Issue #5

Summer 2014

Produced with
the kind
support of

&

THE SINGULARITY IS NIGH

elcome

Whats The ASCII For

Wolf?

SQL Server
2014
Powerful database
functionality, available
to small and midsize
organisations

When is a number not a number? When

its a placeholder. When its zero. Zero
being precisely the number of recorded
instances of harm befalling a human as a
result of actual real world exploitation of
the Heartbleed vulnerability.

Molly Wood writing about Heartbleed in the business section

SJXLI2I[=SVO8MQIWSRXL%TVMPSFWIVZIH[MXL
regret that what consumers should do to protect their own
information isnt clear, because security experts have
SJJIVIHGSRMGXMRKEHZMGI%HHMRKXLEXHIWTMXIXLIL]TI
there is no evidence it has been used to steal personal
MRJSVQEXMSR;IYRHIVQMRIHTYFPMGXVYWXERHGSRHIRGIMR
the Internet; and in ourselves.

Heartbleed was a vulnerability. Not a risk. As professionals,

we know that risk is a function of an indivisible compound of
vulnerability with threat. We further know that threat itself
is a function of a further indivisible compound of an attacker
with both the capability and the intent to act on their
nefarious desires. A vulnerability in the absence of threat is
not a risk. Prior to the media storm visited needlessly upon
the world, few if any, including the threat actors, even knew
of its existence.

What we do is important because the systems we are

VIWTSRWMFPIJSVWIGYVMRKERHQEREKMRKEVIMQTSVXERX8LI]
are the beating heart of the Internet and this is the nervous
W]WXIQSJXLIG]FIVTLIRSQIRSR8LI-RXIVRIXEPSRIMWSJ
societal, if not existential, importance. Cyber is transformative.
Without us, or at least without some of us, the world would
be less safe and less secure than it is. However, it needs to
be safer and more secure than it is. More of us need to do
a better job.

Heartbleed was real. A serious vulnerability to an important

web service. Limited exploitation of the vulnerability had the
TSXIRXMEPXSIREFPI[VSRKHSIVW[MXLWYJGMIRXMRXIRXERH
capability to do harm to individuals. Unchecked exploitation
would certainly have temporarily dented trust in the Internet.
4VSPSRKIHSVQEWWMZIRERGMEPPSWWEWEVIWYPXSJWMKRMGERX
exploitation could have had serious macro-economic or
social consequences and might even have damaged public
XVYWXERHGSRHIRGIMRXLIEHZMGISJ-8ERHG]FIVWIGYVMX]
experts. It demanded a serious, thoughtful, considered,
measured, balanced, co-ordinated, proportionate and
professional response from these experts. Which is precisely
the opposite of what happened.

8LIRIXIJJIGXSJ,IEVXFPIIHXLIVIEPGEXEWXVSTLILEW
FIIR]IXERSXLIVWIPJMRMGXIH[SYRHXSXLIEPVIEH]FEHP]
damaged credibility of the community of security experts.
We cannot sustain many more of these injuries before the
credibility of our community as a whole falls victim to our
seemingly suicidal instincts.
If we want to be taken seriously and treated as professionals,
its time we started to behave like professionals. We need
XSWXSTGV]MRK[SPJERHWXEVXKMZMRKERW[IVWXSXLIHMJGYPX
questions we have been avoiding for far too long. How do
we actively enable cyber democracy?
It is now time to start the process of moving towards the
creation of a professional governance body with the same
kind of power and status as, for instance, the Law Society or
the General Medical Council. Embracing willingly and freely all
of the consequences around regulation, licensing and liability
XLEXXLMW[MPPFVMRK8MQIXSWXSTGV]MRKG]FIV[SPJ8MQIJSV
XLIWREOISMPQIVGLERXWXSRHERSXLIV;MPH;IWX

;IXLIGSQQYRMX]SJ-8ERHG]FIVWIGYVMX]I\TIVXW
turned the volume up to eleven on this one. Us, not the
bad guys. As experts, we competed to command ever
more extravagant hyperbole. In concert, we declared this
catastrophic. In a post Snowden world it was inevitable
that the dark ink of conspiracy theory would cloud the story
as fast as the Internet could carry it. And yet, nothing bad
actually happened. We rushed to spread fear, uncertainty and
HSYFXMRORS[MRKHIERGISJXLIEZEMPEFPIIZMHIRGI4IVLETW
because of the absence of evidence.

Colin Williams, Editor

We did succeed in scoring two own goals. Firstly, we

needlessly spread fear, uncertainty and doubt. Arguably
far more effectively than anyone other than the most
sophisticated attacker could have done. Secondly, we gave
further credence to the growing sense that this is all we can
HS8LIVIMWEZMI[HERKIVSYWERHQMWXEOIRFYXRSRIXLIPIWW
credible and growing, that we turn the volume up to
eleven to crowd out the silence of our own ignorance and
incompetence.

As your business grows so do the demands you place on the databases that help run your
organisation. Whether for inventory, online sales transactions, or customer management, a
slow-performing or unavailable database can create bottlenecks in the way your employees
do their jobsand cause your customers to take their business elsewhere.

stop crying wolf!

Speed up applications and reduce downtime with the most widely used database in the
world.
Find out how SBL can help you upgrade and save.
Call 01347 812100 or visit www.softbox.co.uk/microsoft

3
SBL Recommends Microsoft Software

CONTENTS
10

14

STUDENT
SHOWCASE

03

Welcome

05
07

Flash Fiction Competition

5 Reasons To Be Paranoid About Internet Safety

08

Cybercrime: The Still Important Role Of Education

In A Fight We Can Never Win

Colin Williams

(V(EZMH(E]

(IRMW)HKEV2IZMPPI

09

20

26
ADVERTORIAL

41

48

Andrew Cook

DEPUTY EDITORS
Natalie Murray
8MRIOI7MQTWSR

SUB -EDITORS
8SQ,SSO
Ed Mallows

ADVERTISING
CO - ORDINATOR

11

Open Or Closed Source Security Protocols

13

Culture and Cyber Behaviors: The Role Of Culture

14

Cyber Security & Capitalism 6.0

18

Spear Fishing and Pirates:

A Guide To Staying Safe In The Cyber Sea

20

Meat The Machine

26

A Campaign To Make Every Day

Online Behaviour Safer

&PEOI1EVOLEQ

Halidu Abubakar

(V'LEV7EQTPI
(V%RHVI/EVEQERMER
Magnus Wakander

Colin Williams

29
30

Call For Articles

The Rise And Fall Of Edward The Confessor

33

Who Wants Stovepipes?

37

The Road To Competency

41

I,Human

48

The IA Practitioners Event 2014 Review



Alamanac of Events

Andrew Cook

EVENTS

ART DIRECTOR &

DIGITAL EDITOR

Cyber Security Responses To Counterfeit Goods

Cyber Streetwise

50

8MQ;EXWSR
Colin Williams

10

Andrew Fitzmaurice

REVIEW

EDITORS

Encouraging More Women In Computing

National Museum of Computing

(V-ER&V]ERX

(V2ERG]1IEH

CONTRIBUTORS

Halidu Abubakar
(V-ER&V]ERX
Andrew Cook
(V(EZMH(E]
(IRMW)HKEV2IZMPP
Andrew Fitzmaurice
8SQ,SSO
(V%RHVI%VE/EVEQERMER
&PEOI1EVOLEQ
(V2ERG]1IEH
(V'LEV7EQTPI
(V(ER7LSIQEOIV
Magnus Wakander
Colin Williams

8SQ,SSO

SPECIAL THANKS

8LI2EXMSREP1YWIYQSJ'SQTYXMRK
8LI9/,SQI3JGI']FIV7XVIIX[MWI'EQTEMKR

DESIGN

)PPIR0SRKLSVR(IWMKR
www.ellenlonghorndesign.co.uk

CONTACT US

General enquiries:   

Editorial enquiries:  
Email: cybertalk@softbox.co.uk
Web: www.softbox.co.uk/cybertalk
cybertalkmagazine

$']FIV8EPO9/

']FIV8EPOMWTYFPMWLIHXLVIIXMQIWE]IEVF]7&07SJX[EVI&S\0XH 
Nothing in this magazine may be reproduced in whole or part without
XLI[VMXXIRTIVQMWWMSRSJXLITYFPMWLIV%VXMGPIWMR']FIV8EPOHSRSX
RIGIWWEVMP]VIIGXXLISTMRMSRWSJ7&0SVMXWIQTPS]IIW;LMPWXIZIV]
IJJSVXLEWFIIRQEHIXSIRWYVIXLEXXLIGSRXIRXSJ']FIV8EPOQEKE^MRI
MWEGGYVEXIRSVIWTSRWMFMPMX]GERFIEGGITXIHF]7&0JSVIVVSVW
misrepresentation or any resulting effects.
)WXEFPMWLIHMR[MXLELIEHUYEVXIVWMR=SVO7&0EVIE:EPYI%HHIH
-86IWIPPIV[MHIP]VIGSKRMWIHEWXLIQEVOIXPIEHIVMR-RJSVQEXMSR
7IGYVMX]7&0SJJIVWEGSQTVILIRWMZITSVXJSPMSSJWSJX[EVILEVH[EVI
services and training, with an in-house professional services team
IREFPMRKXLIHIPMZIV]SJEGSQTVILIRWMZIERHMRRSZEXMZIVERKISJ-8
solutions.
']FIV8EPOMWHIWMKRIHF])PPIR0SRKLSVR(IWMKR
and printed by Wyndeham Grange plc.

COMPETITION
CyberTalk magazine supports and promotes the best cyber narrative writing
from around the world, including emerging writers and exciting new voices.
As part of this, we want to seek out and celebrate the most skilled and
creative new writers in our next edition.
We invite both amateur and professional writers to demonstrate their skill in short-story
writing by entering the CyberTalk Flash Fiction Competition, for a chance to
WINHMHU[HZ[PJWYPaLHUKILYLJVNUPZLKHZHUL_JP[PUN[HSLU[PU[OLZJPLUJLJ[PVUNLUYL
The winning entry will be published in full in the next issue of CyberTalk,
the Sci-Fi Issue, and also online at www.softbox.co.uk/cybertalk.
>LYLZLLRPUNL_JLW[PVUHSZOVY[Z[VYPLZIHZLKVU[OL[OLTLVM*@),9
;OPZ[OLTLJHUILPU[LYWYL[LKPUHU`^H`[OH[PUZWPYLZ`V\
Stories should be a maximum of 1,500 words and must be submitted to
cybertalk@softbox.co.uk by midnight on 1st August 2014.
Good Luck!

'SPPIIR6SFIVXWSR

Copyright 2014 VMware, Inc.

Business is
always changing.
Make sure your
data center
is always agile.
The
Software-Dened
Data Center.
VMwares software-dened data center delivers
unprecedented levels of agility, exibility and
choice, by extending virtualization to all data
center resourcescomputing, storage, network
and securityand by automating management.
So businesses can deploy applications when and
where they need them on any device, in minutes,
not days. Its IT for the mobile cloud era.

vmware.com/sddc

* 5 reasons
to be paranoid about
internet safety
(V(EZMH(E]
7LIJIPH,EPPEQ
8LIQSVIMRXIVRIXETTPMGEXMSRW
University
we use, the greater attack
opportunities we present to
an aggressor. Moreover, in
many instances the standard of
security used when creating web
1. Avoid social media overload
applications is astonishingly poor,
&IGSQIQMRHJYPSJXLIEQSYRXSJMRJSVQEXMSR
with an applications functionality
you reveal about yourself. Malicious parties have
commonly placed above its safety.
sophisticated tools and methods to correlate all the

As security professionals, its

MRGVIEWMRKP]HMJGYPXXSOIIT
up with the escalating number
of new vulnerabilities. We can
make an environment a lot more
secure, but in terms of making the
Internet completely safe, the odds
are well stacked against us. Were
also depending on others to stay
alert for the vulnerabilities we
LEZI]IXXSEHHVIWW,IVIEVIZI
top tips to help you do that:

information about you from many different sites

VIJIVVIHXSEWHS\MRK &IEXXIRXMZIXS]SYVTVMZEG]
settings on social media accounts such as Facebook,
but also be aware that information posted online has
E[E]SJKIXXMRKSYXVIKEVHPIWW8LMROZIV]GEVIJYPP]
before you post information which can either be used
against you, or to impersonate you.

4. Dont be a victim of malware

:MVYWIW[SVQWXVSNERWWT][EVIEH[EVIVERWSQ[EVI
rootkits, rats and keyloggers are just some of the
HMJJIVIRXX]TIWSJQEPMGMSYWWSJX[EVI8LIQSWXPMOIP]
way one of these will affect you is if you open an
attachment when you either dont know what it is, or
you dont know who or where it is from. If you cant
EYXLIRXMGEXIXLIWSYVGISJXLIPI[MXLGIVXEMRX]ERH
EPWSGERRSXGSRVQXLIEXXEGLQIRXSVPIMWWEJIXLIR
simply delete it. Even if its from someone you know,
and you can verify it is indeed them, can you also be
sure that they know what they have sent you?

2. Recognise Phishing
Never give your personal information to anyone
unless you completely trust them and are absolutely
sure they are who they say they are. Further, dont
VIP]WSPIP]SRXLITLMWLMRKPXIVW]SYQE]LEZISR
your web browser they work by checking web
EHHVIWWIWEKEMRWXIMXLIVORS[RPIKMXMQEXI[LMXI SV
ORS[RQEPMGMSYWFPEGO PMWXW8LIWIPMWXWGERRSXFI
entirely complete and therefore cannot be exclusively
VIPMIHYTSR%PWSQER]PXIVWEVIMRIJJIGXMZIEKEMRWX
960WLSVXIRMRK;LIREWGEQ[IFEHHVIWWLEWLEH
960WLSVXIRMRKETTPMIHXSMXXLVIISVQSVIXMQIWMXW
PMOIP]]SYVTLMWLMRKPXIV[MPPJEMPXSHIXIGXXLEXMXWE
TLMWLMRK960

5. Be careful with BitTorent

3VMRHIIHER]SXLIVPIWLEVMRKW]WXIQ1SWXYWIMX
because they dont want to pay for copyrighted or
commercially licenced material. Putting any discussion
on the morality of that to one side, and not dwelling
on the fact that its improper use can end up with you
facing a serious law suit and/or criminal proceedings,
they are also a perfect way to propagate malware.
If you regularly download pirated media, sooner or
PEXIVYWYEPP]WSSRIV ]SY[MPPIRHYTMRJIGXIH[MXL
malware.

3. Watch out for compromised websites

Many websites have been compromised by a
technique called Cross Site Scripting and the likelihood
is the sites administrators will not even know their
[IFETTPMGEXMSRMWEJJIGXIH8LMWHSIWRXQIER]SYEVI
powerless against it. Your web browser has a number
of settings you can adjust to help protect you. Its
beyond the scope of this article to discuss them all,
but if you are using a modern version of Internet
Explorer then its well worth becoming familiar
with the browsers security tab in internet options,
particularly those relating to scripting.

In summary, be alert and cautious

Paranoia is no bad thing on the internet. And while the
favoured headline may be In cyberspace no one can
hear you scream, this is no longer true. Using remote
access trojans, hackers can take control of your
webcam and mic. So now they cannot only hear you
scream, they can see your face as you do so.

8LMWTMIGISVMKMREPP]ETTIEVIHSR8IPIJSRMGEW-RRSZEXMSR,YF
a global blog on digital tech http://blog.digital.telefonica.com/

ADVERTORIAL

Cybercrime
THE STILL IMPORTANT
ROLE OF EDUCATION IN

A FIGHT WE CAN
NEVER WIN

(IRMW)HKEV2IZMPP
Head, Centre
for Cybercrime
Forensics
Canterbury Christ
Church University

If you can keep your head, whilst all around you are losing theirs you
TVSFEFP]HSRXYRHIVWXERHXLIWMXYEXMSR8LEXWEKSSHWYQQEV]SJVIEPMX]
XSHE]MRXLIKLXEKEMRWX']FIVGVMQI7SQIWSYVGIWRS[TYX']FIVGVMQI
EWFMKKIVMRXIVQWSJQSRI] XLERXLIHMWXVMFYXMSRERHWEPISJEPPJSVQWSJ
MPPIKEPHVYKXVEJGOMRK[SVPH[MHI-XMWGIVXEMRP]VIWTSRWMFPIJSVXLIKVIEXIWX
number of attempted crimes of any type and the problem is growing rapidly.
/EWTIVWO]0EFWVITSVXIHXLEXMRTLMWLIVWPEYRGLIHEXXEGOWEJJIGXMRK
EREZIVEKISJTISTPI[SVPH[MHIIEGLHE]X[MGIEWQER]EWMR
8LI2SVXSR']FIVGVMQI6ITSVXWLS[IHXLEXEVSYRHSRI
million adults become Cybercrime victims everyday, with an average cost to
IEGLSJ

ENCOURAGING
MORE WOMEN IN
COMPUTING

ITS FOOLISH TO BELIEVE

THERE IS ANY SINGLE
MAGIC BULLET TO
COMBAT CYBERCRIME.

8LIVI[EWEXMQI[LIR[SQIR[IVI
a large proportion of the technology
workforce, but now they are
considerably under-represented.
6IGIRXWXYHMIWWLS[XLEXXLI]
represent 17% of the workforce and
that the proportion has not altered
over the past decade.

Its foolish to believe there is any single magic bullet to combat Cybercrime.
Governments around the world have committed massive sums of money to
KLXMRKXLVIEXWXSREXMSREPG]FIVMRJVEWXVYGXYVIFYXXLIOI]UYIWXMSRMW[LIVI
MXWFIWXXSWTIRH]SYVQSRI]#8LIEREPSK]MWXLEX]SYEVIWXERHMRKYRHIVE
XMHEP[EZI[MXLERYQFVIPPEEZIV]KSSHYQFVIPPE FYXHSRXI\TIGXMXXS
keep you dry. If you dont study Cybercrime and Computer Forensics how can
]SYEZSMHIZIV]HE]FIMRKE>IVS(E]4VSFPIQ#-I[LIREREXXEGOSGGYVW
you have to waste considerable time bringing yourself up to speed with the
current state of the technology before you can plan and implement how to
HIEP[MXLXLIEXXEGO 

The team of Kathy Olsson (E2BN), Bob

Usher (LGfL), Chris Monk (TNMOC)
with their BETT award for a History of
Computing.

