Security – The Information Badger

The Uk cellular national emergency alert test…

Posted on April 26, 2023 by The Information Badger in Information Technology, Public safety, Risk, Security, Technology, Telecommunications

The Badger was untangling a tape strangling a vintage cassette player when last weekend’s first cellular UK national emergency alert test happened. When the alert sounded on his smartphone, it made him jump because he thought he’d broken something in the cassette player! Within a second or so, however, the Badger realised it was the alert test.

The merits or otherwise of the new emergency alert system has had extensive coverage in UK media and on social media, but the Badger thinks it’s a useful public safety facility, if used wisely, given the dynamics and tensions of today’s world. The Badger learned during his IT career that for systems like this to be truly successful, the discipline, processes, and motives of the people controlling its use are as important as the system’s capabilities, engineering, and robustness. Will those in charge use it wisely? Time will tell, but if there’s a false alarm event like that in Hawaii in 2018 then public distrust of systems and those who control them will reach levels that are off the scale!

The alert test was also a reminder that communication networks are the unseen plumbing of today’s digital world. As the Badger cogitated on this point, his landline phone warbled. He automatically picked up the handset without looking at the caller display showing a UK landline number that’s not in his address book. ‘Hello, are you the homeowner and responsible for the computer at your address?’, an Indian lady asked. Scam, the Badger thought before answering with ‘Who are you, who do you work for, and how did you get this number?’ The lady just repeated her question, and the Badger terminated the call. The phone immediately rang again, this time the caller display showed a UK mobile phone number that isn’t in his address book. It was the same lady who cheekily asked, ‘Why did you put the phone down?’ The Badger answered, ‘This call is being recorded’, and the lady terminated the call. Checking the two caller numbers using Who Called Me confirmed that the calls were not from a reputable telemarketing source.

So, here’s the thing. Public suspicion and distrust of emails, social media content, and telephone calls continues to grow. We are relentlessly bombarded with spurious contact and content, and so it’s unsurprising that many are rather dubious about a cellular National Emergency Alert System. Other countries already have similar systems, and the Badger feels the new system is ‘technology for good’ and has a role in the UK public safety landscape. If the first real National Alert to his smartphone, however, is to warn of a nuclear attack, then the Badger’s realistic enough to know that by the time he’s read the message and decided whether its real or the result of hacking by bad actors, it’ll be too late…

Serious internet failure – never say never

Posted on March 9, 2022 by The Information Badger in Business Continuity, Learning, Life, Risk, Security, Technology

For the first time since the start of the Covid-19 pandemic, everyone was together recently to celebrate the Badger’s grandson’s second birthday. It was a memorable occasion. All the adults, however, felt a little chastened by the suffering of Ukrainian families with children at the moment. As the toddler opened presents, the Badger felt not only uneasy about the world he will grow up in, but also uneasy that his life will utterly depend on the internet. At just two-years old, the toddler is already powering-on the Badger’s tablet, swiping its screen, and watching the Teletubbies on YouTube! The little one will only know of life before the internet from stories told by his parents and grandparents, books, and content from the internet itself. Well, that’s just the way it is. Progress is progress, and those born this century are already full-blown digital and internet-reliant natives.

The toddler went off for a pre-bedtime bath towards the end of the party, and the Badger, resting on a comfy sofa, began to muse on how the little one’s generation would cope if there was a dramatic, prolonged, serious failure of the internet in the future. Conventional wisdom has it that the internet has no single points of failure, and is too big, too decentralised, and has too much in-built redundancy to fail. The prevalent view is that a serious interruption that impacts our lives for a prolonged period will never happen. As the Badger began to doze, he remembered what he had learned during his IT industry career, namely to ‘never say never’, to expect the unexpected, and to remain cool, rational, objective, and focused when the unexpected happens. He concluded that it’s not a question of if, but when such an internet event might occur.

