HISC 2023 blog series: interview with Paul Butcher, UK Programme Manager at AdaCore

Posted on August 09, 2023

HISC is now in its tenth year. What trends and technical advances have you seen over the past ten years which impact the trustworthiness of software ecosystems?

Over the last ten years, we've seen substantial advances in software-related technology to leverage performance enhancements, miniaturisation and the growing interconnectivity of networked hardware components. As hardware capabilities evolve and provide an ever-growing feature-rich environment, software must adapt to maximise the benefits of the latest and most significant characteristics. Examples driving this growth include increased bandwidth in wireless network protocols and cloud computing technology. However, the more we expand the external connectivity of systems, the more attack vectors we identify from the security environment. In addition, the ever-growing demand for more complex systems increases the likelihood of undetected exploitable vulnerabilities in deployed software. The rate at which low-assurance software is released into the wild is staggering; this emphasises the cost and effort involved in producing high-assurance software.

What are you most looking forward to at this year’s HISC?

As a co-chair of the HISC Programme Committee, I'm lucky enough to be involved in the orchestration of the conference programme. The Call for Presentations was a fantastic success, which left the committee with many difficult decisions over which talks to select. Subsequently, this year's event will be an absolute corker! Some big hitting talks that I'm looking forward to include: Helen Lovekin (NCSC), talking about updates to the National Cyber Strategy, Paul Casely (DSTL), providing thoughts on Digital Security by Design successes and learning about the concrete solutions Nikita Johnson (Rolls-Royce), Adrian Waller (Thales UK) and Naomi Farley (Thales UK) have been working on for meeting cyber security for airworthiness objectives. However, all of this year's talks are very strong, and it's easy to argue that we have something for everyone. In addition, and currently yet to be known to the delegates, we also have a fantastic draft concept for the closing panel session. So as not to spoil the surprise, I won't say any more at this stage, but ultimately the panel discussion has the potential to be very enlightening, a lot of fun and is what I'm most looking forward to!

What lessons can we learn from the last ten years, and how can we ensure we build on experience throughout the next ten years?

Over the last ten years, multiple high-profile software-related safety incidents have occurred. This is alarming and incredibly sad when you consider the time, effort and money governments, industry, and academia has spent establishing proven processes, methodologies, and tools and producing experienced high-integrity engineers. While the mistakes could be credited to a lack of understanding, I'd argue that cost-cutting, unrealistic expectations and trying to meet unobtainable customer demands play a role. HISC brings together a community that understands how to develop high-assurance software and appreciates why we should do it. No amount of profit or project success should ever outway safety, and if we learn anything moving forward, the HISC community should be steadfast in ensuring deployed software can be relied upon to function safely and correctly. In addition, we need to establish a better industry-wide understanding of cybersecurity and how to design, implement and deploy vulnerability detection and attack countermeasures, particularly where cybersecurity directly impacts safety. That being said, and through the evidence of the innovations and enhancements to the state-of-the-art that will be presented at HISC 2023, I'm confident that the future will be safe and secure.