8LI)YVSTIER9RMSRVIGSKRMWIHXLIMRGVIEWMRKXLVIEXXSXVEHIERHXLI
personal well-being of EU citizens with the EU Convention on Cybercrime
MR&YHETIWXSRVH2SZIQFIV8LMW[EWSRISJXLIVWXJSVQEP
WXEXIQIRXWGPEVMJ]MRKXLIREXYVISJXLI']FIVGVMQIXLVIEX7MRGIXLI)9
has funded a number of development, research and training initiatives most
VIGIRXP]YRHIVXLI-7)'4VSKVEQQI8LMWLEWRERGIHXLIGVIEXMSRSJREXMSREP
'IRXVIWSJ)\GIPPIRGIWXEVXMRK[MXLXLI'IRXVI4VSNIGXMR-VIPERHERH*VERGI
ERHMRXLIPEWX]IEVW[MXLGIRXVIWMREVERKISJSXLIVQIQFIVWXEXIW1]
S[RMRZSPZIQIRXMWFEWIHSRSYV[SVOPIEHMRKXLI)')286))RKPERHW
']FIVGVMQI'IRXVISJ)\GIPPIRGIJSV8VEMRMRK6IWIEVGLERH)HYGEXMSR TVSNIGX
QMPPMSRSZIVQSRXLWMRZSPZMRK9/9RMZIVWMXMIWGSQTERMIWERH
XLI'SPPIKISJ4SPMGMRKMRXLI9/ 8LMWTVSNIGXFIKERMR(IGIQFIVERH
GSRGPYHIWMR%YKYWX-XMRGPYHIWQENSVXVEMRMRKERHWOMPPWYTHEXMRKJSVPE[
IRJSVGIQIRXMRXLI9/)9ERHFVMRKWXSKIXLIVXLIXLVIIMQTSVXERXEVIEWSJ
law enforcement, commerce and the university sector. Each of these areas
brings valuable expertise, experience and opportunities to help educate and
defend organisations and individuals from the developing threat of Cybercrime.
8LIGSSTIVEXMSRSJWYGLREXMSREPGIRXVIWMWMQTSVXERXERHXLIGVIEXMSRSJ)'
XLI)YVSTIER']FIVGVMQI'IRXVI [MXLMR)YVSTSPSR.ERYEV]TVSZMHIW
EQENSVI\GLERKIJSVMRJSVQEXMSRERHNSMRXMRMXMEXMZIW&YXF]GSQTEVMWSR[MXL
the problem these initiatives are small.

8LI2EXMSREP1YWIYQSJ'SQTYXMRKWIIWXLMWMQFEPERGI
VIIGXIHMRXLIGSQTSWMXMSRSJZMWMXMRKWXYHIRXKVSYTW
8SXV]XSGSYRXIVMXPEWX]IEV(EQI7XITLERMI7LMVPI]-8
entrepreneur, opened the Museums Google-sponsored
Women in Computing gallery which highlights the role of
[SQIRMR-8SZIVXLIHIGEHIW
2S[XLI&)88E[EVH[MRRMRKXIEQSJ8213'XLI
0SRHSR+VMHJSV0IEVRMRK0+J0 ERHXLI)EWXSJ)RKPERH
&VSEHFERH2IX[SVO)&2 XLEXGVIEXIHE,MWXSV]
of Computing is planning an online video resource for
schools to use to encourage more female students to
take up computing as a career.
Like a History of Computing, the Women and Computing
VIWSYVGIMWI\TIGXIHXSFIEZEMPEFPIXS9/WGLSSPW
connected to the National Education Network.
8LI;SQIRERH'SQTYXMRKVIWSYVGI[MPPMRGPYHIER
interactive timeline highlighting the role of women in
GSQTYXMRKEGVSWWXLIHIGEHIWWXEVXMRK[MXLXLI
STIVEXSVWSJ'SPSWWYW8LIVIWSYVGI[MPPEPWSI\TPSVIXLI
past and current challenges that women face in entering
the industry and the changing social context of the past
WIZIRHIGEHIW6SPIQSHIPW[MPPJIEXYVIWXVSRKP]XSKMZI
XLIGSQMRKKIRIVEXMSRXLIGSRHIRGIXSORS[XLEXXLI]
can play a major role in computing.

In front of the WITCH computer at

TNMOC, Bob Usher of LGfL and Kathy
Olsson of E2BN note the high number
of women training to use the WITCH
computer at Wolverhampton in the
1960s

-KEZIETVIWIRXEXMSRXSEQIIXMRKSVKERMWIHF]XLI9/*SVIRWMG7GMIRGI
7SGMIX]MR*IFVYEV]ERHHYVMRKETERIP5
%MX[EWFVSYKLXLSQIXSQINYWX
LS[HMJGYPXXLIKLXEKEMRWX']FIVGVMQIMW8LIVILEHFIIREHMWGYWWMSRSR
HEXEPSKKIVWEHIZMGIXLIWM^ISJETIRGET[LMGLGERFIMRWIVXIHFIX[IIR
a keyboard and computer to record all key depressions and hence be
YWIHXSWXIEPTEWW[SVHWERHSXLIVTIVWSREPHEXE 8LIWIHIZMGIWLEZIFIIR
commercially available for over ten years. I asked the audience of over a
hundred participants if they had ever checked to see if such a device was
GSRRIGXIHXSXLIMVGSQTYXIV3RP]X[STISTPILEHIZIVPSSOIH8LIRMX
occurred to me that even when the threat of this problem had been discussed
with the audience at this event, it was very unlikely anyone would from now
on regularly check their systems. Even when we know such threats exist,
[IHSRSXI\TIRHXLIIRIVK]XSTVSXIGXSYVWIPZIWEKEMRWXXLIQ8LIVIEVI
hundreds of things we might reasonably look for when turning on a machine.
8LIIUYMZEPIRGISJEREMVPMRITMPSXWGLIGOPMWXFIJSVIXEOISJJQMKLXLIPTFYXMX
would completely change the utility of using computers.

7GLIHYPIHJSVVIPIEWIMR;SQIRERH'SQTYXMRK
MWI\TIGXIHXSGSRXEMREFSYXZMHISGPMTWHIWMKRIH
for easy and rapid access by teachers for use in the
classroom and be a valuable resource incorporating
GYVVMGYPYQWYTTSVXQEXIVMEPJSV/I]7XEKIWXS

See www.tnmoc.org for further developments. Also

on Facebook, Google+ and Twitter.

8LMWMW[L][IGERRIZIVVIEPP][MRXLMWKLXEKEMRWX']FIVGVMQI,S[IZIV
deciding not to educate yourself, and reduce the effort of recovering from
attacks, is the path to losing and spending a lot of money!

The-National-Museum-of-Computing
@tnmoc
The National Museum of Computing




STUDENT
SHOWCASE

Open or Closed
source security
protocols

Cyber Security
Responses
to Counterfeit Goods
&PEOI1EVOLEQ
University
of Warwick

I am currently a Cyber Security and Management student at the

University of Warwick. Prior to me joining the course I studied
at undergraduate level in a computer-related discipline. However,
my father and I started building computers from when I was very
young and I used this to discover how they work. I now focus my
efforts on being able to both secure and exploit these systems.
8LMWLEWHIZIPSTIHMRXSELSFF]ERH-LEZIWMRGII\TIVMQIRXIH
with exploiting wireless technology and poorly coded web forms
by performing SQL injection attacks, granting root level access to
the web servers. I have also managed to simulate exploiting the
secure sockets layer, intercepting https communication utilising a
QERMRXLIQMHHPIEXXEGO8LIVIGIRX,IEVXFPIIHFYKLEWSRP]VI
IRJSVGIHXLIMWWYI[IQYWXEWWYQIXLEXRSXLMRKMW WIGYVI
Many of the skills I have acquired are self-taught, that combined
[MXLQ]IHYGEXMSRLEWIREFPIHQIXSI\GIPMRQ]IPH-EQ
always seeking new challenges and am currently in the process
of developing mobile phone apps, possibly with the potential to
contribute to the security aspects of mobile devices in the future.

Bio
Name:
School:
Linkedin:

&PEOI1EVOLEQ
University of Warwick
https://www.linkedin.com/in/markhambp

LEZIQEWWMZIRERGMEPMQTPMGEXMSRWHYIXSTVSZMHMRKVITPEGIQIRXWSVJVSQPE[WYMXW
SJYRLETT]GYWXSQIVW8LIVITIVGYWWMSRWEVIQYGLKVEZIVJSVGLMTWXLEXQE]LEZI
JSYRHXLIMV[E]SRXSQMPMXEV]KVEHIKLXIVNIXW[LMGLGSYPHVIWYPXMRQMHEMVJEMPYVIW
MRHIIHGSYRXIVJIMXGLMTWLEZIFIIRJSYRHMRKLXIVNIXW
A more sinister use of counterfeit chips is the intent of extracting personal
MRJSVQEXMSRJVSQSXLIVW8LMWGERFIEGLMIZIHXLVSYKLIQFIHHMRKQEP[EVISRXLI
IPIGXVSRMGGLMT8LITSXIRXMEPMQTPMGEXMSRWXLMWFVMRKWGERGEYWILEZSG[MXLQSVISJ
us using smart phones and doing our banking remotely on these kinds of devices.
Fraud is on the rise, with criminals taking full advantage of new technology and this
type of threat could become more and more prominent as more traditional malware
MWHMWGSZIVIHERHGSQFEXIH-XMWHMJGYPXXSMHIRXMJ]VSKYIGLMTWMRTVSHYGXMSRERH
even more so once they are in place as the average user will blindly trust that there
was no pre-existing malware on their new device. Malware installed this way would
FIQSVIHMJGYPXXSGSYRXIVHYIXSXLIJEGXXLEXMXMWLEVH[EVIFEWIHVEXLIVXLER
WSJX[EVIFEWIHWSIZIRXLIQSWXVEHMGEPSJETTVSEGLIWWYGLEW[MTMRKEHIZMGI 
[SYPHRSXRIGIWWEVMP]VIQSZIXLIXLVIEX6IEPMWXMGEPP]XLISRP]JIEWMFPIETTVSEGLIW
to combat this would be replacing the counterfeited chip in the existing phone, or
FY]MRKERSXLIVRI[TLSRI&YXXLMWMWYRPMOIP]XSMRWTMVIXVYWXMRGSQTERMIW[LSWI
products have been compromised.

Now, with the academic year coming to an end, I can look back and am able to
IZEPYEXIQ]I\TIVMIRGIEX;EV[MGO8LIVIEWSR-GLSWIXLMWGSYVWI[EWFIGEYWIMX
is well rounded and focuses on many aspects of the cyber security industry; from
broadening my knowledge of current techniques to developing skills required to
FIGSQIEWYGGIWWJYPQEREKIV8LIVILEZIEPWSFIIRWSQIMRZEPYEFPISTTSVXYRMXMIWXS
network with some of cyber securitys elite and to gain an insight into their opinions
due to talks by multiple guest speakers, both from the private and public sectors.
8LIVIJSVIXLMWG]FIVWIGYVMX]GSYVWILEWTIVJIGXP]TSMWIHQIXSLEZIEKVIEXGLERGI
SJRHMRKIQTPS]QIRX[MXLGSQTERMIWWYGLEW(IIT7IGYVIJVSQXLI1EPZIVR
']FIV7IGYVMX]'PYWXIVMRXLIEVIEWXLEX-RHQSWXJEWGMREXMRK,S[IZIV-HSFIPMIZI
XLEX;EV[MGO[SYPHFIRIXERHFIEFPIXSJYVXLIVHMWXMRKYMWLMXWIPJJVSQXLIKVS[MRK
amount of cyber security courses by reinforcing the theories discussed in lectures
with practical experience. For example, educating students on penetration testing by
simulating real world situations with attacker and victim machines would emphasise
the theories on combative techniques taught during lectures.

(IWTMXIXIGLRSPSKMGEPEHZERGIWXLEXEMHMRTVSXIGXMRKKSSHWJVSQFIGSQMRK
counterfeited, counterfeiting techniques are also evolving to evade these security
QIEWYVIW3RIWYGLI\EQTPIMWTEWWTSVXWXLEXRS[YXMPMWIERXMXEQTIVMRKLSPSKVEQW
ERHGLMTWXLEXEVIVIEHF]W]WXIQWEXXLIFSVHIV8LIWIEVIRSPSRKIVEWVITVSHYGMFPI
as previous passport designs so criminals often alter stolen passports rather than
TVSHYGMRKRI[SRIW8LMWXLIREPPS[WXLSWIGEVV]MRKGSYRXIVJIMXTEWWTSVXWXSXVEZIP
[MXLSYXVEMWMRKWYWTMGMSREWXLI]LSPHERSJGMEPTEWWTSVXXLEXLEWFIIREPXIVIHXS
their new identity.

My thesis addresses counterfeiting of electronic goods and particularly focuses on

the cyber security responses to combat it. Anti-counterfeiting areas are explored
in my project, including attempts to tackle the problem at the supply chain with
XLIYXMPMWEXMSRSJXIGLRSPSK]WYGLEW6*-(GLMTW'SQTYXIVGLMTWEVIERI\EQTPI
SJGSRWYQIVKSSHWXLEXEVIGSYRXIVJIMXIH[MHIP]-XMWHMJGYPXXSXLMROSJER]
technology that does not utilise these micro devices for numerous different tasks. In
fact, counterfeit chips have been discovered in an array of devices including branded
TLSRIWXEFPIXWERHIZIV]GSRGIMZEFPIGSQTYXIV]SYGERXLMROSJ&YX[LEXMJER]
threat do they pose to the consumer who has unknowingly used them?

Although cyber security issues may not be the immediate issue that comes to
mind when thinking about counterfeiting, it is easily one of the more worrying ways
counterfeiting can affect our lives. From threats on our livelihood, through fraudsters
gaining access to our accounts, to implications on government security, through
compromises at the borders and in military machines, counterfeiting is a threat that
needs to be addressed.

When a corporation designs a chip, they construct chips that are built for purpose, to
QIIXXLIVIUYMVIQIRXWSJEWTIGMGNSF,S[IZIVXLMWHSIWRSXQIERXLEXGSQTERMIW
do not produce counterfeit chips, whether knowingly or not. Some chips may indeed
be what they are advertised as, but some are in fact over-clocked and sold as being
the genuine article. Computer chips fail as a result of this putting great stress on the
GSVIGEYWMRKXLIQXSSZIVLIEX8LIGSRWIUYIRGISJXLMWZEVMIWHITIRHMRKSRXLI
technology that they have been implemented into. A phone brand that has used a
counterfeited chip unknowingly that overheats and causes their phones to fail could



7IGYVMX]LEWEP[E]WFIIREHEMP]FEXXPI[LMGLPIEHWXSRHMRKRI[
[E]WSJTVSXIGXMSR8LMWGERFIWIIRMRXLIIZSPYXMSRSJXVEHMXMSREP
home security measures, from using lock and key to security smart
GEVHWJSVEGGIWW8LMWIZSPYXMSRMWQSXMZEXIHFIGEYWISJGSRWXERX
attempts to exploit the vulnerabilities of security systems which
are sometimes successful or unsuccessful. Historically, security
protocols have followed a similar fashion of evolution.

Halidu Abubakar,
University of
Warwick

Bio
Name:
School:
Linkedin:

Halidu Abubakar
University of Warwick
LXXTRKPMROIHMRGSQTYFEFYFEOEVLEPMHY

I am an enthusiast of Cyber Security and my research interest

is in Cyber espionage. I am presently working on developing
GSYRXIVQIEWYVIWJSV%HZERGIH4IVWMWXIRX8LVIEX%48 [LMGL
is commonly used in espionage operations.

8LI7IGYVI7SGOIX0E]IV770 TVSXSGSPZIVWMSRVIPIEWIHMRQSZIHXS

ZIVWMSRFIGEYWISJMHIRXMIHWIGYVMX]E[W[LMGLQEHIMXPIWWWIGYVI770ZIVWMSR
[EWVITPEGIH[MXLXLI8VERWTSVX0E]IV7IGYVMX]807 [LMGLWMRGIVIPIEWILEW
FIIRTEXGLIHJSVZYPRIVEFMPMXMIWI\TPSMXIHMREXXEGOWPMOIVIRIKSXMEXMSREXXEGO&)%78
&VS[WIV)\TPSMX%KEMRWX770807 EXXEGOGVMQIERHFVIEGLEXXEGOTEHHMRKEXXEGOW
truncation attacks and recently the Heartbleed bug.

-LEZI[SVOIHEWERIPIGXVMGEPIRKMRIIVJSVQSRXLWERH
EW]WXIQWIRKMRIIVJSV]IEVWFIJSVITYVWYMRKER17GMR
Cybersecurity and Management. I see cyber security as
another way of protecting lives and property rather than
another information technology challenge. Most of the
technologies that underpin the services people use in their
daily lives are part of the cyber sphere thus need to be safe.

