Is the BT Business Broadband monopoly about to crumble? How will it respond?

| 3 Comments | No TrackBacks
| More
I recently blogged on the demand aggregation exercise being organised by the City of London  A couple of days later I received a note on the current state of INCA plans in response to the recent Federation of Small Business report on how small businesses are often left out of the national superfast broadband rollout.

INCA membership has grown rapidly over the past year and now includes those ready, willing and able to provide high speed broadband services in areas that BT deems commercially unviable, provided a critical mass of businesses want the fast, symmetric, low cost access they can provide.  INCA has therefore teamed up with the Federation of Communications Services to develop a network of projects in enterprise zones and business parks around the country.

The first project to go live was not in a deeply rural area, but in the heart of Shoreditch, London (need door to Smithfield, still sloughed with rural crapband). The Perseverance Works, home to 90 SMEs, has just contracted a project with Fibre Options to deliver gigabit broadband speeds for a fraction of the price charged by BT for a 'leased line', the only high speed broadband alternative available to them (Infinity is not available in the City of London because ...) .
 
INCA members like CityFibre, with a range of 'Gigabit City' projects (beginning with York, Coventry and Peterborough), aim to cover all premises in their area, including all the local businesses. Other INCA members like MLL TelecomITS Technology Group, Gigaclear
and Hyperoptic have developed high speed services, using fibre and wireless technologies, specifically to fill the business park gaps left by BT. The City Fibre interchange arrangements with Sky and Talk Talk being piloted in York and the interconnection services offered by Fluidata and others mean that the pieces are now in place for consumers to benefit from investment in local networks where the return is underpinned by business demand. 
 
The movement in the market also means that a growing number of fund managers are looking at the opportunities now that business contracts mean fibre networks can be assessed as utility leasing deals rather than risk investments. The tragedy is that BT and Virgin appear trapped in a price war with Sky which they cannot win and therefore lack the funds to compete. That situation will get worse as BT's leased line monopoly comes under growing threat and the mobile operators improve the availability of ubiquitous (i.e. mix of fibre, wifi and mobile) 4G, eating further into traditional telecoms revenues.

Where does that leave government policy. The good news is that local authorities, both urban and rural are beginning to use the new generation of BDUK schemes (from vouchers to bids for innovation funding) to break out of the straightjacket framework about which I have been so rude in the past. 

The bad news is that not all have been successful - in some cities lack of engagement with local business and lack of publicity for voucher schemes means that the take up has been pathetic. In others, the rush to contract has let them to ignore industry advice (e.g. warnings about the Gowex business model over a year ago) and fall for superficially attractive exclusive deals which appear to bar mainstream UK wifi services from their city centres.

This does not, however, mean that the reimposition of central planning would provide other than uniform mediocrity. Provided the use of international inter-operability standards, (not just the subset used in the BDUK contract with BT) is mandated the way will be open for new players to seamlessly take over the operations of those that fail - unlike the Digital Region which will need to be reworked after its purchase from bankruptcy by Geo.

There are a many business groups now lobbying for action on business broadband, in addition to those representing  areas (inner city as well as rural) where investment in 21st century communications infrastructures is unlikely unless councils add in their own communications infrastructure and service budgets. As vice- chairman policy studies for the Conservative Technology Forum, I would find it most helpful if more of the players were to come together via the Digital Policy Alliance with a view to putting the same arguments to all parties - so that we can work out where we differ on fundamentals as opposed to bells and whistles.

That would encourage and enable officials to bring forward those actions on which we are in violent agreement to before the next election - thus saving over a year.


I should add that even the argument as to whether it is better to rely on market forces (including local municipal enterprise) or on central planning (including the role of Ofcom as more than a competition and standards regulator) appears to lead to splits within the parties rather than between them and need not delay practical progress within existing policy frameworks.

However, what is helpful to me is less important than what is helpful to the next generation and to the one after that who will have to live the mess we will make of the future of the UK if we try to second guess the future and are wrong. Hence my lack of faith in the Government, even if advised by me, picking winners. 

Why does the Bletchley Park Trust wish to airbrush Colossus out of history?

| 1 Comment | No TrackBacks
| More
The Daily Mail press cover for the visit of the Duchess of Cambridge to Bletchley
includes a photograph of Collossus, hidden among the fashion photographs. That was more than was evident on the day. Apparently the Trust took down all the signs leading to the Colossus site, locked all the gates and invited none of team who helped the rebuild and ran the school visits and tours during Bletchley's lean times before the lottery donation. 

Why? 

And why has there been no acceptance of the many offers to help mediate the dispute between the Trust and the Museum that is getting in the way of fund-raising for both?

There appear to be a number of reasons: from commercial, through personal to the legacy of Bletchley's cold war role, in which some of the Computer museum's supporters and volunteers played parts which are still secret. 

The commercial disputes range from rivalry for funding, tenancy agreements and the role of volunteers in a "modern" museum.  There seem to be many "obvious" ways forward, given goodwill on both sides, but the role of volunteers is more complex when some have memories that are still covered by the Official Secrets Act.  

The personality disputes appear more complex and some appear to date back to the cold war "tensions" regarding the role of the UK security services that were brought to a head by the actions of Peter Wright and his colleagues over what they supposedly learned in the course of surveillance operations. We are still living with consequences of the termination of plans to be more open about the nature and governance of UK surveillance operations that followed Wright's publication of Spycatcher after he had been denied a pension.

That brings us to the apparent policy of removing reference to the symbiotic relationship between the surveillance and computing : from sigint and cryptanalysis to search engines and deep packet inspection, from Colossus to the ICL 2900 series (the design of which was, in significant part, dictated by the requirements of the lead customer for the 2980 - GCHQ).

The current dispute is symptomatic of our inability to have an informed, rational and constructive debate on how to reconcile privacy, surveillance and security (personal not "just" state) in a democratic society.

We take sides, backing the "the Guardian" or "GCHQ".

Meanwhile the statements of those who actually understand today's use of the "Big Data" techniques and technologies pioneered at Bletchley commonly combine intellectual schizophrenia, moral hypocrisy and greed (whether for research funding or commercial gain).

Hence the importance of breaking down the barriers between the Theme Park and the Museum . We need to fund both sets of activity, properly, but also to join them, so that our children and grandchildren can learn the truth, not just the mix of simplifications and myths, interspersed with a few lies (some necessary, most not) that we feed those too immature to handle the truth. I hope that we might also use the opportunity to undo some of the damage done by Peter Wright and publicly contrast the governance structures of GCHQ (which so frustrated him - and for very good reason - as he himself demonstrated) with those of other agencies and of the private sector suppliers in whom they have so misplaced their trust (including those who designed the systems abused by Edward Snowden and then vetted and employed him).     

Are you suffering from Crapband in the City? Tell the Corporation.

| No Comments | No TrackBacks
| More

The problem of crapband (slow and unreliable mobile and as poor fixed line services) in the City of London and its effect on global competitiveness are summarised in a video clip by the Common Councilman for Bishopsgate . The Corporation recently conducted a survey and has now, unlike Ofcom, identified a market failure and is looking at what action it can take without being accused of "state aid" (as BT accused Birmingham when it sought to organise a Stokab solution to rejuvenate its original industrial heartland).  

The City of London believes, of course, in making markets work and is known to be exploring a variety of options.

These include:  

  1.  introducing new players (whether private led or a Stockholm-style joint venture) to provide ubiquitous fibre and/or to improve 3G and 4G cover using the City assets (as has been done by other Cities across the UK, beginning with London's traditional rival, Westminster)
  2. the use of simplified planning procedures to require all new-build office to have fibre and ducting  capability and co-ordinate street works to reduce civil engineering costs and improve speed to market
  3.  the identification of clusters of high demand, using demand registration programmes to help give investors confidence that they are financing a low risk utility projects
As yet none of the incumbent suppliers appears to have taken the rising tide of discontent seriously but the charges being quoted to SMEs in the City (plus £7 - 10,000 p.a.) appear to be three to four times the annual charge for domestic fibre to premises where the latter is available.

The Corporation's exploration of the third option has therefore moved forward with a YouTube video inviting registrations of interest and a new survey of demand from its 13,000 businesses, msot them SMEDs and 25% of them high tech, as well as its 9,000 residents, 
.
Meanwhile, over the border, in Shoreditch , I am told that a consortium is moving ahead with using publicity for the Government voucher scheme to support a demand aggregation exercise to make it easier for alternative suppliers to supply fibre and transform the prospects of those priced out of the Tech City complex   


I look forward to hearing the response to exercises being done by the Corporation of London to identify demand and whether these are to be made available to potential suppliers and their backers. I add the backers because I look forward to seeing the consequences when investment analysts pick up on evidence both of the latent demand and of the reluctance (or inability) of incumbent suppliers to satisfy that demand.

I was recently given sight of an analysis of the anticipated impact on BT of a rise in interest rates before the end of its current price wars with Sky, Virgin and Talk Talk. Apparently BT's "decision" that it is a content provider, not a publisher, has caused a significant rise in its cost of capital. Its borrowings are said to be rising while its investment plans (other than those funded via BDUK contracts) are falling. Hence the rumblings of support in some quarters for exploring a break-up of BT - provided a way is found of ensuring that the critical infrastructure roles (including the surveillance operations it conducts on behalf of GCHQ) remain under UK control.   

In the meantime I would urge those who live or work in the City and are suffering from the current market failure to respond to watch the video and register their interest and also to complete the survey contact their Common Councilmen. The City is unusual in that businesses have the vote. If they instead vote with their feet and move to where they can get affordable broadband that is fit for purpose, the consequences could be dire for UK as a whole, not just the CIty.

The rest of you who are suffering from crapband can, of course, now be assured that you are not being discriminated against, any more than the rest of British business, as suppliers cut prices in a fight for consumer market share in a shrinking market. Yes I did say "shrinking market". Overall consumer spend on on-line connectivity and content is now stagnant or falling - as the major players seek to give away each other's bread and butter in the hope of jam tomorrow.

The consequences of all those price wars and freebie offers do not look good if some of the analyses predicting an end to the bubble of debt-funded investment are correct. The share price of tech stocks with business models based on consumer or advertising spend look to tumble later this year when interest rates start to rise. Meanwhile there are many thousands, perhaps millions, of savers, plus businesses with cash reserves and pension and sovereign wealth getting out of dodgy government debt, looking for safe long term returns from utility investments.

The politics and economics of broadband have suddenly become even more "interesting".

 

Why inter-operability standards are essential for an open and competitive market

| 1 Comment | No TrackBacks
| More

Bryan Glick's summary of the "Big IT v. SME's" debate and the need to change supplier behaviour raises many questions, not least "how we bring about genuine competition?".

A little while ago, when blogging on the need for robust policies to preserve competition in the on-line world as a whole  I promised to reprise my script to a recent BASDA (the Business Software Developers Association) conference. I was asked to address the importance of inter-operability standards. These are boring but essential to genunine competition. Without  effective action on standards, the lobbyists of the oligopolists can still make a credible case to "Sir Humphrey" that the Minister will be happier with hiring consultants to plan a high cost/risk "delayed big bang" project (i.e. promises today, problems tomorrow: for his successor) than a low cost/risk incremental change programme. The former is safer for the minister - he will have moved on before the chickens come home to roast. The latter opens up the potential for criticism while the minister is still in office, whether the trials work (post code lottery because only a few have benefited) or not (waste of time/money, however small).

