Tag Archives: www.risk-uk.com

GCHQ and Cyber Security Challenge UK test public’s ability to prevent cyber terror attack

GCHQ is today calling on the UK public to protect a fictitious aerospace technology company threatened by imminent attack from cyber terrorists.

‘Assignment: Astute Explorer’ is the latest game to be devised by the Cyber Security Challenge UK, the Government-backed project designed to run an inspirational series of national competitions aimed at attracting talented people into the profession and informing them about cyber security careers.

The latest process affords members of the public a chance to act like a GCHQ operative, using their cyber security skills to investigate and attempt to fix the vulnerabilities of a global defence company ahead of a forewarned cyber attack.

Earlier this year, the Cyber Security Challenge UK launched its 2014-2015 programme of online and face-to-face cyber games by introducing a new enemy, The Flag Day Associates, via a threat video that warned of future cyber attacks against the UK. The Challenge’s first recurring characters, the investigation and defence against this new nemesis forms the basis of this year’s competitions.

The Cyber Security Challenge UK: testing the public's cyber skills

The Cyber Security Challenge UK: testing the public’s cyber skills

‘Astute Explorer’ follows on from an assignment set by global security software vendor Sophos which, over this past weekend, tasked the public to analyse a hard drive recovered from The Flag Day Associates. The hundreds of candidates who tackled the Sophos-devised competition revealed plans for a future attack on ‘Ebell Technologies’ – described as an aerospace and electrical engineering company who are world leaders in the production of military and civilian aircraft, green energy technologies (such as wind turbines) and a variety of electronics products.

In launching its new game, the Challenge has revealed that Ebell Technologies is understandably concerned about the threat of an imminent attack and has thus approached GCHQ to assess its susceptibility to being compromised. As part of the analysis, GCHQ’s ‘Astute Explorer’ – an automated code scanning tool after which the game is named – has returned various snippets of code that may contain vulnerabilities. Those who take up the challenge will be asked to identify these vulnerabilities, explain why and how they could be exploited and suggest appropriate fixes.

Need for a skilled cyber security workforce

“As the UK’s National Technical Authority for Information Assurance (NTAIA), GCHQ is pleased to have been able to develop an original game for the Cyber Security Challenge UK,” explained Chris Ensor, deputy director for the NTAIA. “We have designed ‘Astute Explorer’ to really test candidates’ cyber security skills. We absolutely recognise the need for a skilled workforce which is why we’re delighted to once again support the Cyber Security Challenge UK and help inspire the next generation of cyber security talent.”

Those who register will be competing to book their place at the Challenge’s first of a series of reconnaissance meet-ups organised as part of ‘Operation: Flag Day’. Here, the most impressive candidates from the virtual assignments will be asked to report for duty in person at secret locations around the UK to carry out investigations face-to-face in teams.

As well as uncovering vital clues on the objectives and identities of The Flag Day Associates, these gatherings will ultimately determine the final line-up of online defenders to take on the cyber terrorist group at next year’s Masterclass final.

“There’s no doubt that ‘Astute Explorer’ is an ingenious game from GCHQ which will not only provide an enjoyable challenge but also test skills that are in high demand by employers in this sector,” said Stephanie Daman, CEO of the Cyber Security Challenge UK. “I would encourage anyone with an interest in how IT systems and the information they hold can be protected to sign up and give it a go.”

Series of national competitions

As stated, the Cyber Security Challenge UK runs a series of national inspirational competitions aimed at attracting talented people into the profession and informing them about cyber security careers and learning opportunities.

Now in its fourth year, the Challenge is running an ambitious programme of competitions and activities designed to spread the word about why cyber security is such a fulfilling and varied career and help talented people obtain their first cyber security job.

The Challenge is sponsored by some of the UK’s most prestigious public, private and academic sector organisations and already making a notable difference to the career prospects of those with the talents and aptitude to become cyber security professionals.

Further detail is available at: https://cybersecuritychallenge.org.uk/

GCHQ is, of course, one of the three UK intelligence agencies. Further information on its work can be found at: http://www.gchq.gov.uk

Leave a comment

Filed under Risk UK News

Emma Carr appointed director at Big Brother Watch

Just months before Big Brother Watch celebrates its fifth anniversary, the civil liberties organisation has unveiled a new leadership team following the departure of director Nick Pickles, who left the campaign in May this year to join Twitter as the social media site’s public policy manager for the UK.