-XMWIZMHIRXXLEX,IEVXFPIIHMWRSXXLIVWXZYPRIVEFMPMX]XLEXLEWFIIRJSYRHSRXLMW
STIRWSYVGIWIGYVMX]TVSXSGSP1SWXSJXLIG]FIVEXXEGOWSR807EVIEGEWISJYWMRK
MXWWXVIRKXLEKEMRWXMX*SVMRWXERGIXLIGSYRXIVQIEWYVIJSVXLI&)%78EXXEGO[LMGL
I\TPSMXWE[IEORIWWMR'&'']TLIV&PSGO'LEMRMRK SJ807[EWERMRXVSHYGXMSRSJ
JVEKQIRXMRKSJHEXEXSFIWIRX,S[IZIVXLMWGSYRXIVQIEWYVIJVEKQIRXEXMSR PIHXS
a new exploit known as the truncation attack where fragments of the message to be
sent could be dropped by an attacker and fragments that meant something else are
delivered.
7MQMPEVP]XLI,IEVXFPIIHFYKMWERI\TPSMXSJXLIWXVIRKXLSJ807XLILIEVXFIEXTEGOIX
is sent by a client computer to a server in order to keep a session active because of
XLIHMJGYPX]SJWIXXMRKYTERI[WIWWMSR8LMWMWEWXVIRKXLXLEXFIGEQIEZYPRIVEFMPMX]
when the heartbeat packet was maliciously constructed, such that the server is made
XSVIWTSRH[MXLQSVIHEXESRMXWQIQSV]XLERMXWLSYPH8LMWHEXEGSYPHMRGPYHI
TEWW[SVHWERHSXLIVWIRWMXMZIHEXEXLEX807[EWTVSGIWWMRKEXXLIXMQISJXLI
VIUYIWX8LMWWIIQWPMOIEGEWISJRI[WSPYXMSRWPIEHMRKXSRI[ZYPRIVEFMPMX][LMGLMW
common with most technological advancement. However, the question that comes
to mind is: What if this new vulnerability was discovered and exploited maliciously
long before cyber security programmers and professionals discover it existed?
2IZIVXLIPIWWPMOIIZIV]SXLIVSTIRWSYVGITVSNIGXETTPMGEXMSRWWSJX[EVIERH
STIVEXMRKW]WXIQW XLI]FIGSQIFIXXIVEWHIZIPSTIVWGSRXVMFYXIXSMXF]EHHMRKRI[
JYRGXMSREPMXMIWSV\MRKHMWGSZIVIHFYKW3RXLISXLIVLERHWIGYVMX]TVSXSGSPWXLEX
EVI[MHIP]YWIHPMOI807770QMKLXRSXFIRIXJVSQXLMWOMRHSJGSRXVMFYXMSRFIGEYWI
XLIIGSW]WXIQMWFYMPXEVSYRHG]FIVWIGYVMX]8LIVIJSVIXLIVIMWRIIHXSWIVMSYWP]
consider whether security protocols should be made open or closed source.
Continuous research in more resilient protocols is needed, while bearing in mind that
technological measures are to ensure that breaking security systems becomes more
HMJGYPXERHI\TIRWMZIJSVEXXEGOIVWFIGEYWIXLIVIMWRSTIVJIGXWIGYVMX]W]WXIQ

It is evident that Heartbleed is

RSXXLIVWXZYPRIVEFMPMX]XLEX
has been found on this open
source security protocol.


(V'LEV7EQTPI')68ERH(V%RHVI/EVEQERMER

Culture and Cyber Behaviours:

The Role of Culture

8LIVWXEVXMGPISJXLIWIVMIWHMWGYWWIHLS[GYPXYVIEJJIGXWLYQERW
level, thus bridging the distance between inherent human nature and
JYRHEQIRXEPLEFMXW8LIWILEFMXWEVIIEW]XSPIEVRFYXHMJGYPXXSYRPIEVR
TIVWSREPMX]8LIVWXX[SWXYHMIWXLEX[IVITIVJSVQIHI\EQMRIHE
SVIZIRORS[XLI]EVIXLIVI8LI]WIIQREXYVEPERHXLIMVEWWSGMEXIH
WTIGMGX]TISJKVSYTREXMSREPMWXMGGYPXYVIW
thinking seems like common sense. Except these habits are unique
Human nature, depicted as the lowest level of the triangle in
JSVIEGLGYPXYVIERHXLI]QERMJIWXYRMUYIRKIVTVMRXWMRIZIV]
KYVIVITVIWIRXWXLIIQSXMSRWXLEXEVIYRMZIVWEPXSEPP
behaviour.
PERSONALITY
INDIVIDUAL
TISTPI-JLYQERREXYVIHIRIWYRMZIVWEPIQSXMSRWXLIR
-RXLIVWXEVXMGPIXLIVIWIEVGLIVWWLEVIHXLIHMWGSZIV]SJE
GYPXYVIHIRIWIQSXMSREPVIWTSRWIWXLEXEVIWLEVIH
correlation between operationalised and indexed culture
by a group. Culture is learned by the individual
CULTURAL
GROUP
HMQIRWMSRWERHG]FIVFILEZMSYV7TIGMGEPP]MRXLI
through societys cultural institutions the family, the
VWXEVXMGPIXLIGSRRIGXMSRHMWGSZIVIH[EWFIX[IIR
community, the education system and national
nationalist, patriotic website defacements and
MRWXMXYXMSRW3RGIXLIMRHMZMHYEPEFWSVFW
power distance, collectivism, and short-term
culture the individual will reproduce cultural
HUMAN NATURE
orientation.
norms both in the workforce and in the
next generation when the cultural values
8LITYVTSWISJXLMWJSPPS[SREVXMGPIMWXS
are taught to the children.
Figure 1: 6IPEXMSRWLMTFIX[IIR'YPXYVIERH4IVWSREPMX]
take the prior studies shared, and to generalise
Note: 8LMWKYVIMWEHETXIHJVSQ,SJWXIHI
XLIWIRHMRKWJSVXLI']FIVWIGYVMX]MRHYWXV]
Culture is both self-reproducing and
+,SJWXIHI+.ERH1MROSZ1 'YPXYVIWERH
Generalising the work allows researchers to
WIPJVIMRJSVGMRK&IGEYWIGYPXYVIMW
3VKERM^EXMSRW1G+VE[,MPP4YFPMWLMRK2I[=SVO2=
perform future studies both in Cybersecurity,
ubiquitous, culture is absorbed into the
and the social sciences that allow them to
EYXSQEXMGXLSYKLXTVSGIWW8LMWSGGYVW
HVE[PEVKIVGSRGPYWMSRW3RIIEVP]UYIWXMSRXLEXSJXIRGSQIWYT
across a lifetime from birth to death, and is re-enforced as part of the next
[LIRHMWGYWWMRKGYPXYVIERHG]FIVWIGYVMX]MW;LIVIHSIWGYPXYVIX#8LMW
generation.
initial question is usually followed by the question Havent we already tried
-JGYPXYVIWMRYIRGIGERFIWSIEWMP]XVERWQMXXIHMRIZIV]HE]XLSYKLXW
TW]GLSPSKMGEPTVSPMRK#
GYPXYVIWXLSYKLXTEXXIVRWWLSYPHEPWSFITVIWIRXMRG]FIVWTEGI8LIWI
4W]GLSPSKMGEPTVSPMRKEHHVIWWIWMRHMZMHYEPFILEZMSYVFEWIHSRRSVQW
GYPXYVEPTEXXIVRWSJXLSYKLXGERMRYIRGIEXXEGOFILEZMSYVWHIJIRWI
Psychology, however, does not address that those norms are for a particular
behaviours and operations. Attack behaviours such as brute force attacks
culture. A behaviour that is considered normal in one culture may be
have anecdotally revealed cultural similarities between otherwise unrelated
considered abnormal in another culture. Consider the example of smiling
REXMSRW7MQMPEVP]HIJIRWIGLSMGIWWYGLEWGLSSWMRKXSVYR(277)'EPWS
[LIRWIVZMRKJEWXJSSH8LMWFILEZMSYVMWGSRWMHIVIHRSVQEPMRXLI97ERH
ETTIEVXSFIGYPXYVEPP]MRYIRGIH7TIGMGEXXEGOERHHIJIRWIXSSPWQE]
QER][IWXIVRGYPXYVIWFYX[LIRMX[EWMRXVSHYGIHMR6YWWMEGYWXSQIVW[IVI
WYFGSRWGMSYWP]ETTIEPXSHMJJIVIRXGYPXYVEPTVIJIVIRGIW8LIPMQMXIHWXYHMIW
WYWTMGMSYWSJXLIWIVZIVW[LSWQMPIH8LMWPEGOSJGYPXYVEPGSRWMHIVEXMSRW
conducted to date in this area seem to support this view and we hope to
]MIPHIHQM\IHVIWYPXWSRTW]GLSPSKMGEPTVSPMRKWXYHMIW%WWLS[RMRKYVI
HMWGYWWXLSWIWXYHMIWMRHIXEMPMRWYFWIUYIRXEVXMGPIW8LIWIWXYHMIWWLS[LS[
GYPXYVIEHHVIWWIWXLIXVEMXWERHGLEVEGXIVMWXMGWEWWSGMEXIHEXXLIKVSYT
these patterns of thought affect the cyber domain actors.

Why Study
Cyber Security
at Warwick?

t Security Architectures
t Network Defence
t Digital Forensics

t Data Protection

t Information Risk Management

t Security Governance
t Strategic Management of IT Resources
t Globalisation and Outsourcing

At WMG our world-class team of cyber security specialists combine insights into security
tools and techniques with strategic security management principles and practice. Whether you study
for an MSc or a PhD, your industrially focused research programme together with world-leading cyber
security skills will provide you with a highly-valued competitive edge in your career.

'SRWMHIVXLII\EQTPISJWQMPMRK[LIRWIVZMRKJEWXJSSH8LMWFILEZMSYVMWGSRWMHIVIH
RSVQEPMRXLI97ERHQER][IWXIVRGYPXYVIWFYX[LIRMX[EWMRXVSHYGIHMR6YWWME
customers were suspicious of the servers who smiled.
6IEH4EVXSJXLMWWIVMIWSJEVXMGPIW%(MJJIVIRX4IVWTIGXMZISR%XXVMFYXMSRSRPMRIJSVJVIIRS[EX[[[WSJXFS\GSYOG]FIVXEPOMWWYIJSYV

Please contact us for more information:

t +44 (0)24 7657 5994
e wmgmasters@warwick.ac.uk
w www.warwick.ac.uk/go/wmgmasters/courses/csm



THE
UT R
O
AB THO gnus
AU e: Ma r

m nde
er.
and
ka
Wa ://wak p://
p
htt m, htt m
gs:
o
co
Blo gspot. gspot.c
:
o
l
lo
n
b
b
.
o
r
i
a
t
tacw ccupa curity &
O al se den
ion
we
Nat litics, S
po
Na

y
t
i
r
u
c
0
e
.
s
6
r
m
e
b
s
i
Cy pital
a
C
&

8LIIZIRXWMR9OVEMRILEZIF]VMKLX
unsettled many of us, mostly because
we now understand that it still can
happen in Europe. We in the Western
world have been given the luxury of
relaxation, consumption and recreation
for a couple of decades now and the
worry is that that period of calm is
now over. I think many have forgotten
XLITS[IVMRKISKVETLMGEPP]HIRIH
mechanisms and they wonder why
someone is doing something. Perhaps
that is the wrong question; or rather it
should be complemented with what
does our geography try to force us to
do? Free will, its never as free as you
would want it to be.
&ERIMR&EXQER The Dark Knight Rises, WE]WYRXS&EXQER
4IEGILEWGSWX]SY]SYVWXVIRKXL:MGXSV]LEWHIJIEXIH]SY
ERHXLI[SVHWEVI[SVXLVIIGXMRKYTSR-XMWE[IPPORS[R
fact that predators attack weak animals, weakness encourages
EKKVIWWMSR&YXQMWTPEGIHWXVIRKXLMRXLI[VSRKWLETIGEREPWS
trigger unintended and desperate aggression.
;LIR6YWWMERS[TYXWXLIRKIVSRXLIYRLIEPIH[SYRHW
SJSPHGSRMGXW[IMRXLI)9EVIWSQI[LEXPSWXEXWIE-XMW
not that our citizens dont want to be responsible and do
the right thing. It is, rather, the eerie fact that the European
9RMSRERHMXWREXMSRWMWWXMPPEGSRXMRIRXQEHISYXSJZIV]
different nations and with different heritages. It is also the most
empire-dense place in the world. And with that I mean nations
that used to be empires remember what that used to be like
and somewhere in every nation some form of retrospective
nationalism is still smouldering: We had the answers, and we
still do, but no one is listening.
Europe is also made up of different sets of values that, when
push comes to shove, tend to collide and European nations
have poor records of internal cooperation in tense times. And
make no mistake; we are now in what I would argue are the
XIRWIWXXMQIWMR)YVSTIWMRGIXLI7IGSRH;SVPH;EV8LI]EVI
tense because Europe now understands that it neither controls
RSVYRHIVWXERHW[LEXMWLETTIRMRK8LIVIEWSR[L]XLMWMWWS
GERFIMPPYWXVEXIH[MXLXLIXEFPISRTEKI

FREE WILL, ITS NEVER AS

FREE AS YOU WOULD WANT
IT TO BE.




PEACE
HAS COST
YOU YOUR
STRENGTH.

VICTORY
HAS
DEFEATED
YOU.

Time of Second World War

the great suffering and the
ultimate death of evil

Current time, year 2014

were living it

Changes in vulnerability

Mechanical world (physical machines)

Virtual world (Internet of things)

All worth in the society, monetary and intellectual, are now

volatile, intangible and globally accessible. Little is required
in order to fully disrupt this world. The interdependence
between nations is nearly 100% and this puts a brake on
wars. Anyone disrupting this system will effectually eliminate
that brake and make war more likely.

Knowledge society (books)

Idea based society (words mean little,

knowledge even less)

On average, Europeans know too little about too much. We

swim in the stream of social networks and spend little time
in personal evolution. Is it possible to know anything in the
eyes of others these days?

Wisdom actually meant something

No one knows what wisdom is

anymore (does it even exist and can it
be bought?)

3RI[E]SJPSSOMRKEXXLIXIVQ[MWIMWXSHIRIMXEW8S
be wise is to know what I dont know, to know why I should
know it and to have the tenacity to evolve enough so that I
can make that knowledge a part of my future actions while
I\LMFMXMRKKSSHNYHKIQIRX8LEXMWQ]S[RHIRMXMSR]SY
GERRHQER]QSVIMRXLIMRRMXIWTEGISJ']FIV

Conformity to common values

in order to build a nation (requires
conservatism)
A nation is often built upon a shared feeling
of vulnerability and a feeling that I need
others in order to be safe.
8LMWTVSQSXIWKIRIVSWMX]WIPJWEGVMGIERH
empathy. When too strong this creates an
enslaved nation under power of the few.
Politically controlled markets

Conformity to the strive to be an

individual (creates liberalism)
Creates a shared feeling of security, freedom
and prosperity.
This promotes openness, equality and
personal freedom: the nation exist for the
individual. Cannot be too strong but can be
misguided and ignorant and therefore create
hazards.
Liberalised market detached from
democratic control (still under political
MRYIRGIXLSYKL

Maslows hierarchy of needs shows us why it is important

for us to have more support by the group when we are on
the lower levels of the pyramid. When at the top, we might
WXEVXXLMROMRK[IVIWIPJWYJGMIRXERHXLEX[IRIIHRS
one. As a continent weve been hiding on the top levels of
that pyramid even when things have progressively become
[SVWI8LIRERGMEPGVMWMWWLS[IHYWXLEXXLIQIGLERMWQWSJ
consumption are so strong that no matter how bad others
have it, we continue to spend and true solidarity beyond our
borders is a rare occurrence. This is how the system works
ERHMXVIHYGIWVMWOJSVEVQIHGSRMGX
Politicians polarise and turn processes into value- driven
events. Politicians represent their people and the people
want the nation to be managed in accordance with certain
values.
The capitalistic system is anti-war by design as money has
no master and knows no values. Therefore, unilateral trust
MRXLIRERGMEPW]WXIQEWEREXMSREPWIGYVMX]QIGLERMWQ
PIEHWXSETEGMWXMGETTVSEGLXSTSPMXMGW[LMGLJSVXLIQSWX
part is a good thing. When the nation needs, depending on
values and other things, to politically intervene in the affairs
SJSXLIVREXMSRWRERGMEPMRWXVYQIRXWXIRHXSFI[IEOERH
misaligned. Sanctions look good, require little risk to be
XEOIRFYXQMWVIQSWXSJXLIXMQI

Internalisation of the individual,

retrospection was important

2SXMQIJSVVIIGXMSRSVWPS[
everything happens and then something else
happens, and then something else.

EUROPE NOW UNDERSTANDS

THAT IT NEITHER CONTROLS NOR
UNDERSTANDS WHAT IS HAPPENING.


People are addicted to social media and online

entertainment as it howls down all the chaotic streams of
thoughts that are passing through the mind. Were seeing a
change happening here in the younger generations though
(at least in the Nordic nations): were seeing an urge
to go back to nature, back to basics and a toned-down
spiritualism. Senior politicians are out of touch with this
generation.

Cyber security is still being

discussed widely but some might
be discouraged that the discussion
seems to be going nowhere. There
may be two quasi-new types of
conversations during 2014:

Russia publicly
considers the Internet
to be a product of the
US Central Intelligence
Agency.

1. We have to focus on national defence

and start regulating more clearly how things are
HSRISRXLI-RXIVRIX8LMWEPWSQIERWEGXMZIP]
supporting our industry, even if they are no
good at what they do. We can trust no one but
SYVWIPZIW8LMWPIEHWXSMKRSVERXETTPMGEXMSRSJ
national powers in the global market system. It
also leads to a wrongful picture in the heads of
politicians that they can do this on their own with
XLIMRWXVYQIRXWSJXLIMVS[RREXMSR8LI]GERX
(S[IRIIHE92JSV']FIVWTEGIXLEXKLXWJSV
human rights in Cyberspace?

6YWWMESJLEWFIIRGSQTEVIH[MXLLS[MXYWIH
XSFIYRHIVXLI8WEVW;MPP)YVSTIFIGSQI[LEX
Europe used to be as well or evolve and understand
that something else is needed in order to protect
everything weve accomplished during the last
HIGEHIW#&IGEYWIIZIRMJ[IGERRHQER]JEYPXW
ERHWLSVXGSQMRKWMRSYVW]WXIQERH]IWQER]
people are not as happy as we would wish them to
FI [IWXMPPLEZIXLIFIWXHIQSGVEXMGW]WXIQ[IZI
ever seen and we have freedom of speech, mind
and soul. And our system is the only one in the
world that has care and empathy built in from the
FIKMRRMRK%RHJSVYWKLXMRKJSVJVIIHSQTIVWSREP
security and integrity on the Internet is the same as
protecting our democracies.

