When IT Meets Politics

October 6, 2012  10:35 AM

Towards a sustainable 21st Century Infrastructure

Philip Virgo Profile: Philip Virgo
4G, Internet of Things, Smart meter

The need for infrastructure investment has become fashionable. It is one of the lobbyists topics at this year’s party conferences. But only one event (18.00 – 19.30, 8th October, Austin Court, Birmingham) tries to knit together various Green, Energy, Transport and Communications threads.


Over the past six months sub-groups of the Conservative Technology Forum have been working on the issues that need to be addressed to pull through investment in creating sustainable 21st Century Infrastructures: smart meters, smart grid, smart cities and smart infrastructure, including ubiquitous broadband (fixed and mobile, urban and rural).


The investment is needed to not only support ubiquitous computing (the Internet of Things) but also to avoid the need for rationing (both bandwidth and energy) by 2015 when, without action NOW, the lights will start going out and mains power to data centres will depend on whether the right kind of wind is blowing in the right places – even if more of the country has “not quite so painfully slow” always on (except during power cuts) Internet connections.


This week, while others have been looking at who was responsible for delaying funding decisions on rural broadband and 4G for over a year, I was reviewing a draft paper on why funding for smart meters and grids (to reduce peak energy demand) has dried up at the same time as investment in new generating capacity. The answer can be found in the small print of Ed Milliband’s 2009 Energy White Paper when low risk pilots to demonstrate the business case were blocked in favour of an ubiquitous centrally planned policy which gives no obvious benefits to early adopters.


On Monday 8th October from 1800 – 19.30, in Austin Court (outside the security ring of the Conservative Party Conference), John Hayes MP (one of the new Energy Ministers) and Ian Taylor (former Science Minister) will open discussion at a meeting at which I expect the main points from the first of the new CTF policy studies (it is actually the first paper from theme 5 in the list) to be presented. The choice of venue allows the discussion to be extended beyond delegates and registered lobbyists to involve those concerned with pulling through investment in smart meters, smart grids, smart cities and ubiquitous broadband (fixed and mobile, urban and rural) to support ubiquitous computing (the Internet of Things) and the actions necessary to prevent the lights going out in 2015. 


The clash with the Next Gen broadband conference is more than a little unfortunate. The danger was flagged as soon as it was learned that the latter might be held during the party conference season. Several important broadband players face a difficult choice, particularly those who are less interested in meeting nominal targets for 2015 and whether BT has an unfair advantage, than in stimulating and rewarding investment in the world class resilient, reliable utility networks that will underpin the world of the 21st century.


I am hoping that the Next Gen event will be recorded so that I can watch and/or listen to the highlights at leisure. We have not made formal arrangements to record the meeting in Birmingham but I am reasonably confident that many of the audience will do so (they are that kind of audience) and I will look for some-one to do a mash-up of the best.  


Enhanced by Zemanta

October 2, 2012  8:42 AM

ED Balls and Open Government give the opportunity for a Broadband Breakthrough

Philip Virgo Profile: Philip Virgo
Cabinet office, DCMS, Janet, local government, Olympics, PSN, treasury

The announcement by the Shadow Chancellor that Labour would put the receipts from the 4G auction towards subsided new build housing gives Maria Miller a great opportunity to cut a year or more off the timescale for rolling out both fixed and mobile broadband. It is most unclear how much the 4G auction will raise. Ed Balls was expecting £3 – 4bn but the actual is likely to be considerably less and the first £600 million appears to have already been committed. Meanwhile Ian Grant has commented on the bloodbath within DCMS and the departure (voluntary or otherwise) of those seeking to get better value for money before the new Secretary of State could start asking them questions.

Yesterday I was told, how correctly I do not know, that DCMS is one of the departments that are most determined in their resistance to the Cabinet Office drive for open government, particularly with regard to securing value for money in their procurement policies. Now it would appear that those who take Cabinet Office policy seriously are fired for leaking.