Emma Carr takes up the role of director with immediate effect while Renate Samson becomes the organisation’s CEO (a newly-created role).

Carr joined Big Brother Watch in February 2012 as deputy director and became acting director in May this year upon Pickles’ departure. Over the course of the last two and a half years, Carr has worked hard to challenge policies that threaten civil liberties, privacy and freedom.

Carr has made an active contribution to the organisation’s research, frequently appearing on national and international television and radio programmes, and actively spreading the ethos of the organisation at conferences around the world.

Emma Carr: the new director of Big Brother Watch

Emma Carr: the new director of Big Brother Watch

As the director of Big Brother Watch, Carr will be overseeing research, media and campaigns.

In the new role of CEO, Renate Samson will oversee Big Brother Watch operations, parliamentary outreach and new projects. The first of these will be a new educational outreach programme designed specifically for those in higher education. Further details about this project will be announced in due course.

Samson has spent the past four years as Chief of Staff to David Davis MP, working on every major civil liberties debate during this Parliament. Samson joins Big Brother Watch with a wealth of contacts and knowledge which will be vital as the campaign expands over the coming years.

Samson will begin her new role later this year after the party conference season has concluded.

In addition, Big Brother Watch researcher Daniel Nesbitt will also be taking on the role of research director. Nesbitt has been with the campaign for 18 months, during which time he has produced high calibre research and appeared as a spokesperson for the organisation in the media.

Leave a comment

Filed under Risk UK News

Poor power quality: don’t take the risk

All types of irregularity in the electricity supply have the potential to impact a given business through its effects on IT infrastructure. In turn, this places both the company’s revenue and reputation at risk. Power supply conditioning is the answer for end users, as Rob Morris explains.

At some point in time most of us have experienced a computer ‘playing up’. Maybe the file we want to access is determined not to open. Perhaps a specific document isn’t printing or the computer’s simply running a lot slower than normal.

Computers in public places – for example card readers and those underpinning supermarket checkouts – can also ‘act up’. Many people will have had a bank card rejected even if they were in the black, or they might have watched the shop assistant wave a product over the scanner without it being added to the transaction.

Not only is this a source of annoyance for the consumer, but it can also be embarrassing as well. Will the customer who has been embarrassed want to return to the store in question and risk a repeat performance? Let’s not forget, either, the resultant frustration experienced by customers who had to wait in the queue behind.

What many retailers fail to realise is that this isn’t just a case of the till or Chip and PIN machine malfunctioning. It could actually be due to the electricity coming through the line. The power emanating from the grid may have been reliable enough for computers and other electronics in the past but, as equipment such as this becomes more sophisticated, it also becomes more sensitive to variations in the power supply.

All types of irregularity in the electricity supply have the potential to impact a given business through its effects on IT infrastructure

All types of irregularity in the electricity supply have the potential to impact a given business through its effects on IT infrastructure

Poor quality power can be something as big as a power cut or something entirely unnoticeable (such as a small surge or ‘spike’). Either way, all types of irregularity in the electricity supply have the potential to impact a given business through its effects on IT infrastructure. In turn, this places both the company’s revenue and reputation at risk.

What is poor power quality?

The electricity that comes from the grid isn’t always reliable. Sometimes this can be obvious, for example during a power cut. However, such events are rare. Smaller variations are much more common. Some of these variations – the power surges that blow fuses and dips that cause the lights to flicker – are less visible. Often, though, the problems caused by poor power quality are seemingly invisible.

Tiny variations in electricity can cause IT systems to be disturbed but rarely are the problems attributed to power quality. In a restaurant, for example, food orders may be lost or incorrect. If situations like this happen regularly, it might be easy to blame the Electronic Point of Sale (EPoS) system.

Not only is the power that comes from the grid unreliable, but disruption can also result from equipment already inside the building. In a restaurant, it could be caused by the flash freezers. In a supermarket, cardboard crushers may bring about variations in the power. Even a printer can send tiny surges through the power lines which serve to wear away components in other electricals.