2. We need to weaponise Cyberspace lest

[IFISZIVVYRERHMRPXVEXIHF]SXLIVREXMSRW
8LMWPIEHWXSERMKRSVERXERHQMWTPEGIHFIPMIJ
that we as European nations actually, on our own,
can make the world a better place for democracy
through the implementation of Cyber weapons.
Strength in the wrong places may encourage
unwanted aggression.
We tend to have bad luck from time to time
[LIR[IXLMRO3RII\GIPPIRXI\EQTPIMWXLI
WERGXMSRWMQTSWIHSR6YWWMEEWEGSRWIUYIRGISJ
the annexation of Crimea. Now, think about this:

Cyber security will have to

become what is needed in order to
strengthen our nations and our global
communities. This requires that we
exhibit a few things, some of which I
believe are:

If you were not smart enough in order to

YRHIVWXERHXLEX6YWWME[SYPHMRZEHI'VMQIE
what indicates that you will be smart enough
tomorrow? It is not the lack of information that
should worry you; it is your lack of ability to
perceive the reality clearly that should.
6YWWMEMWKSZIVRIHF]X[STS[IVFPSGOWXLI
7MPSZMOMREXMSREPWIGYVMX]PMOI4YXMR ERHXLI
VIWX[LMGLMWEGSGOXEMPSJSPMKEVGLW8WEVWSJ
TVMZEXMWEXMSRERHTS[IVJYPKSZIVRSVW 



8LIWERGXMSRWMQTSWIHSR6YWWMEQEOIWQSRI]
E[IEOIVTPE]IVSRXLI6YWWMERREXMSREPWGIRI
3RP]SRIFPSGOFIRIXWJVSQXLMWXLI7MPSZMOM
4YXMR
'S 

%FWSPYXIGPEVMX]SJZMWMSR



;MWHSQ

3.

Endurance.



6IWMPMIRGI

5.

Adaptation.

 0IEHIVWLMTERHXLIEFMPMX]XSEGX
 )QTEXL]ERHGEVI
 0SZIJSVXLIHIQSGVEXMGW]WXIQ

As a consequence of the sanctions,

the Siloviki are growing stronger
nationally.

 7SPMHEVMX]XLVSYKLEGXMSRWERHRSX
through words.

8LIRERGMEPQEVOIXMWEFVEOI
on war and through sanctions
6YWWMEGERGEWXSJJXLMWGPSEOSJ
TEGMGEXMSRERHGSRXMRYIEPSRKXLI
hostile road it has worked to get up on
JSVHIGEHIW8LI'SPH;EV[EWRSXQYGLSJE
war although the sense of urgency was great.
(YVMRK+SVFEGLIZXLI7MPSZMOMQEHIYT SJXLI
power structure, today they are to be considered
an absolute power. You cannot understand what
comes next if you only focus on Putin. And if you
believe money actually means anything in itself
XS4YXMR
'SXLMROEKEMR%RH6YWWMETYFPMGP]
considers the Internet to be a product of the US
Central Intelligence Agency.

VICTORIOUS WARRIORS
WIN FIRST AND THEN GO
TO WAR, WHILE DEFEATED
WARRIORS GO TO WAR
FIRST AND THEN SEEK TO
WIN,
SUN TZU, THE ART OF WAR

FIGHTING FOR FREEDOM, PERSONAL SECURITY AND INTEGRITY ON

THE INTERNET IS THE SAME AS PROTECTING OUR DEMOCRACIES.


SPEAR PHISHING
& PIRATES:
HOW TO STAY SAFE IN THE CYBER SEA

Build your expertise in cyber security

At the University of York, we
appreciate the importance of the
security of your systems.
Thats why we developed our MSc
in Cyber Security - a course that
gives you the technical skills to make
major and long-term decisions in
cyber security, and ensure that you
can keep your systems safe.

Andrew
Fitzmaurice
')3SJ
8IQTPEV
Executives

The growth of the internet in the late 1980s and

early 1990s brought huge opportunities to both
organisations and individuals but this growth also
WMKREPPIHEFMVXLSJERI[X]TISJTIVWSRXLILEGOIV
Typically your computer hacker in the late 80s and
90s hacked into computers to show off with only
a small proportion operating to cause damage and
HMWVYTXMSR2S[EHE]WXLIKEQILEWGLERKIHLEGOIVW
are primarily acting illegally or on behalf of a nation
state to steal data, break into systems for monetary
gain and to seriously damage systems.
Hackers are using increasingly sophisticated methods to
target both organisations and individuals, which are all
IEW]XSJEPPJSVMJRSXE[EVI&IPS[MWEPMWXSJGSQQSR
attack methods and what you can look out for to
prevent falling into the trap.

SPEAR PHISHING
7TIEVTLMWLMRKMWERIQEMPWTSSRKJVEYHEXXIQTX
XLEXXEVKIXWEWTIGMGSVKERMWEXMSRSVMRHMZMHYEP
WIIOMRKYREYXLSVMWIHEGGIWWXSGSRHIRXMEPHEXE
Spear phishing email messages appear to come from
a trusted source such as a well-known company
SVSRPMRIIRXMX][MXLEFVSEHQIQFIVWLMTFEWI8S
make an email appear to be authentic, the sender will
typically include a company logo and a copyright slogan
enticing individuals to click on either attachments or
links containing malware.

SOCIAL ENGINEERING
Social engineering is a form of spear phishing whereby
hackers will glean key information on individuals to con
TISTPIMRXSTIVJSVQMRKEGXMSRWSVHMZYPKMRKGSRHIRXMEP
MRJSVQEXMSR8SKIXMRHMZMHYEPWXSVIPIEWIMRJSVQEXMSR
hackers will use social media to gain information
about a person as well as phone calls to build up an
MRHMZMHYEPWTVSPI

Prevention Techniques:
 Do not give out personal information over
the phone or in an email unless completely sure.
Social engineering is a process of deceiving individuals
into providing personal information to seemingly
trusted agents who turn out to be malicious actors.
If contacted over the phone by someone claiming to
be a retailer or collection agency, do not give out your
personal information. Ask them to provide you their
name and a call-back number.
 Never click on links in emails. If you do think
the email is legitimate, go to the site and log on
HMVIGXP];LEXIZIVRSXMGEXMSRSVWIVZMGISJJIVMRK[EW
referenced in the email, if valid, will be available via
regular log on.
 Rethink what you share on social media. Many
individuals continue to share every aspect of their
lives on social media from their date of birth to home
addresses, likes and dislikes. All of this is fodder for
social engineers and can be used to target you for
attack.



 Never open attachments. 8]TMGEPP]PEVKI

corporations will not send emails with attachments. If
there is any doubt, contact the retailer directly and ask
whether the email with the attachment was sent from
them.

PIRATED SOFTWARE
A lot of todays software is not free. Lots of people
are looking for ways to get access to free software
F]TEWWMRKTVSXIGXMSRXSPSSOJSVGVEGOIHWSJX[EVI8LMW
is the perfect opportunity for hackers to advertise free
downloads to gain access to computers.

Prevention Techniques:
&Y]PIKMXMQEXIWSJX[EVI7SJX[EVIGERFII\TIRWMZIFYX
the costs far outweigh the loss of data through use of
cracked software.

INFECTED MEDIA
8LIGVIEXMSRSJTSVXEFPIQIHMEHVMZIWWYGLEW
97&WERH'(WLEWKMZIRLEGOIVWE[SRHIVJYPRI[
STTSVXYRMX]97&HVMZIWGERFIMRJIGXIHF]XLIWMQTPI
EGXSJMRWIVXMRKER97&TIRHVMZIMRXSERMRJIGXIH
QEGLMRI%RMRJIGXIH97&WXMGO[MPPXLIRTEWWXLI
malware onto any machine in which it is used.

Prevention Techniques:
 7IX97&XSVIEHSRP]1EOMRKE97&WXMGOVIEH
only should prevent infections when plugging into a
different machine.
 Clean it. An up-to-date version of an antivirus
WSJX[EVI[MPPEPPS[]SYXSGPIERYT]SYV97&ERH
remove the infection if it has been compromised.

Take it full-time over one year,

part-time over three years, or as
one week short courses, and youll
come away with the skills and
knowledge you need in core areas of
cyber security.
Become expert in areas such as:
f
f
f
f
f
f
f

Identity
Trust and reputation
Cryptography
Network security
Malware and intrusion detection
Risk management
Development of high assurance
systems

For more details, email us on

postgraduate@cs.york.ac.uk or
call us on 01904 325402

Find out more at www.cs.york.ac.uk/professional/cyber

The Department of Computer Science at the University of York is one of the top UK Computer Science departments. We have expertise in a number of
areas, and oer teaching in our specialisms for undergraduates, postgraduates and professionals. Find out more about us at www.cs.york.ac.uk

A host of vast pillars, endlessly, ironically,

circumscribed with innumerable bulbs of glowing
pods ordered in coils of sinister symmetry. Each
pillar as fractal frond, each frond, scaling to a base
ERHEWYQQMXEWWYQIHMQEKMRIHYRWIIR6ERO
YTSRGSYRXPIWWVEROPIYTSRPMQMXPIWWPIXLI
cohorts of columns curve and span toward and
never reach a vanishing point beyond human
WIRWI8LI[SVOSJERIRXMVIP]EPMIRGSRWGMSYWRIWW
8LITVSHYGXWSJERMRGSQTVILIRWMFP]3XLIV
intelligence.

8LMWMWXLI[SVPHSJ8LI1EXVM\ . A world wrought by entities of our own

QEOMRK%VITVIWIRXEXMSRSJ8LI7MRKYPEVMX]EWXLIIRHSJLYQERMX]%GSVVYTX
cybernetic construct in which the meat is food for the machine. In this world,
we polluted the planet. We created machines of ever increasing capability. We
created computers of ever increasing power and complexity. We gave control
of the machines to the computers. Computers controlled other computers.
'SQTYXIVWERHQEGLMRIWFIGEQIEWSRI8LIGSQTYXIVQEGLMRIWEXXEMRIH
WIRXMIRGIERHGSRWGMSYWRIWW8LI]FIGEQIEPMJIJSVQ8LI7MRKYPEVMX][EW
EXXEMRIH3YVGVIEXMSRWVIFIPPIH8LIMVGVIEXSVWLYQERWFIGEQIXLIFEXXIVMIW
the food, for their own children.
As Cronus castrated his father Uranus and cast him from dominion over the
Earth, so Zeus, the son, cast Cronus, his father, into the eternal torment of
8EVXEVYW3%WXLI3P]QTMERWSZIVXLVI[XLI8MXERWWSRS[LEWLYQERMX]FIIR
usurped and enslaved by its own cyber seed. Cast down and condemned to a
8EVXEVYWSJXIGLRSPSK]8LIGLMPHLEWWPEMRMXWTEVIRX8LIWSRLEWWYTTPERXIHXLI
JEXLIV3IHMTYWMW6I\3RGIEKEMR*VEROIRWXIMRWQSRWXIVNSPXIHXSPMJIF]XLI
primordial force of electricity harnessed by the science of man, has risen from
XLIWPEFXSVIFIPERHHIWXVS]MXWQEOIV3RGIEKEMRXLIVSFSXWLEZIVIZSPXIHERH
XYVRIHEKEMRWXYW3RGIEKEMRXLIGSQTYXIVWLEZIFIGSQIQSVIMRXIPPMKIRXXLER
XLIMVQEOIVW3RGIEKEMRXLIJVYMXWSJLYQERORS[PIHKILEZIFIIRXLIGEYWI
SJSYVJEPP3RGIEKEMR[ILEZIGSQQMXXIHXLIWMRSJLYFVMWERHFIIRI\TIPPIH
JVSQ)HIR3RGIEKEMRLYQERMX]LEWFPEWTLIQIHERHFIIRGEWXJVSQKVEGI
3RGIEKEMR-GEVYWLEWJEPPIR3RGIEKEMR[ILEZIGVIEXIHKSHMRSYVMQEKIERH
our creation, our god, our child, has consumed and enslaved and destroyed us.

Narrow skeins of laser sharp static form coruscating cuffs coursing around
TSHERHTMPPEV6MFFSRWSJFMREV][LMXIPMKLXGIEWIPIWWP][VMXLMRKERHTYPWMRKYT
and down the imagined lengths. As the energy traversing one pillar passes that
traversing another, an arc of incandescent plasma sparks and stabs between
them. Cracking and fracturing and tearing, but never illuminating, the blackness
FIX[IIR8LITSHWGEWXE[IEOJIFVMPITMROMWLKPS[XLEX[ERP]QEVKMREPP]
contests but never defeats the enshrouding darkness.
8LIGSPYQRWEVIEWXLSYKLWYWTIRHIH[MXLMRERIXIVREPERHPMQMXPIWWZSMH
%JEFVMGEXIHERHSSVPIWWERHVSSIWWJSVIWX%KVSXIWUYIWMQYPEGVYQSJ
nature and nurture. A contemptuous sneer at fertility. Sterile, barren shafts
of metal and machines morphing into and out of organic and made forms. A
GSVTSVIEPI\TVIWWMSRSJERMKLXQEVIHMEPIGXMG%TIVZIVXIHTEVSH]SJE8YVMRK
morphogenesis. A fractal forest. A topography machined in mocking homage to
the minds of those who created its makers. A precision machine made hell of
mathematical sequences.

Colin
Williams
7&0

8LI1EXVM\MWFYXSRISJEZEWXGERSRVITVIWIRXMRKERHHITMGXMRK[LEXMW
essentially the same cultural phenomenon; the human fear of human ingenuity
ERHMRZIRXMSR3VTIVLETWQSVIFVSEHP]XLILYQERJIEVSJGLERKI[VSYKLXF]
SYVS[RLERH3VTIVLETWJVSQEWPMKLXP]HMJJIVIRXERKPIXLILYQERJIEVSJPSWW
of control over those instruments of change wrought by our own hand as a
TVSHYGXSJSYVTS[IVWSJGVIEXMSR3VTIVLETWSYVS[RJIEVSJSYVWIPZIW
8LIWIEVIXLIJIEVWVIJIVVIHXSF]-WEEG%WMQSZMRLMWJSVQYPEXMSRSJ[LEXLI
called the Frankenstein complex3VMKMREPP]%WMQSZIRZMWEKIHXLIGSQTPI\
MRWSJEVEWMXSFXEMRIHXSXLIJIEVXLEXLYQERWHMVIGXWTIGMGEPP]XS[EVHWVSFSXW
Here, robots are anthropomorphic representations of the powers of human
ingenuity and physical manifestations of the powers of science and technology.
Hence, his deployment of the reference to Mary Shelleys often referenced, but
somewhat less often read, book. In his early thinking on the subject the essence
of the trope is man creates robot; robot kills man5 . Later, he widened the
scope to include the human fear of computers. For Asimov, the Frankenstein
Complex is a manifestation of a propensity towards the yet wider phenomenon
of what he himself called technophobia. Such technophobia, for Asimov, being
EQERMJIWXEXMSRSJEKIRIVEPFPMRHYRVIEWSRMRKVIWMWXERGIXSGLERKI8LI
author of the four laws of robotics was clear in his position on the subject.
8IGLRSTLSFMEMRKIRIVEPERHJIEVSJVSFSXWMRTEVXMGYPEV[EWEWIVMSYWQEXXIV
FIGEYWIMX[EWPMOIP]XSHSQYGLLEVQXSXLI[SVPHMRKIRIVEP6SFSXWEVI
going to play an inevitable role in advancing technology, and, for Asimov,
technology and robots are both very good things. Asimov was a scientist as
QYGLEWLI[EWEREYXLSVSJWGMIRGIGXMSR

8LIMRRYQIVEFPITMPPEVWSJLIPPSS^IXLIMVGSYRXPIWWTYWXYPSYWTSP]TWEW
scrofulous and scabrous pods; seeds as scabs on the machine. Stems and seeds
attended to by spider like insectoidal robots that scuttle and skitter within
XLIIRHPIWWTMX8LIYRXLMROMRKQMRMSRWSJXLI3XLIV8LIVSFSXEYXSQEXESJ
XLIQEWXIVWSJHEQREXMSR8LIG]FIVWTMHIVWQSZIFIX[IIRXLIXS[IVWERH
amongst the bulbous suppurations with programmed and unthinking purpose.
8LIGSQTVILIRWMSRSJXLIREXYVISJXLIMVXEWOWHIQERHIHF]SYVMRXIPPMKIRGI
yet denied by our humanity.
For, each of the innumerable pods is a cell in a vast energy source furnishing heat
ERHTS[IVXSEGMZMPMWEXMSRSJWIRXMIRXGSRWGMSYWQEGLMRIW8LILIPPSJLYQERMX]
LEWFIGSQIXLIPMJIJSVGISJXLI3XLIV8LIIRXMVIGSRWXVYGXMWEKIRIVEXSV%
TS[IVWXEXMSR)EGLGIPPGSRXEMRWERSVKERMGGSVI8LIYPXMQEXIWSYVGISJXLI
energy upon which an entire world, an entire species, depends, is; humanity. We
are the meat for the machine. We are the damned.

The three1
Laws of
Robotics

Individually and collectively, each human, each cell, is implanted with and
EWWMQMPEXIH[MXLMR8LI1EXVM\%GSQTYXIVGSRWXVYGX%WLEVIHLEPPYGMREXMSR%
world of the mind made real through manipulation by machines of the meat
of humanity. A vast complexity of binary code collectively and simultaneously
experienced as sense data; as reality. A communal and manufactured imagination.
%REVVEXMZI%WXSV]%GSRWXVYGXIHGSRWGMSYWRIWW%REVXMGMEPMRXIPPMKIRGI
Gibsons cyberspace as a collective hallucination.

_ZEROTH LAW
A robot may not harm
humanity, or, by inaction,
allow humanity to come to
harm.

Manifestations of the Frankenstein Complex appear with remarkable consistency;

and latterly with amplifying frequency. Popular culture is replete with them.
*VSQ.SLR'EVTIRXIVWPQ(EVO7XEVZMEXLIPQSJ(IRRMW*IPXLEQ.SRIW
RSZIP'SPSWWYWEW'SPSWWYW8LI*SVFMR4VSNIGXXLVSYKLXLI8IVQMREXSV
JVERGLMWIERHSRXSVITIEXIHMRGEVREXMSRWSJXLIPQERH8:WIVMIWSJ&EXXPIWXEV
Galactica we are presented with the nightmare of a world in which the
computers and the robots become sentient and kill and enslave us. Current
I\TVIWWMSRWSJXLIGSQTPI\MRGPYHIXLI8:WIVMIW6IZSPYXMSR%FMHMRK
depictions of a fear that repel and attract in equal measure.

8LI1EXVM\MWEXSSPSJTS[IVERHHSQMRERGI%RMRWXVYQIRXSJGSRXVSP[LIVIMR
humans are rendered as passive objects by, and to, incomprehensibly complex
QEGLMRIW8LI1EXVM\MWEHMKMXMWIHH]WXSTMEGVIEXIHF]GSQTYXIVWGSRXVSPPIHF]
computers. It is hell.