I would love to see the Secretary of State not only pull off her negotiations today and get the 4G auction over before the New Year in return for an end to litigation, but also secure Treasury agreement to announce (at the party conference) that the uncommited proceeds will be spent on pulling through ubiquitous broadband to also help improve public services and create jobs in rural areas and inner cities. The latter anncouncment would imply that the current, backwards looking  single supplier framework will be swept away and local authorities will be supported in pooling funds (from what-ever source), using what-ever procurement frameworks (from those of Local Government, JANET or the NENs to PSN) to pull through investment in converged, open access networks capable of meeting the needs of the 21st century.   

But in order to make a reality of such an announcement and achieve timely results it is probably also necessary for the Minister to order DCMS to follow both the spirit and the letter of open government. That will not come at all easy for a Department with so many skeletons in its closets (from negotiations with the Arts Council, BBC and Sky to those over National Lottery and the Olympics) and the habits of mind which result from dealing with media owners, content owners and creative artists . Now that they are nearing Valhalla perhaps the time has come for a new Abbess Hild to persuade the Norsemen to convert to christianity and the Christians to pool their differences.       

I would still expect BT to manage win most of the converged infrastructure and network servcies business on offer, but on fair terms, with no need for state aid and in ways which give a better long-term return to its shareholders than watching its customer’s businesses move overseas as the UK falls behind the rest of the world as a location of choice for on-line business.

P.S. I also happen to believe that a VAT  holiday with regard to converting and refurbishing currently empty or semi-derelict properties would do far more to alleviate housing shortages than using the uncertain receipts from the 4G Auction.

Enhanced by Zemanta

September 30, 2012  6:16 PM

New Minister brings outbreak of common sense to UK Communications policy

Philip Virgo Profile: Philip Virgo
4G, BDUK, Broadband, DCMS

The news that Maria Miller has called in the Mobile Operators for a round table at which she will offer to bring forward the 4G auction, provided they stop playing legal games, indicates why we need more women in cabinet. As some readers will know, I was programme manager for the start of the first (and by far the most successful) campaign to get more Women into IT (1988 – 94). Some say that I organised the campaign. I did not. The team did so. I listened (for once), then did as I was told. My main contribution was that no-one could point at me and say “well she would say that, wouldn’t she.” 

There are many jokes about the differences between men and women. One of the most profound, at least in the business world, is that men tend to focus on winning battles (and being seen to do so, even if it costs more and achieves less) while women focus on securing results (even if that means appearing weak, because they avoid battle in order to do so faster and more effectively). The lamentable consequence is that inferior (and underperforming) men are all too often promoted over their heads.   

I look forward to the Secretary of State using similar tactics to bring about the convergence of our fragmented broadband funding and procurement policies (preferably without humiliating those still trying to fight unwinnable battles in order to save face) in order to pull through the roll out of rural and inner city broadband (both fixed and mobile) in time to help save a few Conservative and LibDem councillors from the slaughter next May. The ability to demonstrate progress in delivering real (inter-operable and upgradable) broadband, not just promises, may be sufficient to tip the electoral balance in notspots where the consequent educational and economic exclusion are as big a problem as the social exclusion of young and old.    

If she can make progress in time for announcement at the Conservative Party conference, that should also help harness the groundswell of discontent on lack of progress that is otherwise likely to surface during the Conservative Policy Forum discussions that I mentioned in my blog on the IT at this year’s Party Conferences. Using converged broadband to help pull through economic recovery at the same time as delivering better public services at lower costs should also help provide a more credible win-win-win political strategy than is currently on offer for the local government elections next year.   


Enhanced by Zemanta

September 30, 2012  2:42 PM

Which cyber-topics will feature at the Party Conferences

Philip Virgo Profile: Philip Virgo
Big Data, bigdata, Conservative, Conservatives, Digital skills, Labour, lobbying, Microsoft, Service delivery, Smart grid, Smart meter

As the three main party’s implode into a period of soul searching, wondering why their faithful have drifted away, what topics are the lobbyists promoting to those who attend their annual fund-raising events?   

A quick scan of the exbition guides and fringe listings indicates that the lobbyists main priorities are:

  • energy: particularly subsidies for windmills and nuclear
  • the use of social media and networking for political campaigning
  • digital skills programmes: education, schools, universities etc.
  • encouraging the further outsourcing of service delivery (including but, not just IT).
  • privacy and surveillance policy (albeit driven by civil liberties rather than corporate lobbyists).