Poor power quality manifests itself in three ways commonly known as ‘The 3 Ds’ of power quality:

Destruction
While big surges blowing up circuits might seem like something from a cartoon, there’s a distinct possibility of this occurring in real life. When a fuse blows, it’s because the electricity flowing through it generated enough heat to melt it. The design aims to protect vital equipment from power surges but it’s often the case that damage has already been done before the fuse melts.

Retailers don’t need to risk their reputation with poor power quality. Some have already seen the benefits of back-up power supplies and surge diverters

Retailers don’t need to risk their reputation with poor power quality. Some have already seen the benefits of back-up power supplies and surge diverters

Degradation
Smaller spikes don’t create the same instant damage associated with a big surge. Instead, they slowly erode internal components over time. It’s a process that eventually leads to complete failure of the component or the device.

Disruption
Computers try to interpret these tiny variations as genuine instructions that may have originated from the user. The computer then makes incorrect decisions, perhaps in terms of which items should be added to an order. It might appear to be a bug but no bug will be found. The users might ignore these symptoms once they temporarily disappear.

Poor power quality: its effect on IT systems

It’s clear that if there is a power cut, the tills and card readers will not work. The automatic doors to a store will not open. While wreaking havoc with the system, less visible variations may damage any electrical equipment on a gradual basis. Small electricity spikes can wear away the components inside the system over time, eventually leading to their ultimate failure.

In the case of tills in restaurants, they will mistake these small spikes as genuine orders that the server has orchestrated or try to interpret the spikes before discarding them. Not only can this lead to incorrect transactions, but it also makes the EPoS system work harder than is necessary and may result in system overheating. Like a laptop that cuts out when it overheats, overworked electrical systems can fail instantly.

This overworking also shortens the lifetime of the equipment and increases the cost to the user.

What amplifies the situation is that the busier the retail outlet becomes, the harder it is for the electrical system to work correctly. It places greater pressure on the equipment, in turn creating further problems.

It may not be obvious but events such as the live broadcast of Barclays Premier League matches in pub-restaurant chains can affect the quality of power each outlet receives. If you’ve ever noticed your lights flicker after a critical episode of your favourite soap, this is down to lots of people drawing on electricity by flicking on the kettle or flushing the toilet. This causes a dip in the electricity received by your home. To cater for this increased demand, National Grid generates additional electricity, sending a surge through power lines.

This flux in electricity can happen on a local scale. During half-time of a football match, fans making a rush for the bar can cause similar power issues. Opening fridges, using tills and card readers all require electricity. These dips and surges cause the IT system to act up, and the increased pressure on the system then amplifies the problem. For a pub-restaurant that’s expecting a football match to bring in a lot of revenue, the ‘power problem’ places immediate revenues at risk in tandem with future revenues if reputational damage comes into play.

Power conditioning: why it’s important

Retailers don’t need to risk their reputation with poor power quality. Some have already seen the benefits of back-up power supplies and surge diverters. These alone, however, are not enough. To fully protect the business, managers ought to control the power scenario with the aid of power conditioning.

Put simply, businesses risk their revenue, equipment and reputation by not appreciating the damage poor power quality might realise

Put simply, businesses risk their revenue, equipment and reputation by not appreciating the damage poor power quality might realise

At the very least, power conditioning should include the following key elements:
• Surge diverter to direct large surges away from the system
• Noise filter to remove small variations (similar to static) from the power
• Voltage regulator which prevents the smaller dips and spikes from reaching vital equipment
• Back-up power in the event of a power cut

RST is one of the largest resellers of EPoS systems in the UK and Ireland, with the company installing and maintaining thousands of units on an annual basis. On occasion, though, customers often found they experienced problems with the EPoS systems, particularly when a given retail outlet was busy.

RST relates the story of one of its customers – a hotel also serving as a venue for large-scale events during the summer. Staff found that their EPoS terminals wouldn’t work properly during these events. From time to time this was something that could have been put down to human error, like an item being incorrectly added to the bill. Often, the cause was more serious.

Food orders were not correctly transmitted to the kitchen, restaurant tabs were not synced with the room bill or the terminals failed completely. Initially, at least, it appeared as though there was a problem with the whole Electronic Point of Sale system.