_FIRST LAW
A robot may not injure a
human being or, through
inaction, allow a human being
to come to harm.

8LIWIQERMJIWXEXMSRWEVILS[IZIVRSXGSRRIHXSXLIGXMSRWSJTSTYPEV
GYPXYVI8LI]EVITVIWIRXEGVSWWXLIWTIGXVYQSJLYQEREJJEMVWERHXLVSYKLSYX
XLILMWXSV]SJLYQERVIEGXMSRWXSXIGLRSPSK]3RGI]SYORS[[LEXXSPSSO
JSV]SY[MPPRH(V*VEROIRWXIMRWTVSKIR]IZIV][LIVI8LI+VIIOQ]XLSJ
Prometheus expresses a primordial form of the complex in relation to the
LYQEREFMPMX]XSLEVRIWWVIMXWIPJ4VSQIXLIYWWXIEPWVIJVSQ3P]QTYWERH
KMJXWMXXSLYQERMX]>IYWTYRMWLIWLMQJSVLMWLYFVMW-RXLILERHWSJLYQERWVI
HIWXVS]WERHOMPPWEWQYGLEWMX[EVQWERHTVSXIGXW5YIIR:MGXSVMESVHIVIHXLI
HVMZIVSJXLIVWXXVEMRYTSR[LMGLWLIVSHIXSXVEZIPEXQYGLPIWWXLERXLIJSVX]
miles an hour of which it was capable lest the force of such unnatural velocity
did her physical harm.

_SECOND LAW
A robot must obey the
orders given to it by human
beings, except where such
SVHIVW[SYPHGSRMGX[MXL
the First Law.

We are the meat for

the machine. We are
the damned.

_THIRD LAW

A robot must protect its own

existence as long as such
TVSXIGXMSRHSIWRSXGSRMGX
with the First or Second Law.




8LITSTYPEVQIHMESJXLI:MGXSVMERHE][IVITPE]MRKXSXLIJIEVXLEXXVEZIP
at such unheard of speeds as technology could now grant would disintegrate
the human form, at precisely the same time as the very same technology was
TVSTIPPMRKXLIZIV]RI[WTVMRXJIIHMRKXLMWJIEVEXNYWXXLSWIWTIIHW&]EREGXSJ
TEVPMEQIRXXLIVWXGEVWXSHVMZISRXLIVSEHWSJ)RKPERH[IVISVHIVIHXSFI
TVIGIHIHF]EQERFIEVMRKEVIHEKXS[EVRSJXLIMQQMRIRXEVVMZEPSJHMVI
danger. Similarly, later humans feared that breaking the sound barrier would
render the pilots body a deconstructed blob of jelly.

Fully autonomous weapons systems, including but not limited to humanoid

VSFSXW[MPPWSSRETTIEVMRXLIEXVIWSJGSRMGX,YQERW[MPPFIOMPPIHERH
QEMQIHEXXLIMVLERHWERHXIRXEGPIW8LIWIVSFSXW[MPPFIEVHMVIGXIHIRIVK]
weapons systems; beams of light and sound that will disintegrate corporeal
FMSPSKMGEPJSVQW8LI][MPPGEVV]SRFSEVHXLVIIHMQIRWMSREPTVMRXIVWERHWSFI
GETEFPISJWIPJLIEPMRK8LI][MPPGSQQYRMGEXIXIPITEXLMGEPP]MRMXMEPP]XLVSYKL
&PYIXSSXLERH;M*M%RHXLMW[MPPFINYWXXLIFIKMRRMRK8LIWIW]WXIQW[MPP
RSXSRP]FILEZIEYXSRSQSYWP]8LI][MPPIZSPZI'SQTYXIVWERHGSQTYXIV
networks will continue to exhibit ever more of the characteristics of sentience,
of consciousness; of life itself.

%XXLIHE[RSJXLIX[IRX]VWXGIRXYV]XLI-RXIVRIXFSVIXLIRI[WSJEXXIQTXW
to take legal injunctions against the operation of the Large Hadron Collider
JSVJIEVXLEXMXWSTIVEXMSR[SYPHGEYWIXLIHIWXVYGXMSRSJXLI)EVXL8LIWEQI
Internet that carries myriad warnings of the unknown and unproven, yet
apparently utterly incontrovertible, dangers of Frankenfoods; and will soon bear
VWXXLIQYVQYVMRKERHXLIRXLIGEGSTLSR]GSRHIQRMRKXLIEFSQMREXMSRSJ
HVMZIVPIWW*VEROIRGEVW8LIWEQI-RXIVRIXXLEXXLVYQWXSXLIJEQMPMEVHMWGSVHERX
beats of the ancient rallying cry that they are taking your jobs; the they are now
GSQTYXIVWERHVSFSXW8LIWEQI-RXIVRIXXLEXRS[[EVRWXLIPIKMSR[LS[MPP
listen of the impending and imminent fall of civilisation as the ineluctable end of
the inevitable Cyber Apocalypse.

Robots will take

human jobs. Until
they choose
not to...

Computers and robots will usurp humans across the spectrum of economic
ERHWSGMEPEGXMZMX]8IGLRSPSK]HMHHMWTPEGIXLILERHPSSQ[IEZIVWXLI
FPEGOWQMXLWERHXLIX]TMWXW6SFSXW[MPPXEOILYQERNSFW9RXMPXLI]GLSSWIRSX
XS8LMWXIGLRSPSK]MWXVERWJSVQEXMZIERHXVERWJSVQEXMSRWHMWVYTX(MWVYTXMSR
MWHMWGSVHERXERHJSVWSQITEMRJYP8LITS[IVSJXLI6SQER'EXLSPMG'LYVGL
never recovered the blow it was dealt by the invention of the movable type
mechanical printing press. Nonetheless, human society as a whole advanced
precisely because it became irreversibly and existentially dependent upon the
printed word.

8LIWEQI-RXIVRIXXLEXWMXWEXXLILIEVXSJXLIG]FIVTLIRSQIRSR8LIWEQI
Internet that has in a few short decades already done more to unleash human
creative potential and transform human society, overwhelmingly for the better,
than any other technology across the span of the millennia of the improvement
of the human condition.

'SQTYXIVFEWIHXIGLRSPSK]LEWIREFPIHXLIVWXS[IVMRKWSJTVMQMXMZI
HIQSGVEG]MRTVIZMSYWP]EYXSGVEXMGWXEXIW8LIWEQIXIGLRSPSK]LEWIREFPIH
undergraduate students to use a three dimensional printer to fabricate a
TVSWXLIXMGLERHJSVEGLMPHJSVEJI[LYRHVIHHSPPEVW8LIWEQIXIGLRSPSK]XLEX
if all goes according to plan, will allow a paralysed teenager wearing a cybernetic
exoskeleton driven telepathically through brain machine interface technology
XSVMWIJVSQXLIMV[LIIPGLEMVERHOMGOXLIVWXFEPPSJXLI*-*%;SVPH'YT
MR&VE^MP8LIWEQIXIGLRSPSK]XLEXLEWIREFPIHXLIQETTMRKSJXLILYQER
KIRSQITVSNIGXERHXLI0EVKI,EHVSR'SPPMHIV8LIWEQIXIGLRSPSK]XLEXQEOIW
it possible for us to even imagine our civilisation existing beyond the exhaustion
SJJSWWMPJYIPW8LMWXIGLRSPSK]LEWGVIEXIHNSFWERH[IEPXL-XMWVIJSVQMRKWSGMIX]
humans, even the nature of our humanity itself. And, it has enabled human
creativity and potential so far and so fast that throughout the historic heartlands
of western capitalism future shock has become a psycho-cultural pandemic.

It is deceptively easy to dismiss these fears as those of the feeble or simple

QMRHIH8SFVERHXLIQEWIZMHIRGISJHIGMIRG]SJMRXIPPIGXSV[IEORIWWSJ
character. An easy illusion to imagine the Frankenstein Complex comforting the
modern Luddites as they build their bunkers of the mind. Into which they retreat
to endure the pain and dissonance of future shock. An easy and, perhaps alluring,
illusion though this may be. It is, nonetheless, an illusion. And a dangerous one.
8LIJIEVWI\TVIWWIHXLVSYKLXLIEFMHMRKERHEQTPMJ]MRKQERMJIWXEXMSRWSJXLI
*VEROIRWXIMR'SQTPI\EVIVIEPMRIZIV]WIRWI8LI]EVIVIEPMRXLIWIRWIXLEX
they form part of the actuality of the matrix of the human condition. Emotion
may sit uncomfortably with a post Enlightenment sensibility as a driver of human
behaviour, yet this does not alter the fact that it is; and at every level and in every
sphere. From declarations of war to declarations of love, human emotions play
ETEVX8LIJIEVWSJXLI*VEROIRWXIMR'SQTPI\EVIEPWSVIEPMRXLIWIRWIXLEX
they represent to us visions of that which we all know is possible. Warnings from
ourselves to ourselves upon which our survival compels us to act.

Fear in the face of this onslaught of dissonance and disruption and

transformation is not merely inevitable. It is desirable and necessary. Humans are
story tellers. We build narratives as a core element of our very humanity. We are
driven to attempt to make sense of ourselves, of others, of the world around us.
Compelled to discern and establish and impose patterns and structures. Forced
to use our capacity to imagine, to create as though real that which does not
exist in the world as is. Forced to give our worst and deepest fears form in the
matrix of the cultural expressions of our collective negotiated consciousness.
8LI*VEROIRWXIMR'SQTPI\MWEREVVEXMZI%WXSV][IEVIXIPPMRKSYVWIPZIWSJXLEX
which could be. A warning. Upon which we must act. Fear is a precondition to
surviving danger when it spurs action; it is the cause of catastrophe when it is
allowed to induce paralysis.

8S[EXGL8LI1EXVM\MWXSI\TIVMIRGIEREVXIJEGXSJTVIGMWIP]XLIOMRHSJ
creative cultural osmosis relied upon by William Gibson8LMWGVIEXMZISWQSWMW
occurs in a cultural, human, social, solution. A matrix of memes, and neurons, and
thoughts. Endlessly being formed and reformed into ever morphing patterns of
ITLIQIVEPERHGSRXMRKIRXREVVEXMZIMRXIVEGXMSRW8LIJIEVWSJXLI*VEROIRWXIMR
'SQTPI\EVIHVE[RJVSQERHI\TVIWWIH[MXLMRXLMWQEXVM\8LMWQEXVM\MW
infused, if not super saturated, with the narratives of killer robots. Present, in
lesser solution, but only for the moment, are the narratives of the computers, the
robots, becoming life. Alongside the UN Convention on Certain Conventional
;IETSRWMR1E]X[SIQMRIRXEGEHIQMGW[MPPGSRHYGXERMRJSVQEPHIFEXI
LSWXIHF]XLI'EQTEMKRXS7XST/MPPIV6SFSXWERHGLEMVIHF]EWIRMSV*VIRGL
HMTPSQEXEFSYXJYPP]EYXSRSQSYWERH[IETSRMWIHVSFSXW6SFSXWEVIQIVIP]
means through which computers acquire locomotion, sense data, opposable
digits, telepathy, language formation and social forms. And, thus, the matrix of
consciousness.

Neither the reality nor the validity of the fears of the Frankenstein Complex are
WYJGMIRXXSEPPS[XLIREVVEXMZIXSTVSTEKEXIYRGLEPPIRKIH8LIREVVEXMZISJJIEV
must not be allowed to disseminate without contest. Narratives, stories, are both
WYFNIGXWERHSFNIGXWSJGVIEXMSR8LIREVVEXMZIQEXVM\MWFSXLGEYWIERHIJJIGXSJ
XLIEGXYEPMX]SJXLI[SVPHEWMXMW%VXMQMXEXIWPMJIERHPMJIMQMXEXIWEVX8SGLERKI
the world, we must change our narratives. In order to prevent an expression of a
real fear and an imagined future becoming a reality, we must generate a counter
REVVEXMZI3RIMR[LMGLLYQEREKIRG]MWTEVEQSYRX*VEROIRWXIMRWGVIEXMSR
became monster and destroyer because of the way it was treated, not because
of the way it was made. We must not allow ourselves to make our own stories
come true.
8LI7MRKYPEVMX]MWVIEP-X[MPPLETTIR8LIVYPIWSJXLI[SVPH[MPPGLERKI,YQERW
will change. Society will change. As they all have before. Witness the Agrarian
6IZSPYXMSRXLI)RPMKLXIRQIRXERHXLI-RHYWXVMEP6IZSPYXMSR6SFSXWGSQTYXIVW
with the capacity to move and sense and act socially, will attain whatever
HIRMXMSRWSJMRXIPPMKIRGIWIRXMIRGIERHGSRWGMSYWRIWW]SYGLSSWIXSJEZSYV
Perhaps the ultimate danger of the Frankenstein Complex is that it presents
as inevitable that which is merely possible and thus invites the negation of the
IJGEG]SJLYQEREKIRG].YWXEW[IQERYJEGXYVIHXLIJEFVMGSJ8LI7MRKYPEVMX]
so we can manage our role within it. If we choose too.

Fully autonomous weapons

systems, including but not
limited to humanoid robots,
will soon appear in theatres
SJGSRMGX,YQERW[MPPFI
killed and maimed at their
hands, and tentacles.




Human society must transform if it is to survive. Closed systems atrophy and,

IZIRXYEPP]HIGE]XSHIEXL:MEFPIW]WXIQWEVIZMXEPW]WXIQW8LI]WIRWIERHEGXSR
JIIHFEGO8LI]GLERKIXLIMVWXEXIIRHPIWWP](MWVYTXMSRERHHMWWSRERGIEVIXLI
TVMGISJXVERWJSVQEXMSRERHWSSJWYVZMZEP8LMWMWSRISJXLIJYRHEQIRXEPMRWMKLXW
EXXLILIEVXSJXLI[SVOSJ2SVFIVX;MIRIV-RVWX']FIVRIXMGWSJ'SRXVSP
ERH'SQQYRMGEXMSRMRXLI%RMQEPERHXLI1EGLMRI ERHXLIRMR8LI
,YQER9WISJ,YQER&IMRKW ;IMRIVHIZIPSTWXLIXLMROMRKXLEXMRNYWX
about every sense, has given us the contemporary cyber phenomenon.

Art imitates life and

life imitates art.
8SGLERKIXLI
world, we must
change our
narratives

;MIRIVLEHEHMVIGXMRYIRGISRXLIXLMROMRKSJSRI.'0MGOPMHIV8LIWEQI
0MGOPMHIV[LS[IRXSRXSLIEHYTXLI&ILEZMSYVEP7GMIRGIWERH'SQQERHERH
'SRXVSP4VSKVEQQIWJSVXLI97(IJIRGI%HZERGIH6IWIEVGL4VSNIGXW%KIRG]
%64% 8LIWEQI0MGOPMHIV[LSMRXLIW[VSXIEFSYX[LEXLIGEPPIHXLI
man-machine symbiosis, and about computers as communications devices,
and about computers connected together in to a Galactic Network wherein
humans could interact socially and information could be stored and accessed
JVSQER]RSHISJXLIRIX[SVO8LIWEQI0MGOPMHIV[LSPIHXLIEGXMZMX]XLEX[EW
XSTVSHYGIXLI%64%2)8XLITVMQSKIRMXSVSJXLI-RXIVRIX
-RSVHIVXSHMWTIPJIEVMXMWRIGIWWEV]EPXLSYKLF]RSQIERWWYJGMIRXXSEGUYMVI
ORS[PIHKI/RS[PIHKISJSVMKMRWFIMRKSJTEVXMGYPEVMQTSVXERGI8SYRHIVWXERH
our cyber world, to acquire the knowledge of the origins of cyber itself, to
IZIRFIKMRXSGSQTVILIRH8LI7MRKYPEVMX]ERHFIJSVI[IHIZIPSTXLIGSYRXIV
narratives to the Frankenstein Complex, we must turn to and rediscover the
frame of the matrix that Wiener laid out. Wiener coined the term cybernetics
as the name of a new multi-disciplinary science devoted to the study of complex
systems in which humans and machines operated as equally instrumental agents.
3VMRLMW[SVHWXLIWXYH]SJRSRPMRIEVWXVYGXYVIWERHW]WXIQW[LIXLIVIPIGXVMG
SVQIGLERMGEP[LIXLIVREXYVEPSVEVXMGMEPLEWRIIHIHEJVIWLERHMRHITIRHIRX
point of commencement.
For Wiener a cyber system is precisely one in which the meat and the machine
interact within the system with no distinction insofar as the fact of their agency
is concerned. More, a cyber system is one wherein the distinctions between the
organic and the inorganic modalities of operation becomes ever less meaningful.
Cyber is real. And different. And inexorable. For those who imagine cyber to
be simply a new way of describing the Internet, or perhaps a shorthand for
XLI-RXIVRIXSJ8LMRKWSVQE]FIXLIFIPEXIHI\XIRWMSRSJXLIWGSTISJSYV
understanding of computer networks to industrial control systems; their matrix is
about to deconstruct.
']FIVMWXLIHSQMRERXJSVQEXMZIERHHIRMXMSREPGSRXI\XJSVXLIRI\XTLEWI
of the development of our society, for the evolution of humanity. And, for
XLIIZSPYXMSRSJXLIRI[PMJIJSVQWSJ8LI7MRKYPEVMX]7SSR[I[MPPWLEVIXLMW
TPERIX[MXL3XLIVGSRWGMSYWRIWW']FIVMWEFSYXYXXIVP]RI[ERHTVIZMSYWP]
unimaginable intermingling between the real and the virtual, the imagined and
the actual, the meat and the machine. Cyber will give us the question of how
QYGLQIEXQYWXXLIVIFIMREQEGLMRIJSVXLIIRXMX]XSFILYQER3VLS[
QYGLQEGLMRIQYWXXLIVIFIMRXLIQIEXJSVXLIIRXMX]XSFIEVSFSX8LVII
dimensional printers are replicating humans. We are on the verge of sharing a
new world with new life. We need better narratives. We need to read Wiener.

References

Its deliberate!