I could find little on the use of IT to help improve service delivery – except for education or in the context of promoting further outsourcing. More suprisingly there appear to be no broadband events – except for the Next Gen event in London while the Conservatives are in Birmingham.    

The only directly IT-related event, apart from the Big Brother Watch meetings on the Comunications Data Bill, is the Conservative Technology Forum meeting to put Smart Meters and Smart Grid policy into the context of a converged 21st Century Smart Infrastructure (including ubiquitous broadband to support ubiquitous computing and communications for the Internet of Things).

That meeting appears likely to be one of the few with two Ministerial speakers (one current, one former) that is not commercially sponsored. The reason is probably that none of the lobbyists can find out, or influence, what is to be said by the speakers. I am chairman of the CTF and I do not know, although I sat in on most of the discussion meetings and have seen earlier drafts of the policy proposals to be presented for comment. I should perhaps add that I delegated the organisation of the policy paper and the meeting to those who understand that subject much better than I – and look forward to listening and learning. Most sponsors would, however, be more fearful of things being said which did not fit their current lobbying position than would appreciate the benefits of being seen to support genuinely open discussion.  

That leads me to the question of whether Party Conferences should be an annual lobbying exercise or a rally of the faithful. If they are primarily a rally of the faithful, should it be to listen to their leaders, for their leaders to listen to them or for leaders and followers to try engage in genuine dialogue?

The use of IT to improve service delivery may no longer be a headline item in the mainstream or fringe programmes this year, but it is likely to be a serious topic of conversation elsewhere at the Conservative Party Conference – perhaps more robustly than many lobbyists would like. One of the welcome innovations this year is a series of Conservative Policy Forum meetings for party activists to discuss what matters to them them.

The CPF has a surprising number of former information systems and project management professionals in membership, possibly because of the “downsizing” of the UK IT industry over the past twenty years.  Many have strong views on how to get better for money than by paying 30% (or more) over the odds from that small number of dominant suppliers who spend tens of £billions p.a. on behalf of central government. Unfortunately their analyses of what went wrong and why are often better than their ability to suggest realistic ways forward. 

Microsoft (one of that minority of suppliers which still takes support for long-term “public affairs”, as opposed to short-term “government sales support” seriously) recently hosted a very well-informed Conservative Technology Forum round table on the politics of co-operation in service delivery. This indicated the scale of change in prospect as we attempt to refine gold standard information from the toxic sludge that is current public sector “Big Data” in order to support the delivery of better targetted public services. We agreed to return to this topic after the Conference. I then hope to balance the inputs (derived from far better informed and profound thinking than I had anticpated) from Microsoft with those from others who are equally serious about responding to change rather than trying to prevent it.      

Enhanced by Zemanta

September 10, 2012  5:23 PM

Time to to prepare for the “insourcing spring” of 2013

Philip Virgo Profile: Philip Virgo
Eurim, local government, Mouchel, NPfIT

The difficulties experienced at Mouchel has triggered a series of reviews which will lead to many, perhaps most, of its local government service contracts (run by companies which it had taken over) being taken back in house rather than left to tender mercies of Treasury-owned banks. That process will gather pace next spring as Councils seeking to get re-elected by cutting costs without cutting services stop renewing inflexible outsourcing contracts and start bringing services back in-house so that they can be restructured and shared. 

Meanwhile the collapse of health care across South East London , in the wake of a series of disastrous PFI and Outsource Contracts (particularly those for the Princess Royal and Queen Elziabeth hospitals, will hopefully trigger legal action against those responsible (including the law firms and consultancies) for contracts which not only flew in face of good practice at every level (clinical, management etc. etc.) but may have been in breach of legal requirements (e.g. for the emergency lighting in the operating theatres) as well as ultra vires.   