“The members of staff thought there was a problem with the EPoS equipment,” explained Neil Bradley, RST’s managing director, “but having seen this same situation arise many times over the years, we knew it was the power.”

Understandably, end users are sceptical when told poor power is at the root of their problems. Poor power quality is a problem about which not many individuals are fully aware. Power cuts are visible and recognisable by everyone. Small spikes which erode internal components, though, are a hidden part of the power problem. When equipment does eventually fail, it’s difficult to identify the cause.

As an organisation, RST has now been using power conditioning equipment for over a decade. Witnessing its customers’ problems disappear after power conditioning equipment is installed in EPoS units, the company is totally convinced of ‘the power of power conditioning’. In fact, RST is so convinced that power conditioning will resolve the problems it actually installs the necessary equipment required by end user customers free of charge. Once the customer is also convinced of the benefits, RST would then look to charge for the service.

What effect does power conditioning realise?

As customers of RST have seen, power conditioning equipment can prevent the effects caused by power cuts, surges and dips. Keeping the electrical equipment in working order helps to maintain revenues. By reducing engineer call-outs and the need for replacing broken equipment, power conditioning has the potential to save further costs.

For a typical piece of electrical equipment, the cost of ongoing repairs and maintenance is between 4%-8%. We often find that this drops by up to 88% once the equipment has been protected by power conditioning units. Even more impressively, some power conditioning end users find their return on investment is as high as 1,148%.

Unreliable power might conjure up images of generators in rural areas that provide intermittent power. In reality, the power that comes from the grid is not reliable enough for the equipment we use on an everyday basis. At home, your computer might start to malfunction. It may well be fine after it has been restarted and it’s likely we would forget about the situation. We might work out that the computer ‘goes awry’ every time we print something, but most people would never think the printer sends small power surges through their home capable of damaging the computer.

Electrical equipment is prone to malfunctioning. We could easily find ourselves with warm beer and the wrong food order in a pub restaurant, but rarely does the company’s management recognise that this could be caused by the power. This is partly due to the hidden nature of power problems. A power cut is very obvious. Even large surges might be noticed if they melt a fuse or fry a circuit board.

More often, though, small spikes and dips in the power go unnoticed. Lights might flicker, but the damage done to the internal components of a computer cannot be seen. It’s likely that any damage will only be noticed when the computer starts to act up or fails completely. If this happens in a retail environment, the damage to revenue and reputation may have already been done.

Businesses can protect themselves against the risk to their revenues and reputation by installing power conditioning units. As an end user, RST has already seen the benefits of power conditioning. The organisation’s customers had suffered from unreliable EPoS systems but the problems disappeared once power conditioning units were installed. Importantly, the company is now convinced that poor power quality is something that can be managed effectively.

Power conditioning eliminates the problems caused by poor power quality and can also provide an excellent return on investment.

Put simply, businesses risk their revenue, equipment and reputation by not appreciating the damage poor power quality might realise.

Rob Morris is country manager at Powervar UK

Leave a comment

Filed under Risk UK News

“Fraudulent employment applications at record high” warns CIFAS

In the first half of 2014, over half (63%) of all confirmed frauds recorded to the CIFAS Internal Fraud Database were Employment Application Frauds: frauds where job applicants have made serious fraudulent declarations about employment history, qualifications, criminal records and so on.

This is in keeping with the trends recorded during the previous year and, states CIFAS, underlines how vital it is for applicants to understand that telling lies in an application is far from harmless or acceptable. In fact, applicants who submit false or exaggerated information run the risk of dismissal and – in worse case scenarios – the possibility of criminal charges.

The scale of the fraud also shows that organisations are running more stringent checks now than ever before.

While it is of concern that there are increasing numbers of individuals who are turning to fraud in order to gain employment, it’s encouraging that the proportion of applicants who were unsuccessful remained high (at 79%). This means that organisations are sifting these out before there’s any chance of financial, reputational or regulatory damage being done.