Reflections on failure of the internet pop up regularly over the years – see here, here, and here, for example. All they really do, however, is reinforce the ‘never say never’ point. In complex computer systems and networks there’s always scope for unexpected human actions and technical events to have unforeseen and dramatic consequences. The Russian threat to vital undersea cables that carry internet traffic between Europe and North America (see here, here, and here) illustrates , for example, why ‘never say never’ is a sensible position. If Mr Putin has gone ‘full tonto’ and the Russian Navy performs a coordinated attack on these cables then the internet’s resilience and fault tolerance, and our life routines, will be tested like never before.

The Badger’s grandson, about to go to bed, climbed on the Badger’s lap and shouted, ‘wake up, grandad’. Everyone laughed. The Badger opened his eyes and made a mental note to teach his grandson some of the self-sufficiency life skills needed to function without the internet…just in case he needs them in years to come.

We must all now be warriors…

Posted on March 1, 2022 by The Information Badger in Conflict, Life, Opinion, Security

Working at senior levels in major organisations exposes you to decision makers with different personalities, motives, and different ways of interpreting a situation. You tend to calibrate decision makers, and hone instincts that alert you to circumstances where their decisions take the organisation in a direction destined to fail. These instincts woke like never before while watching Mr Putin’s theatrics justifying the invasion of Ukraine. Mr Putin has put himself and his regime on the road to eventual demise, at least that’s what the Badger senses.

By invading Ukraine, Mr Putin has shaken democracies out of a comfortable complacency with Russia, galvanised democratic nations into unity of action, and forced the United Nations to question Russia’s membership of the Security Council. Mr Putin has ‘form’; he sent troops into Georgia and Crimea and his regime’s institutions are implicated in using a nerve agent against people in Salisbury in the UK and an opposition activist in Russia itself. The regular television pictures of him sitting at his long table distanced from others conveys an insecurity and the aura of an obsessed, irrational, barbaric, bully corrupted by power. A bully, however, can only be a bully if those being bullied allow themselves to be a victim. Standing up to a bully by not allowing them to have power over you is the best way to deal with any bully, and that’s just what the courageous people of Ukraine are doing. Western democracies are now doing this too and Mr Putin will be held responsible for his actions.

The fate of the Ukrainian people is in the balance, but their ‘fight to the end’ spirit reminds the Badger of his father’s stories from sheltering as a twelve-year old boy in London’s Underground during the Blitz in World War 2. He often said that ‘everyone believed they had right on their side, and everyone had a warrior spirit inside to fight if enemy troops arrived in London’. This inherent spirit is much in evidence in Ukraine today.

Today’s world is highly dependent on connected IT systems and computer devices, and nations across the globe have been ramping up their defensive and offensive cyber capabilities over the last decade to mitigate threats. However, although cyber incidents undoubtedly feature in this conflict, this war shows that conventional military forces with bombs and bullets are needed to take territory and supress a population. Although few people consider themselves to be any kind of warrior, the Ukrainians have shown not only that we have to fight for our freedoms, but also that in today’s world this means we must all now be warriors. The world today is different to that experienced by my father during the London Blitz. Mr Putin, however, has shown that while the world might be different, with people like himself in positions of enormous power, the world is no better than it was 80 years ago.

Assume nothing, Believe no one, Challenge everything…

Posted on June 16, 2021 by The Information Badger in Business, Delivery, Life, Project Management, Security, Training

More years back than is sensible to think about, and while still in short trousers in the IT industry, metaphorically that is, the Badger was sent on the company’s in-house project management course. In those days, project management courses for software and systems development were delivered by those from within the organisation whose day job was actually delivering systems. The first hour of the course provided a nugget of wisdom that the Badger’s carried with him ever since. It came from the company’s Managing Director (MD) who gave a memorable opening address.

As the course attendees settled down on the first day, the MD stood up, settled on the edge of a table, welcomed everyone, and then spoke eloquently without notes for forty minutes. Those present felt important when the MD told everyone they were humbled to be addressing people who not only delivered complex things for clients, but also made the real profits of the company and were the bedrock of the company’s ‘can deliver, will deliver, come what may’ reputation. The MD went on to talk about their own experience as a project and then a business leader, emphasising that the best people in these roles had A, B, C, D, E built into their psyche. They explained this as ‘Assume nothing, Believe no one, Challenge everything, Decide based on fact and data, Execute decisions to completion’. The MD urged his audience to remember this and to apply it in everything they did if they aspired to be the best project manager they could be.