Bryan Glick makes some good points in his blog on the lose-lose contracts to implement the NHS National Plan for IT but was wrong to point the finger at Granger for pushing the balance of risk “too far the other way”, when he set about enforcing the small print of the crass contracts he inherited in order to bring about renegotiation. He was merely following private sector good practice. His former employers. Accenture, saw what was about to come and walked away: writing off only a £hundred million or so. BT, CSC and Fujitsu should have done likewise – in the interests of their shareholders as well as of the patients and taxpayers. 

Now the coalition parties face electoral melt-down in the council elections next year as officials continue to cut front line services in order to fund redundancy payments. We can therefore expect to see attention turn towards making real cuts in IT costs, not just the nominal 10% offered up by the current incumbents to Cabinet Office, in return for an inside track on future business. 

The LGA statements in this area are mostly generic but evidence to date is that co-operation with regard to ICT procurement can lead to costs of less than half the central government average for equivalent products and services. Meanwhile co-operation in service delivery (including from sharing communications networks and back offices) has enabled savings of over 50% at the same time as service improvements (e.g. by giving mobiles to midwives and carers to do the paper work from the patient’s home).

However, ongoing savings as needs and technologies evolve require a flexibility that is missing from most outsource (let alone PFI) contracts. Hence my view that the zenith of outsourcing was during the run up to Y2K. That does not mean that it will take a long time to fade out of fashion. The zenith of the British Empire was probably before the Boer War, even though more of the world was painted pink (League of Nations Protectorates) after the Treaty of Versailles in 1919).

I think we can expect to see others to follow suite if Milton Keynes is successful in making significant savings by bringing services back in from Mouchel. Meanwhile the Local Government collaborative procurement strategy is likely to gather pace with services increasingly delivered by local co-operatives and SMEs within inter-operability frameworks (like those for PSN). The challenge will be to help Local Authorities to deliver savings on positive cash flow, because few, if any, still have cash balances to invest up front and their suppliers cannot afford to borrow to fund risk investment. That requires innovative thinking on the part of those IT and Communications suppliers who are not in the process of quietly withdrawing from UK public sector markets.

How can major IT and Communications suppliers re-engineer their operations to work more profitably through local partners, with lower sales and support overheads, when those running them usually got to the top by running big sales campaigns (whether or not the subsequent implementation was profitable or successful)?   

The good news is that a number of suppliers (large and small) are looking at how to adapt, using the new Digital Policy Alliance as an umbrella for co-operation with Local Government and SME consortia. One of the cornerstones to that co-opeation is the move towards mandating open standards for inter-operability. This not only preserves  competition, avoiding lock-in to proprietary solutions, it also means that if a supplier fails, for whatever reason, the contracts can be picked up by others (albeit not necessarily at the same price) without the need to write-off a dead-end investment. 

[The DPA is a relaunch of EURIM. I am getting quite jealous of the commitment being shown by major players towards the exercises planned by my successor. The key to his success is that he is making the members do the work – dropping exercises where he cannot see the necessary commitment. My failure was because I tried too hard and they thought they could leave things to me if they were “too busy”. I learned my lesson too late. But now I am also free to advise some of the DPA members on how to reap direct short term business benefits from working together.

That is important because those who do not help Local Authorities achieve their cost-cutting objectives next spring are unlikely to still be serious players in the UK public sector come the time of the next General Election. Waiting for this government to go away is not a serious option. If it fails, the next one will face an even harder job – in a world where IT is used to ration demand at a every level – and therefore under systemic attack from all sorts of “freedom fighters” and not just copyright pirates.]  

September 8, 2012  12:44 PM

New DCMS minister releases evidence of BDUK failure

Philip Virgo Profile: Philip Virgo
BDUK, Broadband, DCMS, Gigaclear, LINX, PSN

Maria Miller has acted fast to announce long overdue measures to remove some of the planning obstacles to the installation of new, lower cost, fibre networks. This is linked to the release of a BDUK progress schedule dated May 23 showing the sclerotic progress in bringing forward procurements using funds agreed the year before.  Meanwhile 400 homes in rural Appleton (Oxfordshire) have just acquired what is truly the Best Broadband in Europe – close to a gigabit both download and upload from Gigaclear, trunked by Cable and Wireless (who pulled out of the BDUK framework and are now part of Vodafone) to the London Internet Exchange.