6IJIVIRGIWXS8LI1EXVM\EVIXSXLIPQ8LSWIXS8LI1EXVM\EVIXSXLIREVVEXMZI 
 GSRWXVYGX[MXLMRXLIPQ8LIQIERMRKWERHWMKRMGERGIWSJER]SXLIVVIJIVIRGIWXSER] 
 SXLIVQEXVM\SVQEXVMGIWEVIYTXS]SYXSKYVISYX8EOIXLIFPYITMPPSVXLIVIHTMPP
 8LIGLSMGIMWTVSFEFP] ]SYVW
3
An abyss deeper even than the pits of Hades. A prison of ceaseless torture worse even than
hell.

It was Asimovs custom to enclose references to the phenomenon in quotation marks.
5
Asimov develops and extends his thinking around the Frankenstein complex in his
 MRXVSHYGXMSRXS1EGLMRIW8LEX8LMRO8LIERXLSPSK]SJWGMIRGIGXMSRWLSVX

stories he edited with Patricia Warwick and Martin Greenberg. All of the quotes from
 %WMQSZEVIXEOIRJVSQLMWMRXVSHYGXMSRXSXLI4IRKYMRIHMXMSRSJXLMWERXLSPSK]

%WMQSZWYFWIUYIRXP]EHHIHXLI^IVSXLPE[XSXLISVMKMREP8LVII0E[WSJ6SFSXMGW8LI 
zeroth expands and precedes the First Law thus: A robot may not harm humanity, or, by
inaction, allow humanity to come to harm.

%TSGV]TLEPSVRSXXLMW[MHIP]VITSVXIHXEPIGETXYVIWERMQTSVXERXIPIQIRXSJXLI:MGXSVMER
zeitgeist just as it illustrates the abiding power of the narrative of the Frankenstein Complex.

LXXT[[[[MPPMEQKMFWSRFSSOWGSQEVGLMZICCCEVGLMZIEWT6IXVMIZIH
 XL1E]

http://virtualreality.duke.edu/project/walk-again-project/

Norbert Wiener, Cybernetics: of Control and Communication in the Animal and the
 1EGLMRI7IGSRH)HMXMSR1-84VIWWTZMMM

For a more detailed treatment of the connections between Wiener, Campbell and Asimov,
 WII4EXVMGME7;EVVMGO8LI']FIVRIXMG-QEKMREXMSRMR7GMIRGI*MGXMSRTEVXMGYPEVP]GLETXIV

%RHF][E]SJEREPSYVMWLE&YVOMER.EQIWRSX)HQYRH GSRRIGXMSR

.SLR;'EQTFIPPFIGEQIIHMXSVSJ%WXSYRHMRK7GMIRGI*MGXMSRMR-WEEG
Asimov published much of his work about robots in Astounding and the two
men worked closely together for many years. Asimov freely acknowledged the
importance of Campbell to the development of his thinking. Campbell was a
WXYHIRXEX1-8[LIVI2SVFIVX;MIRIV[EWSRISJLMWXIEGLIVW;MIRIV[VSXI
WGMIRGIGXMSREPWS;MIRIV[EWZIV]MRXIVIWXIHMRVSFSXW. We need to read
;MIRIV;IRIIHXSVITYFPMWLERHVIEH;MIRIVWWGMIRGIGXMSR
-J[IEVIXSIZEHIXLITSHWIWGETI8LI1EXVM\IPYHI8EVXEVYWIZIRWYVZMZI8LI
Singularity. We need better narratives. We need to re-programme our future. We
RIIHFIXXIVWGMIRGIGXMSR



ADVERTORIAL

From an individual perspective, while

94% OF PEOPLE

believe it is their personal responsibility to ensure

a safe internet experience, research highlights:

ONLY 44%
always install internet security
software on new equipment

ONLY 37%

download updates and patches for

personal computers when prompted
falling even further to a

FIFTH (21%)
for smartphones and mobile devices

O
T
N
G
I
A
P
A CAM ERY DAY
MAKE EV EHAVIOUR
ONLINE B
SAFER
,HYSPLY[OPZ`LHY;OL/VTL6JLPUJVUQ\UJ[PVU
with the Department of Business, Innovation and
:RPSSZ)0:HUK[OL*HIPUL[6JLSH\UJOLK[OL
*`ILY:[YLL[^PZLPUP[PH[P]L
The awareness campaign, aiming to change the way SMEs and consumers view
online safety, focused on how safety precautions in the real world have similar
YLSL]HUJLPU[OL]PY[\HS^VYSK
Cyber Streetwise is funded by the Governments National Cyber Security
Programme, with a number of private sector partners also provided support
and investment, including Sophos, Facebook, RBS Group, and Financial Fraud
(J[PVU<2

BUILDING AN OVERVIEW OF THE CHALLENGE

Findings from the governments National Cyber Security Tracker provided an
overview to key online behaviour including:
Approximately half of SMEs
 YLN\SHYS`TVUP[VY[OLPY0;Z`Z[LTZMVYIYLHJOLZ
 YLZ[YPJ[HJJLZZ[V[OLPY0;UL[^VYRZ
 YLN\SHYS`\ZLJVTWSL_HJJLZZWHZZ^VYKZ
 YLN\SHYS`KV^USVHK[OLSH[LZ[ZVM[^HYL\WKH[LZ
 JVU[YVS[OL\ZLVM<:)Z[VYHNLKL]PJLZ

LESS THAN A
THIRD (30%)
habitually use complex passwords to
protect online accounts

57%

do not always check websites are

secure before making a purchase

UNDERSTANDING ONLINE BEHAVIOUR

Commenting on why half the population arent
taking the simple steps to protect themselves
online, Monica Whitty, Professor of Contemporary
Media from the University of Leicester says that the
internet has evolved so quickly and so dramatically
over the past few years that many are playing
JH[JO\W[VZVTLL_[LU[OH]PUN[VHKHW[HUKSLHYU
Computing experts originally designed the net
[VTV]LPUMVYTH[PVUHYV\UKMYLLS`ZOLL_WSHPUZ
Consequently, its a platform thats still evolving to
[[OLZVJPHSW\YWVZLZP[ZUV^ILPUN\ZLKMVY>LYL
Z[PSSUKPUNV\[OV^[VHKK[OLO\THULSLTLU[[V
the internet and there are basic issues arising, such
as privacy online that simply werent anticipated
VYPNPUHSS`
As we migrate to multiple mobile devices, its getting
harder and harder for us to keep track of cyber
ZLJ\YP[`>LULLKHTVYLNLULYHSH^HYLULZZZH`Z
>OP[[`

MULTIPLE DEVICES
>OPSLTHU`VM\ZOH]LHU[P]PY\ZHUKYL^HSSZLJ\YP[`ZVM[^HYL
installed on our personal computers at home, our mobile internetenabled devices such as phones and laptops are often
ULNSLJ[LKPUJVTWHYPZVU7Z`JOVSVNPJHSS`HWOVULMLLSZSPRLH]LY`
personal device we put covers on them and have our photos on
[OLZJYLLU0[MLLSZSPRLHUL_[LUZPVUVMV\YZLS]LZI\[P[ZHJ[\HSS`H
WVY[HS[VHW\ISPJYLHSTHKKZ>OP[[`
0[ZUV[Q\Z[WLYZVUHSPZLKNHKNL[Z[OH[JHUNP]LHMHSZLZLUZLVM
security online its partly down to where and how we log online,
[VV3V[ZVM\ZMLLS]LY`YLSH_LKHUKJVTMVY[HISLVUSPULILJH\ZL
were using the internet at ease, in our own homes, reveals Jacky
7HYZVUZ+PYLJ[VYVMPUZPNO[HNLUJ`:LUZL>VYSK^PKL
Any mobile internet-enabled device such as a tablet or laptop
NP]LZKPYLJ[HJJLZZ[V[OLV\[ZPKL^VYSKI\[P[KVLZU[MLLSSPRL[OH[
Unlike walking down a dark alley in an unfamiliar neighbourhood late
at night when were totally on our guard, when were online at home,
^LKVU[HKVW[[OLZHTLZVY[VM^HYPULZZ>LYLPUV\YJVTMVY[
aVULZV^LYLT\JOTVYLSPRLS`[V[HRLYPZRZVUSPUL

KEEPING UP-TO-DATE
Simple steps such as updating software when prompted can make
HO\NLKPLYLUJL[VV\YVUSPULZLJ\YP[`I\[7HYZVUZILSPL]LZ[OH[
[OLSHUN\HNL\ZLKI`[LJOUVSVN`KL]LSVWLYZPZU[HS^H`ZOLSWM\S
6ULVM[OLRL`UKPUNZMYVTV\YYLZLHYJOPZ[OH[[OLSHUN\HNL
about and on the internet is all about speed and convenience; the
messages are about easy access to whatever you want to do online,
such as accessing entertainment, shopping, communicating and
ZOHYPUN^P[OMYPLUKZ^LJHYY`[OH[^P[O\Z
Parsons points out that alerts instructing users to update software
can seem frustrating: Some see it as a massive inconvenience
[OH[ZNVPUN[VZSV^\ZKV^U0[TPNO[Q\Z[[HRLHML^TPU\[LZI\[PU
V\YMHZ[WHJLKKPNP[HSSPML[OH[MLLSZSPRL[VVSVUN[V^HP[ZOLZH`Z

REDUCING THE RISKS

;OL^LIZP[L^^^J`ILYZ[YLL[^PZLJVTHKKYLZZLZZVTLVM[OLZL
PZZ\LZHUKUKPUNZHUKOVZ[ZHYHUNLVMPU[LYHJ[P]LYLZV\YJLZMVY
:4,SLHKLYZHUKZ[H[VNHPUPTWHY[PHSN\PKHUJLVUWYV[LJ[PUN[OLPY
businesses online including an online health-checker to assess
J`ILYZLJ\YP[`RUV^SLKNL
Digestible advice is also provided on how best the public can
protect themselves while shopping, banking and socialising online in
VYKLY[VH]VPKMHSSPUN]PJ[PT[VJYPTL
Content will be updated on a regular basis, providing the public and
businesses with the latest information, resources and advice on how
[VWYV[LJ[[OLTZLS]LZVUSPUL

Visit www.cyberstreetwise.com
Cyber Streetwise can be found on Facebook,Twitter and YouTube:
www.facebook.com/cyberstreetwise
@cyberstreetwise
www.youtube.com/user/becyberstreetwise/videos
Join the conversation on #BeCyberStreetwise





Helping vunerable
children and
teenagers
Our motoring events dont
require a special vehicle or
advanced driving skills...
Only a sense of humour and an
adventurous spirit are needed
to enjoy the fun!

Together we can give

vulnerable children
a brighter future
Join us, or sponsor
the event!

CyberTalk #6
THE SCI-FI ISSUE

The Editorial Board of CyberTalk magazine are

currently inviting the submission of articles for
Cybertalk #6 The Sci-Fi Issue
Articles should be no longer than 2,000 words and be related in some way to the topic
VM:JPLUJL-PJ[PVUHUKVY*`ILY:LJ\YP[`0M`V\^V\SKSPRL[VJVU[YPI\[LWSLHZLLTHPS
*`ILY;HSR'ZVM[IV_JV\R^P[OH[P[SLHUKZOVY[HY[PJSLZ`UVWZPZUVSH[LY[OHU1\S`

Articles will be due for submission no later than

30th July 2014 for publication September 2014.
Find out more and read past issues online for free at:
www.softbox.co.uk/cybertalk

Supported By

To enter a team, sponsor the rally, or make a donation

www.whitehatrally.org
+44 700 596 4779



In a time of Universal Deceit telling

the truth will become a revolutionary act
George Orwell 1984
3RXL.YRIXLI+YEVHMERRI[WTETIVTSWXIHSRPMRIEZMHIS
interview which would become the most explosive news story
of the year, and, potentially, the decade. In it, Edward Snowden,
at this point still an employee of the NSA, revealed that many
of the worlds governments were not only spying on foreign
XEVKIXWFYXSRXLIMVS[RGMXM^IRWEW[IPP8LIZMHIS[EWTMGOIH
YTF]IZIV]QENSVRI[WRIX[SVOERHEWXLIWXSV]PXIVIH
XLVSYKLSRXLIIZIRMRKRI[WXLI9/WZMI[MRKTSTYPEXMSR
KEWTIHFIJSVITVSQTXP]W[MXGLMRKSZIVXSXLI3RI7LS[
3RI]IEVSRERHJSVXLIQERSRXLIWXVIIX7RS[HIRWPIEOW
remain about as shocking to the public as the news that
night follows day of course the government are spying on
us, of course were being watched. Quite frankly, it would
have been a bigger revelation if Snowden had proved our
every move wasnt being monitored. In a world where
QSVIXLERFMPPMSRTISTPIVIGSVHXLIMVHEMP]EGXMZMXMIW
and eating habits on Facebook, is there really such a
thing as online privacy anymore anyway?
6IGIRXP]XLI+YEVHMERGPEMQIHXLEXETYFPMGSTMRMSR
TSPPJSYRHXLEXQSVI&VMXSRWXLSYKLXMX[EWVMKLX
for them to publish the leaks than thought it was
wrong. According to the YouGov poll from which the
WXEXIQIRXW[IVIXEOIRQSVIXLEREXLMVH SJ
XLI&VMXMWLTISTPIXLSYKLXMX[EWVMKLXXSTYFPMWL
8LIXVMYQTLERXREXYVISJXLITETIVWLIEHPMRIW
HMHPMXXPIXSGSZIVXLIJEGXXLEX IMXLIVXLSYKLX
that the Guardian were wrong or, even more
damningly, simply did not care either way.

Andy Cook
7&0

8LISYXVEKISVVEXLIVPEGOSJWYVVSYRHMRKXLI
7RS[HIRPIEOWMRXLI9/MWYRWYVTVMWMRK8LIVI
are, we presume, debates raging behind closed
doors in Whitehall, Cheltenham et al. but in
pubs and coffee shops across the country
]SYVIYRPMOIP]XSRHSTIRHMWGYWWMSRSJXLI
latest regarding the misuse of metadata and
algorithms. Especially not when Cheryl and
Simon have come back to the X Factor.
So why did Snowden bother? He gave up
LMWLSQIMR,E[EMMLMWOE]IEVNSF
ERHRS[PMZIWMRIJJIGXMZII\MPIMR6YWWME
constantly looking over his shoulder for
fear of reprisal from the country of
his birth. Upon revealing his identity
7RS[HIRWXEXIH-Q[MPPMRKXSWEGVMGI
all of that because I cant in good
conscience allow the US government
to destroy privacy, internet freedom
and basic liberties for people
around the world with this massive
surveillance machine theyre secretly
building. If true, it is a noble cause
but there are many who believe
that his motives were less than
altruistic.
In a letter to German politician
Hans-Christian Strbele,
he describes his decision
XSHMWGPSWIGPEWWMIH97
government information as
a moral duty, claiming as
a result of reporting these
concerns, I have faced
a severe and sustained
campaign of prosecution
that forced me from my
JEQMP]ERHLSQI8LMWQE]





well be true, yet it is no more than Snowden originally expected.

In his initial interview with Laura Poitras and Glenn Greenwald he
categorically stated I dont expect to go home. acknowledging a
clear awareness that hed broken U.S. law, but that doing so was
an act of conscience.
.YWXEJI[WLSVXQSRXLWPEXIVLS[IZIVMRLMWPIXXIVXS7XV}IFPI
Snowden positions himself as a man being framed for crimes he
HMHRXGSQQMX-REQSZIWXVERKIP]VIQMRMWGIRXSJXLIPQ)RIQ]
of the State, he refers to his leaks as a public service and an
act of political expression and contends that my government
continues to treat dissent as defection, and seeks to criminalise
political speech with felony charges that provide no defence.
Again, noble sentiment, but this is not Hollywood and Snowden is
not Gene Hackman. He overlooks the fact that it was he himself
[LSGLSWIXSIIVEXLIVXLERJEGIGLEVKIW8LEXLIWYFWIUYIRXP]
decided to criticise the fairness of the US legal system whilst safely
ensconced inside a country whose human rights record is hazy at
best, merely adds salt to the wound.
3ZIVXLITEWX]IEV7RS[HIRLEWFIIRUYMGOXSGETMXEPMWISRLMW
new found notoriety. His appearances on mainstream outlets
ERHIZIRXWLEZIMRGVIEWIHEPFIMXZMEWEXIPPMXIPMRO TYFPMGWTIEOMRK
engagements in his adopted home have become more frequent
and he was even able to deliver the alternative Christmas address
JSV'LERRIPMR,SPP][SSHQSZMIWSJLMWWXSV]EVIRS[
in the pipeline and, most recently, Poitras and Greenwald were
awarded a Pulitzer Prize for their work.
Alongside this, Snowdens narcissism also appears to have grown. If
he was truly acting in the public interest rather than his own then
there should be no need for him to reveal his identity, it would
not matter who had leaked the information, only that they did.
Similarly, once his identity was revealed he should have no reason
XSII,I[SYPHJEGIXLIGLEVKIWERHXEOILMWTYRMWLQIRX
secure in the knowledge that he was making a small personal
WEGVMGIXSWIGYVIXLI[IPPFIMRKSJXLI[SVPH
It is, however, not surprising that Snowden has ended up in
Moscow. Seemingly, the former Soviet Union is the only country
XSLEZIFIRIXXIHJVSQXLIEJJEMV;IWXIVRWIGYVMX]VIPEXMSRWLMTW
have been weakened, public trust is crumbling and its intelligence
EKIRGMIWLEZIFIIRGVMTTPIH%PPXLI[LMPI6YWWMELEWWXVIRKXLIRIH
Its Anschluss of Crimea from the Ukraine has more than a faint
echo of history. If, as seems likely, former Cold War tensions are
beginning to refreeze then it is beyond absurd to think that we
WLSYPHFIKMRLEQTIVMRKSYVS[RMRXIPPMKIRGI8LIVIGERFIRS
doubt that our foes and rivals, be they terrorist organisations or
nation states, are watching our every move. Ungoverned by our
self-imposed sanctions, they are able to glean as much information
EFSYXSYVPMZIWEWXLI]HIIQXWS[IQYWXHSXLIWEQI
Personally, I dont care if the government knows where in the
[SVPH-XSSOETLSXSKVETLSVXLEX-KIXIQEMPWEHE]JVSQ
Groupon offering me half price canvas prints, or that I phone my
mother once a week and instantly regret it. In fact, if they want to
PMWXIRMRSRXLEXGEPPMXWRIF]QI)ZIRFIXXIVXLI]GERWTIEOXS
LIVXLIQWIPZIW-KYEVERXIIXLI]PPKIXFSVIHSJRHMRKSYXEFSYX
1VW.SLRWSRWKVERHHEYKLXIVWKVIEXRMIGIWRI[TYTT]ERHLERK
up hours before she does.
8LIHIFEXI7RS[HIRLEWSTIRIHMWERMQTSVXERXSRI-EKVII
that it is necessary to discuss just how meta-data is stored and
used by government departments and companies, and to ensure
that it is safely stored and doesnt fall into the wrong hands.
However, it is not so vital that we should compromise our own
security and diplomacy.
In todays world, nothing is.

