Arguments Against Safety Critical Systems Information Technology Essay
The A320 airbus crashes have raised concerns for not only safety-critical systems but also human errors. Investigators decided the cause for some of the crashes was “pilot error”. The official report on the crash indicated that reasons for the error probably included the pilots’ lack of familiarity with the automation equipment and confusing design of the controls and displays. This report says that systems are working as per the instructions but the persons who are giving the instructions are not understanding or well trained. This states that there will be wastage of resources in making legal standards and regulations to govern them; instead people should be well trained to use the equipments.
Therac-25 is one more case of misunderstanding of the system like some error messages that appeared on the display were like “Malfunction 54” or “H-tilt”. The people working on the system don’t understand the message and ignored it as general errors, which are actually related to over dosage. This also implies that system was misunderstood by the people working on it. It does not need legal standards and regulations for training the employees working on them. This might discourage the development as developers or industries think it is very difficult to get approval and their investment in such project might fail in case any minor system error which might not affect the safety of the system.
B) Provisions that may be included in such regulations and effectiveness
1) Having different liability standards for software and physical products raise some problems. A microwave oven has embedded software. If the sellers of microwave oven claim that the weaker standards of software should cover their product faults? This should be clearly mentioned as some software have no guarantee that it works properly. In case of safety critical computer based systems, vendor should not be able to prohibit the user from claims from faulty functionality of the software.
2) Regulation should include specific testing requirements and requirement for approval by a government agency before a new product can be sold. Regulations such as FDA should regulate these types of product development and testing.
2) Stakeholders for the scenario are
1) The software company which is introducing the product in the market.
2) Programmers & testers
3) Project Manager
Company announces that they are going to launch a new product into the market and the possible features of it.
Detailed report of the alpha and beta test reports and potential usage of the product in the current market.
Project manager had to take the responsibility to complete all the tasks of testing and launching the product as per the schedule.
Programmers and testers have to work at an accelerated phase to complete the product testing and fixing the bugs.
Programmers & Testers
Programmers and testers are supposed to complete alpha and beta testing within less than 4 months so that the product can be launched in the industry tradeshow.
As the software product is very new one and no other software is present in the market, there are little chances for known issues on the similar products in the real time usage.
Programmers should carefully design the program in such a way that it is free of possible bugs and there is very little time for testing.
Testers are expected to complete the alpha and beta testing within these two months.
Project Manager plays a very critical role in the completion of the project as the supposed activities of alpha and beta testing actually takes 14 months but the accelerated project have only 2 months to complete.
Project manager have to keep in touch with the teams and track the testing, bug fixing activities in phased manner.
Project manager is responsible for the success of the product as this is new product and less known about the real time problems.
Bug tracking and final product are the important responsibilities of the project manager.
Will update the status of the project to the project manager and owner.
Possible difficulties in completing the project in regular release date of 14 months as well as accelerated 2 months.
Try to gather more information from the beta testers as alpha testing and beta testing are almost crunched to 2 months.
3) Therac 25 radiation overdoses cases
Manufacturer must have finely tested the Therac 25 during the beta testing as beta testing is a near final stage of testing. Beta testing might have detected the dose rate malfunction. The obscure messages like “Malfunction 54” or “H-tilt” is not at all the useful for the end user and this will be changed to useful error message if tested properly in beta testing. Manufacturer failed in fixing the bugs which gave massive overdoses of radiation to six patients at four medical centers.
Four medical centers used the Therac 25 and they gave massive overdoses of radiation to six patients. In these cases, hospitals/clinics have not trained the employees in using the system. The obscure messages such as Malfunction 54 or H-tilt did not include any explanation of them in the message and user had to look up each error number in a manual for more explanation. Hospitals/clinics failed to implement the training of the users. The machine distinguished between errors by the amount of effort needed to continue operation. For certain error conditions, the machine paused and the operator could proceed by pressing one key. This might not be the suggested act on the Therac 25, but that was done.
Programmer is responsible for software errors and some of the errors are as below. After the operator entered treatment parameters at a control console, a software procedure called Set-up test performed a variety of checks to be sure the machine was in the correct position, and so on. If anything was not ready, this procedure scheduled itself to rerun the checks. The set-up Test procedure can run several hundred times while setting up for one treatment. The various checks ensure that system is working fine. But due to a bug in the software, the program did not check the device position, and the treatment could proceed. Investigators believe that in some of the accidents, this bug allowed the electron beam to be on when the turntable was positioned for use of the light beam, and there was no protective device in place to attenuate the beam. Programmer is responsible for the bug fixes and these bugs if fixed might have made the Therac -25 work without errors.