The BDUK UK schedule indicates why so many MPs and Councillors are incandescent.

What is less clear is “what happens next?”  

Given that it is the Department of CULTURE, Media and Sport I remind those advising ministers of the fate of Macbeth when he took the view that:

“All causes shall give way, I am 

in blood steeped in so far, should I wade no more

Retreating were as tedious as go o’er”.

Andy Burnham may no longer be at DCMS but the constituency of the SNP spokesman for CMS, Peter Wishart, includes Dunsinane. 

My simplistic summary of the state of 50 or so projects which applied for BDUK funding as at May 23rd is: 2 on course, 5 with procurement under way, 4 with procurements due to start, 25 stuck in the treacle of the BDUK procurement framework, 4 bypassing the need for state aid clearance, 6 in negotiation (i.e.the councils had told BDUK they wanted the money to combine with other projects which did not fit the framework) and 5 withdrawn (i.e. they decided that the funding available was not worth the hassle). Little appears to have happened since then save that Birmingham got its EU go ahead in 10 weeks flat. 

Meanwhile the overall broadband scene has potentially been transformed by the success of the BT and Mobile infrastructure upgrades to handle the Olympics and the decisons of mobile operators to share their infrastructures, including their investments in “fibre to the femto”.  There is still a real possibility that the UK really good have “the best broadband in Europe” by 2015.  

It is unclear how many Councils still have available the funds they had at the start of 2011. More-over those which have not had to commit their balances elsewhere are concerned to use these to help them reduce their own service delivery costs, that means investing in PSN compatible network procurements to support shared service delivery.

I hope that the release of the BDUK progress report indicates that the new Minister is clearing the decks for a shared (with other departments including Treasury) infrastructure investment policy review. Reliable, resilient and ubiquitous broadband (both mobile and fixed) should be seen as one of the four cornerstones of a 21st century infrastructure. The other cornerstones are smart meters, smart grids and a smart standards regime.

But we also need consistant, compatible and predictable fiscal and regulatory regimes which create and preserve open markets which give good service to customers and fair rewards to those who make risk investments – without locking out innovative newcomers. Because unless we enlist market disciplines to compensate for regulatory failure we will indeed face the future of bandwidth and energy rationing for which officials at Ofcom, Ofgem, DCMS and DECC have been preparing.  

September 6, 2012  7:55 AM

CESG has indeed produced a readable and succinct “Executive Companion” to Cyber Security

Philip Virgo Profile: Philip Virgo
CESG, CIO, CPNI, Information security, WARPs

Yesterday I questioned whether the new CESG Cybersecurity Guide, now available on the BIS website, would be any better than that produced by the US FCC. 

It is. But it is what it says on the cover “an Executive Companion”. It is not a “ground breaking new scheme” and I doubt whether any FTSE 100 Directors will read it.  

The guide, with its simple usage cases, and the back up material on the CPNI website covering critical controls and other guidance and education is a good check list for a corporate Chief Information Officer reviewing the objectives and budget of his Chief Information Security Officer. Whether it is of much value to the CIO when trying to make a case to his Board to give priority to information security over other matters at a time of all-round cost-cutting is another matter. I fear that we are still in a world of “experts producing material to impress other experts”.

Last night I attended a Computer Weekly 500 club event on relations between the CIO and the Board. This is perennial topic and Professor Jim Norton’s presentation on the roles of the CIO might have been delivered 30 years ago (indeed the messages closely echoed those at a session on “Who should be responsible for IT” at the opening conference of IT 82, the first and most succesful “awareness” campaign). What was different is that Jim has not only been a main board chairman but helps run the Institute of Director’s training programme. His summary of the roles of the CIO, from translator, through gatekeeper and accountant to sherriff helps position the value of what was announced yesterday – the CDESG material is a useful piece of support material for the CIO who has also got a credible business case for action and a strategy for delivering on the promises he will have to make in return.

I have three criticisms regarding the otherwise welcome CESG companion and the helpful supporting material on the CPNI websites.

