Posts

The Provenance of Products and Services in relation to Cybersecurity

Introduction

The networks and eco-system that cybersecurity resides have become increasingly complex as we identify threats and attack vectors. As businesses access their networks, systems and supply chains they may realise that attack surface which cybersecurity has to defend can be very large. Therefore, understanding the provenance of products and services that make up their networks, systems and supply chain is vital to bringing the size of the potential attack surface. Provenance can be defined as the source or origin of an item, idea or a person. The supply chain can be defined as the network of all the individuals, organizations, resources, activities and technology involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual delivery to the end-user. The supply chain segment involved with getting the finished product from the manufacturer to the consumer is known as the distribution channel…

Personal Interest - Japan and UK Cultural relations

Introduction

This blog post is about the Japan-UK season of culture 2019/20. The “Japan-UK Season of Culture” is unfolding in 2019 and 2020, when Japan hosts two sporting landmarks: the Rugby World Cup in 2019 and the Tokyo Olympic and Paralympic Games in 2020.  It seeks to build on the British people’s keen interest in these events by showcasing Japan’s multifaceted attractions.  They hope that people all over Britain will join with Japan in embracing this chance to deepen mutual understanding, thus helping to create an enduring legacy. I enjoy anime films and tv series, along with I regularly listen to BBC radio. I often listen to drama and comedy programmes. I thought it would be different to speculate about which BBC radio dramas could work as anime. I aim include links to where to listen to these programmes legally if you they peak any interest (note no affiliation if links are to sites that require you too but them). I will include how these dramas would fit into typical anime g…

Thoughts and Overview of ETSI Cybersecurity Week 2019

Image
Introduction

The ETSI Security Week 2019 took place the week of 17-21 June 2019.

Access the ETSI Security Week Presentations = https://docbox.etsi.org/Workshop/2019/201906_ETSISECURITYWEEK

This year, the ETSI Security Week continued debating different aspects of cybersecurity.


On day one they first set the scene with talks on the Cyber Security Landscape.Then on Cyber Security Policy Actions on 18 June, related to the upcoming Cybersecurity Act and ePrivacy regulation. The Artificial Intelligence thread focused on the security angle to AI, completing the ETSI’s April AI Summit, on 19 June.And they discussed how security can keep pace with the rapid change of technology, networks and society on 20-21 JuneThey also hosted a Hackathon event on the new Middlebox Security Protocol standards on 20-21 June 2019. 




Discussion of topics

Day 1


One the first day there was a good overview of the threat of state-sponsored cyber espionage with less than subtle nods to Russia and China. Also, the state…

The Splinternet and how it affects Cybersecurity design and planning

Introduction

The days of a global internet with relative openness are over as regulation and digital borders will rapidly increase in the coming years or start to become more impactful. Nationalism and concerns about digital colonisation and privacy are driving the "splinternet." Those forces are unlikely to reverse but only accelerate. The Western Nations will still back a relatively open internet model. A complex labyrinth of different regulations, rules and cybersecurity challenges will rule the internet of tomorrow, which will become increasingly difficult for corporations to navigate. Examples of these include EU actions on data protection and privacy with GDPR  or in the UK where the government is contemplating plans to essentially require age checks on all internet sites. (An oversimplification of their plans that are base on flawed thinking and  tackling the wrong problem)

What is the Splinternet?

There is no question that the arrival of a fragmented and divided inter…

Cross posting of ETSI's new Cybersecurity promotion

Image
In attending ETSI's Security week the event kicked off with an opening address by the ETSI Director General (Luis Jorge Romero) which introduced this little video that has been prepared by ETSI's Media and Communications department. I'd like to endorse it and hope you enjoy it too.

Balancing functionality, usability and security in design

Image
Introduction

When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other.

Defining the Triad in design

A triangle can be used to help explain the relationship between the concepts of security, functionality and ease of …

Thoughts on IET Talk - 'Rihanna Changed my Life'

Introduction


This IET talk was made of up of two parts. The first talk was "The Human Factor of Cybercrime: Decoding the Cybercriminal Mind-Set" by Dr Maria Bada. The second talk was "Rihanna Changed my Life:Inspiring a New Generation of Cyber Security Professionals" by Raj Samani. 2019 will see cybersecurity alliances of defenders continuing to mature.  “In 2018, we witnessed even greater collaboration among cybercriminals through underground alliances,” said Raj Samani, chief scientist at McAfee. “This collaborative mentality has allowed for efficiencies in underground technologies and tactics, and the evolution of bad actors into some of the most organised and agile adversaries in the world. However, while we expect the underground market collaboration to continue, the year 2019 will also see cybersecurity alliances of defenders continuing to mature and further fortify defences.” There are people who are being arrested and there are people who are being indicted. Th…