Lord Toby Harris Logo

Archive for the ‘Technology’ Category

Sunday
Nov 27,2011

The Wall Street Journal reports that:

“British intelligence picked up “talk” from terrorists planning an Internet-based attack against the U.K.’s national infrastructure, a British official said, as the government released a long-awaited report on cyber security.

Terrorists have for some time used the Internet to recruit, spread propaganda and raise funds. Now, this official said, U.K. intelligence has seen evidence that terrorists are talking about using the Internet to actually attack a country, which could include sending viruses to disrupt the country’s infrastructure, much of which is now connected online. The official spoke on condition of anonymity and didn’t say when the infrastructure threat was detected and how it was dealt with.

Terrorists, however, are still more focused on physical attacks that lead to high casualties and grab attention. “For the moment they prefer to cover the streets in blood,” he said.”

I first started raising these concerns more than seven years ago, pointing out in a debate in the House of Lords on the 9th December 2004:

“As a nation, the systems that are essential for our health and well-being rely on computer and communications networks – whether we are talking about the energy utilities, the water and food distribution networks, transportation, the emergency services, telephones, the banking and financial systems, indeed government and public services in general – and all of them are vulnerable to serious disruption by cyber-attack with potentially enormous consequences.  Indeed, the Coastguard Service was laid low by the “Sasser” worm in May this year.

The threat could come from teenage hackers with no more motivation than proving that it could be done, but even more seriously it could come from cyber-terrorists intent on bringing about the downfall of our society. “

At the time, I was assured that there was no intelligence to suggest that such a threat was significant.  The then junior Home Office Minister, Lord Steve Bassam, now no less a person (if such a thing were possible) than the Opposition Chief Whip in the Lords, said:

“there are also terrorists who would challenge and seek to undermine democratic society using any methods within their grasp. It is not complacent to say this; but perhaps it should be made plain that at the moment they do not appear to be interested in attacking us electronically.”

Of course, in the intervening seven years there has been a burgeoning realisation of an increasing number of cyber-threats and, if there is now intelligence to suggest that international terrorists are thinking in that way, I take no satisfaction from having predicted it in 2004.

What is important is that the substantial resources provided to GCHQ under the Government’s new Cyber Security Strategy, published last week, are used effectively to combat the threat. GCHQ and the other intelligence agencies are to get 59% of the £650 million that the Government has allocated to cyber security over the next three years.  It is unlikely that there will ever be much detail published as to how the resources are used, so we can only hope ….

Saturday
Nov 26,2011

Last Thursday, I reported the debate at the Metropolitan Police Authority about the possible wider use of Tasers in London.  There were considerable reservations about this expressed by some members of the Authority (and by some in the public gallery).

I am personally keen that there should be proper consultation and debate on the issue and I do not think the arguments are clearcut.

The use of any weapon by the police has got to be proportionate and appropriate to the risks involved.  Any weapon can cause more harm than originally intended.

However, temporarily incapacitating someone with a Taser, so that they can be restrained and arrested, is likely to be better than killing them by shooting a large hole in their chest or head with a firearm.

Nevertheless, putting a 50,000 volt charge through someone should not be done lightly – it is unlikely not to lead to adverse consequences in at least some circumstances.  But these risks need to be weighed against the risks of not using a Taser, such as the risks of harm coming to a member of the public or to a police officer by not quickly restraining someone who is running amok.

Therefore, this evening’s piece on the Inspector Gadget blog makes instructive reading.  His police force makes Tasers available to all front-line patrol teams, and he offers three recent incidents where Tasers have been deployed as part of routine patrol duties as follows:

“1. The usual call to a ‘male with a samurai sword’ running about in Ruraltown High Street threatening to kill passing members of the public, stripped to the waist (why are they always stripped to the waist?) high on something and very, very violent. TASER crew arrives within 4 minutes, draws TASER, red-dots the man and orders him to drop the sword.

In a miracle of instant recovery, all the man’s mental health and drug issues disappear and he drops the sword. A completely compliant arrest follows with no injuries to anyone.