Chi Onwurah is correct in saying that we still need the big suppliers. If government is seeking to contract 25% of its business to SMEs that mean the big suppliers will still account for up to 75%, But securing value for money, with systems and contracts that can evolve over time, as needs and technologies changes, require fundamental changes in behaviour on the part of both government and its suppliers, small as well as large. The era of painfully negotiated, comprehensive and inflexible outsourcing contracts and PFI deals is coming to an end. Its demise will, however, be neither easy nor painless, unless and until major suppliers can find democratically accountable, (for public money and quality of service), ways of working flexibly and profitably with "families" of nimble, low overhead, innovators. Some suppliers are well down this route. But even they face problems because they risk cannibalising bread and butter revenue streams in favour of a reduced share of lower margin new business. The true winners are those (as yet only a handful) who have worked out how to use the opportunity to jobs back to the UK while dramatically cutting their off-shore, outsourced costs: the "win, win, win" strategy. 

I was, however, accused of "scaremongering" when I blogged on the possible implications of a recent criticism of a ministerial refusal to plough good money after bad until the end-user trials of the people processes the technology was to support had demonstrated success. I should therefore make a couple of disclaimers before I reprise the script I used when speaking to BASDA last month.

First as an occasional journalist and regular blogger:

I first wrote for Computer Weekly in 1973, when part of my London Business School Master's project appeared as a ten part series on "Why Computer Systems Fail" (£15 per thousand words was good drinking money in those days). I have been an occasional contributor ever since. I have also written for others. I even had a column in Computing for some years. I started this blog in September 2007 when I was "convenor" (alias programme advisor) for the CW500. The aim was (and still is) to put political matters into IT context and IT matters into political context, mainly for the benefit of Heads of IT (whatever the current titIe of the poor sod who carries the can for delivering systems that work), for users (alias victims) and for investors (from finance directors to fund-managers).

Apart from occasional speaking engagements and advice on thought leadership opportunities I have not worked for a supplier since I left ICL in 1977. I then had five years outside IT as a corporaate planner for a UK-based multi-national before joining the NCC, originally to set up a technology assessment operation. When I left the NCC in 1986, I took with me the operation that I had joined the NCC to create: helping banks, fund managers and major users to appraise new technologies and the associated investment opportunities. That has entailed both avoiding vested interests and taking a cool look at innovations and market enthusiasms. 

Second as a volunteer, unpaid, politician:

In 1978 I was co-founder of the Conservative Computer Forum. About the same time, I volunteered as an ASTMS representative (I paid the political levy and remain a member of Unite) on the TUC studies for the Labour Party on the impact of new technology. Some of the studies on which I worked appeared in the policy papers of both sides in 1979: e.g. telecoms liberalisation and the micros in schools programme. Others did not: e.g. telecoms privatisation and IT Year. 

 In 1981 I was one of the co-founders of the all-party Parliamentary IT Committee (PITCOM). Shortly afterwards I stood down as chairman of the Conservative Computer Forum (after joining the National Computing Centre I was barred from appearing on party political platforms). In 1993 I agreed to organise the re-launch of EURIM. Until 2010 (when I stood down as Secretary General of EURIM) I devoted my energies to working on an all-party basis.

In 2010 I agreed to do a three year term as chairman of the Conservative Technology Forum with a remit to try get the younger generation to do as we had done in 1978-9: collating industry inputs into peer-reviewed recommendations for submission to those responsible for drafting party policy. I made clear that I still regarded most matters IT and tele-communications as cross-party rather than partisan and would continue to seek support for all-party, pan industry studies where practical.

I stood down as chairman of the CTF on March 31st but remain Vice-chairman (Policy Studies). The list of topics for which CTF is currently seeking volunteers and submission is on their website . The nearest Labour equivalents are probably Labour Digital   and the Digital Government programme although Labour has also announced studies into Digital Skills and on the Digital Creative Industries. When speaking to industry audiences, including via this blog, I strongly encourage listeners and readers to be active via the party of their choice - because the silent majority gets what is deserves - ignored.
        
Now to the meat of this blog: the script I used when speaking to BASDA on why action on inter-operability standards is as important as action on public sector skills if we really do wish to change the behaviour of government and its suppliers towards using IT to serve the community. This is relevant to the issues raised by Bryan because without such action, we risk perpetuating practices condemned as unfit for purpose by the National Audit Office, the Public Accounts Committee and the Public Administration Select Committee     


I apologise for sloppy blogging: I should have said oligopoly not cartel yesterday

| No Comments | No TrackBacks
| More
Chris Keeler correctly pulled me up for using the work "Cartel" yesterday when I should have said "oligopoly". Do read his comment and my response.

This was very sloppy, especially since I had myself made the distinction when the accusations first emerged some years ago with the Public Administration Select Committee report which triggered the OFT investigation






Does Labour really plan to scrap incremental change and return to "delayed big bang" for government IT projects?

| 2 Comments | No TrackBacks
| More
No wonder the cartel who brought us the NHS National Plan for IT, the re-creation of the BT communications monopoly, overpriced and inefficient PFIs and all those other massively expensive, wasteful and under-performing central government "delayed big bang projects" are cosying up to those planning the Labour Party Digital Government strategy. Just read the Labour plans to scrap the incremental change programme that Ian Duncan Smith has finally succeeded in imposing on DWP and its suppliers.

I have blogged on this theme many times before , linking what was happening with the DWP programme, despite clear ministerial instructions on the need to follow an incremental path in line with good professional practice for major change programmes. Now it is apparent that at least part of Labour Party is still in thrall to those who advised them on IT policy during the run up to 1997 election.

I liked many of the questions being asked in some of the calls for evidence for the Digital Government consultations organised by Chi Onwurah: albeit I thought they focussed on the tactical rather than the strategic. Now we can begin to understand that focus.  Whatever recommendations come out of the studies, the cartel who have run UK public sector ICT for the past twenty years still expect to be able to recoup their recent losses after a Labour victory.

Those who wish to prove them wrong need to submit robust inputs to the Labour and LibDem policy studies, not just those of the Conservatives.

The divisions are not along party lines. There are similar divisions in all parties, between those technophiles who believe that this time we have learned from the past and that better planned BIG projects using BIG data will do it better, faster, using the latest cloud technology and those who believe that the problems are to do with BIG organisations (including BIG suppliers and BIG consultancies) planning BIG projects which cannot be delivered before the requirements and organisational structures, let alone the technologies, have changed.

The time has come to follow good practice. By all means think ambitious and integrated vision and architectures. But then think frameworks for co-operation across silo boundaries, focus on inter-operability standards at all levels and rebuild public sector delivery skills around incremental change projects which help build and reinforce those frameworks.

In this context I welcome the long overdue re-orientation of DWP around pilot pathways to identify and test the people processes before investing in technology. "Merely" employing an army of expensive consultant to look at theory is no substitute.

Meanwhile if we want a review of a progamme that is in trouble let us take a good look at "Civil Service Learning" - arguable the most important programme of them all, assuming we wnat to rebuild the skills of central government as an intelligent customer. The core quesitons do not relate to costs but to the number of officials, receiving which training to which standards over the past year.            


The feedback to my blog last week , on the review of the new cyberskills frameworks, revealed some interesting divisions of opinion with regard to training programmes in general. One of the most interesting was that between those with existing in-house programmes for mainstream skills and those without: with the former looking at how to extend these to include security skills (see section 4. in my previous blog) and the latter recounting problems with unmotivated trainees. 

What comes through is the importance of learning from the experience of those who have been successful in using well-planned internship programmes, "try before you buy", to reduce the risk- as well as from those whose attempts were less successful.

I am an enthusiast for such programmes. I used work experience trainees to turn round the NCC Microsystems Centre: the flagship awareness programme of the early 1980s. It had been created in the middle of a growing skills crisis with no attention to a sustainable business model. It was haemorrhaging staff because it paid according to national wage scales in the middle of London. The trainees enabled us to turn crass awareness programmes into cash flows that, in turn, enabled us to hire them. But I was only to do so with the committed support of the remaining consultants and operations staff - who enjoyed both the feel good factor of teaching and the ability to bring fresh minds to bear on the problems that were emerging in the "real" world before the academics had theorised them out of context.

The e-Skills cyber security internship program builds on the experience gained during last year's  IAAC pilot , involving 100 applicants, 50 Universities and 50 companies.  If you are serious about growing your own skills base before you are overwhelmed by the growing tsunami of threats  then you should get in touch before the programme is over-subscribed and while the boundaries are still flexible.

But you should also take a look at the past experience with cyber security internship programmes on which it builds.

The conclusions drawn by Mike St John Green in his report on the IAAC pilot are tentative - but it is only 22 pages and I recommend reding them all. You will find also other patterns that tally with the experience of other industries over many decades.

My own experience with studies into IT skills shortages and solutions dates back to the aftermath of decimalisation. My MSc project at the London Business School (MSc06 1971 - 3) was on the link between failed computer systems and the lack of skills to understand the business requirement and what was practical with the resources available: time and people being more important than budget and technology available. For that project I looked not only at the studies that led to the original formation of the National Computing Centres but had free run of the files of the British Institute of Management to do an analysis of the success and failure of training courses and programmes over the 1960s and 70s.

There are a few key messages for employers planning to use internship programmes to take the risk out of recruiting trainees:

1)    The staff, who are to work alongside interns and work experience trainees, must not only be supportive but have clear "rules of engagement", including how to provide confidential positive (as well as negative) feedback to both those supervising the training programme and their own line management.

When I had responsibility for the NCC Microsystems Centre in the early 1980s, (using work experience trainees to run the reception desk and demonstration facilities, act as helpers on hands-on training courses and provide practical help to SMEs), the attitudes of my line staff were central to giving the trainees the early responsibility that enabled them to blossom. [alumni of the centre can comment, including on the "in-house pun" that I only spotted after drafting, direct to me via Facebook].

I knew I would get rapid feedback on how they were performing - and things never got as far as me having to give a formal warming, as opposed to public praise for the job subsequently well done. One  individual, who subsequently ran major programmes in the Middle East, never knew how close he came to "the bums rush" - or perhaps he did and my staff did not tell me.  Also we gave everyone basic sales training, beginning with group viewings of the early John Cleese videos. This did wonders for attitude issues.

2)    Internships are more likely to be successful when you are recruiting from an organisation (school, college, university, welfare to work programme etc.) with whom you have a relationship and who will try to match the student with the placement.

We took our work placement students from a provider on the equivalent of today's "welfare to work" programmes. Most came from the "Threshold" programme (two placements as part of a double sandwich course). Apart from a couple who dropped out inside the first week, all repaid the time we spent on them and had got permanent jobs, half of them with us, before the end of the course. Given that we were in the centre of London paying Manchester salaries, I could not have run the operation without them.

3)    Within four weeks you should know whether an internship will work (on both sides).  Your staff will have worked out not only how to handle any attitude issues (those running the scheme should have given you advance warning and said why they thought the individual worth the effort) but how to turn these to advantage.  However it will take at least 6 - 12 weeks before you begin to cover the effort put in by you and your staff.

