Rupert Murdoch will soon be making decisions on satellite expenditures for the Sky television/internet/movie offerings his company takes to the world. A satellite launch costs about £1 billion, last time I looked. If he can ram the content down the Internet pipes, it could save him money, considering how many satellites he has to maintain in low orbit.

BT (I am reliably informed) would dearly love to shed its role as maintainer of copper connections to homes and business. Mobile access to the Internet might allow them to do so. The Beeb might choose to cease terrestrial broadcast. Apple Iphone is configured for wireless VOIP, which could… well, you get the picture.

At what point do we have too many eggs in one basket and become hostage to the infrastructure of the Internet? I well know the history and how and why it was built. But if all information everywhere goes through it, even if capacity issues never arise, isn’t that tempting fate a bit?

This is why we need you. This has jumped up in conversation with the CPNI (the Centre for Protection of the National Infrastructure), and we are confident that many hands will make light work of this:

Premise: Almost all critical industrial infrastructures and processes are managed remotely from central control rooms, using computers and communications networks. The flow of gas and oil through pipes; the processing and distribution of water; the management of the electricity grid; the operation of chemical plants; and the signalling network for railways. These all use various forms of process control or “supervisory control and data acquisition” - SCADA technology. Until recently the term SCADA was unknown outside its niche area in industry. Today it is one of the key issues for infrastructure protection.

Question: Of the 63 subject areas we explore on our wiki and here, which are directly relevant to SCADA (it might be easier to list the ones that are not). How would emerging ICT help SCADA work better? Which emerging technologies are likely to pose a threat to SCADA systems, and how will that threat manifest itself?

If you would like to learn more about this, go here. Here is our chance to provide practical assistance to someone who wants it.

Jerry Fishenden (go here and read if you don’t know him) sent a long and thoughtful email earlier today. I am posting his thoughts about convergence here. Jerry is commenting on what we wrote about convergence here. He also wrote about identity management and mobile/pervasive computing, and I will put them on separate posts in just a bit.

Jerry writes, “**Convergence**.

I think this has to be convergence/divergence. While it’s true content types etc are converging, at the same time we’re seeing significant divergence. All of this arises from the separation of form and content. I’ve cut and pasted something I happened to pop on my blog yesterday which I think sets this out reasonably clearly:

We are now witnessing a move towards a clear separation between presentation and function, between form and function if you like. This is the age of Web services systems that expose programmatic interfaces that can then be consumed and used by a whole host of different front-end systems. One underlying system can serve multiple devices, channels and interfaces. This is a development of major significance that will impact the way we design and interact with systems for generations to come.

Think for example of the current complexity of finding and listening to Internet radio stations using a browser and a PC. The whole process of booting the PC, logging in, firing up an Internet browser, going to a Web site, looking for Internet radio stations, firing up a media player and so on.

And then compare that experience with using another kind of browser - a dedicated Internet radio. It achieves the same objective, but by very different means. A simple, familiar form factor with an on/off switch and a tuning dial.

Yet both the dedicated Internet radio and the PC-based Internet radio experience are built on the identical underlying nfrastructure, use exactly the same content. This separation enables us to rethink the way in which people will interact with and enjoy the benefits of the digital age. It enables us to rethink the way we design corporate systems, both internally and externally. Web sites for example are just one form of presentation of our corporate services. We need to ensure we take advantage of this model and design systems so that the same underlying content and services can be accessed in a rich variety of ways.

This is because for all the talk of convergence of content (audio, text, video, etc), we will see an increasing divergence of presentation methods and devices. This has to be a good thing. It will offer unrivalled opportunities for users to drive and reward market leaders where those who offer the easiest, most convenient and best designed interfaces and devices will be richly rewarded. For those not familiar with his work in this important area, I recommend you visit Bill Buxton’s Web site (http://www.billbuxton.com ).

In terms of the “digital divide” agenda, accessibility, the whole way govt and other users think about what they build, the standards they use and so on this is of enormous significance.”

We start again with Kable, which reports that CSIA (our sponsor) yesterday published their revision to the National Information Assurance Strategy (NIAS), the first revision since 2003.

Money quote from Sir Richard Mottram, permanent secretary, intelligence, security and resilience:”Individuals and organisations supply information to government which they rightly expect to be safeguarded,” “For government, as for all successful organisations, information assurance is now a key priority and it is important for government to give a lead on the best practice across the economy.”

Also from Kable, in the stating the obvious category, A government minister has said it has to make up ground in helping people with disabilities make proper use of technology. Anne McGuire MP conceded: “We haven’t quite caught up with how we support people with technology through government programmes.” Dear reader, Ms. McGuire just pushed every one of my buttons, and you will see another post from me discussing this at great length.

Department of Carrots: Following a successful trial in which the Department for Work and Pensions, HM Revenue and Customs and North Tyneside MBC streamlined the process through sharing data the departments are planning to roll out the system across a further six local authorities.

