As CIO we are always trying to move our companies forward because we understand the importance of information technology. What this means sometimes is that when our company has a piece of equipment that has become outdated or perhaps no one knows how to use or maintain, we’ll often try to apply a wrapper technique to it. We’ll try to marry modern technology to older equipment in order to extend its life and avoid replacement costs. However, as some CIOs are starting to discover, this is not always a good idea.
If we are going to talk about taking risks with technology, then perhaps we should talk about what happened at Boeing. The investigators who looked into two deadly crashes of Boeing Co. 737 MAX airliners had to grapple with a hybrid of old and new technology, where a complex piece of software controled hydraulic pumps and motors similar to those used when Lyndon Johnson was president. The plane was first designed in the 1960s and modernized three times.
The 737 is currently caked with successive generations of technology superimposed on each other. Digital retrofits to older equipment on the aircraft like the 737 MAX’s anti-stall system – known as MCAS and suspected of having contributed to the crashes that together claimed 346 lives – are increasingly common. From smart-home devices that control oil-burning furnaces to mainframe computers that oversee decades-old power grids, digital controls for older equipment are popping up everywhere around the mechanical world.
The person with the CIO job understands that software has underpinned the internet’s virtual world from inception, of course, and has shown both its potential and vulnerability. Now, with the cost and size of digital sensors plunging and the ability to transmit data increasing, more physical objects than ever are getting linked through software. Even before the Internet of Things (IoT) becomes a pervasive reality, tech experts and public-safety professionals are fretting over the intersection of virtual and real in what they call cyber-physical security.
The worry for the person in the CIO position is that engineers are putting mechanical systems under the command of computers and algorithms without fully understanding the consequences of doing so. Problems include confusion about how controls work, software bugs leading to physical accidents and, most worryingly, cyberattacks on infrastructure like chemical plants or power stations that could cause catastrophes.
Dealing With The Old And The New
Cyber-physical systems are “embedded in virtually all aspects of our lives at this point in time. The Department of Homeland Security (DHS) has since 2013 sought to spot and address potential weaknesses in cyber-physical systems, initially involving cars, medical equipment, building controls and power grids, in a broad collaboration with academic institutions and research institutes. Federal investigators have also pursued wrongdoers who exploited retrofit weaknesses in these systems, from Russian hackers who targeted U.S. utilities to Volkswagen AG engineers who fraudulently passed U.S. emissions tests by doctoring control software that had been added to diesel-engine designs.
CIOs know that cybercrime and malware have long plagued the virtual world, though data breaches, theft and extortion even if they rarely cause direct physical harm. Software bugs can also arise in any physical equipment that is designed from scratch with digital controls, like electric cars, medical equipment and drones. But creators of those systems from the outset link the hardware and the software, and engineers test the products with both in mind. Retrofitted equipment; however, is rarely vetted so thoroughly.
There’s a bigger temptation not to test things when you’re just making a little change by adding automation and that’s a real problem for CIOs. With every adaptation, the potential for problems might accumulate without anyone noticing. Since adding security to older systems is often impossible, DHS is assessing technologies to protect their communication links in order to create an isolation layer and intercept attacks before they reach vulnerable devices. Car makers awoke to their vulnerability several years ago after high-profile hackings that took control of newly connected vehicles. However, the problem for CIOs is that a lot of other industries haven’t had the same wake-up call.
What All Of This Means For You
CIOs understand that the world that we live in is becoming more and more automated each day. The firms that we work for have many older systems that we would like to automate. We can, at great cost, replace these systems with modern systems. However, there is an alternative – we can mate older systems to newer systems in order to get modern benefits without the cost of replacement. However, it is starting to become obvious that there may be a downside to doing this.
The Boeing company discovered the downside to combining older equipment with newer equipment when they lost two 737s due to crashes that were caused by old and new equipment working together. CIOs are in the process of creating a new world that is called cyber-physical security. Cyber-physical systems are all around us. Federal investigators are spending their time hunting down people who have broken into these systems. Retrofitted equipment was never designed with both the software and the hardware in mind at the same time. The testing of these hybrid systems is challenging and often does not get done completely.
CIOs will continue to add new technology to older systems. What we need is a way to take a look at these new hybrid systems and discover when an error has happened. This is going to require a new way of looking at and documenting hybrid systems. The good news is that it is possible to do this. The bad news is that we have not yet done it. Let’s hope that CIOs take the time to make this problem go away before we run into serious problems.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™
Question For You: What would be the best way to test a hybrid old/new system?
Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
Ok, so let’s have a talk here for just a moment. The managers that CIOs are putting into place these days seem to becoming younger and younger. Maybe it’s because there are so many millennials now working in the IT department, but it sure seems as though the pool of candidates that we can promote to manager no longer have any gray hair. This is causing a problem for the person with the CIO job. This new breed of manager lacks some basic training. In order to ensure that this new generation of IT managers is going to be successful dealing with the importance of information technology, is this the time for the person in the CIO position to turn to robots to keep track of how their new managers are doing?