In the Microsystems Centre the first placement (of the double sandwich we commonly used) was genuinely pro-bono. We used the interview and first couple of days to make it easy for those who did not like what they saw to drop out before we wasted our time and theirs. As Mike St John Green mentions in this report, some of the best do not inteview well so we relied more on the references from the placement agency and their behaviour in the period we had them immediately before and after the "formal" interview. We then hoped to motivate them for the second half of their course, to keep in touch and to get them back for their second placement. It usually worked and they were earning their keep within a couple of weeks of starting the second placement.  
 
4)     If you pay peanuts, you get monkeys. Unless the interns are on a course that pays their expenses you should pay minimum wage (or London living wage) and provide assistance with accommodation if they do not live within easy travel distance. As soon as you have decided you want to keep them you should consider putting them onto a formal apprenticeship agreement. 

We were not permitted to pay our work experience trainees (they were on a government funded programme which included a modest payment) but when we assigned them to work for SMEs (who paid us only for the supervising consultant) we made clear that we expected the client to "show their appreciation" for a job well done: (£hundreds of pounds of credit at a book, record or wine shop was not unusual in return for installing a micro-computer based stock control, ordering and invoicing package, including file loading and staff training). 

I retained the trainees who was able to subsequently hire, despite being unable to pay them more than provincial wages, by giving them accelerated responsibility. But the financial pressures on youngsters today are such that I doubt I could justify the cost of external training without a contractual agreement akin to that which I agreed with ICL when they sponsored me on the London Business School Masters Programme (1971 - 3). That contract was very similar to that in Strathclyde v. Neal, the test case that is the basis for most current contracts.     
 
5)     There is no well-structured market for internships. Most current programmes are built around a summer "season" - befiore and after the exam results, competing for school-leavers who failed to get the University place and graduates not already picked up via the mainstream HR milk round. To get the pick of the crop you need to plan ahead, getting HR to include Information Security in the packages they promote to their chosen schools and Universities and/or to join in one of the tailored programmes, like those run by e-Skills.

You should, however, also look at alternative sources, including those who made poor choices and dropped out or graduated from the wrong course or University or who graduated during the recession and are coming off stop-gap post graduate courses or are seeking better than is being offered by their welfare to work programme.

One of the best of the alternative sources is women returners, taking a particular look for those seeking to return to work after caring for elderly relatives if you want them to be available to work unsocial hours.  This market is weven less well sructured. It is worth beginning by looking at those who have left your own organisation, including user managers and supervisors.  You should also look at co-operation with others so as to get economies of scale in promoting the opportunities you collectively offers.

6)    Many current government supported skills programmes, particularly those for cyber security are  built round those who qualify for public sector security clearance. If your aim is to acquire staff to handle global security in a post Snowden you want those who will be equally trusted by clients in Brazil, India, China and Russia and have the necessary languages. That gives you far more flexibility because UK citizenship is not a pre-requisite.
There is therefore a strong incentive to participate in the main cyber security programmes with a view to trawling those who will never qualify for "eyes only" security clearance.   

7)    I could go on but instead I would urge you to contact those running the e-Skills internship programmes and also consider using linked programmes like the Cyber Security Challenge, the Computer Clubs  for Girls and Cyber Champions if you wish to trawl for a wider choice.

For those who would like to get their HR team in on the ground floor of a more ambitious operation, and ensure that it also covers cyber security and not just digital skills, then I also suggest you get them to take a look at the plans for the "Good Careers Guide"
I recently agreed to help e-Skills engage financial services employers in reviewing their cyber security skills programmes, not just to find the gaps but also those willing to help fill them. So far I have found some good news and some bad news. The good news was that those concerned with recruiting information security staff thought the current frameworks (see the City and Guilds Documentation for Level 3 and Level 4 Apprentices plus the appendix mapping these onto existing industry qualifications for a detailed example of their practical implementation)  were a good checklist. The bad news was that almost all employers are looking for experienced staff, not trainees - and few have the skills in-house to organise a training programme. There is, however, serious interest in using the frameworks on a modular basis to upgrade the skills of those in post and to cross-train users who understand the business.   

I am now on the second phase of my study: circulating a draft report for feedback with the aim of identifying those interested in using early participation in the follow up to gain competitive advantage by developing and retaining the skills they need to protect themselves and their customers against fraud and abuse.

I am happy to send copies of that report to those with responsibility in their organisation managing and controling risk, reducing vulnerability and combating abuse. I am even happier to supply copies to those with responsibility for recruiting, developing and retaining the skills necessary. You can e-mail me for a copy and/or e-mail e-skills directly for an invitation to participate. Please include your name, job title, responsibilities, organisation and the areas and skills of most interest. If you can put the latter in order of priority that would be most helpful.

In the mean time readers may be interested in the headlines from my draft report. Some are obvious, in retrospect. Others may well be controversial, particularly for those who put their own agendas above that of preserving the reputation of the City of London as the premier, globally trusted, international, on-line trading hub.     

1.     The UK Financial Services Industry is Internationally focussed not UK-Centric

Financial services career paths are increasingly global. Major players are concerned to meet overseas, particularly US, regulatory standards, not just those of the UK. The US is not, however, the only, or even the most important, trading partner and global customers (e.g. sovereign wealth funds) expect their activities to protected against all-comers (including "our" security, surveillance, and cyberwarfare operations as well as "theirs"). This gives the opportunity to take a lead in setting global professional and security standards. It also, however, means that UK-centric requirements and co-operation arrangements are of limited interest.

2.     Cyber is a turn-off and information Security is boring. The drivers are a mix of fraud prevention, resilience, customer confidence and compliance

Few directors are interested in "information security" and "cyber" is a turn-off. Boards are, however, concerned about the consequences of insecurity:  impersonation, fraud, industrial espionage, sabotage, extortion and other forms of abuse and predatory behaviour. The skills sought come under a variety of headings: from compliance through intelligence, investigation and risk to security.

Commitment to action on skills, other than to fill known vacancies, appears unlikely without support from Board members who are seriously concerned to ensure compliance with regulatory requirements, maintain customer confidence, handle the transition to secure mobile transactions (already over 50% and accelerating) and improve the corporate ability to respond rapidly and effectively to major incidents.

That is because policy and budgets for recruitment and training are rarely controlled by members of the professional bodies currently engaged with the cyber security or information assurance agendas.  

3.     Understanding of the business is essential for those roles which cannot be "co-sourced". Most require skills mixes which cut across professional boundaries.

The days of "in-house" or "outsourced" are gone but attitudes are still different according to whether functions are handled in-house or "co-sourced" using shared service operations (e.g. to handle fraud reporting and investigation cross an industry sector) and trusted partners (e.g. retainers with audit practices and others to help with major incidents). 

Risk management and security roles in financial services require understanding of the business (objectives, constraints, priorities and vulnerabilities) and cut across people and technology processes as well as across electronic and physical security.  Few are purely "cyber" and many of these are more concerned with fraud prevention and resilience rather than information security.

Information Security is subordinate to those with responsibility for "Risk", "Fraud" and "Compliance", except where it is directly involved with the design, acceptance testing, operation and monitoring of people and technology processes and supporting systems. Many of those with cross-cutting roles have come in from other disciplines and need cross-training in information security.

Financial services employers therefore wish to mix and match modules from a variety of disciplines to update and broaden the skills of those who they already in place more than they wish to use these to develop the skills of new recruits. In consequence success entails co-operation with the Financial and Legal Skills Partnership , Skills for Justice , The Security Institute  and others.

4.     It is easier to get support for Continuous Professional Development and update programmes but widespread use of outsourcing presents serious complications with regard to delivery.

Outsourcing and co-sourcing mean that even large organisations often have in-house security teams that are too small for customised skills development programmes. More-over many security professionals are self-employed, individually accredited and/or responsible for their own training. Most employers are currently focussed on external recruitment to fill those in-house roles which cannot be filled by training users with security skills more easily than by educating outsiders to understand the business.

It is therefore easier to get interest in, but not necessarily commitment to, support for frameworks for "continuous professional development". Those with graduate intake and apprenticeship programmes for accountants, bankers and lawyers might be persuaded to extend these to include information security skills. However, given the limited number of employers able to organise in-house apprenticeship or CPD programmes, a better way forward might be to get recruitment agencies, HR consultancies, colleges and universities, to look at the economics of providing this as a service to local employers and/or alumni.

5.     There are significant issues to do with updating and marketing

The content needed in the modules will evolve over time in line with changing threats, technologies, opportunities and market structures. Generic structures which seek to avoid obsolescence by avoiding reference to particular technologies are, however, difficult for employers to relate to. They are concerned with developing the skills to address current problems - not looking into the fog of future needs.    

6.     A variety of marketing fronts and delivery channels will be needed to promote and present the content in forms to which the target audiences of employers and employees will relate.

.....

7.     The skills gaps identified to date:

Within most of the gaps identified there is a need for modules at all levels from process specification and system design, through operations, to end-user training, plus end-over-end performance monitoring. The frameworks and materials necessary to fill several of the gaps have potential global markets.

Some of the gaps below are addressed by the Financial and Legal Skills Partnership (FLSP), albeit with specifications focussed on the people processes to meet accounting, legal and regulatory requirements. Others are similarly addressed by Skills for Justice and the Security Institute.

The mechanisms for co-operation in ensuring the delivery of "joined up" material, covering both technology and people processes, when, where and how employers require are unclear.

7.1  Putting risks into business context and justifying spend

 

This requires an understanding of the business, an ability to quantify and balance the risks it faces (including of losing business because of intrusive or slow security processes) and turn problems into opportunities. The skills are not specific to information security but do require an understanding. It may be worth exploring use of the COBIT framework for linking security to business objectives.

 

7.2  Mobile: including identity, authorisation, data access, transactions and privacy

 

Most current programmes were planned before the transition to mobile gathered pace. Mobiles now account for over half of all financial services transactions and there are skills gaps at every level from system and application design, through the use of trusted computing technologies (including to identify the device and location being used and, with less certainly, the individual using the device), to educating end-users in personal security and safety using their own or corporately issued devices.    

 

7.3   Investigation: inc. forensics and the collection/preservation of evidence & co-operation with law enforcement

 

This is best organised in co-operation with the programmes planned by the National Crime Agency, City and Metropolitan Police, Crown Prosecution Service and others. The reasons are partly to ensure common standards and partly because training together is a good way of building the trust that is essential for co-operation. The programmes also needs to cover international processes because few major incidents are purely intra-UK. This area would benefit from close co-operation with Skills for Justice and those organising similar programmes to serve other parts of the globe, including, but confined to, the EU and US.

 

7.4   Asset Recovery: inc. local co-operation with overseas law enforcement and others

 

Financial services organisations are usually more concerned with asset recovery under civil law, rather than the cost and uncertainty of securing action under criminal law. The techniques available and disciplines involved overlap with 7.3 above and 7.5 and 7.6 below but are by no means identical.   

 

7.5   Governance/compliance: including Anti-money laundering, know your customer, suspicious activity reporting, customer protection, data retention/protection etc.

 

Financial services have a great many governance and compliance requirements which require technology support or the vetting of those who provide technology support. These include "know your customer",  anti-money laundering, suspicious activity reporting, data retention as well as protection, bring your own device policies, red flag behaviours, zero tolerance, bribery, corruption and customer protection. FLSP has modules covering many of these from a legal perspective. The technology perspective also needs to be covered.

