The Network Effect at CogX2019, AI Festival - Part 1

This two part blog is a reflective look into the network effect in general, the state of AI, the origins of software engineering, the UK MOD Dstl / APMG’s Cyber Defence Capability Assessment Tool (CDCAT®) network effect and what might be the future of a cyber secure digital world after attending the CogX 2019 Festival of AI and Evolving Technology on 10-12 June 2019.

At CogX [1, 2] in ‘The New Era of Life’ session Gigi Levy-Weiss, Managing Partner, NfX, presented on the ‘Network Effects in Computational Biology’.  An awe inspiring, somewhat scary and amazing future of synthetic biology at the touch of a digital button not decades away but happening today. 

The network effect is of course not new, an internet search gives us many similar definitions, here are two:

NfX describe 13 common network effects: physical, protocol, personal, market network, marketplace (2-sided), platform (2-sided), asymptotic marketplace, data, technology performance, and bandwagon.  And perhaps we can add another to this list in complex systems management, but this might be a super-category of them all.  

I have come across the network effect several times, firstly in 1992 in estimating future transponder capacity for a new class of satellite – the connectivity of platforms and digital services as the satellite communications transitioned from point to point connectivity to packet switched networking based on the Internet Protocol, IP4. 

Then again in 2000 as telecommunications operators via the TMForum collaboratively explored the incremental connection of many applications in their back office to automate service delivery. They rapidly found that the cost of maintaining software interfaces became uneconomic as the network effect become apparent.  This is where n applications produce nx(n-1) interfaces which grows very rapidly in size with n, roughly as n squared. From this was born the service-oriented architecture(SOA) and the communications services bus of just n interfaces.  Thus, dealing with this cost linearly with n whilst still empowering the network effect via the bus to deliver connectivity as n squared. Today’s knowledge-based metrics from AI were first postulated from the process orchestration in this work but are nothing new, an affinity analysis revisited [2], but brought to life in novel and amazing ways.

And now in the CogX talk ‘The state of cyber threats’ Dave Palmer, Director of Technology, Darktrace, describes the state of the art in their autonomic control of cyber with AI behavioural analytics and decision response. Robert Hancock, Chief Research Scientist, BT, described the ability of AI to pinpoint at awesome scale correlated activity of attackers with precision. Grace Cassy, Co-Founder, Cylon, described that 80% of breaches are down to a human failing with skills in cyber solutions expensive and rare – and that AI automation is needed. And yet in the session discussion the question put by Kenneth Cukier, Senior Editor, The Economist, was are we winning or losing?  In debate the jury is split, Robert suggesting we are not winning .  So yet even with the power of AI and its new age metrics on complex systems, we can’t yet see a winning strategy – Dave Palmer suggesting that this is one risk that never goes away and just must be managed. I suggested in fact we are winning from one perspective, in economic terms, as society has realised that there is quantifiable cyber risk that it is prepared to tolerate – an appetite to take risk – cyber has become mainstream to business mission resilience, not simply digital resilience. Cyber security is now receiving investment to manage this risk and is no longer the Cinderella of service delivery, but the risk does need to be quantified.

At this point let us go back to the 1960’s and the development of the Apollo 11 Guidance Computer (AGC) and the seminal work by Margaret H. Hamilton of the Instrumentations lab (now Draper Laboratory) at Massachusetts Institute of Technology, MIT, in creating Software Engineering[4].  Have a listen to this [5] BBC World Service audio article ’13 Minutes to the Moon: Ep.05 The fourth astronaut’ on the world’s first portable digital general-purpose computer, the AGC. In this Margaret describes trapping [software] interfaces errors: wrong time, wrong priority, wrong data – i.e. interface orchestration in the connection of things – things stopping the network effect.   These limit the performance of the effect and when targeted deliberately allow bad guys, girls or machines to piggyback any flaws to exploit the network effect to an adverse outcome (just my views not directly from MIT or Draper by the way).

So this brings us to the UK MOD Dstl and APMG Cyber Defence Capability Assessment Tool(CDCAT®) from which in 2010 we discovered our own network effect.  And in the context of the CogX session “Data Centric Engineering Part 2: how digital twinning will reshape engineering” we can re phase CDCAT as your ‘Cyber Digital Capability Assessment Twin’.   If we look at network effects in reverse and invert the previous definitions:

A user here can be a wanted or unwanted user, i.e. a cyber attacker.

In 2010 after the Confiker virus went global and stopped ships and aircraft operating with many more adverse outcomes.  UK MOD, Dstl, were asked to establish ‘what does good look like’ in cyber security operational risk management and measurement.  Confiker was preceded in 2005 by the ‘Love Gate virus’ on a smaller scale, and was followed in 2018 by ‘WannaCry’and ‘NotPetya’ on a much bigger scale.  The Dstl research by, fusing information assurance, computer network operations and service management of service delivery, found a complex system of network effects.   We established what a good assessment system looked like, and this is still good today almost 10 years on. The network effect, including its degradation gives us a means of understanding the manageability of risk in service delivery – operational resilience - and to quantify the value of this cyber risk in meaningful metrics.

In 2018 we started exploring the use of AI methods to analyse our network effect, APMG’s CyberFirst student won CyberFirsts’ ‘The Best Industry Summer Placement 2018’ for our work on processing the complexities of systems management. We know this AI stuff works and as demonstrated by the speakers at CogX in a profound way too. The metrics and insights it provides in making sense of complex systems is a revelation. Whilst our CDCAT® assessment results on cyber security help better prioritise your improvement programmes – remember from above we need to make good that incremental benefit where most needed, but you must know where that network effect benefit comes from and how to get it working to your advantage.

Part two to follow will continue with some mind- blowing speaker sessions from the CogX 2019 Festival of AI and evolving Technology.