If it weren’t so important I would file this under some category like Toys for Boys, but when Chris (who sits across from me at Kable) tossed me his copy of Jane’s Defence Weekly, it fell open to a page with two stories, headlined ‘US Army Ground Robots See Exponential Growth’ and ‘SWORDS Armed Robots Join Combat Team in Iraq.’ I think this technology has emerged…

Highlights of the articles:

The U.S. Army has more than 5,000 unmanned ground vehicles operating in Iraq and Afghanistan (up from 163 in 2004)

The Special Weapons Observation Remote reconnaisance Direct action System (SWORDS), an armed robotic system, is currently deployed with the 3rd Brigade Combat Team, 3rd Infantry Division in Iraq.

Sadly, the operating constraint so familiar to all of us is the low battery life–four hours.

For UAVs (Unmanned Aerial Vehicles), flight time has gone up from 100 hours per day (for the fleet) in 2005 to 500 hours per day in 2007.

The principle operating constraint for UAVs is their bandwidth requirements. “One Global Hawk UAV consumes about 500 Mbits/s of satellite-provided bandwidth, more than five times the total bandwidth consumed by the entire US military during Operation ‘Desert Storm.’ ” Now you know why the US DoD bankrolled the Internet in the first place…

500 Mbits/s? What information is that? Live video of the cockpit view, thermal imaging, what else? And who’s evaluating this? What decisions do you make from this? Perhaps more importantly, why are deaths by friendly fire still so prevalent?

Jane’s Defence Weekly, 15 August 2007

Hi all, sorry I haven’t been here to bother you for the past two days.

I’m giving a 20-minute talk at an event tomorrow on IT Security Implications for Network Convergence. Here are my notes–what did I miss?

Implications of Network Convergence

Have we had the right conversations about the right issues?

 Convergence is enabled by technological change, but is not driven by it. The drivers of convergence are mainly commercial.
 Convergence affects not just telecommunications and broadcasting. The scope of convergence is the entire knowledge and transaction-intensive services sector;
 Convergence is structural in nature, but changes to industry structure are the most profound changes associated with it
 Would anybody here wager that all of the commercial sponsors of this event will all have the same corporate governance in 2 years’ time?

Real World Effects of Network Convergence

Lesser Effects
• Fewer network owners (oligopoly), less responsive?
• May require more regulation as a result
• May decrease options for network users
I call these lesser effects because in many countries the regulatory framework exists to effectively deal with these issues—we don’t have to invent ways of treating oligopolies or organisations to protect consumers.
Greater Effects
• Currently, the Internet treats all traffic equally. In future, converged networks will be able to pick and choose messages and send them to recipients more quickly and efficiently based on their value to network owners. It is possible that network owners will make perfect decisions regarding priorities, and that those decisions will align with their commercial needs. Possible, but not too likely
• Convergence on IP networks may render other networks redundant. Sky may not need as many billion pound satellites, choosing to use IPTV to distribute content. BT may finally be able to offload their very expensive business of maintaining copper connections to home and business, and just provide wireless connections to all. Bear in mind that BT would love this, in terms of reducing costs. Television and radio broadcasters may choose to cease terrestrial broadcasting in favour of using the Internet.
o The Internet was invented to be a back-up system to radio and telephone communications in case of a disaster. If the back-up system becomes the only system, what do we do if the network goes down?

IT Security Issues

Network Failure and Degradation
One problem with converged networks and the service-oriented architecture that tends to support them is that the majority of large networks are poorly understood. Traffic has typically been added piecemeal over a long period and much data communication does not require particularly high standards of service.

This is especially true of service-oriented architectures (SOA). Ambitious developments in this area have led to a situation where the precise communications flows are not well known. As this kind of architecture is often built to be tolerant of high latency and lost packets, nobody is aware of issues until the network is subjected to new stresses. Services such as VoIP, Citrix-style thin clients or video are not at all tolerant of low quality networks.

Question 1: Have we designed a ‘Fail and Fix’ into our approach to network problems?

When it comes to security, there are three main areas of focus: Unauthorized access to data and resources (which is where access control and encryption come in); Malware (such as viruses, spam.); Compliance with government and industry regulations.