 

7.6   Intelligence led Security: direction, collection, analysis, reporting

 

Direction and reporting require understanding of the organisation's objectives, priorities and culture (including to make reports on risks and threats meaningful to those running the business). Collection (logging, reporting, open source etc.) and Analysis (from historic log analysis to the real time use of big data tools) can be outsourced but the skills are in short supply (see 7.10).

 

 

7.7   Identity Management: including individuals, organisations and trusted devices

 

A prime need is for the skills to make effective use of the many ID systems and methodologies in current use and to enable the organisation to work with suppliers and customers using different approaches.  A particular problem is to bridge the different approaches of public and private sector. There is also the need to manage corporate identities, including on-line and along supply chains.  

 

7.8   Access Control: who has access to what, under what circumstances, inc. age verification

 

This is much wider than Data Protection but similarly links to identity management and authorisation. It may benefit from being organised in co-operation with other regulated industries (e.g. Credit Reference, On-Line Gambling and Adult Content) where reputations for security and privacy are core.

 

7.9   Authorisation Processes: inc. PCI-DSS and those of major suppliers/customers inc HMG

 

These should include both the evolving authorisation processes of the card and payment clearing industries and those of HMRC (including for  Real Time Information from employers), DWP (for inter-actions with employers and Local Government), Cabinet Office and others for those who have dealings with the public sector. This area may benefit from being organised in co-operation with Local Government, HMRC and DWP, all of whom have large numbers of staff to be trained at all levels from overall process and system design to end-user routines and guidance on handling exceptions.    

 

7.10        End User Skills and Processes: including access control and authorisation

 

Many large organisations run programmes to train all staff (i.e. not just those in call centres or on help desks) in basic security (how to reduce the risk of falling victim to social engineering and what to do if you think you have), the control of access to systems and information (particularly personal information on staff or customers) and incident reporting. There is a case for working with those organising such programmes on a commercial basis and with the CPNI Homer team to produce generic frameworks which can be used by those organising such programmes and for certificating those covered (e.g. all our staff are certified to XYZ). 

 

7.11         Incident Response: damage limitation, through notification requirements to public relations:

 

This cuts across a great many disciplines from those involved with handling the immediate response and restoring service through those handling the consequences (including technical, regulatory, customer relations etc.) to those handling image and reputational issues.

 

7.12        Big Data: both for detection and for protection

 

The skills needs range from understanding and using the techniques to analyse traffic and logs for detection and investigation purposes, through real-time authentication based on pattern analysis and  the means of assessing the security of services provided by others, to protecting data retained for analytical purposes or because of regulatory and law enforcement requirements. These range in level from the ability to understand and use packaged services operated by others separately or in partnership (e.g. Trend and IBM with "Deep Discovery" and "QRadar") to those to develop and maintain such services on a customised basis.

 

7.13        Website Security, including and the handling of abuse and impersonation

 

Nominet has produced some useful material in this area but there is a need to also ensure sites meet legal and regulatory requirements (e.g. under the e-Commerce Directive), are secured against hacking and abuse and contain routines for reporting abuse or impersonation (and responding to such reports) which help enhance confidence. There is also a need to address the security issues and exploit the opportunities raised by the transition from IPV4 to IPV6.

 

7.14        Vetting and personal behaviour

 

Financial services organisation are concerned with the motivation and not just competence of staff. A number of professions (e.g. the Chartered Institute of Securities and Investment) have mandatory programmes to develop attitudes towards good practice. There are also regulatory and statutory requirements in several sectors. This cross relates to 7.10 and FLSP has specifications covering the recruitment, selection and retention of colleagues. The issues do, however, go further and there is a good for co-operation with both CPNI and the Chartered Institute of Personnel Development on shared modules covering processes for CV checking and behaviour monitoring (including over social media).     

 

7.15        Support for Small Firms, generic and those in the supply chains of large firms

 

This should include the skills to implement, advice and support the audits by IASME or CREST that are to be made mandatory for SMEs supplying Government net and well as any other requirements from Banks, Insurance Companies (including PCI-DSS etc.). There is also a need to look at support for micro-businesses (e.g. the FSB members who are too small for IASME. The skills in this area are likely to cut across all others at the "foundation" level.

 

7.16        Process Control: alias SCADA, Internet of Things, Ubiquitous computing

 

This was not part of the remit for this exercise but serious interest and potential volunteers to help address the issues were found.

 

8.             Current Action Plans

 

8.1  Follow up on contacts made with ...

8.2  Work with ... on surveys to obtain views on which skills are in short supply and the priorities of those interested in participating in joint action.  

8.3  Follow up on contacts made with ... to look at organizing activities to identify employers willing to work together on skills issues.

8.4  Follow up on discussions with recruitment agencies and others to explore business models for commercially attractive (to all sides) co-sourced CPD and apprenticeship programmes.

8.5  Identify security suppliers interested in helping specify material that will help current and potential customers make effective use of their products and services.

8.6  Identify training providers interested in participating in the programmes with a view to supporting apprentices, those following continuous professional development or cross training programmes or those wishing to simply fill skills gaps   

I look forward to receiving comments, particularly from those with responsibility for protecting their employer and its customers and in helping with the specification, organisation and delivery of materials, courses and qualifications to fill some of the gaps above. I would also be interested in comments on how best to reconcile the various intra-UK, intra-EU and intra-NATO agendas with those of truly global players.

I am of the personal opinion that co-operation in education and training in the best means of reconciliation - but I remember being trained in the same signal school as those who were to man the signals rooms of the destroyers we had sold to Shah of Iran. We were strictly segregated. I subsequently came to appreciate the reasons. That said, the risk management and security teams of global trading operations have long needed to organise co-operation against common (criminal) adversaries between those whose governments do not trust either other.  The development of cyber espionage and warfare merely adds a new dimension to the tensions between merchants and warlords that goes back to the dawn of civilisation.   

 

 

I am in the process of revising the interim report of my review of the new Cybersecurity apprenticeship and continuous professional development frameworks from the perspective of financial services employers. [see the P.S. at the end of this blog for more details]  

The first message, which came as no great surprise, was that there is no shortage of talent, only of employers willing to help unleash that talent.

The second message is that (outside the security suppliers and consultancies) few of those who control recruitment and training budgets are interested in "information security" and "cyber" is a boadroom turn-off, not a turn on.

Boards are, however, very concerned about the consequences of insecurity:  impersonation, fraud, industrial espionage, sabotage, extortion and other forms of abuse and predatory behaviour.


The skills being sought to help reduce the risk of these come under a variety of headings (from compliance through intelligence, investigation and risk to security). Few HR departments have the in-house ability to organise relevant programmes and most are uncertain where to get advice.  In consequence inaction is common - other than external recruitment to fill immediate vacancies as competition for experienced staff accelerates - and many organisations are like rabbits faced by lampers.  

The third message is that those (mainly suppliers, consultancies and audit practices) seeking to double or quadruple the size of their security operations (in order to help clients handle the tsunami of trouble ahead) know that they have not only to organise in-house apprenticeship, cross-training and update programmes but also to diversify their sources of recruitment - as competition for well-motivated graduates increases nearly as fast as that for those with a couple of years of practical experience at some-one else's expense.

Hence the importance of the first Cyber Security Challenge regional event to bring together potential recruits and employers looking for talent. This is being hosted by the Bucks New University (which has put security into the School of Management) in their sports hall in High Wycombe, near the heart of the Thames Valley, where the competition for talent is at its greatest.

The event is on Friday 4th July 10am - 5pm and is targeted at anyone with an interest in the sector - including school pupils in their final year or those that have just left, as well as students in further education, and those of all ages looking to move into a career in cyber security.

In addition to a careers fair supported by Challenge sponsors and regional businesses, the Challenge event on 4th July will also include:
 
    A Morning Session: Seminar for local SMEs wanting to discover more about the cyber security threats facing them and solutions to help protect their company. Participants to this free event will find information on related government initiatives, including advice and guidance on ways to safeguard their business.

    An Afternoon Session: Seminar for girls and women considering a Cyber Security role, from those already in the industry to share knowledge and experience, network and mentor.  Any individual or organisation interested in supporting the recruitment and retention of women in cyber security is encouraged to take part.

    All Day Drop In Session: Cyber Security Challenge UK - including a guide to what it takes to play and succeed in its yearlong mixtures of virtual competitions and face to face cyber real world scenarios.

For more information and to book your place either as an industry delegate or an exhibitor, please contact  Steph Aldridge
 
This is the public registration link, including for schools and students:

 P.S. I would still like to hear (by 20th June) from financial services employers interested in helping review the new skills frameworks and in commenting on any changes and extensions they would like to see in order to better meet their needs. You will find detail of what is currently being, including how one qualifications provider is putting flesh on the frameworks, in the City & Guilds handbooks for Level 3  and Level 4 and the technical content for Level 4, which maps the material against relevant industry materials and examinations, including for CISCO. Comptia, Linux, Microsoft, Oracle and VMware qualifications.

Some of the gaps identified in my interim report are already being addressed in the new definitions for Cyber Intrusion Analyst and Operator and for Software Tester . Some of the others, such as mobile security and small firms support, were covered (at least at the lower levels) at a recent meeting with on the City & Guilds Tech Bac.
 

There is no privacy in the global on-line village but do we really want Google to censor the gossip?

| No Comments | No TrackBacks
| More
The recent EU judgement against Google does not require "a total rethink of basic freedoms" as supposedly claimed by Professor Floridi. But it does raise profound issues. 

"There is no  privacy in a village" but every so often a local gossip might be ducked or burned as a witch after breaching too many confidences or causing too much mischief. There is no privacy in the on-line global village and Google has close to a monopoly over our access to gossip (alias information). Its rapid response to an overdue application of existing law is therefore most welcome. It is also more nuanced and practical than at first appears as I mentioned in my blog yesterday . Its response takes account of the fragmented muddle of EU law, where "harmonisation" based on carefully drafted ambiguities (which all can accept and interpret differently), reinforces de facto fragmentation.   

The language attributed to Professor Floridi is over the top but do we really want Google to be a pro-active censor? Or do we want it to "merely" obey the law and to be better able to stop relaying that which is libellous, inaccurate and/or private (such as our own postings on social media which some-one has claimed the right to turn into "the new oil" without our informed consent).

Google's "guilt" in the EU case was, however, rather narrower. It concerned its failure to act on a complaint that its search engine rankings "made available" reports of the original debt but not of its discharge. That may go to the heart of its current business model. It does not raise questions about "fundamental freedoms".

Professor Floridi does, however, raise other, more important issues. 

Do we really want Google to act alone in fixing the problem?

If so we risk turning it into the Judge Dredd of the on-line world.

Or do we want Google to help create an arms length regime that applies to all?

If so, who will work with it (given commercial rivalries and mistrust) and what will they create - giving the probable mis-trust of any US-centric solution and the state of debate on Internet Governance (however defined)?

Other industries faced by similar situations have used organisations like CEDR (the Centre for Effective Disputes Resolution to help them create independent disputes resolution services, national, regional and international, under a variety of legal regimes. CEDR was created in 1990 with the support of the CBI and the Law Lords. It is now Global with offices and services based in the Middle and Far East, where disputes may cut across legal and regulatory traditions, not "just" jurisdictions.