Previously this would have required shields, large batons, a firearms unit and a long delay during which he could have killed anyone he wanted, including the first police officers on the scene.

2. A disqualified driver, known for violence against police officers, bailed out of a stolen vehicle after a pursuit. Armed with a 2 ft long iron bar in one hand and a knife in the other, he became cornered by the two policemen from the pursuing vehicle. Red-faced, drunk, very angry and screaming death threats, a stand-off ensued which without TASER would have taken hours to resolve (remember, the public don’t like it when we pile mob-handed onto one man). The TASER crew arrived within a few seconds and red-dotted him in the chest.

Another miracle occurred. Right in front of the police officers eyes, a complete change in character. Weapons dropped, hands behind the back and a compliant arrest.

3. My own patrol officers end a siege without calling for tactical response units and bringing the whole town to a halt for hours by using TASER on a male who is clearly intent on cutting his own throat, while at the same time threatening t0 stab any police officer or paramedic who approaches him. All this in the isle of a busy local supermarket.

In this case, TASER was fired at the man. He was immediately incapacitated and arrested without any injury to anyone. In the past, this could have been another Kingsbury or it could have taken hours and hours of negotiation, maybe even a fatal shooting by police.”

His accounts also accord with the experience in the Metropolitan Police, where – in more limited circumstances – Tasers have been deployed, and reported through monitoring arrangements to the – shortly to be abolished – Metropolitan Police Authority: in these cases too often the appearance of the red dot on someone’s chest (indicating the laser sights of the Taser) has been sufficient to persuade someone otherwise presenting a risk to themselves, members of the public or police officers to calm down and relinquish their weapon.

Inspector Gadget concludes in typical – but telling – style:

“Refusing to let us have TASER in case we shoot the wrong person is like refusing to let us have cars in case we run someone over, boots in case we kick someone in the head or a first aid kit in case we give the wrong treatment. On my team we take the deployment of TASER very seriously. I haven’t even heard the team joke about it.”

 

Saturday
Nov 19,2011

I see that the US Congress is to investigate Chinese equipment suppliers Huawei and ZTE to see whether they present a threat to US national security.  According to PC World, the House Intelligence Committee wants to:

“examine if Huawei’s and ZTE’s expansion into the U.S. market gives the Chinese government an opportunity to hijack the nation’s infrastructure to conduct espionage. U.S. lawmakers worry that the networking equipment sold could secretly contain Chinese military technology to spy and interfere with U.S. telecommunications.”

Huawei has many links to the Chinese Government and its security apparatus.  As Jeffrey Carr summarises the key facts as follows:

  1. The company’s founder Ren Zhengfei was an engineer in the PLA prior to forming his company.
  2. The company’s chairwoman Sun Yafang worked for the Ministry of State Security and while there helped arrange loans for Huawei before joining the company as an employee.
  3. The government of China is Huawei’s biggest customer; specifically the State-owned telecommunications services.
  4. Huawei equipment is used to intercept communications in China for state-mandated monitoring.

Nevertheless, despite this its products are already widely used in the UK’s infrastructure particularly given its role in providing key components to BT.  I have expressed concern about this before and back in 2006 Newsweek recorded the Conservative Party’s concerns, saying:

“Political conservatives in Britain expressed the same security concerns about Huawei last spring. In April, the company won a $140 million contract to build part of British Telecom’s “21st Century Network,” a major overhaul of its equipment. But when rumors began circulating that the Chinese company might then bid on Marconi, a landmark electronics and information technology firm that was being put up for sale, a Conservative Party spokesman sounded the alarm. The Tories asked the British government to consider the implications for Britain’s defense industry of a Chinese takeover of Marconi. In the end, Huawei didn’t make an offer, and the Swedish telecom giant Ericsson is in the process of buying Marconi.”

Huawei continue to try and expand their access to the UK infrastructure market – see, for example, their wooing of Mayor Boris Johnson with an offer to provide mobile phone infrastructure for the Underground in time for the London Olympics.  In August, they recruited the former Government chief information officer, John Suffolk.