During the trial the time taken to pay someone their benefits after they had lost their job was halved, while the payment of tax credit was stopped more quickly, reducing the possibility of overpayments.

JISC: A new report has outlined the next steps for the long term management of data for the Joint Information Systems Committee and other higher education institutions. Dealing with data reviews the variety of data, and arrangements for its accumulation, storage and use, across disciplines. It sets out 10 key recommendations and a further 25 of lesser importance.

Ticking several boxes for us, Police at last week’s Glastonbury Festival have tested out new body worn mobile cameras, which transmitted audio and video images back to the police control room

According to Avon and Somerset Constabulary, it is the first police force in the UK to trial the system. Called the Body Worn Video Wireless system, the technology transmits encrypted digital video from cameras worn on the police officer’s shoulder. It also transmits the officer’s position to the police base via GPS receivers.

I don’t know why John Reid had to go to New York to make this point, but the outgoing home secretary has urged manufacturers of smart phones and other new consumer products to design out crime at the product development stage. Last month, a group of mobile phone manufacturers, academics and law enforcement representatives were invited to the Home Office to discuss areas of product development. Among the issues discussed were:
Is there a simple way for service providers to disable all the functions of the handset, including the camera and mp3 player, when it is reported stolen?
How could a stolen handset communicate its whereabouts to police or other phones?
Is it practical for a snatched phone to automatically shut down?
How can the relative security of different models of mobile phone be highlighted?
Should biometric access restrictions be rolled out to all mobile phones?
What can be done to prevent criminals using phones to facilitate crime?
How can the police maximise the forensic value of the handset?

The Open Rights Group (ORG) has given a vote of no confidence to the recent round of e-voting pilots. It published a report on 20 June 2007 that includes scathing criticisms of the way e-voting and e-counting proceeded at a number of sites during the local government elections last month.

From BCS, a discussion of quantum computing and cryptography (does anyone else agree with me that cryptography has become the sole raison d’etre for continued research into quantum computing?)

In the ‘just because it’s cool’ department, IBM has announced that it has tripled the speed of the world’s fastest computer through the development of a new machine. The Blue Gene/P supercomputer, the next step up from the Blue Gene/L unit, is capable of operating at speeds faster than one petaflop, equivalent to one quadrillion processes a second.

Ben Laurie points us to Stefan Brands writing about the spectrum of uses available when selective disclosure is employed.

Via the Institute For The Future, this report on pervasive computing. It focuses largely on potential impacts on health and the environment, and discusses three scenarios for take-up.

Also from the IFTF, a discussion of cybewar in the New York Times. (They get it wrong right off the bat, assuming that Tickle Me Elmo dolls won’t be turned into unstoppable killers, just because they are not currently hooked into the Internet. Sheesh.)

Light Blue Touchpaper discusses dual use tools that can be hijacked by hackers and the government’s less than delicate approach to them.

And that’s it for today–hope we filled your tea break.

Last week I spent a couple of days in Basel being shown various research projects into nanoscience; there’s a lot of work going on with huge microscopes (because that’s the only way to see teeny, tiny things). There are a few more articles to come out of it, but the first is here, on nanomedical research in progress. What didn’t get into that piece, for lack of space, is the concern several of these researchers - notably Martin Stoltz - expressed about the potential dangers of nanoparticles. This is apparently a big issue already in Switzerland - the Green party wants to regulate nanotechnology and there is a government group working on an action plan that seems likely to produce some regulations in the next year or two. None of the researchers seemed to think this unreasonable. Hunziker said that as a doctor he’s very concerned about the risks of going too fast and some of the philosophical implications of being able to treat human beings at the molecular level. Stoltz told us (a pan-European group of journalists) that we *should* be asking questions about the dangers: nanoparticles, like today’s drugs, can penetrate the cell wall, so the potential for health risks is just as high.

It’s interesting that in the case of the Internet early regulation was seen as a bad thing because politicians didn’t understand the technology and experimentation was important, whereas in this technology early regulation to create safeguards is seen as important. It’s not just that the technology is not being invented in the libertarian enclave of Silicon Valley, either - the US’s Center for Responsible Nanotechnology has been with us for several years now. (They are doing their first conference in September, and I’m hoping to get to it.)

wg

An information assurance scheme (Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.) that doesn’t start with an inventory isn’t going to get very far.

What does the initial inventory consist of? It would be fairly easy to list the systems that need to be protected, but don’t you also have to count the following?

1. All physical locations where access to the systems is permitted
2. All physical points of entry to the systems (not just desktops and laptops, but also their associatedUSB ports, CD ROM/DVD drives, wireless networks and devices with wireless access). One should also now include Blackberries, PDAs and mobile phones, indeed all Bluetooth enabled devices operating near networks. All printers, scanners, copiers and fax machines.
3. All email accounts that can attach files from the system, including web-based email systems.
4. Number, identity and some history of all human resources with access to any of the above.