Denver Airport baggage
Denver Airport baggage was one of the popular examples for software failure. The project is planned to handle baggage automation for the entire airport. Due to complex architecture and misunderstanding of concept, the system failed which made the new airport to halt for 16 months while the engineers worked on getting the baggage system to work. The final system rather than integrating all three concourses into a single system supported only outbound flights on a single concourse only. As it failed to complete within the stipulated time, all other baggage was handled manually. The system which was built also didn’t worked well and in Aug 2005, the whole system was scrapped. The main reasons for the failure of the system are complex architecture, changes in requirements, overconfidence of the project completion, underestimation of complexity, schedule and budget. No strategic plan of backup in case of emergency and system failure is the cause of Denver airport baggage crisis.
Ariane 5 rocket malfunction
Less than 40 seconds after the launch of the first Ariane 5 rocket, the rocket veered off course and was destroyed as a safety precaution. The rocket and the satellites it was carrying cost approximately $500 million. A software error caused the failure. The Ariane 5 used some software designed for the earlier, successful Ariane 4. The software included a module that ran for about a minute after initiation of a launch on the Ariane 4. It did not have to run after takeoff of the Ariane 5, but a decision was made to avoid introducing new errors by making changes in a module that operated well in Ariane 4. This module did calculations related to velocity. The Ariane 5 travels faster that the Ariane 4 after takeoff. The calculations produced numbers bigger than the program could handle which is technically called as overflow, causing the system to halt.
A320 Airbus crash
The A320 airbus airplane was the first fully “fly-by-wire” airplane. Pilots do not directly control the plane. Their actions are inputs to computers that control the aircraft systems. Between 1988 and 1993, four A320s crashed. In investigations, it is declared as pilot error, but pilots complained it has its own mind and suddenly behave in unexpected and inappropriate ways. In one crash, the pilots specified a rate of descent of 3,300 feet per minute instead of the normal 800 feet per minute. The official report on the crash indicated that reasons for the error probably included the pilots lack of familiarity with the automation equipment and confusing design of the controls and displays. The crew left the vertical navigation entirely to the automatic systems although there were indications that the plane was descending too fast. All these happened due to over confidence on the system, complex system to understand.
User Interface and human factors
In the case of A320 airbus crash, it is observed that pilots are not able to understand the controls. The pilots need feedback to understand what the automated system is doing at any time. This is critical when the pilot must suddenly take over if the automation fails or if he or she must turn it off for any reason.
Ariane 5 rocket malfunction is due to failure in testing for the module which they actually designed for Ariane 4. If they had tested for Ariane 5, they would have found the overflow error earlier before the actual use of it in the launch of the rocket.
Redundancy and self checking
Systems that operate in dangerous physical environments where human lives are at stake or in other systems where a failure would have disastrous effects should take extra precautions. Consider the case of Therac 25 which failed at self checking and redundancy. If the self check was done properly and the users are given proper training, it would not have any given any trouble.
Recall the computer models developed to predict the change in health care costs that would result if the U.S. adopted a Canadian style national health plan and the computer models developed to determine if reusable (cloth) diapers are better for the environment than disposable diapers. In both cases the results from multiple models varied widely. For each, give three reasons why the results varied.
Are reusable diapers better for the environment than disposable diapers? When environmentalists proposed bans and taxes on disposable diapers, this controversy consumed almost as much energy as diaper manufacturing. Several modelers developed computer models to study the question.
Among three models developed to predict the change in health care costs that would result if the US adopted a Canadian style health plan, the predictions varied by $279 billion. Two of the models predicted large increases and one predicted a drastic decrease in health care costs. Why was there such as difference? We discussed this below in brief. There are both political and technical reasons why models might not be accurate. Political reasons, especially for this example are probably obvious. Among the technical reasons are the following:
We might not have complete knowledge of the system we are modeling. In other words, we might not fully understand the basic physical or social science involved.
The data describing current conditions or characteristics might be incomplete or inaccurate
Computing power could be inadequate for the number of computations needed to model the full complexity of the system.
It is difficult, if not impossible, to numerically quantify variables that represent human values and choices
Cloth Diapers vs. Disposable Diapers
Points to be considered while deciding the computer model
How many times do parents reuse a cloth diaper before discarding it?
Should the model give credit for energy recovered from incineration of waste? Or does pollution from incineration counterbalance the benefit?
What value should the model assign for the labor cost of washing diapers?
How many cloth diapers do parents use each time they change a baby?
The model assumes that the parents have the same type of usage in both places.