In the first half of 2014, over half of all the confirmed frauds (63%) recorded to the CIFAS Internal Fraud Database were Employment Application Frauds

In the first half of 2014, over half of all the confirmed frauds (63%) recorded to the CIFAS Internal Fraud Database were Employment Application Frauds

The most common reason for recording unsuccessful Employment Application Frauds was the concealing of adverse credit history when the position (frequently in financial services) has a regulatory requirement of a clean credit and financial history. For successful Employment Application Frauds, however, the main reason was the concealing of unspent criminal convictions. This is likely to be due to the time lag between an individual accepting a job and the relevant vetting and Disclosure and Barring Service (formerly CRB) checks to be completed and returned to the new employer.

Fraudulent declarations “can have very serious consequences”

CIFAS CEO Simon Dukes commented: “While competition for jobs is fierce, the temptation to lie in order to make an application or CV stand out might seem appealing. However, fraudulent declarations regarding qualifications, employment history and experience, etc can have very serious consequences. Not only might it lead to dismissal when discovered, but if an applicant finds him or herself in a position for which they are not suitable due to a fraudulent declaration then they can cause financial damage to an organisation and lead it towards reputational and regulatory trouble as well.”

Dukes concluded: “Organisations have long been expected to verify the details given to them by customers. They have now come to recognise that they also need to apply those same standards to prospective employees. For applicants, then, it really is better for them to be honest rather than trying to mislead as this could merely land them in bigger trouble as a result.”

Leave a comment

Filed under Risk UK News

Kroll Ontrack issues new version of proprietary Remote Data Recovery software

Kroll Ontrack – the provider of data recovery services and e-discovery – has announced the availability of a new version of its Ontrack® Remote Data Recovery™ (RDR®) software.

RDR is a patented, proprietary service that provides a fast and secure solution for data loss situations. Using the new version of RDR, Ontrack Data Recovery engineers can work more efficiently on a specific data loss problem, saving valuable time for host businesses during the data recovery process.

With the Ontrack RDR software solution, security of customer data is maximised because the data recovery can be performed without a hard disk or other storage device leaving an enterprise’s data centre.

Specifically, a secure remote Internet connection is established between the customer and Kroll Ontrack, allowing Ontrack Data Recovery engineers to recover from media at the customer’s site with proprietary data recovery tools.

As a result, Ontrack Data Recovery engineers gain full access to individual disks, RAID systems, virtual machines, SANs or LUNs on a remote basis, in turn saving the customer significant time because shipping drives to a given Kroll Ontrack data recovery lab is eliminated.

RDR is a patented, proprietary service that provides a fast and secure solution for data loss situations

RDR is a patented, proprietary service that provides a fast and secure solution for data loss situations

Ontrack Data Recovery specialists can also pool from its global network of engineers when performing a remote job to maximise resources and knowledge-sharing and successfully complete the task at hand.

Efficient data recovery with total security

The new release of Ontrack RDR makes installation of the software far easier. All necessary Windows system drivers required for installation are included in the set-up package. The machine no longer needs to be rebooted post installation.

Furthermore, during the installation process, the Ontrack RDR software detects all required connection settings automatically without the need to set the IP address, DNA server name or HTTP switch on a manual basis.

“In many data recovery cases, including servers with a damaged drive, there’s no need to disassemble complex storage systems and send a hard disk to one of our data recovery labs,” said Phil Bridge, managing director at Kroll Ontrack.

“Within minutes, customers can instead attach the working drives to a running computer system via Ontrack RDR software. We’re the only data recovery provider using our own software for this service. Data is not exposed to any third party entities. Security is paramount, so too an efficient data recovery service.”

Ontrack RDR supports Windows XP through Windows Server 2012 for remote data connections. Additionally, the new version offers support for recoveries of NetApp, VMware, EMC, HP, Dell and many other SAN/NAS systems.

For more information on Kroll Ontrack’s remote software and service visit: http://www.krollontrack.co.uk/data-recovery/data-recovery-process/remote-data-recovery/

About Kroll Ontrack

Kroll Ontrack provides technology-driven services and software to help legal, corporate and Government entities and consumers manage, recover, search, analyse and produce data efficiently and cost-effectively.

In addition to its award-winning suite of software, Kroll Ontrack provides data recovery, data destruction, electronic discovery and document review. For further detail visit: http://www.krollontrack.co.uk

Leave a comment

Filed under Risk UK News

ONVIF launches education and enforcement programme to ensure product conformance

ONVIF – the global standardisation initiative for IP-based physical security products – is launching a proactive education and enforcement campaign designed to ensure that all claims made in relation to ONVIF conformance by the manufacturers of IP-based physical security products are valid.

The education and enforcement initiative aims to further protect the ONVIF brand and monitor ONVIF’s copyrights, trademarks and logos on an ongoing basis. The campaign will also help further educate the solutions development community about the specific requirements of compliance and their ability to advertise individual products as being conformant with ONVIF standards.

The only method of determining a product’s conformance is through a listing on the ONVIF website, where conformant products can be easily searched using a variety of criteria. An entry on the ONVIF website signifies that the product has undergone ONVIF’s comprehensive testing and conformance process, and has been individually certified by ONVIF as conformant.

There are currently more than 3,300 individual conformant products listed on the site: http://www.onvif.org

The education and enforcement initiative aims to further protect the ONVIF brand

The education and enforcement initiative aims to further protect the ONVIF brand

“We recognise that, going forward, the credibility of the ONVIF brand is crucial to the success of the standard and the organisation,” explained Per Björkdahl, chairman of ONVIF’s Steering Committee. “Therefore, we take the protection of this brand very seriously. Our specific objective with this enforcement campaign is to reinforce to the market that the ONVIF name continues to represent interoperability.”

New grade of membership

To augment these efforts, earlier this year ONVIF introduced a new level of membership to provide access to the ONVIF test tool which is used for testing the validity of product conformance.

This Observer membership level allows consultants, systems integrators and media organisations to individually validate the conformance of a specific product to a particular ONVIF Profile.

“As a member-driven organisation we rely very heavily on the efforts of our members to help us develop policies and procedures that ensure the success of ONVIF, both for its members and for the industry at large,” said Stuart Rawling, vice-chairman of the ONVIF Communication Committee. “We encourage anyone who suspects false claims are being made around a given product’s conformance to contact us via e-mail at: help@onvif.org.”

Further information about ONVIF conformant products (including details of vendors and conformant models) is available on the ONVIF website: http://www.onvif.org

Leave a comment

Filed under Risk UK News

National BIM Library works with Boon Edam to host access control solutions range

Following the successful introduction of its Tourniket and Crystal Tourniket revolving door models earlier this year, Boon Edam has now launched its second phase of BIM objects.

Building Information Modelling (BIM) is a process involving the generation and management of digital representations of the physical and functional characteristics of places.

Building Information Models (BIMs) are files (often but not always in proprietary formats and containing proprietary data) which can be exchanged or networked to support decision-making on a given location.

Current BIM software is used by individuals, businesses and Government agencies who plan, design, construct, operate and maintain diverse physical infrastructures from water, waste water, electricity, gas, refuse or communication-focused utilities through to roads, bridges and ports, houses, apartments, schools, shops, offices, factories, warehouses and prisons, etc.

The UK Government has outlined that the use of BIM will be mandatory on all public sector projects from 2016. The aim is to streamline the construction process and cut back on both project and carbon costs by using BIM to predict and reduce errors throughout the different stages of the design process.

Boon Edam is BIM ready

Boon Edam is BIM ready

Working with The National BIM Library to create and host its range of BIM products, the most recent release from Boon Edam incorporates security doors and pedestrian speed gate product ranges. In total, 18 BIM objects produced by the company are now available for download.

Since the announcement of mandatory BIM projects from 2016, there has been an increasing pressure on architects and contractors to adopt BIM within their own design process. Statistics from the NBS National BIM Report 2014 reveal that over 50% of respondents aware of BIM are already actively using it for projects, with a massive 93% stating they plan to be using BIM by 2016.

On that basis, it became essential for Boon Edam to ensure its product range was made readily available in BIM format, in turn allowing architects and contractors easy access to relevant manufacturer objects for use in their BIM projects.

Boon Edam is focused on its clients, and consistently works together with customers to ensure the correct products are specified at design stage for each individual project.

A team of specification managers is always on hand to work together with architects and contractors and ensure the use of Boon Edam objects in BIM-centric projects is a simple and smooth process.

Leave a comment

Filed under Risk UK News