Assume nothing, believe no one, challenge everything…is at the heart of police, forensic, and any type of objective work requiring the analysis of information to make important decisions. The MD’s point was not that everyone should be a policeman and distrustful of everyone they meet, but that the best delivery and business leaders have these attributes built into their psyche even if they’re not conscious of it.

These attributes in the Badger’s own psyche were activated this week when an SMS message arrived purporting to be from IPSOS MORI, a well-known polling organisation. It said it was following up a letter inviting the Badger to register his child for a COVID-19 test kit, and that this would help monitor infection rates for new variants. It also provided website details to register. The Badger quickly cycled through A to E and did the right thing – which did not entail complying with the instructions in the message! There had been no letter, there are no children in the Badger household, and IPSOS MORI has no reason to have the Badger’s contact details.

The point of this tale is that in today’s online and instant communication world having A.B.C.D.E in your psyche isn’t just important in the professional world, project management, and business, it’s important to be in everyone’s psyche in order to stay safe and secure in daily life.

Connection lost, please move your display closer to the meter…

Posted on May 5, 2021 by The Information Badger in Automation, Internet of Things, Security, Smart & New Technology, Smart Meters

Domestic Smart Meters installed as part of the UK rollout programme come with a small monitor providing the consumer with information about their energy usage. This little device connects to the meter via a wireless network. It’s normally positioned in a place that is both convenient for the consumer and where there is a strong wireless signal with the meter. In the Badger’s home, the monitor has never been moved from where it was put last autumn when the smart meter was installed. It functions there happily for the vast majority of the time.

Occasionally at the weekend, however, it stops working and displays the message ‘Connection lost, please move your display closer to the meter’. This isn’t a big deal because powering the device off and then on re-establishes the connection and normal service. The message appeared again last weekend, but this time it took a number of off-on cycles for service to resume. This, and seeing the Smart Energy programme’s Albert Einstein advert extolling the virtues of digitising the UK energy system, made the Badger cogitate on a couple of questions.

Firstly, has a Smart Meter made much of a difference in the Badger household? Not really, ostensibly because we have always been disciplined and never profligate in our use of energy. While the little energy monitor provides useful information, it did not take long after it was installed to realise that it just confirmed what we already knew, namely that cooking, cleaning, and heating dominates consumption and thus the bill. Using a PC or watching TV have a much smaller impact in comparison. The novelty of regularly looking at the energy monitor thus quickly wore off. Indeed, the Badger knows many people who have eventually turned their monitor off completely and banished it to a cupboard with other unused devices!

Secondly, is the ‘Connection lost…’ message a reminder of something important that we all take for granted? Yes, it is. It’s a reminder that wireless and wired networks are the plumbing on which the modern world relies. Today a device is, at best, limited in its use without some kind of network connection, and, at worst, it’s useless! Networks are a rather hidden part of the tech landscape in the general public’s psyche, but given how life would be impacted if they were down for weeks, months, or even years, they deserve more public awareness of how life would change in their absence.

Networks are critical infrastructure and not immune to a diverse range of threats. It is foolhardy to think that this infrastructure could suffer some kind of seriously disruptive event in the future. Whenever that happens, let’s just hope that it brings out the best in humanity, rather than the worst. Gosh! Isn’t it surprising where a simple monitor losing connection with its Smart Meter can take your thoughts…

Less Twits, better education about what matters in life…

Posted on July 21, 2020 by The Information Badger in Climate & Environment, Digital devices and the environment, Education, Press & Media, Security, social media, Uncategorized

Halfway through a long walk on a hot day with a cloudless blue sky at the Devil’s Punchbowl, a break for a sandwich and a drink at The Gibbet provided some welcome respite. The view was glorious. The air was clear, and the edge of London, some 40 miles away, was visible on the horizon without the need for binoculars. The atmospheric benefits of much-reduced road traffic and air traffic for Heathrow and Gatwick were plain to see!