The time has surely come for the Internet Community to follow a similar path.

Might this judgement and the dilemma faced by Google provide the catalyst?

I happen to trust Google more than I do most European (as opposed to UK) Courts but would not be happy to see it as judge and jury over what should or should not be accessable via its services. I would, however, expect it to abide by the law, using an independent appeals process to defuse disputes. Its initial response to  the EU judgement therefore looks sensible and the speed of response shows that it had anticipated the need. What comes next is, however, much more significant.






The impossible suddenly becomes practical: Google to abide by EU law - but only for EU national sites

| No Comments | No TrackBacks
| More
The news of Google's "U" turn over the "Right to be Forgotten"  is most welcome. This is one Turkey that has not forgotten how to fly. It also reminds us that most of what we are told about the Internet is untrue . That which is possible or impossible depends more on the advice from the corporate lawyers of the dominant players than from the engineers who keep it running.

Hence the small print of the Google announcement - which can be seen as another step towards the Balkanisation of the Internet  The "right to be forgotten" will only apply to the national websites across the EU.   

I would prefer to see it, however, as a sign of the maturity and subtlety of Google's approach to the pressures it faces and the lack of progress towards a pan-European Single Market despite all the harmonisation (alias formally agreed amibiguities). We can already see the problems that will arise, beginning with applications in the UK to delete references to criminal convictions that are not time expired and have not been over-turned on appeal.

Perhaps I was wrong to say that I thought Google's shares were over-valued. It may already be planning its way into a break-up that will make its shareholders even richer - just as the main beneficiaries from the break up of Standard Oil included the Rockefeller family.  

P.S. There is another angle to the right to be forgotten. This morning finally I got fed up with sluggish response times from my browser so I deleted the "history" including the cookies. The improvement was dramatic. I have yet to see what I have lost by doing so - although I would have prefered a selective choice, instead of all or nothing.

P.P.S. 11.30 - Jim Prideaux , who wipes his electronic footprint as carefully as his other footprints and fingerprints, has just pointed out that Google requires a photo ID. This appears to mean that those without recent driving licences or passports cannot request to be forgotten. I leave others to follow this thread into ever more interesting places.

UKIP's On-line Policy: stuff the corporate and regulatory turkeys, listen to the users and stop wasting taxpayer's money.

| 2 Comments | No TrackBacks
| More
UKIP is often described by commentators as a party of inarticulate and angry protest for those ignored by the political establishment, who will come to their senses at the next general election. When I compared UKIP's local government results with pages 11 and 12 of  the slides which accomanied Lord Ashcroft's analysis of their performance in the local government elections last week I realised that this interpretation is both right and wrong.

The towns where they are most likely to get their first MPs include those hit hardest by the Common Market Fisheries policy: Grimsby, Yarmouth, Lowestoft. It is no accident that UKIP has a clearer and more articulate policy on fisheries than the mainstream parties. Fishermen are also more techno-savvy than most land-lubbers, having used a wide variety of local and global on-line communications technologies (alias radio), from Morse to Inmarsat, for over a century - to hunt, catch and land those fish for which there is currently a good price. They have also seen their industry destroyed by collusion between Westminster and Brussels.

But that is not what is most likely to drive UKIPs technology policy. The UKIP demographic  (C1, C2 and D, including most small businessmen and self employed) is also the Sky Demographic - which BT has just invaded in an attempt to get sports content traffic to drive th e take-up of BT Infinity, where it is available. It is no coincidence that UKIP also tends to be strong in areas where BT Infinity is not available and crapband (both urban and inner city) has a tendency to freeze and collapse when popular events are at their most exciting.

Shortly after Tim Aker (formerly with the Taxpayers Alliance) became Head of Policy and Patrick O'Flynn (chief political commentator of the Daily Express) became Head of Communications, a cogent article  on the use of alternative broadband technologies to support rural lifestyles was repeated in UKIP Daily . Meanwhile, on the other side of London, Diane James,  is a veteran of the Ewhurst broadband saga  and her colleague, Ray Finch, worked for one of the Cable TV companies for 20 years, supposedly entering politics because his wife wanted him to bore others with his enthusiasm.

But it is not just the predatory behaviour of BT that has angered those who just elected to the European Parliament. For example, Janice Atkinson  is "involved in a business called www.gotradelive.com which is similar to Amazon and eBay, but has a reverse auction and cataloguing facility and is free. Unlike Amazon and eBay, we pay our UK taxes, employ UK nationals and campaign against corporatism and to return to good old-fashioned capitalism."

Will UKIP become the home for the competitors to Amazon, eBay, Google and also to those who do not believe that our personal information is their oil - to do with as they wish? If so, my recent blog on what happens when young Turks become old gobblers is apposite. UKIP has a big constituency of consumer anger and frustration with the patronising attitudes of Big Data enthusiasts and Internet industry lobbyists on which it could draw. 

It has also demonstrated that it fully understands how to use social media and to mix on-line and off-line advertising to good effect.

When it comes to regulatory issues the UKIP team is likely to also include Margot Parker (one-time head of the European Promotional Products Association), Steven Woolfe (a former general counsel for hedge funds and more recently legal and regulatory consultant to Financial Institutions) and Amjad Bashir, their small firms spokesman.  We might therefore make a reasonable guess that UKIP MEPs are likely to favour genuinely open and competitive, but probably unsubsidised, broadband for business plus rigorous action against predatory behaviour by dominant players in on-line markets.

How that support will be expressed and turned into action is, however, less clear.  

The Personal Declaration by Gerard Batten, likely to once again be their chief whip, is that he will not vote in favour of any legislation that does not undermine the European Union or facilitate UK withdrawal - because that would be to admit the legitimacy of the European Parliament.

He says that he will therefore abstain, rather than support that which is in Britain's interests.

It should, however, be noted that Gerard was a salesman for BT for 28 years and protecting incumbents (old or new) from change is not what the rest of UKIP appears to be about.

What happens when UKIP and its new anti-statist, anti-corporatist, pro-capitalist and pro-choice allies across the rest of the EU meet will therefore be interesting.

Will they join forces against the massed ranks of the Brussels Lobbyists and bring a chilling whiff of democracy into the hot house?

Or will they allow themselves to be picked off, venting their spleen but achieving nothing, not even UK withdrawal, because only the Conservatives have promised a referendum on membership?

At this point I should declare my own position - I would much prefer to see reform to withdrawal - but if the current introverted, protectionist, bureaucratic, kleptocracy cannot be adequately reformed I will vote, however reluctantly, for "Brexit". Having spent over thirty years trying to help bring about reform I will be very sad if I have to admit that UKIP was right. In the mean time I would love to see co-operation in Brussels, if not necessarily in the UK, to bring about change - because the EU in its current form does not deserve to survive.       

I look forward to blogging again on this topic during the run up to the party conference season.

P.S. I have received a comment from "geo-investigator" (loath to go through the hassle of registering in order to comment himself) as follows:

"With regard to your penultimate sentence in the blog article, it may be of interest that the European Ombudsman, Emily O'Reilly, has said she will launch a (non-binding) investigation into the composition and transparency of the European Commission's many expert groups that advise on  policy and legislation. O'Reilly has stated that "it is of utmost importance for these groups to be balanced and to work as transparently as possible so that the public can trust and scrutinise their work." For example, it seems that ~80% of the expert groups linked to the commission's tax department, DG taxation and customs union, represent corporate interest, while 62% of members of groups tied to DG enterprise were from the business community. There are apparently no common rules on the selection of experts, and no means for the EU's other institutions to scrutinise the work of the groups.

The investigation could provide an impetus to the new intake of MEPs to ensure that transparency, wide-ranging consultation and accountability are written in to the selection process of experts, so that the public interest is not subordinated to corporate interests when key decisions on policy and legislation are made. But the question has to be asked - why is this not the case now?

Experts differ, and can be selected to line up on one side of an issue against another, perhaps to be decided by an 'independent' arbitrator. The problem may link uncomfortably to
the secret negotiations taking place around TTIP and the fact that many see this as a major threat to democracy, not least because of the proposal to subject ISDS cases to secretive offshore arbitration panels that bypass domestic courts and override the will of parliaments. The ability of companies to sue nation states, under a specially-created parallel legal system, is completely new for any trade agreement between states that have well-developed legal systems.

Geo-investigator is very well informed on the topics that he covers and last night I attended a briefing organised by the European Movement and the Konrad Adenauer Stiftung on the "meaning" of what is happening (and why). It emerged that opposition to TTIP may be one of the few items on which the UKIP. the Front Nationale and the other "protest" parties (of left and right) are likely to find common cause, other than on the ending of untramelled "freedom of movement.

His comments on the need to reform the selection of "experts" are also interesting.  Their pay and status, compared to their earning potential if they are genuinely expert, is one problem. The routines for appointment are another.  


 
We have a rash of publicity claiming that the latest FCC position on Net Neutrality will destroy the Internet as we know it. From the US Library Lobby to the Startrek Lobby there are a wide variety of views but the success of Netflix challenges the cartels which control our access to the Internet (from Telcos and Cable Companies through Operating Systems and Browsers to Search Engines and Content). It undermines their business models - including the illusion that take-overs and mergers (the latest is AT&T and DirectTV) to create vertical integration (triple and quaduple play) will return better value to shareholders - let alone better service and choice for customers. At the recent INCA conference we heard from the head of BBC Digital that Netflix already generates significantly more UK Internet traffic than the BBC iPlayer - and both are in their infancy. Meanwhile the markets have stopped growing. Players appear to be competing for share of a finite consumer and business "budget" (alias willingness to pay from static or falling disposable incomes) for communications and content

The current tangled web of crapband (cheap, slow, overloaded, copper circuits), fibre to the cabinet, urban wifi and national 3G networks is groaning with overload while consumers expect the levels of service claimed in the adverts. Of course we need to better address the way that conflicts betwen recommended security products and the tracking software used by ISPs, advertisers and others can result in users experiencing more sluggish performance over faster lines. But, even so, the case for fibre to femto (whether on a mast or in a domestic router) would be overwhelming - if those who put up the funding reaped the reward.

Instead we have a "net neutrality" debate, with varying definitions of "net" and "neutrality" as current and would-be monopolists try to eat each others lunch: telcos call for cheap content,  content providers want cheap carriage, advertising funded players want both and those with more money than sense pay fancy prices to take each other over, vertically integrate and cross subsidise [thus deluding themselves as well as regulators and others as to what is actually profitable while they try to lock in their customers]. 

In the US the FCC is considering striking down laws in the 20 or so States that block local municipalities from building fibre networks to challenge the local crapband monopolies of cable operators who are charging Netflix a premium as part of a locally regulated, ever upwards, price spirals. The FCC can see that model of the Chattanooga Fibre Choo Choo (funded by the electricity company as part of a local smart metre and grid programme) is steaming off into the distance as an engine of local economic regeneration.

Meanwhile in the UK, George Soros is backing Hyperoptic and Sky and Talk Talk have linked up with City Fibre to explore a variety of "risk free" roll-out models, underpinned by demand from the residents of up-market apartment blocks, the tenants of business parks and commercial centres and the operators of 4G networks. Other business models include that used by Hammersmith and Fulham to grasp the opportunity to cut the cost of service delivery at the same time as meeting economic dvelopment and job creation objectives at little or no up-front cost. And the approach to rural broadband is about to be transformed in the area serving the Prime Minister's constituency.    

