such as security, dependability and acceptable failure rates should be specified at the outset.
- Government needs to consider what forms of redress will be available for anyone whose identity is compromised.
Resilience and robustness of communications networks that form part of the national critical infrastructure- Communications networks include both fixed and mobile systems. Their increasing interdependency and their dependency on other critical infrastructure, such as power, means that they are potentially liable to cascades of failure with very serious consequences. This needs to be taken into account when considering their role.
Data integrityAs both society and the individual are reliant on IT based systems and the data they contain it is critical that data is stored in a secure manner, i.e.;
- It is only accessed by authorised staff.
- It shall be kept safe and not disclosed or accidentally made available to other parties that are not authorised to view or use the data.
- Its integrity shall be a key requirement. This means the data shall not be corrupted or lost by system failure, unauthorised access or unintended changes.
- Processes and good working practices shall be in place along with training of personnel to ensure effective data management and security.
- Processes exist for individuals / businesses to correct data in the light of errors.
Software engineeringSoftware development and the quality of the final product has not always been at the front on peoples minds or apparent. However recent events in the automotive industry has bought this matter to the attention of the public on a global scale.
Often underlying systems only become apparent when something goes wrong and then the impact is usually significant both in financial and operational terms or worst case life threatening.
With increased convergence as well as the steady move to services and business processes that rely on data sharing and communications it is critical that communications, applications and embedded systems software is engineered to the highest standards.
The implementation of Open standards for both communications and Application Interfaces (API) is another facet of software engineering that needs to be addressed in today’s converging world. Large UK and global IT and communications business transformation programs will only be achievable by collaboration and the adoption of open standards and high quality systems development programmes that utilise an engineering approach for design, test and system verification.
SecuritySecurity can mean many things to many people. In terms of IT, the importance of security cannot be understated both in a physical and virtual sense. As stated previously the function of software is critical in today’s society. Security is another dimension whereby failure can result in at best inconvenience, to data loss, fraud, Identity theft, or system failure due to cyber attacks via malware or Denial of Service (DOS) type threats.
Bearing in mind some today’s current and future systems will control Critical National Infrastructure security needs to be considered utilising a holistic approach and treated as a key design requirement rather than an add-on.