As the Badger munched his sandwich, a bird of prey hovered in the distance ready to swoop on its prey. The idyll, however, was broken by the arrival of a group of youngsters. They weren’t rowdy, unpleasant, or badly behaved. They just talked incessantly about Twitter being hacked as if it were the end of the world! It isn’t, of course, but their conversation influenced the Badger’s thoughts for the rest of his walk. By the time the Badger reached home, these had converted into the following points:

Anyone familiar with ‘security’ knows that the weakest link in any security regime is people. It’s as true in today’s digital world – as the Twitter incident shows – as it has always been.
Twitter has become, in just 10 years, one of the prime illustrations of today’s attention-deficit world. Organisations and individuals alike use it for many reasons, including FOMO (fear of missing out), vanity, attention seeking, recreation, influencing and self-promotion. Will you really miss anything that’s important to life if you don’t look at Twitter on your smart phone every few minutes? No.
More detailed primary and secondary school education on how the likes of Facebook and Twitter use what you do to make money is essential. A ‘think before you write, or upload photos or videos’ attitude needs to be deeply embedded in the psyche of youngsters.
Hundreds of years ago, the printing press ushered in the age of reason, science, and education. Over the centuries this ‘force for good’ has become slowly diluted by commercialism, politicism, propaganda, misinformation, and falsities of all kinds. The same has happened since the advent of TV and radio about a century ago, and also since the advent of the internet and computers a few decades ago. The same has also happened with social media platforms, which have gone from a ‘force for good’ to questionable, surveillance-based, money-making machines in just 15 years!

At the end of the walk, the Badger slumped into his favourite chair at home, hot, bothered, and tired. Perhaps it was this that triggered a final thought, namely that anyone or any organisation that puts great store in Twitter should be called Twits! The world needs less Twits and better education about what really matters in life. The Badger fell asleep in his chair…

Cyber attacks on the ‘Middleman’…

Posted on May 19, 2020 by The Information Badger in Digital Transformation, Education, Risk, Security, Uncategorized

Elexon announced last week that their internal IT had been impacted by a cyber-attack. Specific detail about the attack was not, understandably, released although there has been some speculation in the media. Elexon plays an important role in the UK electricity market by operating the Balancing and Settlement Code (BSC) and facilitating payments between generators, suppliers and brokers. Although the ‘critical national infrastructure (CNI)’ systems at the heart of electricity market operations were unaffected, the incident is nevertheless embarrassing for this ‘middleman’ organisation.

Coincidentally, the incident caught the Badger’s eye just after reading the UK Department of Digital, Culture, Media & Sport ‘s March 2020 Cyber Security Breaches Survey. Broadly, the report concludes that with Board attention on cyber security and the advent of GDPR, organisations are becoming more resilient to cyber-attacks and faster at recovering from breaches, but less likely to report the negative impact and cost of breaches. The report also reiterates that the nature of cyber threat is continuously evolving and that organisations are experiencing attacks more frequently than 5 years ago. Essentially, progress is being made but there is still lots to do and no organisation can be complacent.

The Elexon incident is yet another reminder that organisations and the public in today’s digital world can never be immune to cyber threat from ‘bad actors’ of any type. It is a reminder that personal and organisational cyber security awareness, diligence, discipline, and professionalism are essential if threats are to be minimised, attacks repelled, and security, data, and privacy preserved. The fact that the Elexon incident did not impact the electricity market systems per se, or the ability to keep the country’s lights on, is not surprising because CNI systems are obvious targets for ‘bad actors’ and their protection is taken very seriously by complying with good advice and guidance from national authorities.