Okay, what have I missed so far?

Please don’t forget to go to the post below and comment on the list of topics we will be reporting on to the Cabinet Office!

In a future report, I would like to explore the information security and information assurance implications of some of the following topics:

Air Traffic

1. It is likely that a political decision will be taken to harmonize air traffic control systems and permit planes to use continuous descent as opposed to staged level landing in order to reduce the consumption of fuel. How will this affect information flows for airports, NATS, etc.?

2. The increasing use of small corporate jets flying point to point using small airfields may increase dramatically. How will this affect air traffic control? Passenger security? Immigration and passport control procedures?

3. The development of an ultralight aircraft with land motor vehicle capabilities raises the possibility of a Jetsons era, where ultralights may be used for commuter services. Again, what are the information assurance implications for air traffic control?

Demographics

4. It is easy to imagine a scenario where government funding is increasingly directed towards healthcare and pensions to follow the baby boom generation’s needs. What are the information assurance and information security implications of a budget freeze for technology spending in government, while the private sector forges ahead?

5. It is estimated that 50% of people living to age 85 will contract Alzheimers, and that a very large percentage of people now living will reach age 85. How will chronic care need to adapt to give these people care? How can they do this without information technology?

Miscellaneous

6. What are the information assurance implications if a global payments provider issues a fiat currency that crosses borders?

Here’s our preliminary assessment of the main categories of emerging technology issues, along with an impact rating. Each is discussed in more preliminary detail on the Blindside Wiki. We will be reporting to the Cabinet Office in mid-July on those that assessed as having an impact level of 3, and need full expert descriptions by that date.

This is your chance to tell us we’re on the wrong track: to add stuff; to argue that somethings missing, over-rated or under-rated. Don’t miss it!

Category Impact (from 3/high to 1/low)
————————
CCTV 3
Convergence 3
Location-based services 3
Mobile and Pervasive Computing 3
Open Standards 3
Anonymity 3
Data breaches 3
E-Voting 3
Human rights (intersection with emerging technology) 3
Identity management 3
NHS IT 3
Non-bank payment service providers 3
People and IT 3
Mission Critical Legacy Systems 3
Rampancy: AI gone wrong 3
Surveillance society effects 3
Semantic Web 3
Self-reproducing technologies: the “GRINs” 3
- *Geno- 3
- *Robo- 3
- *Info- 3
- *Nano- 3
Social media 3
APIs 2
Bandwidth - massive wireless and cable bandwith to the home 2
Shared Service Management 2
Ultraportable devices 2
Automated number-plate recognition (ANPR) 2
Bad sysadmin procedures 2
Bad procedures - other 2
Changes to daylight saving time in the US 2
Public sector databases on children 2
Keyloggers 2
Phishing 2
Phones as bugs 2
Technologies for Non-Repudiation 2
Underground economy servers 2
Unencrypted email 2
Biometrics - unencrypted 2
Windows Vista and other operating systems 2
Government IT projects 2
DNA terrorism 2
On demand computing (ODC) 2
Grid Computing 2
Quantum Computing 2
plus in the lower impact categories (please use the search box if you want to add to these):
Aeronautical cabin services 1
OpenDocument 1
Service-oriented architecture 1
APIs that change without warning 1
Cybercrime 1
Electronic banking 1
Fraud Websites 1
Search Engine Logs 1
Spam 1
Computing Monoculture 1
DRM and its side-effects 1
Environmental side-effects 1
Exploding Batteries 1
Optical Computing 1
User-generated content 1
Virtualisation 1
Generation C - the knowledge nomads 0

Thank you for any help, comments, suggestions.

According to this blog post by Damien Mulley, IBM announced on Friday that “they’re going all Web 2.0 and social with their Enterprise offerings. Blogs, wikis, collaboration spaces for staff and customers, social bookmarking (called dogears) and a few more bits and pieces. They’ll also be releasing mash-up software for Enterprises.”

And later, “And now for the mashups: IBM is previewing an Info 2.0 suite of integrated products that enables organisations to easily catalogue, combine, transform and remix any type of data and content by drawing on the industry’s widest variety of enterprise data sources and a vast array of Web data and content.”

Do you think IBM’s version will be as free as the stuff the rest of us work with? Or will they use information security to add a few zeros to this?

If you have spent any time at all thinking about the issues we are covering at Blindside, do you start having science fictiony-type thoughts?

Thinking about the information security impacts of genetics, we are now able to encode useful information into the DNA of plants and animals and have that information pass to the next generation. Cool stuff, and it does have implications for IT security and information assurance.

But then I started thinking. You know that everyone was surprised at the signal to noise ratio in human DNA–far fewer genes than we expected, etc. Has anybody thought to check the junk DNA for a signal?