Lockdown Vorbereitung

Hinsichtlich der stetig zunehmenden Corona-Infektionszahlen und dem erneuten Höchstwert für einen Samstag von +28.438 sind härter Maßnahmen im Kampf gegen die Pandemie zu erwarten. Vollkommen unabhängig davon, was die Ministerpräsidentenkonferenz am Sonntag, also morgen, ergeben wird: Ministerpräsident Söder wird sicher für die Härtesten Maßnahmen plädieren und diese in Bayern auch umsetzen. Es gilt vorbereitet zu sein. Während wir alle im Frühjahr gelernt haben, dass die Versorgung mit Klopapier nicht abreissen wird, gilt es die seelische Seite zu versorgen. Weil Skifahren und Wintersport auch ausfallen wird, bietet sich für die voraussichtlich langweiligen Weihnachtsfeiertage deshalb die Playstation an. Genug Abwechslung vorausgesetzt.

daily, photo, 12.12.2020.

Lifelong Learning

IEEE’s Educational Activities Committee (EAC) invited me for their regular meeting, that happens May 13th and 14th in Porto, Portugal. Me being there is to represent Action for Industry Committee (AfI). On first priority, the attendance is to foster inter-committee cooperation. However, one of the items we’d love to promote to industry, but to everybody else, is that education is important. In particular in Industry, where innovation and therefore differentiation from the competition is key to any activity.

To make the point about lifelong learning: upcoming, innovative technology trends, just to mention the Internet of Things, Electromobility or Autonomous-Driving require broad sets of expertise’s, abilities and complex organisations to come to life.

The Internet of Things, while being a vague term, is often associated with an App controlling a device remotely. While this looks easy on the outside, looking into the workings of such a product, it typically requires skills from 2 mobile platforms, Android and iOS, potentially Web. The connectivity part requires knowledge about transport protocols, that need splitting into IP protocols and constraint field busses. The cloud end alone is typically broken down into data transfer, data storage and data processing, while the field offers a broad choice of communication protocols and physical layers, all for different purposes and use cases. Not to mention the engineering, design, production process and supply chain that yields a physical device that a consumer wants to control. Adding in service based products, that give a customer a better understanding of usage patterns, energy savings, potentiation gameification of product use, require data processing and analytics.

This very high level example requires at least 3 major degrees, again, not mentioning the business administration side, that’d increase the count to 4 major degrees, with about 3 minors each, just on the upside estimate.  Highly complex products like this need highly skilled engineers and managers, that do not only need to execute on producing and operating a device, but also keep up on technical ability to stay on top of upcoming technologies, processes and procedures.

Lastly, any requirement to understand peering functions and technology makes the final argument for lifelong learning, because not only does the world change so fast, there is always fields interfering with an engineers major in an evolving market. This way, lifelong learning is not only something desirable to one self’s development, but a fundamental requirement to stay ahead of the market.

IEEE’s main pillars are academic publications, conferences and standards, all carried by an overwhelming number of volunteers. These are all, with no doubt, convinced that sharing knowledge increases knowledge. The really differentiating fact for IEEE is these are not from a single domain of research, but these ~420.000 members are organised in 39 technical societies, spanning all different kinds of technology and research.

Through this large spectrum of interest and the volunteering nature of the organisation, it enables lifelong learning through the exchange of ideas and knowledge alone, with Committees like the EAC fostering the activity, and Action for Industry keeping the relationship with engineers in industry.

The magical security unicorn.

The purpose of security software is to make other software more secure. This is what the security industry claims, sometime with legit arguments, sometime the industry tries to chase unrealistic ideals, as a recently linked article suggest.

And I couldn’t agree more. The security industry approaches the problem from the wrong end, most of the time. With keeping in mind the principles of security, Integrity, Availability and Authenticity, security software helps mitigate threats in the class of Vulnerabilities, Exploits and malicious software and payloads. Products available to purchase can be considered in classes of, Encryption (Integrity and Authenticity), for data in rest (disk encryption, file encryption) or for data in transit (VPN or protocol encryption). Backup is clearly saving Availability, but most companies in the security industry consider this a different topic. Then there are products to limit access, e.g. Network Layer Firewalls, which have a very distinct functionality. Up to here, things are very clear and deterministic. When it comes to Application Layer Firewalling, e.g. Web Application Firewalls things start to get fuzzy.

Products that aim to protect from any unknown threat, malware or payload, like Anti Virus, Anti Spam, Intrustion Prevention and even Vulnerability Scanners, provide information that is know already.

Now that a particular exploit is know, protection for it can be provided in two distinct locations: the vulnerable software can be patched to remove the problem. Or, what the security industry offers, have another piece of software in place that tries to protect from something that is known already. And with that, raising system complexity and opening another vector for vulnerability.

The sustainable approach is to invest in secure software and architecture, that has built in encryption, authentication and redundancy. This is something the security industry can provide as technology vendors, rather than chasing the magical unicorn.