[SystemSafety] Partly Off Topic: What Happens in October

Peter Bernard Ladkin ladkin at causalis.com
Tue Oct 18 08:28:34 CEST 2016 

Might it more appropriately be parsed as Partly-Off Topic than as Partly Off-Topic?

So what always happens in October? The Nobel Prizes and the SSCS.

First, Nobel.

It's grand to see a bard honored.
https://abnormaldistribution.org/index.php/2016/10/18/a-dylan-encomium/

It's also grand for this Brit, cognisant of the hitherto advantages of British academics, to see
five Brits in four of the five science prizes. While the people are deserving, I don't think it's
that Brits are smarter. It's that tertiary education allows exceptional talent more easily to
develop to the standard of which it is capable.

But then, one notices. One Japanese, in Japan. Two Frenchmen, in France. One Dutchman, in the
Netherlands. Five Brits - in the US (along with a Finn.) A half-century ago, we used to call it the
brain drain. It hasn't stopped, and all indications are that it's about to get a lot worse.

Some people come back, Fields Medal winner Andrew Wylie, for example. Not a lot.

When I pointed this out, a colleague said "so what?" I think it's a big deal. I don't think either
British science or European science is better off for many of its stars leaving. It's not symmetric
travel, as it might be in a more balanced world.

It's not even symmetric inside Europe. The Anglo-American penchant for continued productivity even
amongst the top research personnel, as well as humane academic career development prospects, have
made UK academic careers attractive to Europe's best young scientists (not just scientists). That
has put pressure on other national academic systems, such as the one I work in, to improve (that's
partly why I'm here - but I think I came thirty years too early......enough said).

That appears about to end with a thud. As yet there aren't even any believable proposals for
maintaining the status quo ante for those already in the UK. Sickening, and insulting. I guess it's
what happens when you leave politics to politicians.  The rest of Europe is worse off, because the
pressure is now off often dysfunctional and non-transparent national research systems to continue to
clean up their collective acts in response to more attractive career conditions elsewhere.

Second, SSCS.

First, the non-news. Cybersecurity is a mess. We knew that, but we can divide it more finely.

There is the sociopolitical mess. The IPT has just ruled that GCHQ's data collection for most of the
last two decades was illegal
https://www.theguardian.com/world/2016/oct/17/uk-security-agencies-unlawfully-collected-data-for-decade
The solution? Make it now legal. That's all right then. I anticipate SSCS will continue to have
almost nothing to say about all this. Where do we go for this debate? Chatham House? This shouldn't
be left for politicians.

Then there is the technical mess. The good news may be that GCHQ, and now NCSC, has plenty of very
smart technical people, one of whom, head of NCSC, gave a scintillating half-keynote following
Martyn's first half. A lively and resounding start to the conference of the very first order.
Profuse thanks to both, and kudos to Carl for getting it to happen. This will be on IET.tv at some
point. I do recommend people look at the video.

A hint for those concerned with Cyber Essentials, a British government computer security program.
Something I found out Wednesday - if you're one person or a couple of people running a standard OS
with the delivered configuration of iptables, you don't leave a machine turned on when you're not
using it, and you don't have NAS, then as long as you've changed the default PW on your router you
probably qualify for Cyber Essentials. I didn't realise that. But don't quote me on these details -
I am not a Cyber Essentials assessor.

The elephant in the room with me is how to reconcile the update cycles for safety and security.
Safety requires careful and thorough impact analysis before updating; security requires one react
quickly to zero-day vulnerabilities. Anyone have any ideas about how to reconcile these? Nope. Not
even when it's in the title of a talk. (Although Altran seems to have some technology that might
help, which they didn't talk about here.)

I did learn something, though. Besides DIS IEC 62859 trying to do safesec for nuclear power plants
and the NWIP for safesec of machinery now before the IEC, I learned about ISA 84.00.09-2013
https://www.isa.org/store/products/product-detail/?productId=118130  As usual it costs a lot of
money, so I'm now trying to find a version it is within the scope of DKE to let me read.

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161018/d331bc13/attachment.pgp>

More information about the systemsafety mailing list