Meanwhile the EU Court has mounted a long overdue challenge to those who believe they have a "right" to collect and collate our personal data, including our browsing and viewing habits, and refine it into the new oil of information, without obtaining our informed consent, let alone paying us a royalty. I like to think that the tools now being promoted to supposedly foil the surveillance operations of GCHQ and the NSA will find their true use in protecting our privacy from the customers of the Reform Government Surveillance alliance. That may, of course, already be their true target market, but those offering privacy enhancing services appear more scared of being moved down the search engine rankings of the monopolists than of being blacklisted by the NSA.  Meanwhile the energy companies are supposedly creeping into the same market as are the suppliers of a growing range of consumer devices and those hacking into their communications , siphoning off some very personal data (alias "oil") before it is refined.

Christmas is coming and yesterdays young Turks, today's Turkeys (alias incumbent monopolists) may be about to get stuffed as markets and customer choices and priorities change and voters turn against attempts by governments and regulators to protect the present, let alone the past, against the future. That is why the Internet giants of today are the biggest spenders on lobbying in Washington, Brussels and Westminster - fearful of what would happen if users (alias voters) really were permitted an informed choice. 

Those who think that the time has come to do to Google what was done to Standard Oil, should remember that the greatest single beneficiary of that break up was the Rockefeller family. The surge of growth that followed meant the value of their shareholdings in the newly liberated companies soared. The future, like the past, is another place. Many of the  Googlettes might well similarly thrive once freed from the suspicion of being part of a monopolist that uses search engine rankings to enable its acolytes to invade the markets of others.  

Last week I spoke to a BASDA event on why healthy, open and competitive markets are critically dependent on inter-operability standards at all levels and between all levels.  Later this week I hope to make time to reformat that script as a blog entry. 

Why an all girls team is likely to win the cybersecurity challenge - if any enter.

| No Comments | No TrackBacks
| More
The press cover for the first of the 2014 Cybersecurity Challenge competitions in Wired and the BBC illustrates the problem of attracting women into security related careers - even though we now know that women were not only 70% of the overall workforce at Bletchley Park, but provided several of the elite codebreakers and ran much of the operation with not a fit man of military age in sight (save for a few math prodigies, engineers from Dollis Hill and  BTM and the officers who handled liaison with the Military).

The women programmed and operated the Bombes and Collossi and ran the Registry: alias the Sigint processing operation that was central to the success of the entire operation. [Then, as now, the signal headers and routing information, alias "communications data", alias "meta data" was often more important than the message content].

That is not, however, one of the "messages" that GCHQ, NSA (or Google) wish us to understand - let alone appreciate because of the consequences if we were to fully understood the implications for our personal privacy and security in a world where everyone is tracking what we do on-line and claiming the right to refine the new "oil" for sale to ...

No wonder those creating the myths for the actors in the theme park have no wish to have visitors listening to elderly volunteers who remember the reality, including the transition to the Cold War. Hence the importance of the schools programme run by the museum.  
      
There is a splendid (albeit sometimes using terminology that is annoying for someone as politically incorrect as myself) paper on the gender biases at Bletchley . These reflected those of the armed forces at the time and led to a complaint that the women were treated as girls - not equals.

But many, indeed most, were "girls":

Rosalind Hudson , the youngest of the 13 cryptanalysts in Hut 8 was only 15.

Few were over 25. 

Mavis Batey (said by some to be more gifted than Turing) was only 19 when she and Margaret Rock broke the Italian Enigma system in time for a surprise Italian fleet attack on a troop convoy to be turned into the Royal Navy's last "fleet action", the Battle of Matapan.

Dilly Knox's comment, when fighting in vain for Margaret Rock (who was older) to be placed in the right pay grade, because she was "quite as useful as some of the professors", should be seen as a direct comparison with Alan Turing, whose nickname was "Prof".

The team of Batey and Rock went on to break the four wheel Abwehr (German Secret Service) Enigma Code and enable the system to be reverse engineered in time for the Double Cross System, central to the success of the Sicily and Normany Invasions. Meanwhile Turing's intellectual peer, fiancee (but not for long) and successor in running Hut 8 (albeit with a man nominally in charge to handle the military interface), Joan Clark , was similarly airbrushed out of history - perhaps because she was still working for GCHQ when FW Winterbotham broke the secret of Enigma in a book which misled readers as much as it informed them.

Perhaps that airbrushing was thorough because of the "girls" who went on to have careers at the heart of Cold War espionage (albeit the talents of many others were sadly neglected).

Dilly Knox's "Epitaph on Matapan to Mussolini":

"These have knelled your ruin, but your ears were far away
 English Lassies rustling papers through the sodden Bletchley day"

appears to have remained classified until after the last of the Bletchley "girls" had retired from GCHQ. And some of what they did, while rustling those papers, has still not been released.

So how do we attract the Hudsons, Batey's, Rocks and Clarks of today?

- bearing in mind that one of the most subtle practitioners on the "Dark Market" is said to be a woman, not just a man masquerading as one. I assume the reason we know she really is a "she" is that she is among those on the staff of GCHQ and the NSA who increasingly frequent the various forums - as they begin to pay more attention to protecting us, not "just" the state.

That leads me to the quote from Stephanie Daman, CEO of the challenge and previously Head of Group Information Risk for HSBC  which concludes the BBC article on the challenge:

"Do we really think GCHQ operations affect us on a daily basis? I would say it's the banking system, or the ability not to do your Waitrose shop. At another level it's the ability to have electricity in your house.

Cybersecurity underpins so many things - GCHQ is just a small piece of a much bigger puzzle. I can understand why it might be troubling for some people, but I think the focus on GCHQ misses the much broader picture."

One of the things I learned from the first Women into IT Campaign [1988 - 92 and we raised the intake from barely 10% to over 30% only to see it fall back again afterwards as the lessons were ignored] was "Vive La Difference". On average women are very bit as good as men at most of the functions in IT (markedly better at some) - but tend to have a different approaches to problems. One of those is a desire to understand the context and the objectives, as opposed to "playing with technology for its own sake". That is why I would expect teams of girls to be rather better at identifying what motivates the Flag Day Associates and who they are, not just how they operate and how to protect against them.  

The issue is to get the girls to understand not only why they are likely to succeed and to enjoy themselves but also the range and variety of constructive careers to which success will open the door. And that depends on employers who want to be able to assess the best of the talent coming out of out schools and colleges understanding how and why they should support the Cybersecurity Challenge - including this competition and those being organised to get the youngsters of today to look at the careers of the future and how to attract their peers.

I will blog on the latter later. This is enough for now.  
   

A suitable job for a woman: fund raising exercise for Bletchley TNMOC educational programmes

| No Comments | No TrackBacks
| More
I have blogged before on the unfortunate separation of the National Museum of Computing (home of Colossus and the related computing and cybersecurity education programmes) from the new Bletchley Theme Park . I have also commented on the way Bletchley showed how eminently suitable women are for many of the key roles in information security and cyberwarfare : unlike the Snowden's or Winterbotham's of this world, who put public recognition before confidentiality.

I recently demonstrated my luddite credentials by paying the postage for a mailshot in support of a fundraising exercise in support of some of the museum's educational programmes. Part of my reasoning was to test the hypothesis that letters reamin the best means of getting through to those suffering from electronic overload. I should perhaps add that I recently came across one organisation that has reverted to hand written envelopes with postage stamps when it wants to get attention. What I did not appreciate when I made the contribution was that it would be matched by funds from a £million donor.

The main objectives of the appeal which I supported were to fund:

• dynamic learning materials and activities to promote a better understanding of the use of ciphers in
modern life, cyber crime prevention and the education and career opportunities in this sector

 

• ways to encourage girls to explore the subject of computing by better presentation of artefacts and activities

 

• pre- and post-visit learning materials so that students get the most from their visit -- these are intended to include audio and video material of the artefacts, applications and interviews with computer professionals who are changing our world

 

• access to the latest technology to promote an understanding of the legacy of earlier technologies.

Among the planned deliverables is a follow up to the award winning package of the history of computing targeted specifically at encouraging girls to appreciate that computing and security really are suitable jobs for a women. Events and activities are also being planning in co-operation with the Cyber Security Challenge and the groups that bring together women currently working in security.

The non-luddites among you will find donation details for the main appeal here.







If fibre to business communities has payback in months not years, why is it not happening? What is missing?

| No Comments | No TrackBacks
| More
I have received interesting feedback to my blog on the way that crapband is crippling the UK's creative industry clusters in Soho and Mayfair, forcing them to relocate to those parts of Shoreditch and Manchester which have fibre to the studio. Simple arithmetic appears to indicate that social and commercial landlords can get rapid, low risk, payback from helping fund fibre networks akin to those in a growing number of communities around the world, to service their tenants. Many such projects are variations on Stokab  the fibre utility network, serving Stockholm. But the different messages from the original academic evaluation of Stockab compared to other municipal networks and that sponsored by Google point to big differences in the underlying business and funding models.

The most significant is the way in which the investors derive benefit, if any. The different models are not new. They were found with the canals and railways.

The biggest beneficiaries were those who helped promote lines in order to transform their businesses (farms, fisheries, factories, mines and quarries) to serve new markets or to exploit the rise in land and property values around the new stations: Metroland was unusual only in that the railway company itself made some of the money from the associated property development.

The biggest losers were those who bought shares in railway companies floated by consortia of businessmen and property developers who were more interested in cheap, reliable services than dividend streams.

Meanwhile UK became the workshop of the world on the back of building railway and steamship lines that enabled, for example,the jewelry quarter of Birmingham to create distribution networks that enabled it to dominate the world market for pen nibs and similar metalware for decades on end.     

When we say that the Internet revolution is akin to the steam age revolution, the parallels are closer than most commentators realise: from how innovation and growth was financed to how early leaders leveraged monopoly positions from one market to another, until they came up against opponents with whom it was cheaper to do deals than to compete. Hopefully, it is only a matter of time before the cartel that runs the US-centric Internet comes up against a Theodore Roosevelt who will put muscle back into the anti-trust movement (as when the US railway cartel stranglehold  on interstate commerce was broken up). 

Now to put this into the context of the business case for landlords to work with their tenants on commissioning community broadband projects (to global inter-operability standards) that they can "contract" to BT, Virgin, Sky, Arqiva or who-ever (large or small) to maintain and operate and exploit on an ongoing basis.

There is growing volume of evidence (UK, EU and US) that fibre to the premises adds between 5% and 20% to property values (surveys average around 10%). According to Rightmove crapband (i.e. anything less than so-called "superfast") can cut 20% off a house price while a Halifax survey last year indicated that 2/3rd of buyers would pay 3% more for good broadband and nearly a quarter would pay 10%. That would put the value of a good domestic broadband connection in the range £5,000 - £16,000

The value for businesses is much higher, depending on the nature of the business. Thus the absence of world class (as perceived by the French and the rest of the EU) local broadband for the start of the Tour de France in Barnsley this year would not only be nationally embarassing but could be measured in tens of £millions of lost ongoing benefit (tourism etc,) for the local economy. According to Sam Knows the date has slipped from "Spring" to end June. I suspect that means the exchange will be ready to handle the news media but not to enable local hotels and restaurants to take advance on-line bookings from visitors from around the world without paying intermediaries in areas with better broadband connections.

The BT price for consumer Fibre to the Premises is now an 18 month contract for £99 per month: £1,782, plus £750 connection charge, plus a distant dependent charge (£200 for up to 200 metres from the exchange, £600 for 200 - 399 metres, £1,000 for 400 - 599, £1,400 for 600 - 799, £1,800 for 800 - 999, £2,500 for 1,000 - 1,499 , £3,500 for 1,500 - 1,999 and by quotation above this), plus some sundries.

This  equates to a connection cost, including 18 months service,  of £2,750 to £6,000.

Many new build providers claim they can significantly undercut this offering which is, in any case, only  available at about 300 exchanges, such as parts of the area served by West Malling, and supposedly coming soon to more, from Croglin (a tiny community in Cumbria in the catchment area of B4RN *, hence the complaints about predatory practice) to Whitehall .

In other words, the business case for new players to enter the market would be a no brainer, were the benefits to accrue to those putting up the funding without intermediaries, including central and local government, regulators, monopolists and others getting in the way.

I have seen many attempts to model the cost and value of broadband roll-out over the past two decades and have advised a fewl. Most were as over-complicated and fanciful as the average PFI deal: combining the worst elements of inefficient outsourcing and over-priced leasing, obfuscated under layers of consultancy and accountancy jargon, drafted by those with little or no grasp of the cost of capital beyond what one might expect from a PPE Graduate, let alone of the technologies and service delivery disciplines involved.

One of my contemporaries at London Business School was a manager in British Rail at the time of privatisation. He was instructed to help prepare the privatisation of the rolling stock, according to criteria dictated by "experts" from the Treasury and their equally expert consultants. He read the pages of analysis with growing disbelief, but was told that the  "policy" could not be questioned by lesser mortals. He asked if a management buy-out might be considered. He was told it might indeed be helpful - because the market was thought to be sticky for such an "innovative" privatisation - but that he and his colleagues would be suspended, on full pay, for the duration of any bidding exercise.

He consulted our mutual tutor at LBS, who informed him that if looked like a duck, quacked and waddled it would probably lay the same type and quality of eggs and taste the same when cooked. Equally helpfully, he introduced him to a couple of fund managers. He then mortgaged his house to get an equity stake but expected to be seriously outbid by cleverer and better funded competitors. To his surprise his team won their bid, based on the simple, risk free, guaranteed minimum life, leasing and maintenance deal which was what the Roscos really were. I8 months later, after the markets realised what they had done, the team was bought out by a group with access to cheaper finance. He became the richest of my classmates (although some of the others later went on to make even more). He and his colleagues made no attempt to defend the deal when it was investigated  by the Public Accounts Committee, other than to say that they had stuck by the rules which they had  advised against. They were the only ones exonerated in the final PAC report.    

I do not expect to get similarly rich advising consortia on how to turn the current morass of misunderstanding, misinformation, ignorance and incompetance to advantage but I am happy to help others do so - provided that their schemes are at least as much in the public interest as the inter-woven mix of property  development and financial engineering that created metroland around a railway that never made a profit.

Meanwhile, those who wish to learn more from those who can help them transform the market should attend the INCA event on the 8th May which I have previously mentioned.  I am told there are still places available.

P.S. Dolphinholme now has a Gigabit to the village hall and I have just been sent a copy of a letter from Hyperoptic to the residents of an up-market housing complex regarding one of their demand agregration exercises in co-operation with the "building management team". It refers to services already provided into over 150 developments in the UK. Their business case appears to be based on an uplift of "up to 5%" in the property value in return for an upfront commitment of £1,750 for a gigabit service for two years (100 megs is £1,140 for two years). 

P.P.S.I am further behind the curve than I thought - George Soros put £50 million into into Hyperoptic last year and a number of funds are currently looking for opportunities, provided they are alongside heavyweights and not just enthusiasts.

* Declaration of Interest: The funds in which I have interests (and advise) currently have investments in Alcatel Lucent, Avanti, B4RN, BSkyB, BT, Colt, IBM, ITV, Netcall, Rocksafe Europe and Vodafone as well as a number of Construction and Property Companies and Utilities that should do very nicely out of a boom in shared infrastructure investment.    

City Centre creative Industries crippled by crapband as the rural revolution begins to gather pace

| 3 Comments | No TrackBacks
| More
My recent blog entry on the way BT is cutting its spend on broadband  roll-out in order to fund its price war on content triggered some interesting feedback. I was told that since then Whitehall has been given a date for Fibre to the Premises but not to the Cabinet. Presumably that is to meet the needs of Government and the Cabinet that meets in Number 10. But Bloomsbury (aka Howland Street, beside the BT Tower), which serves the engineering practices and design house of Fitzrovia and the film-editing and multi-media cluster of Soho, still has dates for neither. Meanwhile Mayfair, serving the wealthiest community in the UK, including the homes and  headquarters of several of the worlds largest investors), now has a date (end September) for fibre to the cabinet, but not for fibre to the premises.

BT is not class conscious in its decisions as to which communities to exclude from the global information society.  It does, however, appear that I should have taken more notice of those exchanges where BT has plans to enable fibre to the premises but not to the cabinet: i.e. where we can assume it plans to leapfrog the obsolescent 21CN infrastructure that is the basis of the current BDUK contractst. It also gives me even more interest in hearing from those who see BT's slowing upgrade plans as an opportunity for themselves and not just a  problem for UK plc at the INCA conference next week.

The source who briefed me on the Soho situation was stuck with 2 - 3 megs from BT and prohibitive volumes charges from the alternatives and is moving to where he has been able to get fibre to his penthouse flat as well as to the multi-media editing suite on which his global competitiveness depends. He was vitriolic about how the current situation has come about and I am trying to persuade him to respond to the long overdue Ofcom consultation on the Business Broadband Market . Unfortunately, now that he has found a solution for his own business, he says he is too busy making up for lost time. He also tells that his competitors are also more likely to move than to "waste time and effort complaining". 

Menawhile the residents of Ravenstondale have been able to contribute an average of £1,500 per head to get fibre to the home. That is less than 10% of the value which Dunkerton believes it adds to average property values. I also find I ironic that the fibre to home exercise under way at Underriver in Kent is barely ten miles from West Malling, one of the few areas where BT offers fibre to the premises: presumably to those on Kings Hill, which was (two decades ago) to have been BT's first community-wide fibre network, serving both the industrial estate and the accompanying new-build housing developments. That project ended when local loop underbundling destroyed the business case behind BT's original broadband strategy.   

This set me to wondering what the point of leverage might be to get the UK back into the Broadband premier league. I am therefore sending a link to this blog entry to the Duke of Westminster, via the Grosvenor Estates . Leading a consortium to bring fibre to his urban, as well as his rural, properties would be an excellent (and profitable) way of not only better serving his current tenants but also benefiting future generations. It may that because he no longer sits in the House of Lords that he, and his fellow Dukes, have a longer investment perspective than any government placeman (the unelected members of the House of Lords as opposed to the elected hereditaries) or the members of the House of Commons who cannot afford to think beyond teh next elrction.

An exercise led by the Grosvenor Estates (whether or not the Crown Estates and the Portland Estates followed suit)  could enable Soho to leapfrog Shoreditch (where those over the road from high rent blocks of Tech City still have crapband) and perhap even catch up with Salford where John Whitaker's vision of using fibre as the backbone for a Silicon Canal to attract new industries and bring about urban generation was shared from the far side of the political spectrum by Ian Stewart before he became the local MP, let alone Mayor. But London has a long way to go and faces even greater challenges. In the meantime it is not just the BBC that has moved multi-media production and editing facilities to Salford.

Hence the need for an alliance of landlords and tenants to organise an all-party crusade to use the opportunity of a new Secretary of state at DCMS, a new Chief Executive at BDUK and a Chancellor who is committed to investment led economic recovery, to bulldoze the obstacles to investment in broadband infrastructure out of the way.

One of the more interesting of those obstacles is the current obsession with cross-subsidised packages of access (line, mobile or wifi) and content (sports, film, broadcast channels), the so called quadruple play, to lock customers in. We can see from the USA that without infra-structure competition the result is regulator-connived way one-way only (i.e. upwards) price revisions. We should not be deluded into thinking that the current UK price war, as players invade each others territories (Viacom's purchase of Channel 4 heralds the latest invasion), will lead to better service at lower cost - unless customers have the regulator enforced opportunity to purchase unbundled packages of access and content. That will only happen when business also has the opportunity to purchase world class access in an open market.
   
The original objectives of the organisers of the INCA event next week were relatively modest. But the juxtaposition of speakers (e.g. the new CEO of BDUK, the Head of Digital Distribution for the BBC, the Heads of Public Affairs for BSkyB and Alcatel Lucent, the CEO/COOs of City Fibre, HyperOptic, Fluidata and Gigaclear) gives the opportunity for a much more profound discyussion  I am therefore hopeful that the INCA event on 8th May will prove to be one of those seminal events which not only provokes thinking across economic boundaries but also enables players to meet and recognise the opportunity to make serious money from unleashing change by removing bottlenecks in the way of economic growth.

That said, I also look forward to seeing BT being freed from its current shackles and broken up, in its shareholders' interest (I declare an interest as shareholder since privatisation) into utility, content and systems operations.  I would, however, like to see the break up brought about by market forces, (e.g. HMG making clear that it has no objection to such a move, provided the utility operation remains UK-owned), as opposed to regulatory intervention. It was the latter which created the current fudge of semi-separation and concealed cross subsidies which deceives management, let alone shareholders, as to the true profitability of the parts.

Unless and until that break up happens, I believe that the overdue recabling of most of Britain, to enable fibre to the femto (whether wifi hot spot, street lamp, mobile mast or business or domestic router) and fixed business or home connection, is likely to be done by its competitors.  
Enhanced by Zemanta
When I blogged last July on the way that BT was delaying the roll out of fibre to cabinet to inner city areas and locations with a majority of business lines, the exchanges for Wapping and Whitehall were due to be enabled by the end of December  2013. Wapping has since been postponed twice and is now scheduled for the end of June (i.e. each quarter appears to go back a quarter). Whitehall no longer has scheduled date. Holborn is now due for the end of May. Southwark, home of Ofcom, has now been partially enabled including, of course, the post code serving Ofcom itself.

So why is the roll out being postponed?

The answer may lie in BT's briefings to some of the investment analysts. To quote from an analysts briefing on the risk that BT might have to repay the funds it receives from BDUK:

=================================

Broadband subsidies under fire - but unlikely to change

Public Audit Committee (PAC) challenges BT subsidies

The PAC has criticized BT and the Government over broadband rollout plans that it claims lack detail and speed commitments.

BT has dominated tenders to date

Currently the Government has earmarked £490m in grants to local authorities by 2015 with an ambition that all UK premises can experience >2Mbps broadband speeds and that 90% of premises can access superfast broadband >20Mbps. Local authorities have the remit to match this cash from their own funds and similarly the contracting firm can add its own cash. A primary concern is that BT has so far secured all of the 44 bids put out to tender. Note that the Government has earmarked a further £500m in grants beyond 2015.

