Impartial risk assessments of systems require independent external audits. Identifying risks posed by automatic self-auditing systems is not easy. How should internal self-auditing computing devices produce compliance data for validation by external auditors? Mercuri and Neumann offer timely viewpoints on the consequences and solutions to the threats of self-checking systems.
Undeniably, self-auditing systems are vulnerable to the lack of transparency that inhibits trust. The authors arguably discourage internal self-audits that encourage the misuse of system resources and make systems vulnerable to security attacks.
The paper discusses the inadvertent risks of errors and security due to the unrelenting innovative technological applications in medicine, the car manufacturing industry, electronic elections, and the management of complex organizations. The never-ending reliance on the use of digital devices to monitor the health conditions of patients, who have no knowledge of inaccurate meter displays, is a major problem design engineers and medical providers must resolve. Car manufacturing companies ought to be performing compliance testing for the standard verification of nitrogen oxide emissions by real road tests, instead of using automated factory test procedures. Certainly, reliable electronic systems should provide for external validation of all ballot entries. Unquestionably, the individual self-imposed monitoring systems of any complex organization, each with its implicit safety measures, can become catastrophic; for example, the paper insightfully reflects on the Deepwater Horizon project.
The authors concisely use practical examples of the potential security design flaws in automated teller machines, global positioning systems, and electronic voting systems to advocate the need for objective and reliable external auditing systems. I call on system designers concerned about system reliability to read this paper and weigh the roles security-related standards and compliance should continue to play in the formal and informal verification of future electronic and digital systems.