ADVANCED EVASION TECHNIQUES

REQUIRE AN ADVANCED FIREWALL.

REST EASY WITH

THE NEXT GENERATION.

McAfee Next Generation Firewall changes how network security is delivered.
Tired of incomplete and complicated management? Overloaded with chaotic
deployments? Confused with solutions inconsistency? Suspicious about real life security
features? 


Protect yourself against AETs


[
[[[
[


Advanced Evasion Prevention




Centralized Management




High Availability

[


nied oftware Core





Contact us today and see how the McAfee Next Generation Firewall protects you
against  illion AETs and oers the highest level of security protection.

Tel: 

Email: k

Web: 

WHO
WANTS

STOVEPIPES?
-8-7%*%'892-:)67%00=
%'/23;0)(+)(8,%8

stovepipes

3*'31192-8-)73*-28)6)78
%6)7)0(31-28,)49&0-'
+33(=)8783:)4-4)7%6)
:)6=19',%6)%0-8=
;-8,-28,)'=&)6(31%-2
-ER&V]ERX
8IGLRMGEP(MVIGXSV
SJXLI9/
8VYWX[SVXL]
Software Initiative
87- 

33

For the context of this article I use the term stovepipe to represent communities of
interest that have erected barriers between themselves and the rest of their domain.
-XMWTIVLETWMRXIVIWXMRKXSVIIGXXLEXXLIXIVQWXSZITMTIMWMXWIPJEJSVQSJFEVVMIVMR
that depending on the readers perspective it will conjure up visions of either the literal
stovepipe from a fossil fuel combustion device or one of two different fashion trends
EWX]PISJLEXMRXLIXLGIRXYV]EWX]PISJXVSYWIVWMRXLIXLGIRXYV] 
%REPXIVREXMZIXIVQYWIHXSHITMGXWYGLWIPJHIRIHGSQQYRMX]FEVVMIVW[SYPHFIWMPS
which again illustrates the potential for situation of appreciation by terminology, for in
addition to this organisational context, it may also be taken to mean somewhere that grain
MWWXSVIHXLIPMOIP]VWXXLSYKLXJSVXLSWIIRKEKIHMREKVMGYPXYVI SVWSQI[LIVIEQMWWMPI
MWTVSXIGXIHTVMSVXSPEYRGLXLIPMOIP]VWXXLSYKLXSJXLSWISJEQMPMXEV]TIVWYEWMSR 

So what are the factors that lead to such stovepipes arising?

A consequence of this innate segmentation is that an issue affecting only

a particular branch will typically be regarded as of little relevance to other
FVERGLIWYRPIWWMXTVSTEKEXIWJYVXLIVYTXLIXVIIERMWWYIWTIGMGWXSZITMTILEW
thus been formed.

=IX[IRHQER]WXSZITMTIW[MXLMRXLMWHSQEMR[LIVIHIWTMXI
obvious similarities the communities of interest insist on regarding
XLIQWIPZIWEWFIMRKHMWXMRGXJSVMRWXERGIFYWMRIWW-8GSQTEVIHXS
GSRWYQIV-8

In addition to the human behavioural pattern of clustering leading to stovepipes,

the tendency to group tends to be self-perpetuating, due in part to what
economists refer to as Perverse Incentives unintended and undesirable results
contrary to the interests of other relevant stakeholders. For stovepipes, such
4IVZIVWI-RGIRXMZIWMRGPYHI8LI)W

8LIQSWXGLEPPIRKMRKSJXLIWIWIXWSJWXSZITMTIWMWXLIWIIQMRKP]
MQTIVQIEFPIFEVVMIVFIX[IIR-8ERH38
8LIXIVQ-8MWVIPEXMZIP][IPPEGGITXIHIZIRMJMXWIPJTVSRI
XSWXSZITMTIWEWQIRXMSRIHTVIZMSYWP][LIVIEW38MWER
emergent term standing for
3TIVEXMSREP8IGLRSPSK]E
superset of another set
of stovepipes, such as
-'7-RHYWXVMEP
'SRXVSP7]WXIQW 





)QTMVIW
)\GPYWMSR
)\XIVREPMXMIW

,MWXSVMGEPP]LYQERWSGMIXMIWLEZIHIGSQTSWIHMRXS[LEXEVIORS[REW'MVGPIWSJ8VYWX
with the smaller the circle, the greater the degree of trust, with this pattern of behaviour
tracing back over the millennia.

Empires are used to describe groups aligned to participants interests, and

once these start to form, what psychologists refer to as the Hive process of
participants brains will assign ever-increasing importance to the Empire and its
QIQFIVWEWSTTSWIHXS3XLIVW

These are Circles

of Trust typically
represented as tree, as
shown in Figure 1.

Within such Empires, dominant personalities will then emerge, whose status is
dependent on the continuation of the Empire: these individuals in particular are
therefore particularly disinclined to breaking down Stovepipes.
Exclusion refers to the implication from the formation of Empires aligned to
TEVXMGMTERXWMRXIVIWXWXLEXXLIMRZIVWIQEXXIVWRSX[MXLMRTEVXMGMTERXWMRXIVIWXW 
[MPPEPWSI\MWX3RGIWYGLEZMI[WXEVXWXSJSVQXLI)QTMVIFIGSQIWJSGYWIHSR
MXWS[RMRXIVIWXWERH[MPPWIIOXSI\GPYHI3XLIVWMRXIVIWXW

HUMANITY

8LMWPIEHWXSXLITIVGITXMSRXLEXMXMWTPEYWMFP]HIRMEFPIXSLEZIER]
VIWTSRWMFMPMXMIWJSV3XLIVWGSRGIVRWERHERMRXVMRWMGHMWMRGIRXMZIXSFVIEOMRK
down Stovepipes is to avoid having to accept such responsibilities.
8LI)GSRSQMWXWGSRGITXSJ)\XIVREPMXMIWVIPEXIWXSXLMRKWXLEXEVISJGSRGIVRXS
3XLIVWRSXXLI)QTMVIJSV[LMGLX[SGSRGITXWEVIMQTSVXERXXSYRHIVWXERH

COALITION
OF NATIONS




6MZEPVSYWKSSHW[LMGLGERFIGSRWYQIHF]SRP]SRITIVWSREXXLI 
same time
)\GPYHEFPIKSSHWJSVXLSWI[LSLEZIRSXTEMHJSVGSRWYQTXMSRERH[LMGL
can reasonably have access prevented

8LMWPIEHWXSXLIQSHIPSJ+SSHWERH7IVZMGIWEWPEMHHS[RMR8EFPI

NATION

Excludable

Non-Excludable

Rivalrious

Private Goods

Common Goods

NonRivalrious

Club Goods
2EXYVEP1SRSTSP]

Public Goods
Table 1

If we consider the Cyber domain, it can be shown to consist of two Rational

but disjoint Markets:



CLASS
/ TRIBE






/RS[PIHKI1EVOIX
/RS[PIHKIMW2SR6MZEPVSYW'PYF+SSH ERH_MRERMHIEPMWIH[SVPHEX
least, for Corpus community like Academia} Non-Excludable
4YFPMG+SSH
4VSHYGXWERH7IVZMGIW1EVOIX
8]TMGEPP]6MZEPVSYWERH)\GPYHEFPI4VMZEXI+SSHW
%R]PEGOSJYTXEOISJ+SSH4VEGXMGI/RS[PIHKI F]7YTTP]7MHI 
tends to imposes Negative Externality on Demand Side

%GSRGIVRMWXLEXXLI7XSZITMTIFIX[IIR(IQERHERH7YTTP]MRE4VSHYGXERH
Service Market amounts to Moral Hazard risk taking by one party typically
incurs cost on different party, unless there are compensating measures to transfer
or treat such risks.

FAMILY

8YVRMRKRS[XSXLIUYIWXMSRSJXLI']FIVHSQEMR[IIRGSYRXIVSYVVWX
WTIGMGWIXWSJWXSZITMTIW
In my perception, the Cyber domain encompasses the entire ecosystem
EWWSGMEXIH[MXLHMKMXEPPSKMGGSRXVSPPIHXIGLRSPSKMIWMRGPYHMRKLEVH[EVIFSXL
PSKMGFEWIHERHVIPEXIHRSRPSKMGFEWIH WSJX[EVI[IX[EVIXLILYQERJEGXSV 
data / information, and the electromagnetic environment.

Figure 1



7'%(%7YTIVZMWSV]'SRXVSPERH
(EXE%GUYMWMXMSR ERH)QFIHHIH
Systems found in sectors such as
transport, with self-isolating niches
for road, rail, aviation, and maritime.
So although the building blocks of
XLI']FIVHSQEMRIKRIX[SVO
TVSXSGSPWTVSGIWWSV EVIPEVKIP]
common, the stovepiped views
represent an impediment to
innovation and a barrier to
knowledge transfer.
8LIUYIWXMSRSJXIRWMSRWFIX[IIR
innovation and associated risks was
memorably highlighted in the early
TLEWIWSJXLI-RHYWXVMEP6IZSPYXMSR
in England by the clergyman, writer
ERHWSGMEPGVMXMGXLI6IZIVIRH7]HRI]
Smith, who was a great support of
XLIRI[6EMP[E]WFYXJIEVIHXLIPEGO
of consensus on good practice was
societally damaging. Noting humans
well known predisposition to only
PIEVRJVSQXLIMVQMWXEOIWMRLI
stated Every fresh accident on the
railways is an advantage, and leads to
improvements. What we want is an
overturn that kills a bishop or at
least a dean.
=IXMRGSRRMRKSYVWIPZIWXS
stovepipes we are actually reducing
our ability to learn from mistakes.
And within those concerned with

dealing with Cyber risk, there are a number of distinct

Stovepipes, with the best known clusters being safety and
security.

-RJEGXXLI7IGYVMX]7EJIX]HIPMRIEXMSRMWMRMXWIPJEVXMGMEP
[MXLEQSVIYWIJYPHIWGVMTXMSRFIMRK8VYWX[SVXLMRIWW
consisting of 5 overlapping facets:

8LMWGPYWXIVMRKMRIZMXEFP]VEMWIWGLEPPIRKIWMRVIWTIGXSJ8LI
Es, in particular Exclusion, with few Cyber risk practitioners
EHHVIWWMRKEPPWSYVGIWSJ%HZIVWMX]XLIWYTIVWIXSJ,E^EVH
ERH8LVIEXW 

8LSWIIRKEKIHMRXLI-RJSVQEXMSR7IGYVMX]WXSZITMTI
GSRWMHIVWXLIMVJSGYWXSWSPIP]FIEHHVIWWMRK8LVIEXHIEPMRK
[MXL8LVIEX%GXSVW[MXL-RXIRXERH'ETEFMPMX] [LMGLMW
intrinsically a deterministic model that has challenges if the
6MWOEVMWIWJVSQ9RORS[RERH9RORS[EFPIJEGXSVW8LMW
often therefore ignores Hazards, yet Hazards may have
security impacts.
3RXLISXLIVLERHXLI7EJIX]WXSZITMTIGSRWMHIVWXLIMV
JSGYWXSWSPIP]FIEHHVIWWMRK,E^EVHWVERHSQQMWGLERGI E
largely stochastic model that therefore ignores deterministic
8LVIEXW]IX8LVIEXWQE]LEZIWEJIX]MQTEGXW

35







7EJIX]8LIEFMPMX]SJXLIW]WXIQXSSTIVEXI[MXLSYX
harmful states
6IPMEFMPMX]8LIEFMPMX]SJXLIW]WXIQXSHIPMZIV
WIVZMGIWEWWTIGMIH
%ZEMPEFMPMX]8LIEFMPMX]SJXLIW]WXIQXSHIPMZIV
services when requested
6IWMPMIRGI8LIEFMPMX]SJXLIW]WXIQXSXVERWJSVQ
renew, and recover in timely response to events
7IGYVMX]8LIEFMPMX]SJXLIW]WXIQXSVIQEMR 
protected against accidental or deliberate attacks

In conclusion, therefore, if Cyber risk is to be dealt with

properly, consideration needs to be given as to how to
break down the barriers created by the various stovepipes,
MRTEVXMGYPEV[MXLMRXIGLRSPSKMIW-8ZIVWYW38 ERH
across the various types of Adversity, so that a Public Good
KSEPSJ8VYWX[SVXL]']FIVWTEGIGERFIEGLMIZIH

Building Security In:

A Road to
Competency
8LSQEW&,MPFYVR
)QFV]6MHHPI
Aeronautical University,
2ERG]61IEH
Software Engineering
Institute

Modern society increasingly relies on

software systems that put a premium
on quality and dependability.
8LII\XIRWMZIYWISJXLIMRXIVRIX
and distributed computing has made
software security an ever more
prominent and serious problem.
As a result, the interest in and
demand for software security
specialists has grown dramatically in
recent years. However, to support
this demand, there are key questions
that need to be addressed: What
background and capability is needed
to be a security specialist? How do
individuals assess their capability
and preparation for software
security work? And whats the
career path to increased capability
and advancement in this area of
software development? In this
article we hope to answer these
questions and provide guidance to
career seekers in software security
IRKMRIIVMRK8LIWIERW[IVWQE]
also help employers determine their
software security needs and assess
and improve the software security
capabilities of their employees.

<WVLW]\UWZMIJW]\5K)NMM[QV^WT^MUMV\_Q\P*TM\KPTMa8IZS

^Q[Q\___UKINMMI\JTM\KPMTaXIZSKW]S
<WLQ[K][[aW]Z+aJMZ;MK]ZQ\a
IVLPW_5K)NMMKIVPMTXaW]
XTMI[MKWV\IK\;*4WV
Tel: 01347 812100
Email: MVY]QZQM[([WN\JW`KW]S
WZWeb:___[WN\JW`KW]S



For the past year, a group of industry professionals and university faculty
LEZIFIIR[SVOMRK[MXLXLI7SJX[EVI)RKMRIIVMRK-RWXMXYXI7)- MRWYTTSVX
SJXLI(ITEVXQIRXSJ,SQIPERH7IGYVMX](,7 XSHIZIPSTEGSQTIXIRG]
JVEQI[SVOXLEXWYTTSVXWWSJX[EVIWIGYVMX]WTIGMEPMWXW8LIVIWYPXMWXLI
7SJX[EVI%WWYVERGI'SQTIXIRG]1SHIP7[%1SHIP ;IYWIXLIXIVQ
software assurance to mean the application of technologies and processes to
EGLMIZIEVIUYMVIHPIZIPSJGSRHIRGIXLEXWSJX[EVIW]WXIQWERHWIVZMGIWJYRGXMSR
MRXLIMRXIRHIHQERRIVEVIJVIIJVSQEGGMHIRXEPSVMRXIRXMSREPZYPRIVEFMPMXMIW
TVSZMHIWIGYVMX]GETEFMPMXMIWETTVSTVMEXIXSXLIXLVIEXIRZMVSRQIRXERHVIGSZIV
JVSQMRXVYWMSRWERHJEMPYVIW

How Do Individuals Assess Their Capability and Preparation for

Software Security Work?

What Is the Career Path to Increased Capability and

Advancement as an SwA Professional?

8LI7[%'SV&SORSXSRP]WXVYGXYVIWERHSVKERMWIWWSJX[EVIEWWYVERGIknowledge
MRXSORS[PIHKIEVIEWYRMXWERHXSTMGW FYXMXEPWSHIXEMPWLS[ORS[PIHKIWLSYPHFI
YRHIVWXSSHERHYWIH*SVI\EQTPI8EFPIWTIGMIWXLEXER7[%TVSJIWWMSREPWLSYPHFI
able to perform analysis of the threats to which software is most likely to be vulnerable
MRWTIGMGSTIVEXMRKIRZMVSRQIRXWERHHSQEMRWERHLEZIXLIEFMPMX]XSHYTPMGEXIXLI
attacks that have been used to interfere with an applications or systems operations.
8LMWPIZIPSJHIXEMPGERLIPTMRHMZMHYEPWHIXIVQMRIXLIMVGYVVIRXWXEXISJORS[PIHKIERH
plan for additional professional development.

8LI7[%'SQTIXIRG]1SHIPRSXSRP]TVSZMHIWXLIFEWMWJSVEWWIWWMRKER
individuals current competency in software assurance practice, but it can also
provide direction on professional growth and career advancement. Figure 3
broadly outlines the stair steps in career progression, including guidance about
educational preparation and experience expectations. Each level of competency
EWWYQIWGSQTIXIRG]EXXLIPS[IVPIZIPW8LI7[%'SQTIXIRG]1SHIPEPWS
TVSZMHIWEGSQTVILIRWMZIQETTMRKFIX[IIRXLI7[%'SV&S/ORS[PIHKIEVIEW
ERHYRMXW ERHXLIGSQTIXIRG]PIZIPW8EFPIMPPYWXVEXIWXLMWQETTMRKJSVXLI
7]WXIQ7IGYVMX]%WWYVERGI/%

What Knowledge and Capability Is Needed?

