Alan Turing Centenary Celebration

October 16, 2011

Back in September 2009, I posted a note here about UK Prime Minister Gordon Brown’s official apology to Alan Turing, the English mathematician and pioneer computer scientist.  Turing was a central figure in the successful British effort, at Bletchley Park, to break coded messages produced by the Germans’ Enigma cipher machine; some historians say that the efforts of Turing and his colleagues shortened WW II in Europe by two years.   He also was a pioneer in the fields of computer science and artificial intelligence.  Alan Turing Year 2012

June 23, 2012, is the centenary of Alan Turing’s birth in London, and there is an effort underway, the Alan Turing Year,  to mark the year as a celebration of Turing’s life and scientific accomplishments.

During his relatively brief life, Turing made a unique impact on the history of computing, computer science, artificial intelligence, developmental biology, and the mathematical theory of computability.

2012 will be a celebration of Turing’s life and scientific impact, with a number of major events taking place throughout the year. Most of these will be linked to places with special significance in Turing’s life, such as Cambridge, Manchester and Bletchley Park.

A number of special events have already been planned, and there are undoubtedly more to come.  The project is being managed by an advisory committee (listed on the main page), and is sponsored by a variety of organizations, including the British Computer Society, the Association for Computing Machinery, Microsoft Research, the Royal Society of Scotland, the German Mathematical Society, and Wolfram Research.

In a related item, a post at the I Programmer  blog reports that Warner Brothers has just acquired the production rights for a new biographical film about Alan Turing’s life.  The script, The Imitation Game (presumably a reference to the Turing test), by Graham Moore, is apparently based on  Andrew Hodges’s wonderful biography, Alan Turing: The Enigma.  Apparently the scuttlebutt is that Leonardo di Caprio “has the inside track” to play Turing.   This is a different film from the documentary project I wrote about in February.   And it appears that at least one additional production is in the works:

In the UK Channel 4 has also commissioned a new documentary with the working title The Hero of Station X .

(Station X was the code name used to refer to the British WWII code-breaking effort at Bletchley Park.)

Turing, who was named one of Time magazine’s 100 Most Important People of the [20th] Century, would have been an important figure even if the war had never occurred.  It is heartening to see that his many contributions are being recognized, even if belatedly.

SEC Issues Attack Disclosure Guidelines

October 16, 2011

One of the things that can make assessing the overall state of system and network security difficult is the reluctance of some organizations to reveal that they have been attacked.  Sometimes, they prefer to keep the attack secret, or at least try to, presumably because they feel that disclosure would be embarrassing and damaging to their public image.  Some state laws require disclosure, especially in cases where personal data is exposed, but even in these cases there is a tendency to do the least disclosure possible.

Public corporations — those whose stock is publicly traded — have for many years had a duty, under US securities law and associated regulations, to disclose material events that might affect the firm’s business or prospects.  For example, if another firm  were to introduce an improved competing product, or if the corporation were sued on the grounds of patent infringement, a disclosure to investors would be required.

Now, according to an article at ThreatPost, the Kaspersky Lab security news service, the US Securities and Exchange Commission [SEC] has issued guidance that suggests circumstances under which corporations may need to disclose attacks, or potential attacks.

The Securities and Exchange Commission has issued new guidance to help public companies determine when they may need to disclose an attack–or even a potential attack–in order to make potential investors aware of possible risks to the company’s business.

The SEC has issued the material as guidance, not as a regulation.  It is still up to the companies themselves to determine exactly what they should disclose; but the publication of this guidance will probably motivate a bit more openness.  As the actual guidance document says, the disclosure determination is to be made within the framework of existing law and regulation.

Although no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents, a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents. In addition, material information regarding cybersecurity risks and cyber incidents is required to be disclosed when necessary in order to make other required disclosures, in light of the circumstances under which they are made, not misleading.

We live in an environment where people, and companies, are becoming more and more reliant on technology to carry our their everyday business; moreover, businesses in general actively promote conveniences made possible by technology.  So I think there can be little argument that a system security breach could potentially have a very material effect on a firm’s prospects, and I welcome this move by the SEC as a logical extension of the disclosure framework that has been in place for many years.

%d bloggers like this: