Due Diligence in Cybersecurity

Due diligence can be defined as an action that is considered reasonable for people or businesses to be expected to take to keep themselves or others and their assets safe from harm. Due diligence is often associated with legal matters and corporate acquisitions. As cybersecurity moves slowly beyond being technology and encryption focused to include other specialists making use of due diligence to aid in protecting company assets and to mitigate risks is vital. So what is cybersecurity due diligence? The term has been defined as “the review of the governance, processes and controls that are used to secure information assets.” Such due diligence obligations may exist between states, between non-state actors (e.g., private corporations), and between state and non-state actors. This blog will examine the issues surrounding due diligence in cybersecurity and why they are vital to preventing or mitigating cyber attacks.
Why should we worry about Due Diligence?
The various regu…

Applying lessons from NASA to Cybersecurity


The subject of this applying lessons from NASA to cybersecurity might seem like an odd choice but there are a few reasons I chose this route. Firstly, why use NASA and not some other science and engineering organisation? I have always admired and enjoyed reading and learning about the work of NASA with particular topics being the now-retired Space Shuttle Programme, the still going Voyager  satellites and NASA's research into Astrobiology. (an interdisciplinary scientific field concerned with the origins, early evolution, distribution, and future of life in the universe). Also, by using an area of work in this related to NASA can provide a different take on problems we are trying to solve. By looking at seemingly, unrelated areas we can find new ideas or ways of thinking about a problem. Over the past ten years, NASA through their website has released various ebooks for free covering various topics including history, aeronautics science etc. This blog post will use some…

Though and Opinions from London Computer Conferences 2019


Computing Conference (formerly called Science and Information (SAI) Conference) is a research conference held in London, the UK since 2013. The conference series has featured keynote talks, special sessions, poster presentation, tutorials, workshops, and contributed papers each year. This year the event happened on the 16th to 17th July. This blog post will aim to show some of the ideas and research that was presented and how they might apply to the standards work that I observed.

Day 1

Keynote Talks
The first keynote talk was about the rise of accelerators in computing. The requirement for specialist chips because general-purpose chip designs have plateaued or are at there limit when it comes to speed increases and die shrinkage. There is now a move for greater energy efficiency in chip designs are becoming more important. Part of this solution is decreased memory/data latency when fetching that information and processing it. Already, for key applications, greater use of p…

The Provenance of Products and Services in relation to Cybersecurity


The networks and eco-system that cybersecurity resides have become increasingly complex as we identify threats and attack vectors. As businesses access their networks, systems and supply chains they may realise that attack surface which cybersecurity has to defend can be very large. Therefore, understanding the provenance of products and services that make up their networks, systems and supply chain is vital to bringing the size of the potential attack surface. Provenance can be defined as the source or origin of an item, idea or a person. The supply chain can be defined as the network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual delivery to the end-user. The supply chain segment involved with getting the finished product from the manufacturer to the consumer is known as the distribution channel…

Personal Interest - Japan and UK Cultural relations


This blog post is about the Japan-UK season of culture 2019/20. The “Japan-UK Season of Culture” is unfolding in 2019 and 2020, when Japan hosts two sporting landmarks: the Rugby World Cup in 2019 and the Tokyo Olympic and Paralympic Games in 2020.  It seeks to build on the British people’s keen interest in these events by showcasing Japan’s multifaceted attractions.  They hope that people all over Britain will join with Japan in embracing this chance to deepen mutual understanding, thus helping to create an enduring legacy. I enjoy anime films and tv series, along with I regularly listen to BBC radio. I often listen to drama and comedy programmes. I thought it would be different to speculate about which BBC radio dramas could work as anime. I aim include links to where to listen to these programmes legally if you they peak any interest (note no affiliation if links are to sites that require you too but them). I will include how these dramas would fit into typical anime g…

Thoughts and Overview of ETSI Cybersecurity Week 2019


The ETSI Security Week 2019 took place the week of 17-21 June 2019.

Access the ETSI Security Week Presentations =

This year, the ETSI Security Week continued debating different aspects of cybersecurity.

On day one they first set the scene with talks on the Cyber Security Landscape.Then on Cyber Security Policy Actions on 18 June, related to the upcoming Cybersecurity Act and ePrivacy regulation. The Artificial Intelligence thread focused on the security angle to AI, completing the ETSI’s April AI Summit, on 19 June.And they discussed how security can keep pace with the rapid change of technology, networks and society on 20-21 JuneThey also hosted a Hackathon event on the new Middlebox Security Protocol standards on 20-21 June 2019. 

Discussion of topics

Day 1

One the first day there was a good overview of the threat of state-sponsored cyber espionage with less than subtle nods to Russia and China. Also, the state…

The Splinternet and how it affects Cybersecurity design and planning


The days of a global internet with relative openness are over as regulation and digital borders will rapidly increase in the coming years or start to become more impactful. Nationalism and concerns about digital colonisation and privacy are driving the "splinternet." Those forces are unlikely to reverse but only accelerate. The Western Nations will still back a relatively open internet model. A complex labyrinth of different regulations, rules and cybersecurity challenges will rule the internet of tomorrow, which will become increasingly difficult for corporations to navigate. Examples of these include EU actions on data protection and privacy with GDPR  or in the UK where the government is contemplating plans to essentially require age checks on all internet sites. (An oversimplification of their plans that are base on flawed thinking and  tackling the wrong problem)

What is the Splinternet?

There is no question that the arrival of a fragmented and divided inter…