Letters

Pages: pp. 5-7

RISK VERSUS THREAT

To the Editor:

"Denial of Service in Sensor Networks" (Anthony D. Wood and John A. Stankovic, Oct. 2002, pp. 54-62) is an interesting article, but it is important to point out that the authors fail to make a distinction between risk and threat.

The authors state: "Strictly speaking, although we usually use the term to refer to an adversary's attempt to disrupt, subvert, or destroy a network, a DoS attack is any event that diminishes or eliminates a network's capacity to perform to its expected function." But an event is not necessarily an "attack." All attacks are DoS events, but not all DoS events are attacks. In addition, this obviates inclusion of the word "adversary."

We should examine security on a risk basis rather than a threat basis:

• Threat arises from intention; risk does not.
• Threat imports specific consequence; risk is based only upon measurable loss. Loss can be from an attack or it can be inadvertent.
• Threat requires intention; risk does not.
• Threat requires identification; risk does not.

Generally speaking, risk is based on the possibility of a financial loss only. Nothing else is required. In the end, for any event, there will be a resulting cost, no matter how large or small.

A threat includes events in which an actor engages in a behavior intended to cause a minimum loss. Any such loss must, by definition, be measurable or quantifiable.

We can divide risk into two independent and mutually exclusive classes: events that are either identified or unidentified.

We must be certain about the rules of classification. Failing these characteristics or assumptions, any further meaningful analysis becomes more complex. For this reason, examining events with an eye to determining a loss of independence or a lack of mutual exclusivity is of critical importance.

We need to abandon the notion of computer security and further develop the use of a global risk management system or a model to replace it.

Doug Doucette

doucettedouglas@hotmail.com

SCIENCE AND PHILOSOPHY

To the Editor:

As a former physicist and devotee of both science and philosophy, I found Bob Colwell's comments in "Science-Philosophy Celebrity Death Match" (At Random, Dec. 2002, pp. 13-15) both entertaining and meaningful. I'd like to add a few of my own observations on the topic.

First off, progress in science probably should be measured on a logarithmic scale rather than a linear one. If we do that, we might find that progress in past centuries was as great as at present. Visionaries such as Copernicus, Newton, and Einstein made huge leaps forward relative to the understanding of nature in their time. It's not obvious that scientific progress in modern times has been more rapid when measured as I suggest.

I believe that we may be on the verge of a new leap forward in our understanding of nature. Current science, based largely on quantum theory, is good at handling atomic and molecular physics. This in turn allows chemistry to have sound scientific foundations, which then allows biology to become a science, not just a formalistic classification of living things.

But this is where it all comes to a screeching halt. We may not really understand space and time and the boundaries of validity of the quantum theory well enough to push our current view of nature any further. We may need another great leap forward, equivalent to what Copernicus, Newton, and Einstein did in their days.

Here are a few points to ponder:

• Physicists sometimes forget that their theories, their models of nature, are simply mathematical constructs that predict the results observed when we do something to the real world. The models are not the real world; they are simply tools to predict observations.
• Current theories such as the quantum theory are based on assumptions that form the basis for mathematical models. The results may be rigorous mathematical models that are true to the initial assumptions, but they are only as good as those assumptions. My recollection of quantum theory is that we always assume a linear vector space, a Hilbert space. The model is therefore valid only for that type of space.
• Causality and linearity seem to be basic assumptions in all our theories, but they also may be self-contradictory assumptions.

My hazy recollection from more than 30 years ago is that assumptions of linearity and causality give rise to the Kramers-Kroenig relationships, which describe the complex response of a linear and causal system to an input. Unfortunately, the imaginary component of the Kramers-Kroenig response to a simple step function input has a leading "tail" that precedes the input. Thus, the result appears inconsistent with the assumptions.

Do we give up on causality or linearity? I would start by giving up linearity, especially since Einstein has already pointed us in that direction. How does that affect the first two points listed above?

I side with Colwell in his vote for Maddox's point of view. I believe that there is much more science to be learned, but it probably will involve such a great leap forward and such a revolutionary departure from our current view of nature that our grandchildren will look back upon us the way that we look back at the geocentric theorists and flat Earth proponents of the Dark Ages.

Howard Marsh

London, UK

hmarsh@onrifo.navy.mil

To the Editor:

In reference to "Science-Philosophy Celebrity Death Match," I am appalled that Bob Colwell is so troubled by Horgan's declaration of the "dead-end of science." I would like to suggest that science is neither a recent 150-year project nor is it about to come to an end.

Science as a way of thinking about and investigating the world around us has developed from the natural philosophy of the ancient world. Much effort has been spent in analyzing and refining ideas of the scientific method—notably by Sir Francis Bacon and Karl Popper—so that we now have ways of verifying and attempting to avoid such problems as the "Bogdanov affair."

Clearly, there is still more work to be done on this. The idea of science as a body of knowledge is as old as we can wish. Perhaps we should include the discoveries of writing and arithmetic? Although significant discoveries have taken place over the intervening centuries, these have only been more widespread since the inventions of the printing press and telecommunications. Even so, the works of those such as Newton and Archimedes have weathered the centuries admirably. In more recent times, I would suggest the achievements of Andrew Wiles in solving Fermat's Last Theorem stand up equally well next to those of Darwin and others.

