By Richard Bingley, Director CSARN and Senior Lecturer at the Department of Security and Resilience, Buckinghamshire New University
I'm midway through a
house move; my books and treasured news clippings are packed away and I'm
dependent almost totally on a daily newspaper and the web!
Meanwhile, our part-time BA Security Consultancy students are nearing the end of their Information Security module.
Some fantastic work is being produced in their interactive journals around information security; particularly some of the lessons that we can learn from the high-risk environments, in which many are based. Basically, most are saying, that back here in the UK, and other more advanced economies, we need to tighten up. Civilian environments are simply not addressing future cyber issues.
Yet here's a couple of case studies to ponder:
- In today's Times we have the case of a police officer whom reported his own 13-year-old son for Fraud, because the lad racked up a £3700 bill with Apple by downloading what he assumed to be (his argument) free Apps. Apple understandably dispute this one, and umpteen similar claims, from desperate parents. The only possible way the father can recover his money is by logging the case as Fraud.
- Last week possibly the largest state-sponsored cyber attack upon industry occurred when North Korea was alleged to have been behind a drive-by malware attack on South Korea's banking system. ATMs and money transfer facilities were jammed for days. (Think Cyprus in terms of impact, but malicious competence, rather than accidental incompetence, displayed by the perpetrators.)
Samsung's announcements a few days ago that they would begin releasing consumer products such as smart phones which could be accessed biometrically, rather than by passwords, appears a sensible move. Password authentication is too easy to crack and too easy to forget.
But at BA degree level, I hope that our students will examine the street-level impact of changes within cyber and information security; not merely report it.
For instance, will biometric client applications lead to more service calls because of reading errors with devices?
Or will more violent crime occur as thieves or robbers coerce owners to physically open up access to their devices and critical information?
Alternatively, if somebody collapses ill next to you on a train, as happened to me last week, it could be hard for helpers or paramedics to access vital medical information from family and friends, or to provide family with information and reassurance.
Our BA students have so far covered threat/risk assessment, and security project planning. In a couple of weeks they will translate these analytical skills and models into addressing Cyber Security vulnerabilities in their workplace.
The tendency when we plan in the security sphere is to begin thinking holistically, but then to narrow our scope of interest more towards the organisation as we become 'influenced' by peers and clients. This is partly because we seek to cross that magic rubicon and achieve 'buy-in' by setting realistic priorities.
But it's difficult do this with cyber and information security planning. Lateral thinking is the best ingredient for local resilience. If this means asking your colleagues to block child access to work devices, or to seriously prepare for inter-state cyber war, and you feel a little paranoid: job done! Well, almost.