Recently in Electronic Security Category

Will 2012 be the Year that convergence finally happens?

| No Comments | No TrackBacks
| More

The rise of the smart-phone as the global social networking and on-line browsing device of choice has expedited the convergence  of fixed and mobile communications into "ubiquitous broadband" - even in the UK (which went from leader to laggard during the dead-end decade of local loop unbundling). Hence the driving force behind deals which upstage BDUK Broadband policy like that of O2 and Kensington and Westminster  in much that same way that BSkyB upstaged IBA Satellite policy, two decades ago.   

Meanwhile the fragmentation of debate over privacy, surveillance, on-line safety and cyberwarfare continues to complicate the spread of cost-effective information security by design - as opposed to coating that which is inherently insecure with layers of expensive and ineffectual scareware. Will that change as more businesses realise that using the identity chips already embedded in PCs and mobile phones enables identification of the physical device with which they are communicating? The routines are not totally spoof-proof (nothing ever is), but they do enable better, faster, less obtrusive security at lower cost. They also restrict anonymity to those willing to pay for the privilege. I look forward to seeing a converged debate flushing out the hidden agendas of those who wish to see this happen, those who do not, those who wish use all to be uniquely identifiable and those who wish to have multiple on-line personas with different attributes which they can manage separately.  

RIPA and the Riots - is an emergency review needed?

| No Comments | No TrackBacks
| More

We have had facile suggestions about blocking and monitoring the mobile communications services used by the rioters and looters and equally facile responses that these are unthinkable or unworkable. The exchanges mask serious issues regarding the current practical working of the legislation covering communications surveillance. Some of the issues need to be addressed as a matter of urgency before the authorisation routines collapse in disarray. Others should be taken at leisure.

The current routines are a bureaucratic nightmare that get in the way of efficient operational response while doing little or nothing to protect against genuine abuse.  We need democratically accountable governance frameworks for real-time co-operation not just for the delayed transfer of data for subsequent analyis   

Meanwhile co-operation between the Police and the Mobile Operators is delayed and constrained by a mix of RIPA and interpretations of Data Protection legislation which forget the exemptions for co-operation with law enforcement).

The mobile operators are, however, well aware that any voluntary co-operation has to be viewed in international context (Twitter in Iran, Vodafone in Egypt, Android in China). They have to be able to quote democratically accountable "orders to comply" lest they be "damned if they do and damned if they do not".

Do the recent riots make a new business case for Cloud computing

| No Comments | No TrackBacks
| More

In his blog on the impact or otherwise of the recent Cloud outages caused by lightning strikes in Ireland, Cliff Saran points out the small size of one of the best known Cloud operations - selling surplus capacity on a global on-line retail operation. I have blogged before on the amorphous nature of Cloud computing and the way is used to embrace almost anything from a repackaging of the operations that EDS (now part of HP) and IBM have been running for the US Department of Defence for over 40 years to an on-line test environment.

The torching of businesses over the last few days by the rioters who looted them has opened up a new business case for the on-line, off-site, data back-up that is an integral feature of cloud computing. I had thought the torching was to destroy the evidence (including locally stored surveillance video) but it now appears it was also an anarchic revenge on all who had refused them jobs and "respect".

Either way, whether the smoking heap of wreckage was a small business in a city centre, a superstore in a retail park or a national distribution depot for consumer goods, the case for having off-site processing and data storage has suddenly become much stronger. But the vulnerabilities of data centres to power problems and of communications networks to similar disruption (including lightning strikes and cable theft) also need much greater attention.

Hence the importance of the Information Society Alliance (EURIM) work on Shared Infrastructure issues as part of the policy study on Opening Britain for On-line Business.  I am particularly glad that one of the main UK suppliers of Cloud Computing has just volunteered  to help lead the work on the inter-operablity interfaces needed to help support resilient and secure services, with fewer of the vulnerabilities than other parts of the world.   

Why rational users prefer cheap dancing pigs to expensive security snake oil

| No Comments | No TrackBacks
| More

I have spent much of the last month listening to security scare stories from consultants and vendors bidding for attention and budgets. Many of the activities for which they are seeking support appear worse than useless. They distract attention from that which could and should be done to cut costs, improve service and win new business by removing vulnerabilities rather than adding new layers of sticking plaster over festering wounds. 

From Wild West to Western Front : the evolution of Cybersecurity

| No Comments | No TrackBacks
| More

"The Internet used to be compared to the WIld West, the lawless frontier; now it is more like the Western Front, a massive, unrestricted battlefield. Geopolitics is putting your data in the firing line." So concludes an article by Allan Dyer of Yui Kee Computing in the IMIS Journal. On Thursday, at the ISSA UK Chapter and I heard several presentations on what is currently happening (and what is expected to happen). One summarised a PWC study report. Another summarised the report of an ISSA Advisory Board brainstorming. Until yesterday I would have said they were both excellent. I took part in both the PWC study and the ISSA brainstorming. Then I read Allan's article. It reminded me that we in the West are at the Far End of the world from where the future is being forged. [double entendre intended].

 

Why consumers give up on cybersecurity

| No Comments | No TrackBacks
| More

I am currently attending a slew of meetings on Cybersecurity at which experts preach to each other. On monday I am due to chair a meeting skills. On November 15th the Get Safe On-line Summit will have the most powerful line-up of speakers in years. Government is taking the issues seriously - but are the security experts ready to be taken seriously. I will use a simple example: What should you actually do when you receive an e-mail asking you to renew your anti-virus software or one telling you that your automatic update has failed because your card details have not been recognised?

 

How many UK Public Sector IT suppliers will survive the cuts?

| No Comments | No TrackBacks
| More

What do you call an industry which does not plan for the inevitable? Like Y2K the cuts in ICT spend announced yesterday were inevitable. What was not inevitable was the rush of buyers and suppliers into a final round of big-bang deals that were bad value for taxpayers and shareholders alike and will have to be unscrambled.  Rather than bemoan the reasons why ICT turned from White Knight into Whipping Boy I would would prefer to ask "How many suppliers have the wit and will to help turn a potentially terminal crisis for their UK public sector operations into an uprecedented opportunity for mutually beneficial change?"  

 

      

Should you have a choice whether your personal information is sent offshore?

| No Comments | No TrackBacks
| More
The revelation that NHS trusts are routinely sending personal records for processing in a nation with no data protection legislation reminds me of when a former Inland Revenue CIO suggested (at a PITCOM meeting) that it be made a criminal offence to send data collected under statutory powers off-shore for processing. He had discovered that, despite a prohibition in the contract, one of their suppliers had sent a file containing current records to the USA for testing they had been told was being done in the UK. 

How does public and private sector network security compare?

| No Comments | No TrackBacks
| More
One of my readers has queried the accuracy of my comments on allegations that the cost of connecting schools to broadband is increased by CESG requirements. I did not know - hence the wording. My attempt to check the accuracy raised, however, an even more interesting question. At issue appear to be interpretations of the Code of Connection Level 3. This covers on-line access to databases where data leakage could cause substantial individual harm: such as those of HMRC and DWP for taxes and benefits. But would such a leak do more harm than one from your bank? If not, why should they need to use separate networks?    

But it wasn't me who asked for my benefit to be paid into Megabank

| No Comments | No TrackBacks
| More

The Government plans for us all to have personal web-access to their on-line services inside four years, as described in the Times today are as "ambitious" and cahllenging as they are overdue. If they are serious about socailly inclusive delivery the first step must be to ensure that the "Digital Gateway Offices" have on-line access that is fit for a sub-postmistress to access on behalf of a queue of frail pensioners. The second is to ensure that all involved (including contractors in the supply and support chains) are vetted and subject to personal liabilities for carelessness and indiscretion, let alone active misconduct, that are at least as strong as for those who run a sub-post-office.

About this Archive

This page is an archive of recent entries in the Electronic Security category.

eCommerce is the previous category.

Governance is the next category.

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

 

-- Advertisement --