Paul Wallbank – Brilliant Communications

Tag: security

  • Trade offs in the smart city

    Trade offs in the smart city

    What are the trade offs in the connected city? Last week we had an opportunity to talk with Esmeralda Swartz, Ericsson’s Vice President of Marketing Enterprise and Cloud last week about what policy makers and citizens need to consider.

    One of the important issues is security in both the data being collected, “what are the benefits and what is not acceptable?” Esmeralda asks.

    In all the conversations this site has had with smart city advocates the topic of open data has been essential, but this raises the issue of security. Something lacking in the Internet of Things.

    “Security has to be built into every level,” says Esmeralda who flags that the IoT adds a whole range of new risks.

    Along with security, a critical part of a successful connected city is having open data, Esmeralda believes.

    “if you start looking at the all the layers that need to be connected then they have to be open,” she says.

    Open data is a critical point for smart cities and connected communities, if information isn’t open then it’s hard for an ecosystem to develop or for residents to have confidence their data is being used for their benefit.

    For companies like Ericsson, who are trying to establish themselves outside of the traditional telco model, gaining the confidence of communities and their leaders is essential to their smart city strategies.

    Much of the smart city movement is based upon solutions looking for problems – a common trait of the IT industry – for vendors like Ericsson to succeed in selling their products it’s essential to prove value to their customers and gain the confidence of communities as they trade off utility for privacy.

    Similar posts:

    • No Related Posts
  • Warning against the connected car

    Warning against the connected car

    A year after hackers demonstrated the risks of connected cars, the FBI and the US Department of Transportation have warned consumers of the risks in internet connected vehicles.

    This warning comes as automobile manufacturers are pushing their new breed of motor cars as being software platforms rather than vehicles and calls into question how well security and safety are being designed into their products.

    One of the recurrent features of these sort of warnings is how regulators, manufacturers and software designers try to push the risks back onto consumers rather than the companies designing these systems.

    Officials said that while not all car hacking incidents result in safety risks, consumers should take the appropriate steps to minimize their own risks.

    It’s hard to see what consumers can really do, as most of these systems are ‘black boxes’ protected by strict terms preventing users from seeing, let alone understanding, the software running the vehicles. Customers have to trust the manufacturers to do the right thing.

    For the Internet of Things, and connected cars, to be successful they have to deliver value to consumers and have the confidence of the market. Right now many of these features seem to do neither.

     

    Similar posts:

    • No Related Posts
  • Bringing cybersecurity into the mainstream

    Bringing cybersecurity into the mainstream

    “Cybersecurity is out of the dungeon and now selling itself as a business service,” says Cisco’s Chief Security and Trust Officer, John Stewart.

    Stewart was discussing his company’s security challenges at a Cisco Live briefing at their Melbourne conference yesterday.

    The shift to security as a business service follows the pattern of computerisation in business believes Stewart, “at first businesses said you can’t keep important documents on computers, then they said you could only keep important data on computers”

    For Stewart, the fact c-level execs recognise the importance of cybersecurity is a positive sign that indicates organisations are taking IT and communications security seriously.

    When asked what keeps him up at night, Stewart said it was worries about infrastructure security, the Ukrainian power network’s experience after an attack from a seriously motivated group of hackers indicates just how serious this is.

    Interestingly Stewart remains focused on the risks of security breaches, as the Internet of Things rolls out it may well be the integrity of data streams becomes a far greater focus for system administrators and security officers.

    Paul travelled to Cisco Live in Melbourne as a guest of Cisco

    Similar posts:

    • No Related Posts
  • Thinking differently about Cyber Security

    Thinking differently about Cyber Security

    “I get quite frustrated with the cybersecurity industry” says Andy France, Deputy Director of Cyber Defence Operations at British Intelligence Agency GCHQ. “We have to think differently.”

    France was speaking at the Telstra Cyber Security Forum at the company’s Sydney experience centre yesterday where he outlined how organisations are rethinking about protecting their data.

    “What we haven’t realised is just like the Bronze Age, the Stone Age, the Industrial Age and the Internet Age, we have to think differently about what that means to in terms of security and privacy. We have to think differently about how we build systems.”

    The biggest problem France sees in the industry itself are the lack of skills to build those secure systems, a situation he believes is partly created by the sector’s credentialism gaining certifications is several orders of magnitude more bureaucratic than becoming a fighter pilot.

    In contrast the bad guys who France splits into five groups – script kiddies, hacker collectives, crime syndicates, hackers for hire and nation states – have no such concerns about certificates and accreditation.

    “You have serial collectors of letters after their names,” he states. “We’re putting an artificial bar against the people with the new thought processes that are going to help us address this problem.”

    “It feels like the criteria has been set up to create a nice little market so we can control day rates,” French says, “in a world where we’re screaming out for talent and need people to come along who are interested and challenged by the subject.”

    Apart from the trap of credentialism, the real concern for businesses and users should be the integrity of data in France’s opinion. We need to be certain information is accurate, a problem that will be exacerbated as businesses processes are automated around data streams being connected by the Internet of Things.

    France suggests three principles should underlie an organisation’s data defences; having systems in place to spot early indications of a problem, obey the five ‘knows’ and understanding your network.

    Understanding your network, what France calls the ‘defender’s advantage’, is the most essential task of all for someone protecting their organisation’s data. “Is someone knows your network better than you then that should be a criminal offense,” he states. “To get the defender’s advantage in place you need to understand your network.”

    “Technology in itself with not keep you safe.” French says and describes security as being subject to Pareto’s Law where most vulnerabilities are mundane background noise, “we need to have a balance where technology looks after the 80% and we have the people and processes in dealing with the unexpected 20%.”

    “It’s certainly not going to get any better,” French warns about the trends for cyber security in 2016. For most companies and system administrators it’s going to be a matter of being alert and having the processes in place to deal with the unexpected.

    Similar posts:

    • No Related Posts
  • Telstra’s five ‘knows’ of security

    Telstra’s five ‘knows’ of security

    Telstra, Australia’s incumbent telco, held their Cyber Security Summit in Sydney today looking at the issues facing organisations in protecting their networks and data.

    One of the recurring themes speakers raised were the ‘five knows’ that Telstra’s security people believe are the core of business security.

    Those ‘knows’ sound simple but in truth in they are hard to carry out in even a small, simple network;

    • Know the value of your data
    • Know who has access
    • Know where the data is
    • Know who is protecting the data
    • Know how well that data is being protected

    With these five rules we’re moving into Donald Rumsfeld territory of ‘known unknowns’. In most organisations the honest answer to these questions is “we don’t fully know”, some data that’s seen as irrelevant by management could be a goldmine for a competitor or malicious actor while a relatively junior staffer could be saving critical documents on an external drive or consumer cloud service with a weak password.

    Managing those knowns, or unknowns, is a tough task and one that needs to be tempered by realism.

    In truth no system administrator has full knowledge of their network, for organisations real security comes from having strong leadership, robust processes and delivering the products and services demanded by the public.

    Technology will help deliver those products and services while helping strong leaders implement robust process but ultimately a secure organisation needs good management, not better tech.

    From the cyber security point of view, Telstra’s forum had many useful thoughts and we’ll look at more aspects regarding security that came up in the sessions later in the week.

    Similar posts:

    • No Related Posts