Mirroring the current EU predicament, is there an alternative?

In effect, the Government faces a similar predicament to the EU, that is, an urgent need for broadband investment and rollout, but no obvious alternative to the national incumbent as a partner. Thus there has to be some leniency as the incumbents invest fresh shareholders equity, with a commensurate need to generate a return. The unthinkable alternative is that the UK falls behind Europe and Europe continues to fall behind other Western regions in its broadband coverage. Given the proliferation of on-line trade and social media, this could have severe implications on future economic growth and competitiveness.

Reduced subsidies do not mean reduced cash flows

And we do not agree with the view that total subsidies could be reduced, thus BT's capex rises to make up for the difference and that cash flows fall. This seems counter intuitive to us. If subsidies reduce, BT's rollout commitments reduce and thus its overall capex reduces and cash flows remain essentially unchanged. In fact, they could even step up with reduced commercial activities and all of the associated Opex.

Conclusion: we see limited risk form this development

Our view is that the Government has little other choice other than to partner with BT. It has tendered the contract and no one else was interested. And it needs broadband rollout desperately. So there has to be some leniency, thus we would be very surprised to see a material shift in subsidy as a result of this review. In any case, this need not impact cash flows. If subsidies reduce, commitments reduce and capex reduces. Cash flows should remain essentially unchanged.

===============================

Their analysts view appears to be that BT has HMG over a barrel and is prioritising broadband roll out according to the funding it receives from BT. However, the price war over packages of content (sports, films, TV channels etc.) has caused some analysts to follow those in other countries (e.g. France, Spain and Germany) and question the value of such packages in doing more than price cuts and quality of service improvements to enhance customer loyalty. In parallel, Sky and Talk Talk have finally begun to look at invading BT's urban infrastructure monopolies.

If York is successful in delivering gigabits to the home at the same time as slashing the cost of public service delivery, how many other councils will we see following suite?

Might Barnsley get a decent service in time to take hotel and restaurant bookings for the start of the Tour de France? Or is it now too late to avoid French jokes about how the UK has gone backwards since the Olympics?

Will the rural market be opened up in time for BDUK to get better value from its next £500 million by making BT compete head to head with the new infrastructure providers to provide fibre to village or farmyard business centres?

Will anyone change the nature of the game by offering unsubsidised gigabit services to those business parks and homes in and around Bromsgrove who are still stuck with crapband and, if so, how will the local MP react?

We may discover some of the answers on May 8th at the INCA Transform Digital event.

Transform is an over-used word but this event is expected to see the first public outing for the new Head of Broadband UK, alongside the Head of Broadband for DG Connect in Brussells and the heads of UK and EU public affairs for BSkyB and Alcatel Lucent (whose technology powers Gigabit to the home services around the world) and Chief Executives and Operating Officers from some of those  already providing fibre to homes, business parks and commercial centres around the UK. Other speakers will include the head of Digital Distribution for the BBC  and the CEO of Fluidata whose network connectivity services have done so much to open the UK broadband market to effective competition. 

I look forward to seeing who is in the audience.

Will it include those looking at the plans for shared infrastructure investment being made by Arqiva, EE, O2, Virgin, Vodafone and others?

Will it include representatives of the growing number of local authorities who have decided they cannot afford for their local economies, let alone their own service delivery, to be dependent on BT's obsolescent and increasingly overloaded 21CN?   

Will it include landlords and property developers looking to realise the sharp increases in rents and values that fibre to the premises have now been shown to enable?

I am, in any case, looking forward to a most informative day and took the precaution of booking early - although I am told there are still places available.    


Enhanced by Zemanta

Surviving the post Heartbleed Cyber Security Skills Crunch

| No Comments | No TrackBacks
| More
IT users and suppliers, particularly those in financial services and its suppliers are about to be hit by an IT Skills shortfall akin to that during the run up to Y2K: for similar reasons. A surge in demand for skills in short supply is hitting an industry which has not recruited sufficient trainees for over a decade.  

Why you need to act now

The Heartbleed  fiasco, with the requirement for an audit and update effort akin to that of Y2K, together with advice to end-users that mixes the unrealistic, incomprehensible and misleading with opportunities for further malpractice, has brought forward a skills crisis that was building steadily. As with Y2K, it is unclear how serious the problem really is, but few have the skills to work out whether they are at risk. As with Y2K, some of the plethora of tools available add to the confusion by, for example, flagging as unsafe sites that do not use or need Open SSL 

Meanwhile the rising tide of on-line fraud and abuse, facilitated by leaks from insecure transaction processing systems and by increasingly sophisticated phishing attacks linking phone, mail, text, e-mail and physical contact (e.g. courier fraud ), threatens to overwhelm those with neither the in-house skills to understand what is happening nor the skills and resources to respond effectively. The problems are about to be compounded by ill-considered regulatory intervention, e.g. data breach notification, and (of course) the post-Snowden fall-out. 

There is a serious and growing shortage of those with the skills to help organisations follow good practice in self protection and take effective action when they or their customers come under attack or disaster strikes.

Even before the Heartbleed incident there were estimates that the vacancies to be filled will more than double this year. Supply is not keeping pace. Demand for those with two years or more of relevant experience is estimated to be four times the trainee intake last year, let alone the year before. Those who do not act now to train their own will have difficulty in retaining existing staff, let alone recruiting, as the salaries on offer to those with two or more years experience rise sharply.

Those who recruit graduate trainees also know that they will have to compete harder for the best, diversify the sources they use and ensure they have employment policies that enable them to retain more of those they train.

Your three pronged strategy to turn problem into opportunity

1)    Retain and retrain those you already have in post in the face of offers from consultancies, audit practices and law firms bidding for experienced staff as well as from your peers and your competitors.

Seeking to recruit experienced security staff (often of uncertain quality) on the open market at a time of skills shortage can actually be counterproductive, especially if it also takes longer for outsiders to understand the business than for existing staff, including users, to acquire the skills needed. But effective retention and retraining programmes require organising and supervising rapid, modular skills acquisition, while using trusted contractors to handle those tasks which can be outsourced.Training and apprenticeship contracts, with repayment of costs in the event of departure within two years, are legally enforceable, Strathclyde v. Neal was the test case, but remember that these cut both ways, the training and work experience must be delivered. 

An obvious "solution" is therefore to offer apprenticeship contracts to those you wish to retain or redeploy, to fill the gaps in their knowledge, as well as to new recurits, and then volunteer to help review and test the skills frameworks for the apprenticeship programmes  being piloted via e-Skills as part of the Government Cyber Security Skills Strategy. These are based on bringing together the relvant sections of the main industry skills frameworks (SFIA, IISP, CESG etc.). The published result can be found in the City and Guilds handbooks for their Level 3 and Level 4 diplomas. The City and Guilds handbook covering technical knowledge for the Level 4 diploma maps these onto relevant materials and examinations, including CISCO. Comptia, Linux, Microsoft, Oracle and VMware qualifications.

I have agreed to help e-Skills identify employers, particularly from the financial services sector to review the new frameworks against their own needs, suggest any necessary extensions and help pilot the result. Early feedback has been very positive although I expect suggestions for extensions and new material to better cover compliance with the identity, authorisation, access control and reporting standards particular to financial services, from the Payment Card Industry standards, through those for fraud detection, money laundering, asset recovery and co-operation with law enforcement, including internationally, to meet the requirements of the Bank of England, the Financial Conduct Authority and regulators and law enforcement agencies around the world. 

I would like to hear (copy to e-skills) from employers in the financial services industry willing to work with their peers and their suppliers to help ensure that the frameworks do indeed meet their needs, particularly from those wanting to use participation in the pilots to help recruit and retain their existing staff and their 2014 recruitment intake. I still have some places available at a couple of round tables next monday (28th April) on the eve of Infosec to identify those interested in working together and excpect to organise more.

That leads me to the second strategic prong

2)    Try before you buy using active participation in careers, work experience and internship programmes to pre-select better prepared and motivated trainees from school, college and university and position your organisation as an employer of choice, assessing potential employees outside an artificial interview situation and letting them see what life will like, working for you.

Those who complain about the quality of recruits, but do nothing to help improve their attitudes and abilities and  better inform their study and career choices, have only themselves to blame for the quality of those available for them to select. Those who engage locally, not just nationally, providing mentoring, work experience and internship opportunities, also acquire the opportunity to choose from the best without having to pay upper quartile salaries. Those willing to offer flexible working conditions for mature entrants and returners can also expect well above average retention rates for those they retrain.  

There are a wealth of programmes to help educate potential recruits and make advance contact with the brightest and best - from the Computer Clubs for Girls  (I have blogged before on why women are better suited to information security than men ) that reach over 150,000 girls from over 4,500 schools, through careers materials such as the Secure Futures section of the e-Skills "BigAmbition"   careers website and the Behind the Screen  for the curriculum and mentoring programmes such as  Cyber Champions   and the STEM Ambassadors  programme to the  Cyber Academy internship programme , which publicises opportunities of 3 - 12 months for undergraduates taking IT-related degrees or postgraduates on specialist Masters courses with employers providing meaningful work, mentoring and a fair rate.
The competitions in the annual Cyber Security Challenge  are used by a growing number of well known employers to attract and assess entrants of all ages and backgrounds, outside a formal interview situation, for a variety of security related careers. Support for the local and national heats of the competition(s) of your choice is an inexpensive and enjoyable way of also publicising the opportunities you offer to participants. 

I have blogged before on the final prong, beginning with how to get support from the board .

3)    Use awareness programmes for all staff and those in your supply chains to build strength in depth as an organisation which protects its staff, its customers and the families of both: The attitudes of your staff towards protecting their own information, as well as that of the organisation and its customers are essential to building trust and competitive advantage, in a world of increasing consumer cynicism. Being seen to be serious about educating your staff and their families in how to protect themselves, as well as the organisation, has a major impact on attitudes and loyalty. Working with those in your supply and distribution chains is also essential to reduce the risks to you and your customers if their systems are compromised.

So where do you go for assistance to turn you skills strategy into an action plan? 

"Cyber Security Skills: a guide for business", produced in support of the recent BIS publication "Cyber Security Skills: business perspectives and next steps"   lists the main initiatives recognised by Government or in receipt of public funding. I am in the process of trying to summarise it into a short web-based action guide, structured around the above three prong strategy and would be happy to hear from potential reviewers before I put my first draft up as a blog entry in the near future.      

Can BT claim a rates reduction for an "unbundled" exchange that has no other users?

| No Comments | No TrackBacks
| More
Further to my blog calling for readers to input to the Treasury Consultation on Business Rates, I have been asked "what is meant by unbundled?". The example sent to me is Shurdington which geography buffs will realise should be in the heart of one of the UKs high tech business areas - the "commuter belt" for GCHQ.

It is a very good question. I would be delighted to hear from a reader who knows the answer.  If BT has been able to get rates reductions for such exchanges then I would simply say "congratulations on a hand well played". I would also say "shame on you" to those who have not clubbed together to get comparable deals for alternative suppliers. I have no sympathy at all for those give the excuse of "commercial confidentiality". 

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

Dave Walker on Why does the Bletchley Pa... : It's a little-known fact - but definitely not a se...

 

-- Advertisement --