The first is that the basic approach is reactive, adding controls rather than preventing vulnerabilities from being introduced in the first place: (e.g. by poor system architecture and the recurrent use of development short cuts which replicate 20 and 30 year old vulnerabilities to be picked up, if at all, by subsequent penetration testing).

Those who are serious about security really must most towards mandating good practice in security by design . BCS and IET must take a lead (working in co-operation with e-Skills) in mandating this in the undergraduate degrees and any other courses that they accredit. from schools to continuous professional development. We must also bridge the growing gulf between the cyberwarfare skills development plans of CESG and MoD and the civilian security skills needs of most of industry.

The promotion of this guidance might provide an opportunity to do just that.

What are the plans for follow up with and through the civilian sector skills councils: where e-Skills is tasked to provide the lead on information security (as well as commuications and computing) skills?           

My second criticism is that in saying “who we work with” it is apparent that the CPNI has ignored the WARPs (Warning, Access and Reporting Point), its previous partnership network. Ineed there appears to be not link to the WARP website from CPNI.

The WARP programme appears to have been quietly cut adrift a couple of years ago, when central funding and support was transferred to sexier programmes. Even so, a couple of dozen (particularly those covering parts of local government, the health service etc.) are still listed as active. What are the plans for working with and through those that survive rather than duplicating effort.    

My third is that there is no reference to the value of participating in or linking to awareness exercises like “Get Safe On-line”. There is a reference to “Action Fraud”. I suspect that this is another symptom of silo’d thinking. Awareness without action is not enough but the two should be symbiotic.    

September 5, 2012  11:27 AM

Will GCHQ give more serious guidance than the FCC?

Philip Virgo Profile: Philip Virgo
China, cyberwarfare, Flame, GCHQ, Russia, Security

This morning’s announcment of a GCHQ initiative to help British business improve its cybersecurity was damned with faint praise in a FIPR “alert”. They queried whether its guidance would amount to much more than that issued by the US Federal Communications Commission. I do hope it will not repeat the falsehood that 80% of the threat can be handled by “good house-keeping”, i.e. keeping anti-virus et al up-to-date. The ceased to be true a couple of years ago, if it ever was.

Yesterday at the end of my blog on the first meeting of the pre-legislative scrutiny of the surveillance bill, I commented on the need to stop confusing the skills needed to update the UK’s cyberwarfare capability with those needed to protect business and rebuild confidence in the safety, security and resilience of the on-line world. I should have qualified that statement.

There is an overlap – but it is in a taboo area.

Our cyber-warriors and those of the US and Isreal (and probably also those of Russia and China) have long been working on tools (e.g. those inside Flame and its more sophisticated counterparts), for covertly penetrating and exploring on-line systems in order to cause damage (e.g. Stuxnet) or loot their contents (e.g. the thefts from US transaction processing and payment clearing operations). Those tools, which current generations of anti-virus et al do not detect, are increasingly being used to steal customer files (including passwords, certification and authorisation details  etc.) from on-line retailers and commercial secrets (including from the research and development operations of pharmaecutical and on-line gaming companies as well as from defence and aerospace).

Is GCHQ going to share its expertise in detecting and blocking those tools?

More-over is it going to support the effort necessary to mandate the use of security by design across the public sector (and its suppliers) and to support its adoption by major private sector players so that we stop the development of new applications which incorporate 20 and 30 year old vulnerabilities?

If so, we really will have cause to celebrate. Such co-operation could indeed help catapult the UK into poll position as a location in which to base globally trusted on-line operation.          


Enhanced by Zemanta

September 4, 2012  7:15 PM

Enjoy your right to surveillance on the scrutiny of the surveillance bill

Philip Virgo Profile: Philip Virgo
Cabinet office, Cheltenham, GCHQ, Google, Linkedin, Surveillance

While getting bored with watch comment on the Cabinet Office reshuffle I received a Linked In message recommending I watch the Communications Data pre-legislative scrutiny committee evidence session instead. The first thing I noted was that David Davis was not expecting a phone call from Number 10. He was sitting behind the witnesses as they responded to some lovely questions – such as “Do you trust GCHQ and its staff with the roles being expected of them?”.

