Herbert Lin - Cyber Risk Across the U.S. Nuclear Enterprise
Buongiorno Si tratta certamente di uno degli articoli piu' chiari che mi sia mai capitato di leggere sul nesso cyber-nuclear. Tutti i concetti esposti possono essere compresi facilmente anche _senza_ possedere competenze/conoscenze specifiche ne' su questioni miliatri/nucleari, ne' su questioni cyber/informatiche.Per di piu', alcune considerazioni fatte per esempio sulla transizione _legacy --> modernized-systems_ si possono, a mio avviso, applicare a _qualunque_ sistema digitale. Ne suggerisco vivamente la lettura! https://tnsr.org/2021/06/cyber-risk-across-the-u-s-nuclear-enterprise/ Diego -- Dott. Diego Latella - Senior Researcher CNR/ISTI, Via Moruzzi 1, 56124 Pisa, Italy (http:www.isti.cnr.it [1]) FM&&T Lab. (http://fmt.isti.cnr.it) CNR/GI-STS (http://gists.pi.cnr.it) https://www.isti.cnr.it/People/D.Latella - ph: +390506212982, mob: +39 348 8283101, fax: +390506212040 =================== I don't quite know whether it is especially computer science or its subdiscipline Artificial Intelligence that has such an enormous affection for euphemism. We speak so spectacularly and so readily of computer systems that understand, that see, decide, make judgments, and so on, without ourselves recognizing our own superficiality and immeasurable naivete with respect to these concepts. And, in the process of so speaking, we anesthetise our ability to evaluate the quality of our work and, what is more important, to identify and become conscious of its end use. […] One can't escape this state without asking, again and again: "What do I actually do? What is the final application and use of the products of my work?" and ultimately, "am I content or ashamed to have contributed to this use?" -- Prof. Joseph Weizenbaum ["Not without us", ACM SIGCAS 16(2-3) 2--7 - Aug. 1986] Links: ------ [1] http://www.isti.cnr.it
https://tnsr.org/2021/06/cyber-risk-across-the-u-s-nuclear-enterprise/
Grazie Diego. Solo un commento veloce. "the F-35 will require at least 8 million lines of software code. This software will support the F-35 in a variety of missions, including air-to-air combat; air-to-ground attack; electronic attack; and intelligence, surveillance, and reconnaissance ... A recent report from the U.S. Government Accountability Office probed cyber vulnerabilities in U.S. weapons systems and arrived at some worrisome conclusions. This report noted that the Defense Department routinely finds mission-critical cyber vulnerabilities during operational testing of weapons systems that are under development, pointing out that "using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected". Even worse, the Government Accountability Office found that the discovered vulnerabilities represented only a fraction of total vulnerabilities because not all weapons systems were tested ... An increase in the technological sophistication of software can break this link in the short term. For example, compilers that translate high-level languages into machine code enable the development of programs that are less complex and more easily understandable (at the source code level) for a given level of functionality (as defined by what the computer actually does at the machine code level). But in the absence of continuous increases in sophistication of software-building technology, functionality means more complexity. 8 milioni di LOC, di cui la stragrande maggioranza in C/C++ ? Nell'industria la media di bug è 15/50 per 1000 linee, quindi, anche considerando il limite inferiore, siamo a 120.000 bug, compreso bug "fine del mondo" Antonio
participants (2)
-
Antonio Iacono -
Diego.Latella