Question 2: Are these the right areas of focus in 2007, and will they be the right areas to focus on in 2009?

Typically, security is controlled by PINs and access numbers, which, depending on the vendor, can often be customized to a wide degree, and SSL 128‐bit encryption. Organisations can add more layers, depending on their needs and the ability of the applications to accept it. Convergence applications require security in three key areas: user access, data protection, and delivery security.

Those components have been turned into a new discipline, or field of endeavour, called Identity Management. It is new. Standards and agreements on interoperability are still under discussion.

Question 3: Is Identity Management as a concept and practice robust enough to be the linchpin for converged networks?

Those are my 3 questions. What are yours?

Yesterday’s post on Identity Management got quite a few good responses–thanks. Here’s a lengthy excerpt of the draft version of what we will submit to the CSIA regarding convergence. The entire section is here on our wiki. Please take the time to read and comment–any howlers in here?

Convergence represents both the greatest opportunity for service delivery and the greatest potential threat to information assurance in our broad basket of subject areas.
Our information gathering exercise identified five different areas of convergence. Broadly, they include:
• General: Convergence (converged environments/networks) defines a multi-media environment and/or network where signals regardless of type (i.e. voice, quality audio, video, data, etc.) and encoding methodology may be seamlessly exchanged between independent endpoints with similar characteristics.
• Media: A theory in communications where every mass medium eventually merges to the point where they become one medium due to the advent of new communication technologies
• IP: The migration of multiple legacy networks of data, voice, images and video into a singe integrated IP based network which facilitates higher efficiency in operational management and utilization of a network.
• Technological: The modern presence of a vast array of different types of technology to perform very similar tasks. Also included in this topic is the basis of computer networks, wherein many different operating systems are able to communicate via different protocols.
• Fixed Mobile: Fixed and mobile telephony convergence aims to provide both services with a single phone, which could switch between networks ad hoc.
Each of these different areas are moving quickly and several impact upon each other.

Key Findings

Each of the above contributes to a broadly similar set of issues relating to information assurance
1. Physical security of information: The increasing capabilities and smaller size of devices with access to networks and sensitive information (miniaturization is discussed elsewhere) makes theft, hacking or corruption easier and hence more likely.
2. Non-physical security issues: Attacks against one network using IP may degrade performance of other networks sharing the same infrastructure, due to:
3. Network dependence: The Internet was famously designed as a back-up communications system for use in case of catastrophic failure of traditional communications via telephone and radio. As more information flows migrate to the Internet, capacity issues are already evident. In future, if satellite broadcasting is abandoned for IPTV or wireless access to telecommunications services makes copper connection to homes redundant, an over-reliance on the infrastructure of the Internet introduces vulnerability to attack. What will be the back-up for the Internet?
4. As services converge, some of them will be life-critical to citizens: IP 999 services, telemetrics for those with chronic diseases, etc. As more devices converge around a single physical platform and single network, the number and importance of services will increase, as will their vulnerability to network failure. (This relates to identity management, as access denial can have health consequences.)
5. Although in one sense convergence provides new and exciting opportunities, dealing with convergence issues may impose unforeseen costs on government services. To give just one example, as technical capabilities make it possible to offer more services to the disabled and elderly, political pressure to provide these services may be strong. Adapting service delivery to account for convergence may be expensive. Certainly, dealing with threat to information assurance programmes will not be trivial.
6. As convergence will evolve over time, and may include divergence (see below), dealing with related issues will in all probability take time and effort.

Divergence

A related concept involving emerging technology is Divergence. Following the combination of diverse tools into single devices and migration to the most appropriate delivery platform, a new set of innovation involving single purpose tools for more efficient delivery is sure to follow. Some of these will present particular opportunities for public service delivery, notably for disabled citizens, but also for field workers of government agencies.

Implications for UK Government

Our recommendations regarding convergence might seem schizophrenic, on the one hand urging a bunker mentality towards information security, and on the other hand recommending greater openness and flexibility in insuring government’s ability to deliver services capable of meeting users’ needs. However, convergence issues will present a significant challenge to government, and will likely require cross-departmental co-operation to manage. The key will be to keep services open and flexible, but information secure and redundant.
• Mothball programme. Preparations should begin now for the preservation of non-electronic service delivery mechanisms that might be abandoned by public and private sector organisations, including:
o Broadcasting capabilities
o Physical connections to home and business (or transition to utility companies)
o Switching networks for telephony
• Agreement amongst all network users on prioritized cut-out list in case of emergency, with automatic cascading cut-offs with pre-agreed triggers and a named individual or organisation responsible for initiating a cut-off sequence and notification of affected parties when cut-off occurs.
• Security protocols should be strengthened in advance of the introduction of converged devices with new capabilities:
o Suppression of wireless communications capabilities in locations with access to sensitive data or systems
o Disabling access to internal networks from unauthorized devices
o Disabling auxiliary ports on computing devices with access to sensitive information, including floppy disc drives, CD-ROM, DVD and USB ports.
o Removing Bluetooth and other low-power radio access capabilities from devices with access to sensitive information
o Packet-sniffing on utility connections

Citizen Centric

From the citizen’s point of view, as more services are delivered online and more citizens elect to use electronic transactions, they (we) will have different expectations due to convergence:
• Will I be able to access and transact with government using non-computing devices?
• Will all government services converge on online delivery? What if we don’t want that?
• Can I get 24/7 availability of all government services as reliably as provided by the best companies?
• Can convergence help us to deal with access issues for the disabled?

This is why we need you. This has jumped up in conversation with the CPNI (the Centre for Protection of the National Infrastructure), and we are confident that many hands will make light work of this:

Premise: Almost all critical industrial infrastructures and processes are managed remotely from central control rooms, using computers and communications networks. The flow of gas and oil through pipes; the processing and distribution of water; the management of the electricity grid; the operation of chemical plants; and the signalling network for railways. These all use various forms of process control or “supervisory control and data acquisition” - SCADA technology. Until recently the term SCADA was unknown outside its niche area in industry. Today it is one of the key issues for infrastructure protection.

Question: Of the 63 subject areas we explore on our wiki and here, which are directly relevant to SCADA (it might be easier to list the ones that are not). How would emerging ICT help SCADA work better? Which emerging technologies are likely to pose a threat to SCADA systems, and how will that threat manifest itself?

If you would like to learn more about this, go here. Here is our chance to provide practical assistance to someone who wants it.

An information assurance scheme (Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.) that doesn’t start with an inventory isn’t going to get very far.

What does the initial inventory consist of? It would be fairly easy to list the systems that need to be protected, but don’t you also have to count the following?

1. All physical locations where access to the systems is permitted
2. All physical points of entry to the systems (not just desktops and laptops, but also their associatedUSB ports, CD ROM/DVD drives, wireless networks and devices with wireless access). One should also now include Blackberries, PDAs and mobile phones, indeed all Bluetooth enabled devices operating near networks. All printers, scanners, copiers and fax machines.
3. All email accounts that can attach files from the system, including web-based email systems.
4. Number, identity and some history of all human resources with access to any of the above.

Okay, what have I missed so far?

Here’s our preliminary assessment of the main categories of emerging technology issues, along with an impact rating. Each is discussed in more preliminary detail on the Blindside Wiki. We will be reporting to the Cabinet Office in mid-July on those that assessed as having an impact level of 3, and need full expert descriptions by that date.

This is your chance to tell us we’re on the wrong track: to add stuff; to argue that somethings missing, over-rated or under-rated. Don’t miss it!

Category Impact (from 3/high to 1/low)
————————
CCTV 3
Convergence 3
Location-based services 3
Mobile and Pervasive Computing 3
Open Standards 3
Anonymity 3
Data breaches 3
E-Voting 3
Human rights (intersection with emerging technology) 3
Identity management 3
NHS IT 3
Non-bank payment service providers 3
People and IT 3
Mission Critical Legacy Systems 3
Rampancy: AI gone wrong 3
Surveillance society effects 3
Semantic Web 3
Self-reproducing technologies: the “GRINs” 3
- *Geno- 3
- *Robo- 3
- *Info- 3
- *Nano- 3
Social media 3
APIs 2
Bandwidth - massive wireless and cable bandwith to the home 2
Shared Service Management 2
Ultraportable devices 2
Automated number-plate recognition (ANPR) 2
Bad sysadmin procedures 2
Bad procedures - other 2
Changes to daylight saving time in the US 2
Public sector databases on children 2
Keyloggers 2
Phishing 2
Phones as bugs 2
Technologies for Non-Repudiation 2
Underground economy servers 2
Unencrypted email 2
Biometrics - unencrypted 2
Windows Vista and other operating systems 2
Government IT projects 2
DNA terrorism 2
On demand computing (ODC) 2
Grid Computing 2
Quantum Computing 2
plus in the lower impact categories (please use the search box if you want to add to these):
Aeronautical cabin services 1
OpenDocument 1
Service-oriented architecture 1
APIs that change without warning 1
Cybercrime 1
Electronic banking 1
Fraud Websites 1
Search Engine Logs 1
Spam 1
Computing Monoculture 1
DRM and its side-effects 1
Environmental side-effects 1
Exploding Batteries 1
Optical Computing 1
User-generated content 1
Virtualisation 1
Generation C - the knowledge nomads 0

Thank you for any help, comments, suggestions.

The chaotic present and hopeful future of information systems exists in a microcosm about 30 minutes by tube from my flat, and I daily watch a stately procession of airliners descending to Heathrow Airport, a beautiful, if not quite silent, parade. It is at Heathrow airport that the current need for better performance on every topic covered in this blog is demonstrated. It is a non-sterile testing environment and the ultimate pilot project to test the ability of information systems and information assurance to integrate modern technology to meet the needs of a mass public. You may have noticed that I ticked every category we use in assigning this blog post its proper place in our own information hierarchy. It’s not a coincidence.

Let’s walk through the daily issues faced at Heathrow from an information standpoint:

1. About half of all tickets to fly are booked via the Internet, and that information must be completely available to several very different systems immediately and be perfectly accurate.
2. Parking systems must provide availability, administrative and financial information.
3. Public transportation systems must send and receive useful information about current operations and schedule changes, and receive and use similar information from several different airport systems.
4. The logistics of welcoming, feeding, watering and moving 67.7 million people per year (and taking care of 70,000 employees) are an interesting challenge, as is maintaining 48,000 square metres of retail space. Private security, first aid, tourist information, all of these have information issues attached.
5. Oh yes–core business–mustn’t forget–90 airlines, 186 destinations, 469,000 ‘air transport movements’ (er, would that translate to flights in English?) annually. Information requirements include weather at each destination, status of all airports and traffic, passenger information (but more on that below…)
6. On-time status of flights relating to connecting flights.
7. Correlating information from HMRC (well, more the C part than the R) with the Home Office (now with both parts of the newly divorced members of what was once one) and probably discreet communications with agencies using numbers as well as initials.
8. Communicating with the Civil Aviation Authority, National Air Transport System, HM Immigration–of course I’m sure they all use the same electronic forms that grab data smoothly from Heathrow systems… right?
9. Communicating with the media–and having the capability of communicating with international media
10. Having co-ordinated disaster preparedness programmes that are up to date as well as up to snuff.

Probably missed half a dozen supremely vital information systems there… but it’s Sunday morning, so it’s okay. (Did somebody say baggage?)

Lots of things to go wrong there. Amazingly, not much does. (Did somebody say baggage–again?) That’s why when things do go wrong it’s news.

Notice they don’t have an uber-contractor trying to integrate all systems and dictate technology standards and usage. Strange, that. And I’ll bet they often use trainer-net(where some employee puts on trainers and walks information to diverse destinations). But that’s how functional communities develop–and despite grumbling and glitches, Heathrow functions as an information community: People get to destinations, planes don’t fall out of the sky. Successful information communities do seem to develop from the ground up, not the top down.

I guess the point I’m trying to make is that information systems and information assurance issues develop in an ecosystem not a vacuum. Complexity in information management is probably a geometric rather than arithmetic function relating to the number of actors involved. And yet don’t we often see government requirements for information systems that are internally oriented and indeed self-referential? The box must be this big with holes here and here, and those holes must be guarded in this way. I think more than anything else, government’s inability to get value for money from IT investment is based on this issue.

Please feel free to contribute complaints about Heathrow in the comments–I’ve suffered there myself. My praise is directed at a higher level, at finding a community that functions. Your nominations?

I recently was at a company that considered its database of consumer contact information its biggest asset. They had big clients who also provided their customer lists for this company to market to. They took information security very seriously–swipe cards, paying hacker teams to try and penetrate their security, etc. Employees were physically prevented from accessing web-based emails, and they disabled the floppy drives and CD-ROM drives on all the PCs. You could not ever hook a laptop to the network.

But the PCs all had USB ports. The company, a forward-looking, publicly listed, hard driving enterprise, just didn’t pay attention to it.

Can you say memory stick?

Memory is cheap. We all know that now, and we’re happy about it. But now memory is invisible and portable, too.

I won’t even go near the subject of Bluetooth–I’ll need another cup of coffee (or two) for that. Instead, I’ll challenge you, dear readers.

Could you all describe the difficulties you foresee a) in getting enterprise level information from an organisation using kit that costs less than £100 (total) and b) what advice you would give the average organisation (not military, not intelligence, not police) on how to safeguard against low-level, mostly inadvertent data breaches? Think memory stick, SAN, mobile phone, Bluetooth–put your answers in the comments, please.

Ross Anderson and the Cambridge security posse are on characteristically trenchant form with a withering piece on TKMaxx and UK banking regulation. The knee-jerk would be to call for better access control but he immediately thinks differently. The UK needs a data breach disclosure law too, he argues. Also responsibilities between banks and police are all wrong and getting worse, to the greater disadvantage of the consumer.

UK citizens won’t be able to report bank or card fraud to the police; you’ll have to report it to the bank instead, which may or may not then report it to the police. (The Home Office wants to massage the crime statistics downwards, while the banks want to be able to control and direct such police investigations as take place.)

…the EU Payment Services Directive looks set to level down consumer protection against card fraud in Europe to the lowest common denominator.

Oh, and I think it’s disgraceful that the police’s Dedicated Cheque and Plastic Crime Unit is jointly funded and staffed by the banks.

While you’re at it see also the FIPR’s response to the e-gov framework for information assurance which pulls no punches

There are four things seriously wrong with this Framework: an obsolete model of online threats, a failure to treat harm to government employees on the same basis as harm to other citizens, a failure to draw a clear distinction between identity and authority, and a security policy model that is often inappropriate…This is a document that could have been largely written ten years ago, and is perfused with last century assumptions about online dangers.

People want to retire to a safe distance when Ross starts fizzing because he effectively states, in the clearest possible terms: “Gentlemen, you are about the be blindsided.” That’s never comfortable to hear. He has been known to be wrong, and sometimes rude, but he’s mostly right and his pithy style is always a delight. As time goes by the more profoundly right events seem to prove him to have been - he lives to expose the Blindside (not that I’d expect him to post or comment here - he’s the only person so far to have been really rude to me when I told him what we’re trying to do).

The CSIA consultation on the Framework ended 15 March. Sam Smith did a lovely Commentonthis version (where you can link to each paragraph and get an RSS feed of all comments. It’s a great way to do a transparent, outward-looking consultation, instead of focussing internally on the usual suspects which seems easier but in fact is so much less valuable.

CSIA now says

Many thanks to those who have responded to our request for feedback on the development of the IA Framework for e–government services. We are in the process of producing a revised version of the document taking into account the comments and will be producing a further version of the document over the coming weeks. Your input is extremely important to us and if you have any queries about the framework please contact us on csia@cabinet-office.x.gsi.gov.uk

So we look forward to a revised version, which avoids the common and obvious mistake of putting things out to consultation then appearing to ignore the feedback. It’s worse than not consulting at all, and a classic technique of those about to be Blindsided (that sounds as if it should be a expressed as a Latin gerundive similar to the one for those about to die who salute Caesar).

Bruce Schneier has a piece on the psychology of security, and our ability to make tradeoffs.

The truth is that we’re not hopelessly bad at making security trade-offs. We are very well adapted to dealing with the security environment endemic to hominids living in small family groups on the highland plains of East Africa. It’s just that the environment in New York in 2006 is different from Kenya circa 100,000 BC. And so our feeling of security diverges from the reality of security, and we get things wrong.