A couple of days ago, a conversation with an acquaintance about the Elexon incident took an unexpected turn. They said if they were a ‘bad actor’ like Blofeld out to destabilise an entire country, they would unleash a simultaneous cyber-attack on all ‘middleman’ organisations similar to Elexon and DCC (for Smart Meters) in all key sectors. Why? It would be easier and simpler than going after CNI systems per se, because the ‘middleman’ is likely to have more weaknesses in their cyber defences. National turmoil would ensue without damaging the CNI itself. Just think, they said, what knocking out all ‘middleman’ organisations simultaneously would lead to in terms of pressure on the government, business frustration, social media backlash, loss of national confidence, political turmoil, international embarrassment and so on. The door would be open for a new regime!

The acquaintance sensed the Badger becoming concerned and suspicious. They quickly pointed out that they were not, of course, actually Blofeld! And, just in case you are wondering, neither is the Badger…

An inspiring day out with codebreakers and the first electronic computer…

Posted on September 10, 2019 by The Information Badger in Digital devices and the environment, Education, Security, Uncategorized

IMG_20190827_150443

The Badger visited Bletchley Park and The National Museum of Computing (TNMOC) last week. It was a fascinating, atmospheric and inspiring day out, and very rewarding to hear the many visiting international tourists, young families, and elders say their expectations, like the Badger’s, were exceeded!

Bletchley Park, the home of British codebreaking, is where Alan Turing cracked the Enigma code and a birthplace of modern electronic computing. The secret activities of this truly historic site profoundly influenced the outcome of World War 2. Seeing and hearing about the work of the codebreakers, the tools they used, and the highly atmospheric huts where they worked instils marvel at the brilliance and dedication of those involved. The place is a wonderful memorial to the exceptional patriotism, commitment, discipline and ingenuity of the codebreakers who, 75 years ago, were instrumental in the birth of electronic computing. Awesome!

Bletchley Park was involved in the design of Colossus – the world’s first programmable electronic computer. Colossus helped analyse enemy ciphers in the run up to D-Day and a functioning rebuild of this beast is on display at TNMOC. It’s full of thermionic valves not silicon chips, and for those of you who’ve never seen a thermionic valve the picture above is a small subset of those on Colossus.

Seeing Colossus and all the other computer hardware and software exhibits at TNMOC really brought home how far electronic computing has come in 75 years. It also makes you aware of just how the silicon chip has revolutionised electronics and fuelled digital tech’s exponential growth in the last 40 years. It was sobering to stand in a room full of late 1970s mainframes and realize that a smartphone has more instantaneous functionality, processing power and storage than the sum of everything in the room!

On the way home, while stationary in heavy traffic, there was ample time to reflect on a great day out. Both sites provide a reminder of how important scientists, engineers and mathematicians are to finding solutions to seemingly intractable problems. They also show and that experts 75 years ago were in no way inferior to their counterparts today. The impressive ‘there’s no such word as can’t, try’ attitude of the codebreakers provides a stark contrast to some of the ‘I can’t, it’s too hard and it’s not fair’ complaining that pervades some parts of today’s social media.

As the ‘Smart Motorway’ signs decided to stop being smart, the Badger’s co-visitor asked if any philosophical nuggets of wisdom came to mind from the visit. The Badger thought for a moment. Yes! Take every opportunity to get an education – preferably as a scientist, engineer or mathematician – and don’t be fazed by whatever problems are put in front of you. And remember, ‘there’s no such word as can’t, try’…. If Bletchley Park’s people hadn’t tried, we wouldn’t have the freedoms and computing technology we have today.

The builder and his ‘critical infrastructure’…

Posted on April 25, 2019April 25, 2019 by The Information Badger in Digital devices and the environment, Education, Privacy and Surveillance, Security, Uncategorized

Chatting to a self-employed builder working on a neighbour’s property last week proved interesting. The guy works very hard, but readily admits he’s a slave to his smart phone whenever it rings, buzzes, beeps or its screen flashes. He always responds to these triggers regardless of whether he’s up a ladder, laying bricks or digging a trench. The builder says his smart phone apps are as essential to him as the physical tools of his trade. He laments this but says it’s a necessity if he’s to make his living.