Their latest move to gain respectability is to sponsor a charity Christmas concert in support of The Prince’s Trust at the Royal Festival Hall next month, to which they have invited large numbers of senior Government officials and Parliamentarians.

No doubt, Huawei will say they are much-maligned, but I do wonder whether a UK Parliamentary Committee shouldn’t be following the lead of the US House Intelligence Committee and launch an investigation into the company’s growing influence in the UK and any possible implications for security.

Friday
Nov 4,2011

I’ve already asked what exactly was William Hague’s grand international conference on cyberspace for, but it is clear that my scepticism is shared by the journalists who were sent to cover it and came away disappointed or as the Daily Telegraph put it:

“So what did we learn over the course of the two-day meeting? Well, in short, almost nothing. ….

As the show limped to its finale on Wednesday, many of Mr Hague’s conclusions could have been written at any point in the last six months.

“All delegates agreed that the immediate next steps must be to take practical measures to develop shared understanding and agree common approaches and confidence-building measures,” the Foreign Secretary declared. Well, quite.”

And serious experts like Richard Clayton from Cambridge University were pretty underwhelmed too.
Tuesday
Nov 1,2011

In August, David Cameron wanted to block Twitter, Facebook and Blackberry Messenger.

Today, William Hague said:

“Some governments block online services and content, imposing restrictive regulation, or incorporate surveillance tools into their internet infrastructure so that they can identify activists and critics. Such actions either directly restrict freedom of expression or aim to deter political debate.”

And just in case the Prime Minister had missed the point went on:

““Human rights are universal, and apply online as much as they do offline… Everyone has the right to free and uncensored access to the internet.  … We saw in Tunisia, Egypt and Libya that cutting off the internet, blocking Facebook, jamming Al Jazeera, intimidating journalists and imprisoning bloggers does not create stability or make grievances go away.”

Oh dear …..

Monday
Oct 31,2011

In July the Foreign Secretary announced that the UK would be hosting an international conference on cyberspace.  The purpose was to bring together governments, international organisations, NGOs and businesses from around the world to “address the challenges presented by the networked world including cyber crime that threatens individuals, companies, and governments.”  William Hague said that it was “vital that cyberspace remains a safe and trusted environment in which to operate. This can only be done effectively through international cooperation, engaging both the public and private sectors. Together I hope that we can begin to build the broadest possible international consensus.”

In case you missed it this major attempt to build international consensus is taking place tomorrow and Wednesday – indeed the process of international bonding began over drinks and nibbles at the Science Museum earlier this evening.

However, looking at the programme, it is not clear what the programme offers that is going to be different from numerous similar gatherings over the last few years.  Nor is it apparent where the “broadest possible international consensus” is going to be hammered out.

But we are assured that it is going to look good …..

quorh.jpg

But this picture really does deserve a caption competition:

quorh.jpg

Printable suggestions only please.

Friday
Oct 28,2011

What would the people in your office do if a couple of people looking the part turned up at your office door saying that they were there to do a fire inspection?  Or said they were more or less any other branch of officialdom flashing ID and saying they needed to do an inspection?

Here is a salutory warning:

“Let’s say I am posing as a fire inspector. The first thing I will have besides my badge and uniform is a walkie-talkie, like all firemen. Outside, we’ll have our car guy. The guy that sits in the car, and basically his job in the beginning is to send chatter through to our walkie-talkies. We will have a recording of all that chatter you’ll hear on walkie-talkies. He sits in the car and plays it and sends it through to our walkie-talkies.

We walk into the facility and make sure that all the chatter is coming loudly into to the walkie-talkies as soon as we walk in their door so that we are immediately the center of attention. When I walk in, I want everyone to know that I mean business. My walkie-talkie is loud and everyone looks over as I apologize and turn it down.

I show the person at the front desk my badge. They’ll say “Hi, how’s it going?” I’ll say “Good, I’m here to do a fire inspection.” They say “Great” and assign someone to us, like a teller. It’s generally someone who’s nice. I’ll start talking with them, flirting with them, or whatever it takes. We’ll start walking around.

