Posts

Showing posts from June, 2019

Thoughts and Overview of ETSI Cybersecurity Week 2019

Image
Introduction The ETSI Security Week 2019 took place the week of 17-21 June 2019. Access the ETSI Security Week Presentations =  https://docbox.etsi.org/Workshop/2019/201906_ETSISECURITYWEEK This year, the ETSI Security Week continued debating different aspects of cybersecurity. On day one they first set the scene with talks on the Cyber Security Landscape. Then on Cyber Security Policy Actions on 18 June, related to the upcoming Cybersecurity Act and ePrivacy regulation.  The Artificial Intelligence thread focused on the security angle to AI, completing the ETSI’s April AI Summit, on 19 June. And they discussed how security can keep pace with the rapid change of technology, networks and society on 20-21 June They also hosted a Hackathon event on the new Middlebox Security Protocol standards on 20-21 June 2019.  Discussion of topics Day 1 One the first day there was a good overview of the threat of state-sponsored cyber espionage with less than subtle nods t

The Splinternet and how it affects Cybersecurity design and planning

Introduction The days of a global internet with relative openness are over as regulation and digital borders will rapidly increase in the coming years or start to become more impactful. Nationalism and concerns about digital colonisation and privacy are driving the "splinternet." Those forces are unlikely to reverse but only accelerate. The Western Nations will still back a relatively open internet model. A complex labyrinth of different regulations, rules and cybersecurity challenges will rule the internet of tomorrow, which will become increasingly difficult for corporations to navigate. Examples of these include EU actions on data protection and privacy with GDPR  or in the UK where the government is contemplating plans to essentially require age checks on all internet sites. (An oversimplification of their plans that are base on flawed thinking and  tackling the wrong problem) What is the Splinternet? There is no question that the arrival of a fragmented and divided

Cross posting of ETSI's new Cybersecurity promotion

Image
In attending ETSI's Security week the event kicked off with an opening address by the ETSI Director General (Luis Jorge Romero) which introduced this little video that has been prepared by ETSI's Media and Communications department. I'd like to endorse it and hope you enjoy it too.

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea