BCS (the Chartered Institute for IT, formerly the British Computer Society) has recently answered a “Call for views on software resilience and security for businesses and organisations” from the Department for Culture, Media and Sport and the Department for Science, Innovation and Technology.
As background, it is important to note that software services are now delivered through complex tightly coupled systems, with unpredictable failure modes. This requires new approaches. Being known for reliable digital services in this new complex environment would add to UK’s competitiveness. The BCS report itlf-software-risk-resilience.pdf (bcs.org) describes the situation in more detail, and the National Preparedness Commission report NPC_BCS_Software-Risk_-the-Elephant-in-the-Room_Dec-2022-Upload.pdf (nationalpreparednesscommission.uk) concluded that “The software element of digital systems failure is a COST TO ECONOMY AND SOCIETY which will only increase as software has become a utility, is in wider usage, and more vulnerable to failure.”
In the answer to the call BCS has identified three complementary potential ways forward:
- BCS is currently undertaking a project targeted at reducing the software risk and improving the resilience of the UK’s digital services. The focus is on the resilience of operational digital systems in infrastructure sectors because:
- Failures in infrastructure services would have dramatic negative effects on the rest of the economy including impeding growth and reducing productivity
- The regulatory regimes of infrastructure sectors in the UK are oriented towards keeping costs to consumers down, rather than continuity of service or “keeping the lights on”.
BCS is exploring whether guidelines for infrastructure sectors could be adapted from those published by the Prudential Regulation Committee for financial services.
- The analysis makes recommendations on information sharing, so that organisations can make more informed decisions. Government could promote and support information sharing on failures of digitalised services. This would prompt Boards to take responsibility for resilience of the services supplied by their organisations. The sharing should include both breaks caused by cyber-attacks, and by software accidents. Government departments could take a lead on publishing failure data on their own services, using a framework based on that proposed for Regulated Data Service Providers by the Network and Information Systems Directive and Regulation, which addresses availability; integrity, authenticity or confidentiality; risk; material damage to users,
- There is an emerging cross-government focus on improving the resilience of the UK economy. So in addition to information sharing the Government could be working with insurers on catastrophe insurance for cyber-attacks and software accidents. Insurers already play a key role in encouraging improved practice in safety and resilience.
Clearly, any foresight work on resilience will need to take into account the key role of digital services in the economy and society.
Written by SAMI Emeritus Fellow Gill Ringland who is also a Fellow of BCS.
The views expressed are those of the author(s) and not necessarily of SAMI Consulting.
Achieve more by understanding what the future may bring. We bring skills developed over thirty years of international and national projects to create actionable, transformative strategy. Futures, foresight and scenario planning to make robust decisions in uncertain times. Find out more at www.samiconsulting.co.uk.
If you enjoyed this blog from SAMI Consulting, the home of scenario planning, please sign up for our monthly newsletter at newreader@samiconsulting.co.uk and/or browse our website at https://www.samiconsulting.co.uk
(Image by Mediamodifier from pixabay.com)