The answers to that question were as profound (in their implications) as those to more predictable questions, such as: “What is communications data?” (as we move from e-mail and browsing, through social networking and always on smart phones to ubiquitous computing).

The answer to the question of trust illustrates the entertainment, as well as educational, value of the session. Peter Sommer trusted those he had met at the personal level but commented on the narrow world view of those living in Cheltenham. Sadie Creese pointed out that she lived in Cheltenham and trusted her neighbours. Ross Anderson did not trust their technical competance because they offered only £25,000 (with no prospect of a career leading to a top management role) to those being offered $200,000 (and a route to the top) by Google. Glyn Wintle said that he would be far more concerned about the trustworthiness of those working for the ISPs collecting the data, or of any major data file linked to the Internet. 

Do watch, enjoy and then think. I am not just delighted with the broadcasting of pre-legislative scrutiny. I am surprised that it should be so entertaining.   

P.S. I should perhaps add that I am getting concerned over the way the information security skills agenda appears to have been overshadowed in the eyes of BIS and its funding agencies by the very different needs of GCHQ and MoD for cyberwarfare skills. 

The skills initiative planned by BIS, OCSIA and CESG should be viewed as a piece of long overdue defence spending. It has little to do with the need to address on-line security – where the prime need  is to educate mainstream software developers to embed security by design and stop building twenty year old vulnerabilities into new applications. I would argue that important thought the former undoubtedly is, the latter should have priority at a time when trust in the security of the on-line world is crumbling.  

Enhanced by Zemanta

August 26, 2012  9:59 PM

How do we rebuild trust in the on-line world ?

Philip Virgo Profile: Philip Virgo
Catapult, Eurim, WCIT

The latest press cover on the BRC survey on the cost of e-Crime still misses the point. The biggest cost is lost business . And I do not mean hypothetical losses because of “piracy” but actual order abandoned because intrusive security or lack of confidence means, for example, that more transactions (by value) are abandoned than are completed. as in so many other areas, those concerned with the future of London as a global financial services are ahead of the curve (and in this case ahead of both government and most of their technology suppliers) in looking at the consequences.

How do you apply “My word is my bond” to the on-line world.

Who am I? Which version of which translation of which e-mail or tweet was my word? What is my bond worth? Does it matter (and if so, to whom) if the transaction is subject to irrevocable payment in advance or on delivery?

Which suppliers can you trust?  Which credentials, regulators and enforcement agencies are trustworthy?

A fortnight ago I attended a workshop to develop ideas for the TSB “Trusted Internet” Catapult. (the latest HMG funding initiative in the cybersecurity space. The timetable for the launch of the new facility parallels that for a competition for University Masters Students to look at some of the questions that need to be asked. The aim is to get those who will be designing the products and services of the future to throw rocks into the stinky pools of introverted discussion on “trusted identities”, “trusted computing”, “trust services” and “trusted intermediaries”.  Their generation will have to live with the consequences of the decisions currently in prospect with regard to research priorities, business plans and regulatory initiatives. They are also in a position to think the unthinkable and be rewarded not punished.

After discussing the original proposal, the Director of one of the new UK Cyber Centres of Excellence said that the questions he would like to see his students tackle included:


“What constitutes lawful protest online and how can this essential aspect of a democratic space be reconciled with an online environment that promotes economic prosperity?”

“Which of the grooming techniques employed by online “phishermen” could be used to foster a beneficially greater sense of trust online and would it be ethical to use these methods?”

“How do you bring about behaviour change at board level regarding to the value of information, security strategies and budgets? What arguments, language and evidence are needed?

My first thoughts were: “Ouch”, Ouch” and “Ouch”. My second thoughts concerned those who I would like to see brought together to debate such questions. My third thoughts concerned the mix of academic disciplines that wwould need to be brought together to provide credible answers.

The competition appears to be gaining widespread support from some of those with difficult decisions to make over the next year or so as well as from those who wish to stretch the minds of their students across academic boundaries and those who wish to work with them on applied research and technology and/or subsequently recruit them. Over the next couple of months we will be looking to go firm on the organising team and sponsors, the support available to entrants and the prizes. But first we need to take a good look at the questions.  

Continued »

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: