Category Archives: Blog

Cyber security needs to consider both technology and human factors.

Cyber Security – Back to Basics

This week I finished the Open University’s “Introduction to Cyber Security” online course which is available through the FutureLearn platform.

Why, I hear you ask, am I going back to basics to learn about a subject in which I am already pretty well versed?

It is true that I have been exposed to cyber security principles and practice for almost 20 years by virtue of my primary degree in Computer Science, internship and subsequent career in both technical and non-technical roles. Heck I’ve even spent the last three years as Technical Marketing Manager of QUB’s Centre for Secure Information Technologies (CSIT), the UK’s Innovation & Knowledge Centre for Cyber Security, a role which sees me regularly speak to businesses, students and contributing to TV, radio and print media on the subject of technology vulnerabilities, threats and breaches. The role also involves bringing new cyber security technology, the output of much of our ground-breaking research, to market.

Why participate?

I participated in the 8 week long online course for three reasons:

  1. I’m big enough to admit that I don’t know it all – even in my own field of expertise there is always scope to learn new approaches and relearn concepts that I may have forgotten. This course offered me a chance to look at cyber security with fresh eyes.
  2. Working day to day in a research and innovation environment at the very bleeding edge of cyber security technology it is all too easy to forget how the person on the street views my area of expertise. This course allowed me the chance to step back from that edge, think about cyber security from an end user perspective and consider how our research and technology could be applied to solve the simple and mundane as well as grander challenges.
  3. Lastly, I wanted to kick the tyres on it. Prior to this course launching I had been asked by a number of organisations if we at CSIT could deliver similar entry level training. We had already delivered some internally to the wider QUB staff body and the question was whether or not we should package that up and produce an offering to business and community groups. I wanted to assess if the OU course would rule that effort worthless.

Did it pass muster?

In a word – yes.

The course surpassed my expectations to be honest. It wasn’t patronising, while it assumed no prior knowledge it explored more complex aspects of cyber security explaining them in an engaging way.

Those charged with information and cyber security in organisations and the wider world can often be seen as bad guys and girls in their own right. Blocking access to fun stuff on the internet and not allowing the latest whizzy consumer devices onto corporate networks without a satisfactory reason from an end-user stand-point. The first week explored the threat landscape in depth, explaining why cyber security matters to everyone and laid a solid foundation for the remaining seven weeks.

Over the last number of years many of the times I have been invited by the media to provide analysis on cyber security events has been due to password breaches.

It’s one of the reasons I’m so passionate about bringing our LIOPA lip biometric technology to market. Week two covers the whole gambit of authentication even going so far as covering salting, hashing as well as multi-factor which is thankfully becoming the norm for most online services.

One area where I disagree with the course is its highlighting of password manager applications as a solution to remembering multiple usernames and passwords. Personally I see them as a significant risk and prime target for cyber criminals. Hack those and you have the master key for an individual’s whole online life.

Weeks 3 and 4 cover Malware and Networking & Communications adequately but it was Week 5’s focus on Cryptography which drew my attention. It’s an area which we at CSIT carry out significant research in areas such as Post-Quantum Cryptography,Physical Uncloneable Functions (PUF)-PKI and Fully Homomorphic Encryption.

The practical application of PGP is taught through the use of Mailvelope, a plug-in for Google’s Chrome browser that uses an implementation of the Open PGP standard. This is welcome but it goes to show that straightforward ways for the man/woman in the street to use PGP to encrypt communications is still a little way off in terms of user experience.

As the family IT go to guy weeks 7 and 8 coverage of what to do when things go wrong and managing risks is welcome. Its also a timely reminder for everyone to fully consider their own vast stores of digital information, prioritising which bits are most important and putting in place a regular backup routine to protect against loss.

Have I changed how I think about my own cyber security after completing this course?

Absolutely. Will I tell you the changes I have implemented as a result? Absolutely not. Why make it easier for the cyber criminals? Individuals and organisations are under constant attack. It is a case of when and not if your cyber security defences will be probed and breached – why make it easy for them.

Wider lessons for going back to basics.

Sometimes subject matter experts can be a little reluctant to admit that they may not be across all the basics in terms of their field. Instead they baffle the uninitiated with the more advanced aspects of their product or service. Looking once again from an amateur’s perspective can be enlightening.

Participating in this course has also opened my eyes to interesting use cases for some of CSIT’s innovations.

While this course may close off opportunities for us as an organisation to deliver similar training ultimately it educates a greater number of people in respect of cyber security who will demand greater security from service providers and technology providers. If it encourages more students to consider applying for our MSc Cyber Security or consider carrying out PhD research with us then even better.

Ultimately this will stimulate further the burgeoning global cyber security market benefiting CSIT and the wider industry in which we operate.

This blog post post was originally published by me on LinkedIn Pulse on 2nd Dec 2014 and can be found here.

Lucas

image

Such a joy to spend precious time this morn,
With you my son, my middle born.

Ambling slowly along the Lagan,
When all of a sudden we should happen
Upon something, there high in the trees.
“What’s that up in the branches Lucas?”
Your wee head bobs and weaves for a jook as,
In a rustle of feathers and leaves a pigeon flees.

While the other’s are away at a party,
Outside the Lockkeeper’s our elevenses are hearty.
On your broad shoulders a shrewd wee head.
You eat the sausages and leave me the bread.

My wife Fiona asked me to write some poems about the boys. Here’s the first titled ‘Lucas’. I sketched it out in my mind as I walked and ran and joked about with Lucas this morning along the Lagan tow path.

We said hello to happy dogs, hunted ducks, spied a moorhen and ate a sausage butty out in the sun at the Lockkeepers. All in all a pretty perfect morning.

Twelfth morning #ShortPoems

The master raises the drum to his chest on Folly Lane.
Resplendent with Lily, Sweet William too.
The band called to order, his domain.
He calls the tune. Killaloe, after two – one, two.

Its Twelfth morning and in this poem I reflect on years gone by.

Twenty years or more ago I used to line up with the drum corps of Lisnadill Flute Band each Twelfth of July morning on Folly Lane in the south of Armagh prior to setting off to join the rest of the lodges from that district. My two brothers and I formed half of the corp in front and to the side of the bass drum of the Band Master. My fourth brother played out high notes on piccolo at the back.

As the youngest and smallest my uniform was a mishmash of hand-me-downs and ill fitting items. Country bands didn’t have the money for new uniforms so ours was a second hand lot from God knows where. My cap had crowned perhaps a dozen heads in its lifetime. It stayed on my head through the grace of soggy rolled up newspaper inside the head band soaked with sweat. My white Andante snare drum hung round my neck like a millstone.

The band took its name from a small rural townland three miles further south from Armagh. It was what is known as a melody flute band. Its numbers would be swollen to over twenty on the twelfth, still a small unit compared to the blood and thunder bands. Hymns and tunes such as Our Director, Killaloe, Liberty Bell and Dolly’s Brae made up its repertoire.

We would have paraded Armagh in the morning, making our way through the town to the Co-Op at Alexander where buses would collect us and take us to the host town to join the main demonstration in places like Newtownhamilton, Tandragee and Killylea.

For us it was a grand day out. We’d march to the field, head off to meet friends and grab a burger before returning to where the drums and lodge banner had been stashed beside the lodge car. There we’d join older band members and sit on the grass with rolled up shirt sleaves in the sun drinking a can or two of warm Bass or Tennents, smoking Embassy Red, and chatting about women and cars and the price of cattle like men. We didn’t get drunk though. A full bladder and a sore head aren’t conducive to keeping time and the long walk home.

Those were great times before educational then economic migration scattered us to the four winds exposing some of us to different cultures and traditions.