The diapers would not have the number of usage cycles as assumed in the model as the location is different one.
Model assumes all the children are similar and the usage is also similar, but this is not true as per the usage statistics are observed carefully.
Considering these variations in the assumptions of the models, there are results which are either not matching or varied widely.
5) A) Identity Theft
Identity theft describes various crimes in which a criminal (or large, well-organized criminal group) uses the identity of an unknown innocent person. If thieves get credit or debit card numbers, they buy expensive items or sell the numbers to others who use them. If they do not have card numbers, they use other personal information (SSN, for ex) to open new accounts in the victim’s name. They take loans, buy groceries, and raid the victim’s bank account, pass bad checks, or use the victim’s identity in various other ways for financial gain. A security company executive says “there’s a thriving underground economy that’s trading stolen information that will lead to identity theft. A complete identity sells for less than $20”.
The many tactics used for identity theft and credit and debit card fraud and the many solutions developed in response illustrate the continual leapfrogging between increased sophistication of security strategies and increased sophistication of criminal strategies. They also illustrate the value of mix of technology, innovative business policies, consumer awareness and law to solve the problems. For the public and for anyone working with sensitive personal data, it is necessary to remain aware and flexible.
b) Describe two techniques criminals can use to gather the information they need to steal an identity.
Phishing is an example of social engineering, a method used by hackers: a thief or hacker directly asks a person for sensitive information with some false pretext. Identity thieves take advantage of our knowledge that there is a lot of online fraud. Several pretexts that appear frequently in phishing emails warn that there has been a breach in the security of your bank or paypal account and you need to respond to determine whether someone else is misusing your account. Some emails tell recipients that they just made a very big purchase on ebay, and if the purchase was not really theirs, they should click a link to cancel the order. In a panic, people do and enter their identifying information when asked for it.
Pharming is another technique to lure people to fake web sites where thieves collect personal data. Normally when we type a URL, for instance www.mybank.com our browser looks up the URL on one of many domain name servers (DNS), special computers on the internet that translate URLs into actual Internet addresses (strings of numbers called Internet Protocol [IP] addresses). Pharming involves planting false internet addresses in the tables on a DNS. (some software, inadvertently downloaded from a dishonest or hacked web site, plants false IP addresses in small tables maintained on individual PCs). Thus typing the URL of a bank or travel site, for example might lead someone to a counterfeit site set up by identity thieves. Corrupting a DNS is more difficult than sending a huge number of phishing emails. Hence, it is much less common.
c) Describe two ways a person can protect their identity.
Authenticating email and web sites
Email programs, web browsers, search engines and add on software (some free) can alert users to likely fraud. Spammers fake the apparent return address on email but some email programs let users check the actual return address. Some mail programs will alert the user if the actual URL that a link will take you to is different from the one displayed in the text of an e-mail message.
Whether someone reaches a web site from a link in an email or by browsing or searching various tools can help determine whether the site is safe. Sometimes, fake websites are easy to spot because of poor grammar and generally low quality. Software can reasonably well determine the geographic location of a site. If a website claims to be US bank but it is located in Romania, it is wise to leave.
Some browsers (and add on software used with browsers and search engines) will flag web sites they consider safe or show alerts for sites known to collect and misuse personal information.
Authenticating customers and preventing use of stolen numbers
Financial institutions have added procedures to authenticate customers making it more difficult for a thief armed with a stolen account number and other commonly used identifying information to withdraw money from an account. Some financial institutions store an identification number for the customer’s home computer or laptop and then verify the machine used when the customer logs on. Some ask the Customer to provide extra information when the account is first opened and then ask for some of that information at login.
Some ask the customer to select from a group of several images when the account is opened and then require the customer to identity the image at login. (Note the latter is similar to the Web site authentication method described earlier. but used in this way, it helps to authenticate the user.) Improved security guidelines and requirements from government agencies spurred some of the security improvements for online banking and investment sites.
d) Describe two ways a business can protect its customers from identity thieves.
Biometrics is biological characteristics that are unique to an individual. They include fingerprints, voice prints, face structure, hand geometry, eye (iris or retina) patterns and DNA. Biometric technology for identification applications is rapidly developing. It is one the way business can protect its customers from identity theft especially in financial and other critical transactions.
Artificial intelligence techniques
This type of security is provided by some security firms which offer more sophisticated authentication software using artificial intelligence techniques. The software calculates a risk score based on variation from the time of day a customer usually logs in, the type of browser regularly used, the customer’s typical behavior and transactions and so on. This is one type of technique but raises point of privacy from privacy advocates and general public.Order Now