Balancing functionality, usability and security in design


When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other.

Defining the Triad in design

A triangle can be used to help explain the relationship between the concepts of security, functionality and ease of …

Thoughts on IET Talk - 'Rihanna Changed my Life'


This IET talk was made of up of two parts. The first talk was "The Human Factor of Cybercrime: Decoding the Cybercriminal Mind-Set" by Dr Maria Bada. The second talk was "Rihanna Changed my Life:Inspiring a New Generation of Cyber Security Professionals" by Raj Samani. 2019 will see cybersecurity alliances of defenders continuing to mature.  “In 2018, we witnessed even greater collaboration among cybercriminals through underground alliances,” said Raj Samani, chief scientist at McAfee. “This collaborative mentality has allowed for efficiencies in underground technologies and tactics, and the evolution of bad actors into some of the most organised and agile adversaries in the world. However, while we expect the underground market collaboration to continue, the year 2019 will also see cybersecurity alliances of defenders continuing to mature and further fortify defences.” There are people who are being arrested and there are people who are being indicted. Th…

Calls for Participation: Common charger study - online survey


Please be informed that a public online consultation related to the study that the European Commission is conducting on the 'Common charger for mobile phones and other portable electronic devices' has been launched: (23 languages).
To take the survey an EC login is required but it should be relatively simple to get via their website.
EC Background Information
In the past, mobile telephones were only compatible with specific mobile telephone chargers. An estimated 500 million mobile phones were in use in 2009 in all EU countries.

The chargers used often varied according to the manufacturer and model, and more than 30 different types of charger were on the market. Apart from causing inconvenience to the consumer, this created unnecessary electronic waste.

Almost every household is believed to have gathered a number of old chargers – estimated to generate more than 51 000 tons of electronic waste per year in the EU.

In re…

The attention economy - Does it matter to Cybersecurity?


The topic of this blog post does the attention economy matter to cybersecurity may seem a bit odd since as an idea they do seem to have no relation to each other. The idea of the attention economy originally came from advertising firms as they sought out ways to attract customer for their clients' goods or services. Nowadays companies like Netflix, Epic the makers of video game Fortnite take a keen interest in the attention economy since in order to be a successful business they need customers to engage with their services.  What attention economics is an approach to the management of information that treats human attention as a scarce commodity, and applies economic theory to solve various information management problems. Put simply by Matthew Crawford, "Attention is a resource—a person has only so much of it." As content has grown increasingly abundant and immediately available, attention (how much time a person has in a waking day) becomes the limiting fa…

Personal Interest - RAF Unbuilt Projects

This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources for that wh…

The Reasons Why Standards and Technical Organisations need Greater Diversity


For some people the topic of this blog post they may find unnecessary because either they think these are non-issues or ideologically driven as some sort of social justice warrior (SJW) agenda. Hopefully, I endeavour in this post not come across like that but raise new ideas and viewpoints and widen the conversion about why as groups of people and companies connected to standards and technical organisations need to consider greater diversity. Firstly, I will not be naming any organisations in this post because of this not a call-out to name and shame. Secondly, I do realise quite a few organisations already have plans in place to broaden the diversity of their workforce already either through their members or their support staff. Finally, these ideas came about from my attendance of meetings, conferences and workshops where I kept thinking to myself the majority of the time the make-up of these are mostly older men who have been around for twenty plus years and they littl…

Review of ideas and thoughts from Meetings and Conferences


This post is to give an overview along with a review of ideas and thoughts from meetings and conferences I have attended as part of my work for C3L. These include the 'UK Internet Governance Forum 18'; ETSI CYBER Group meetings; ETSI QKD;  ETSI USER Group meetings and the ETSI ITS Workshop 2019. The aim here is give some information about these meetings and groups to give some insight to the work C3L does along with viewpoints about the current industrial landscape.

UK Internet Governance Forum 18

The 2018 edition of the United Kingdom Internet Governance Forum (IGF) took place on 22 November in London (I observed via the online webinar) and focused on the topic of 'Solutions for The Digital Age'. The UK IGF represents a platform for collaborative partnerships with the mandate of providing a local forum in the UK to engage industry, government, parliament, academia and civil society in discussions on Internet Governance issues. In the future greater use of Di…