Conversation somehow moved onto online security and privacy. The builder said he’s read about this in his ubiquitous tabloid newspaper, but never pays attention to things like password advice. When asked why not, he simply said ‘because I’m a builder. I just want my day to day life to be as easy as possible’. The builder has used the same password for everything for years! He saw the Badger flinch and frown, and just said ‘With all this AI and driverless cars malarkey, this security gubbins must have been sorted so it’s obviously safe to run my life with one password’. Oh dear!

If the builder’s thinking typifies that of the average person then we should worry about the depth of security and privacy awareness! In 2019, ~55% of British firms reported cyber-attacks (up from 40% a year ago). There have been more cyber-attacks on ‘critical infrastructure’, and Facebook has hoovered up 15 million email address books without permission! The online revolution of recent decades has certainly unlocked Pandora’s box. The builder recognises this but just says: ‘The Genie’s out of the bottle and can’t be put back in, so I’ll just carry on as-is with what works for me’. Oh dear!

The Badger realised two things from the conversation. First, there’s lots more to do to counter security and privacy ambivalence and educate people on the subject. Second, the smart phone in your hand is your ‘critical infrastructure’ and you must treat it as such. To prove the point, try not using it for a few days, like Badger did this last week. Yes, it’s difficult and strange at first, but you adapt surprisingly easily to overcome inconveniences.

Today the Badger and the builder chatted again. The builder has a new phone, a basic one providing just voice and SMS. Why? Because he lost his old one. He thinks he dropped it in a trench and poured concrete over it. He doesn’t miss it because he’s realised all he really needs from his ‘critical infrastructure’ is voice and SMS. Unfortunately, this has made him even more ambivalent about online security, privacy and passwords. Some people will never learn…

Smart meters & devices – How much do you value your privacy at home?

Posted on February 26, 2019 by The Information Badger in Digital devices and the environment, Education, Internet of Things, Privacy and Surveillance, Security

The UK’s Smart Meter programme continues make the press, see here for example. Things are unsurprisingly late. Consumers, who’re paying for the £11bn programme through current energy bills, can apparently expect savings of less than £1 a week on bills by 2030. The utility companies haven’t been particularly consumer friendly in their rollouts. There’s been lots of pressure tactics applied to get consumers to accept a Smart Meter installation. Indeed, the best energy deals today mean a consumer must accept having a Smart Meter. The Badger has proudly resisted and doesn’t have one!

Why? Doesn’t the Badger want to save money or the planet? Is it because the Badger is intimidated by modern technology? Or is it just the Badger’s a dinosaur and resistant to change? Good questions. The Badger’s very pragmatic and objective, very technology, environment, and budget aware, and very conscious of how tech is transforming society, so what’s the real reason for not having a Smart Meter? Simple. The Badger values his privacy.

Smart Meters and other smart devices in your home provide granular data that can be analysed to determine what you do inside your home. That’s nectar to organisations and marketing companies who, let’s face it, employ expert lawyers to ensure they can maximise their benefit from the data they capture from you and your home. Articles from Bloomberg and the Daily Mail are worth a read. They reinforce that we must not be naïve when it comes to how such data is used.

The Badger is an advocate of ‘An Englishman’s home is his castle’. Smart Meters and smart devices encroach on that being the case. Unlike twenty years ago, today’s smart technology means you no longer really have privacy in your own home. Others will pooh-pooh that statement and assert legal protections are in place, but should you trust that’s proven to be the case with the companies involved? Hmm. The only safe way of keeping what you do within your home private is not to have Smart Meters or devices like those in the Bloomberg article in the home in the first place.

So, there you have it. The Badger values privacy within his home way above any future saving of £1 a week – a loaf of bread – in energy bills. In fact, the Badger’s significantly reduced home energy bills without a Smart Meter and still remains an advocate for technology that preserves individual rights, freedoms and brings real benefit to society. Does the case for the UK Smart Meter programme really stack up? Views differ. All the Badger knows is that ‘the Badgers home is his castle’. Smart inanimate interlopers will be resisted until privacy within the home can be guaranteed…