The world is connected like never before. However, it comes with a cost. System failure could be a global catastrophe. The recent crash of Ethiopian Airlines Boeing 737 Max 8 in Ethiopia falls under cybersecurity failure whether it was a software defect or a pilot training issue.
The Co-founder of the Cardano project and CEO of IOHK, Charles Hoskinson, on his twitter account said he would not be surprised if the incident turned out to be related to hacking mentioning that the planes are hyperconnected with so much complex software.
Businesses are in a rush to win markets and stay relevant. Most projects have a strict delivery deadline and budget constraints. For this reason, the ‘code first and fix bugs latter’ approach of software engineering has been popular and has been used in so many projects.
However, winning international market entry by cutting costs and avoiding thorough testing or delaying the necessary training and or updates should not be done at the cost of lives. Unfortunately, system maintenance and upgrades are being considered a major source of income for many businesses that are engaged in software development hence encouraging a partial delivery of system in anticipation of income from future engagements.
Security is a continuous process. Most system failures are unintentional consequences of either a software-hardware malfunctions or people errors. Fortunately, there are many preventative controls that can be used to avoid such an unfortunate incident. System testing should evaluate the functionalities of the system and assess the system’s compliance with its specified requirements. Thorough system testing helps us to identify potential defects and reduce or avoid the occurrence of errors.
The lack of a research-driven approach to software engineering and the consequences of poor system design and testing strategy is not just unethical. Some argue that it should have a clear criminal implication.
Furthermore, delegating more power for centralized system regulators under the pretext of security is a security flaw in itself. True decentralization and separation of powers play a major role in preventing, detecting, correcting, as well as acting as a deterrent control by encouraging transparency and compliance.