While I’m talking with the person who has been assigned to us, my partner knows his job is to immediately wander away from us. So, my partner will immediately walk off. In most cases our escort will say “Can you come back here? I need to keep you guys together.” We say “Sure, sorry.” But really that means nothing to us. All it means is that we keep doing it until she gives up. My partner will wander off two or three times more times and get warned until she finally stops and gives up. She just thinks he’s a fireman and thinks “Let’s just let him do what he needs to do.”

At that point, my partner’s job is to start stealing everything he can steal and start putting it in his bag. And he also has to get under the desks of any employee he can find and start installing these little keyboard loggers. I stay with the person who is escorting me and my whole job now is keeping them entertained. I keep walking around rooms, giving them advice on keeping their facility fire safe, even though I really have no idea what I’m talking about. I make stuff up and probably give the worst advice ever. I’ll pull out cords and say “This looks a little bit dangerous.” I’ll comment on space heaters. I’m completely winging it.”

You can see how it might happen.  Read on here …..

Friday
Oct 21,2011

I have just come across this YouTube clip of my report back to the Parliament and Internet Conference last week of the session I chaired on the opportunities presented to the creative industries by the internet.

Thursday
Oct 13,2011

Earlier today I chaired a fascinating seminar for patient groups and professional organisations which discussed healthcare acquired infections (HCAIs) and, in particular, what needs to be done to better prevent such infections in community (rather than hospital) settings.

As the meeting continued, I was struck by the surprising number of parallels that exist between what needs to be done to cut the risk of such infections and what needs to be done to improve information security.

For example, there were those a few years ago who thought the situation with HCAIs in hospital was so bad that nothing effective could be done.  They have been proved wrong by the success of the initiatives taken over the last five or six years to reduce dramatically the incidence of MRSA and C Difficile in hospitals (80% and 60% reductions respectively). Likewise there are those who throw up their hands in horror about the current tide of cyber security problems and seem to believe that our systems will always be irredeemably compromised.  Hopefully, they will also be proved wrong in a few years time.

The response to HCAIs was in the past seen as better and stronger technical solutions (i.e. ever more powerful antibiotics) and, whilst such solutions remain necessary for those who are infected, the sharp reductions have been achieved by other means – largely through achieving major changes in behaviour amongst staff and patients (i.e. better and more effective hand-washing, greater emphasis on cleanliness etc).  This is mirrored by the increasing recognition that social engineering and behavioural change is an enormously important component of better cyber security and information assurance.

Similarly, without being too Cameron-esque about it, we all have to be in this together. Everyone has to play their part.  Thus, patients and their visitors need to understand the importance of washing their hands with alcohol gel and remembering to do it.  In the same way, individual computer users need to adopt precautions to prevent their systems being compromised.  At the same time, product manufacturers must play their part in making their products less vulnerable to infection (e.g. catheter or commode design can be used to make HCAIs less likely, just as computer software and hardware can have security built in).

Likewise, you cannot help but notice that meetings, whether about HCAIs or addressing cyber security, always conclude that more public education is needed and that the message needs to start at primary school ….

Well, I thought they were interesting parallels ….

Tuesday
Aug 16,2011

Earlier today I went to see the Ealing Studios classic “Whisky Galore” at the Odeon Cinema in Panton Street.  The film, of course, describes the actions of Scottish islanders in recovering a cargo of whisky from a shipwreck at a time of acute whisky shortage during the Second World War despite the best efforts of Her Majesty’s Customs and Excise.

The film is a paeon to the joys of looting.

Indeed, it is nothing short of incitement to loot.

Yet earlier today Jordan Blackshaw and Perry Sutcliffe-Keenan were both jailed for four years at Chester Crown Court for using Facebook to incite people to riot.

So will the Managers of the Odeon Cinema in Panton Street now expect to be arrested under sections 44 and 46 of the Serious Crime Act for intentionally encouraging another to assist the commission of an indictable offence?

They may need to watch themselves …..

 Of course, the police may like to wait until after next week’s showings of “Kind Hearts and Coronets” – an incitement to murder members of the aristocracy if ever I saw one …..