Finally, if our human brains are really limiting our scientific progress, we could consider using something more scalable. Discoveries in genetics, nanotechnology, and neuroscience may open up new possibilities in the coming decades—if we are willing to use them.

Daniel Leong

Surrey, England

daniel.leong@nettec.net

Figure

INFLATION, GREED, AND CHATTELS

To the Editor:

Although I suspect we have radically different political views, I always read Neville Holmes's column, which usually gives me something to think about. However, his comments in "The Profession and the World" (Nov. 2002, pp. 116, 114-115) do not make a lot of sense to me. In particular, his example of the sale of a cow—which apparently is supposed to show us, through double-entry bookkeeping, how inflation arises from greed—sheds little light on anything for me.

In an inflationary economy, the price of the cow would have gone up in the second transaction, not down. As for "greed," well there simply is not enough information about the overall circumstances. For example, A (from whom the cow was purchased) might have reared the cow from a calf intending to milk and breed her, but because of a cash-flow crisis, he was forced to sell the cow to B at the bargain basement price of $100. The cow went on to deliver several calves and thousands of liters of milk for B before he eventually sold her for the excellent price of$90 to the meat works. In my version, B got a bargain, but in Holmes's, A cheated B because he somehow forced B to pay $10 more than the "true" value. Clearly, there are myriad possible variations on this transaction, in some of which A and B deal fairly with each other and others in which A cheats B or vice versa. Perhaps in some cases both parties cheat each other. Countless such transactions take place every day, representing only a small fraction of human interactions as a whole. "Systems analysis" deals with human interactions, albeit in a narrowly defined way. However, it is hardly so successful that it forms a good model for wider application. Maybe when we have bug-free computer systems that deliver precisely what customers need, we can turn to more difficult problems. Roger Coombs Wellington, New Zealand rfc@paradise.net.nz To the Editor: In "The Profession and the World," Neville Holmes's reasoning for inflation is typical but incorrect. Holmes states that inflation arises from using money as a store of value because people can acquire money without exchanging it for commensurate value. In effect, this means that greedy people can draw more money out of society than they put into it, thus depreciating the value that other people have stored. Holmes presents an example in which A sells a cow to B for$100, and B then sells the cow to C for $90. He correctly indicates that in balancing his books, B must make an offsetting entry of$10 to represent the value lost on the sale of the cow. However, there are two things wrong with the interpretation of this example. The $10 offsetting entry represents a capital loss, not inflation. It has nothing to do with greed on the part of anyone. It simply means that when B took the cow to market, either more people were selling cows or fewer people were buying them, driving the price down. Second, inflation does not drive prices down—it drives them up. As the currency depreciates, the price of goods and services rises relative to the cost of money. Holmes points out that when money mainly consisted of precious-metal coins, the value of a coin remained as stable as the value of its metal. Herein lie both the cause of and the solution to inflation. Monetary units such as the dollar, pound, or euro are all fiat currencies: The paper or metal of which they are made has no real value—the currency has value only because the government says that it does. The government can create more money at will. When the government creates money from nothing, it creates inflation. If the government doubles the number of dollars in circulation, it halves the value of every previously existing dollar because twice as much money is chasing the same amount of goods and services. Inflation is evidence of greed, but not the greed of capitalists operating in free markets, as Holmes implies. The only way for a greedy capitalist to earn money is to sell something people want to purchase, keeping his customers happy. It is the greedy "public servants" who are responsible for inflation. When no one "buys" one of its Great Society programs, a government can simply print more money to cover the bill, surreptitiously picking its citizens' pockets in the process. Rick Siple Wilmington, Del. ricksiple@sipleart.com Neville Holmes responds: I wrote the article as a system analyst, not as an economist. The example of the cow was meant to illustrate double-entry bookkeeping, not to explain inflation. An explanation of inflation might have described how, if I sold the cow's milk for$50, and if the value I put into providing feed and labor was $40 (remember the$10 capital depreciation), this would be neither inflationary nor deflationary. If, on the other hand, I sold the milk for \$500, this would be inflationary—and greedy. The point I subsequently made was that, in the inflationary case, the books would still balance, but the value and money would not.

I had no intention of implying that the greed was solely that of capitalists, nor that greed was the only cause of inflation. Capitalism itself is neutral, just like technology or, for that matter, socialism. If such -isms express greed or other selfish aims, this is the responsibility of the -ists, not the -ism. And it's not just greedy people who take more out of society than they put in. The unemployed and, more modernly, the underemployed are prevented socially from putting in as much as they take out, as another paragraph in my article was intended to imply. Unfortunately, the typical response of many governments to this last problem is to reduce social welfare payouts, which then increases the inequity and misery.

My sympathy lies with the potential of metallism, but gold and silver standards cannot be, and never have been, independent of governments. It is not appropriate for me, an Australian, to comment on remarks specific to other governments. I would be interested to know, however, what the US Enron capitalists sold that was half so precious as the stuff they were then able to buy.