As part of earlier work on software assurance education programs, the
7)-7[%'YVVMGYPYQ8IEQHIZIPSTIHER7[%'SVI&SH]SJ/RS[PIHKI
'SV&S/ 8LI'SV&SOLEWWIVZIHEWEJSYRHEXMSRJSVXLIHIZIPSTQIRXSJ
curriculum and course guidance for software assurance curricula at various
PIZIPWEWWSGMEXIPIZIPYRHIVKVEHYEXIPIZIPERHQEWXIVWPIZIP8LI7[%
curriculum documents are available at the SEI https://www.cert.org/curricula/
software-assurance-curriculum.cfm
8LI'SV&S/MWFEWIHSRERI\XIRWMZIVIZMI[SJWSJX[EVIWIGYVMX]VITSVXW
books, and articles, and on surveys of and discussions with industry and
government SwA professionals. It covers the whole spectrum of SwA
practices involved in the acquisition, development, operation, and evolution
SJWSJX[EVIW]WXIQW8EFPIHIWGVMFIWXLITVMRGMTEPGSQTSRIRXWORS[PIHKI
EVIEW SJXLI'SV&S/8LI'SV&S/WTIGMIWXLIORS[PIHKIEVIEWMRKVIEXIV
HIXEMPEWMPPYWXVEXIHMRXLII\EQTPIWTIGMGEXMSRSJXLI7]WXIQ7IGYVMX]
%WWYVERGIORS[PIHKIEVIEWLS[RMR8EFPI
3JGSYVWIRSXIZIV]WSJX[EVIWIGYVMX]NSFVIUYMVIWORS[PIHKIERH
GSQTIXIRG]EGVSWWXLIIRXMVI'SV&S/JSVI\EQTPIETSWMXMSRQMKLXVIUYMVI
deep capability in one or more areas but only a lower-level awareness across
XLISXLIVEVIEW%PWSHMJJIVIRXETTPMGEXMSRHSQEMRWIKRERGMEPW]WXIQSV
XVERWTSVXEXMSRW]WXIQ ERHETTPMGEXMSRX]TIWIK;IFW]WXIQSVIQFIHHIH
W]WXIQ X]TMGEPP]VIUYMVIWSJX[EVIWIGYVMX]WTIGMEPMWXWXSLEZIEHHMXMSREP
GSQTIXIRG]FI]SRHXLI'SV&S/

Knowledge
Units

Security and safety aspects of computer-intensive critical

infrastructure
/RS[PIHKISJWEJIX]ERHWIGYVMX]VMWOWEWWSGMEXIH[MXLGVMXMGEP
infrastructure systems such as found, for example, in banking and
RERGIIRIVK]TVSHYGXMSRERHHMWXVMFYXMSRXIPIGSQQYRMGEXMSRW
and transportation systems
For Newly
(IZIPSTIH
and Acquired
Software
JSV(MZIVWI
Systems

KA Competency

Assurance Across Lifecycles

8LIEFMPMX]XSMRGSVTSVEXIEWWYVance technologies and methods

into lifecycle processes and
development models for new or
evolutionary system development, and for system or service
acquisition

6MWO1EREKIQIRX

8LIEFMPMX]XSTIVJSVQVMWOEREP]WMW
and tradeoff assessment, and to
prioritise security measures

Assurance Assessment

8LIEFMPMX]XSEREP]WIERHZEPMHEXI
the effectiveness of assurance
operations and create auditable
evidence of security measures

Assurance Management

System Security Assurance

System Functionality Assurance

7]WXIQ3TIVEXMSREP%WWYVERGI

8LIEFMPMX]XSQEOIEFYWMRIWW
case for software assurance, lead
assurance efforts, understand
standards, comply with regulations,
plan for business continuity,
and keep current in security
technologies
8LIEFMPMX]XSMRGSVTSVEXIIJJIGXMZI
security technologies and methods into new and existing systems
8LIEFMPMX]XSZIVMJ]RI[ERHI\isting software system functionality
for conformance to requirements
and to help reveal malicious
content
8LIEFMPMX]XSQSRMXSVERHEWWIWW
system operational security and
respond to new threats

Potential attack methods

/RS[PIHKISJXLIZEVMIX]SJQIXLSHWF][LMGLEXXEGOIVWGER
damage software or data associated with that software by
exploiting weaknesses in the system design or implementation
Analysis of threats to software
Analysis of the threats to which software is most likely to be
ZYPRIVEFPIMRWTIGMGSTIVEXMRKIRZMVSRQIRXWERHHSQEMRW
Methods of defense
Familiarity with appropriate countermeasures such as layers,
access controls, privileges, intrusion detection, encryption, and
code review checklists

8EFPI'SV&S//RS[PIHKI%VIEWERH'SQTIXIRGMIW

Knowledge Area (KA)

Knowledge Topics

Historic and potential operational attack methods

/RS[PIHKISJERHEFMPMX]XSHYTPMGEXIXLIEXXEGOWXLEXLEZIFIIR
used to interfere with an applications or systems operations
Analysis of threats to operational environments

*SV(MZIVWI
3TIVEXMSREP
)\MWXMRK 
Systems

Analysis of the threats to which software is most likely to be

ZYPRIVEFPIMRWTIGMGSTIVEXMRKIRZMVSRQIRXWERHHSQEMRW
(IWMKRSJERHTPERJSVEGGIWWGSRXVSPTVMZMPIKIWERH
authentication
(IWMKRERHTPERJSVIJJIGXMZIGSYRXIVQIEWYVIWWYGLEWPE]IVW
access controls, privileges, intrusion detection, encryption, and
coding checklists
Security methods for physical and personnel environments
/RS[PIHKISJLS[TL]WMGEPEGGIWWVIWXVMGXMSRWKYEVHW
background checks, and personnel monitoring can address risks

Ethics and
Integrity in
Creation,
Acquisition,
and
3TIVEXMSR
of Software
Systems

 4SWWIWWIWFVIEHXLERHHITXLSJORS[PIHKIWOMPPWERHIJJIGXMZIRIWWERH
 EZEVMIX]SJ[SVOI\TIVMIRGIWFI]SRHXLI0PIZIP[MXLZIXSXIR]IEVW
of professional experience and advanced professional development, at
the masters level or with equivalent education/training.
 4IVWSRRIPEXXLMWPIZIPQE]MHIRXMJ]ERHI\TPSVIIJJIGXMZIWSJX[EVI
assurance practices for implementation, manage large projects, interact
with external agencies, etc.
 1ENSVVMWOWEWWYVERGIEWWIWWQIRXEWWYVERGIQEREKIQIRXVMWO
management across the lifecycle

Competency Activities

For Newly
(IZIPSTIH
and
Acquired
Software
JSV(MZIVWI
Applications

L2: (IWGVMFIXLIZEVMIX]SJQIXLSHWF][LMGL
attackers can damage software or data associated
with that software by exploiting weaknesses in the
system design or implementation.
0Apply software assurance countermeasures
such as layers, access controls, privileges, intrusion
detection, encryption, and code review checklists.
L4: Analyse the threats to which software is
QSWXPMOIP]XSFIZYPRIVEFPIMRWTIGMGSTIVEXMRK
environments and domains.
L5: Perform research on security risks and attack
QIXLSHWERHYWIMXXSWYTTSVXQSHMGEXMSRSV
creation of techniques used to counter such risks
and attacks.

System
Security
Assurance

L1: Possess knowledge of the attacks that have

been used to interfere with an applications or
systems operations.

04VEGXMXMSRIV

L2: Possess knowledge of how gates, locks, guards,

and background checks can address risks.

 4SWWIWWIWFVIEHXLERHHITXLSJORS[PIHKIWOMPPWERHIJJIGXMZIRIWW
 FI]SRHXLI0PIZIPERHX]TMGEPP]LEWX[SXSZI]IEVWSJTVSJIWWMSREP
experience.
 4IVWSRRIPEXXLMWPIZIPQE]WIXTPERWXEWOWERHWGLIHYPIWJSVMRLSYWI
 TVSNIGXWHIRIERHQEREKIWYGLTVSNIGXWERHWYTIVZMWIXIEQWSR
the enterprise level, report to management, assess the assurance quality
of a system, and implement and promote commonly accepted software
assurance practices.
 1ENSVXEWOWVIUYMVIQIRXWEREP]WMWEVGLMXIGXYVEPHIWMKRXVEHISJJEREP]WMW
risk assessment

*SV(MZIVWI
3TIVEXMSREP
)\MWXMRK 
Systems

 4SWWIWWIWETTPMGEXMSRFEWIHORS[PIHKIERHWOMPPWERHIRXV]PIZIP
professional effectiveness, typically gained through a bachelors degree in
computing or through equivalent professional experience.
 4IVWSRRIPEXXLMWPIZIPQE]QEREKIEWQEPPMRXIVREPTVSNIGXWYTIVZMWI
 ERHEWWMKRWYFXEWOWJSV0TIVWSRRIPWYTIVZMWIERHEWWIWWW]WXIQ
operations, and implement commonly accepted assurance practices.
 1ENSVXEWOWVIUYMVIQIRXWJYRHEQIRXEPWGSQTSRIRXHIWMKR 
implementation

 4SWWIWWIWXIGLRMGEPPIZIPORS[PIHKIERHWOMPPWX]TMGEPP]KEMRIHXLVSYKL
 EGIVXMGEXISVEREWWSGMEXIHIKVIITVSKVEQSVIUYMZEPIRXORS[PIHKI
and experience
 4IVWSRRIPEXXLMWPIZIPSJGSQTIXIRG]QE]FIIQTPS]IHMRW]WXIQ
 STIVEXSVMQTPIQIRXIVXIWXIVERHQEMRXIRERGITSWMXMSRW[MXLWTIGMG
individual tasks assigned by someone at a higher level.
 1ENSVXEWOWXSSPWYTTSVXPS[PIZIPMQTPIQIRXEXMSRXIWXMRKERH
maintenance

An organisation in which software assurance is critical could use the type of

MRJSVQEXMSRMR8EFPIJSVEZEVMIX]SJTYVTSWIW
 8SWXVYGXYVIMXWWSJX[EVIEWWYVERGIRIIHWERHI\TIGXEXMSRW
 8SEWWIWWXLIGETEFMPMX]SJMXWWSJX[EVIEWWYVERGITIVWSRRIP
 8STVSZMHIEVSEHQETJSVIQTPS]IIEHZERGIQIRXERH
 %WEFEWMWJSVWSJX[EVIEWWYVERGITVSJIWWMSREPHIZIPSTQIRXTPERW

0(IWMKRSJERHTPERJSVEGGIWWGSRXVSPERH
authentication.
L4: Analyse the threats to which software is
QSWXPMOIP]XSFIZYPRIVEFPIMRWTIGMGSTIVEXMRK
environments and domains.
L5: Perform research on security risks and attack
QIXLSHWERHYWIMXXSWYTTSVXQSHMGEXMSRSV
creation of techniques used to counter such risks
and attacks.

L2 Professional Entry Level

Figure 1: SwA Competency Levels



Unit

L1: Possess knowledge of safety and security

risks associated with critical infrastructure
systems such as found, for example, in banking
ERHRERGIIRIVK]TVSHYGXMSRERHHMWXVMFYXMSR
telecommunications, and transportation systems.

L4 Senior Practitioner

/RS[PIHKISJLS[TISTPI[LSEVIORS[PIHKIEFPIEFSYXEXXEGO
and prevention methods are obligated to use their abilities, both
legally and ethically, referencing the Software Engineering Code of
Ethical and Professional Conduct

Professional competency models typically feature so-called competency levels, which

distinguish between what is expected in an entry-level position and what is required
in more senior positions. Figure 3 describes the SwA competency levels, a resource
individuals can use to assess the extent and level of their capability and guide their
preparation for software security work.

KA

 4SWWIWWIWGSQTIRXIRG]FI]SRHXLI0PIZIPEHZERGIWXLIIPWF]
developing, modifying, and creating methods, practices, and principles
at the orginizational level or higher; has peer/industry recognition;
typically includes a low percentage of an organizations workforce within
 XLI7[%TVSJIWWMSRIK SVPIWW 

L1 Technician

/RS[PIHKISJXLIPIKEPERHIXLMGEPGSRWMHIVEXMSRWMRZSPZIHMR
analysing a variety of historical events and investigations

8EFPI7[%'SQTIXIRG]7TIGMGEXMSR

L5 Expert

3ZIVZMI[SJIXLMGWGSHISJIXLMGWERHPIKEPGSRWXVEMRXW

Computer attack case studies

8LI7[%'SQTIXIRG]1SHIP[EWMRXIRHIHXSFIKIRIVEPIRSYKLWSXLEXERMRHMZMHYEP
SVSVKERMWEXMSRGSYPHIEWMP]XEMPSVMXXSEWTIGMGIQTPS]QIRXWIGXSVETTPMGEXMSRHSQEMR
SVSVKERMWEXMSREPGYPXYVI8LI7[%1SHIPEPWSMRGPYHIWEGSQTEVMWSRXSXLI(,7
Competency Model and to a set of mappings of actual organisational positions, which
should help organisations adapt it to related purposes.

Conclusion
8LMW7SJX[EVI%WWYVERGI'SQTIXIRG]1SHIP[EWHIZIPSTIHXSGVIEXIEJSYRHEXMSR
JSVEWWIWWMRKERHEHZERGMRKXLIGETEFMPMX]SJWSJX[EVIEWWYVERGITVSJIWWMSREPW3JEPPXLI
participants in recent SEI presentations and webinars on software assurance, only about
LEPJLEHETPERJSVXLIMVS[R7[%GSQTIXIRG]HIZIPSTQIRXFYXQSVIXLER WEMH
XLI]GSYPHYWIXLI7[%'SQTIXIRG]1SHIPMRWXEJRKETVSNIGX
8LIWTERSJGSQTIXIRG]PIZIPW0XLVSYKL0ERHXLIMVHIGSQTSWMXMSRMRXSMRHMZMHYEP
GSQTIXIRGMIWFEWIHSRXLIORS[PIHKIERHWOMPPWHIWGVMFIHMRXLI7[%'SV&S/TVSZMHI
the features necessary for an organisation or individual to determine SwA competency
EGVSWWXLIVERKISJORS[PIHKIEVIEWERHYRMXW3VKERMWEXMSRWGSYPHEPWSEHETXXLI
models features to the organisations particular domain, culture, or structure.

Acknowledgments
;IETTVIGMEXIXLIWYTTSVXSJXLI7SJX[EVI%WWYVERGI'YVVMGYPYQXIEQERH.SI.EV^SQFIOEX
(ITEVXQIRXSJ,SQIPERH7IGYVMX]
8LMWQEXIVMEPMWFEWIHYTSR[SVOJYRHIHERHWYTTSVXIHF]XLI(ITEVXQIRXSJ(IJIRWIYRHIV
'SRXVEGX2S*%'[MXL'EVRIKMI1IPPSR9RMZIVWMX]JSVXLISTIVEXMSRSJXLI7SJX[EVI
Engineering Institute, a federally funded research and development center.
8LMWQEXIVMEPLEWFIIRETTVSZIHJSVTYFPMGVIPIEWIERHYRPMQMXIHHMWXVMFYXMSR
8LI+SZIVRQIRXSJXLI9RMXIH7XEXIWLEWEVS]EPX]JVIIKSZIVRQIRXTYVTSWIPMGIRWIXSYWIHYTPMGEXI
or disclose the work, in whole or in part and in any manner, and to have or permit others to do so,
JSVKSZIVRQIRXTYVTSWIWTYVWYERXXSXLIGST]VMKLXPMGIRWIYRHIVXLIGPEYWIEXERH
%PXIVREXI-(1
References
8,MPFYVRIXEP7SJX[EVI%WWYVERGI'SQTIXIRG]1SHIP8IGLRMGEP2SXI'197)-82
7SJX[EVI)RKMRIIVMRK-RWXMXYXI'EVRIKMI1IPPSR9RMZIVWMX]1EVGLLXXT[[[WIMGQYIHYPMFVEV]
EFWXVEGXWVITSVXWXRGJQ
2ERG]61IEHIXEP7SJX[EVI%WWYVERGI'YVVMGYPYQ4VSNIGX:SPYQI-1EWXIVSJ7SJX[EVI%WWYVERGI
6IJIVIRGI'YVVMGYPYQ8IGLRMGEP6ITSVX'197)-867SJX[EVI)RKMRIIVMRK-RWXMXYXI
'EVRIKMI1IPPSR9RMZIVWMX]%YKYWXLXXT[[[WIMGQYIHYPMFVEV]EFWXVEGXWVITSVXWXVGJQ



I,HUMAN

In the design of
a machine world,
humanity is being
overlooked.
8SQ,SSO
7&0



It is widely accepted that advances in technology

will vastly change our society, and humanity as
a whole. Much more controversial is the claim
XLEXXLIWIGLERKIW[MPPEPPFIJSVXLIFIXXIV3J
course more advanced technology will increase
our abilities and make our lives easier; it will also
make our lives more exciting as new products
enable us to achieve things weve never even
considered before. However, as new branches of
technology gather pace, its becoming clear that
we cant predict what wider consequences these
changes will bring on our outlook on life, on
our interactions with one another, and on our
humanity as a whole.

AI has also been developed to act as a Personal Assistant. In Microsofts research arm,
JSVI\EQTPI'SHMVIGXSV)VMG,SVZMX^LEWEQEGLMRIWXEXMSRIHSYXWMHILMWSJGIXS
take queries about his diary, among other things. Complete with microphone, camera
and a voice, the PA has a conversation with the colleague in order to answer their
UYIV]-XGERXLIRXEOIER]EGXMSRFSSOMRKERETTSMRXQIRXJSVI\EQTPI EWELYQER
PA would.
8LMWMWNYWXXSYGLMRKSRXLITSXIRXMEPXLEX%-GEREGLMIZIMREHQMRMWXVEXMZI[SVOEPSRI
and yet it has already proved that it can drastically reduce the amount of human
GSRZIVWEXMSRWXLEX[MPPXEOITPEGIMRERSJGI;MXLEPPXLIGSRZIRMIRGIXLEXMXEHHWXS
work and personal life, AI like this could also detract from the relationships, creativity
and shared learning that all branch out of a 5 minute human conversation that would
otherwise have taken place.

Neuromorphic chips are now being

developed that are modelled on
biological brains, with the equivalent
of human neurons and synapses.

8LITSXIRXMEPJSVLYQERJYRGXMSRWXSFIGSQTYXIVMWIHERHXLIEGGIPIVEXMRKTEGIEX
[LMGL%-HIZIPSTWQIERWXLEXXLIIJJIGXWSRWSGMIX]GSYPHKSJVSQMRWMKRMGERXXS
colossal in the space of just a few years.
3RIGSRGITXXLEXGSYPHHVEWXMGEPP]JEWXJSV[EVHXLIWTIIHSJ%-HIZIPSTQIRX
is the Intelligence Explosion; the idea that we can use an AI machine to devise
improvements to itself, with the resulting machine able to design improvements to
MXWIPJJYVXLIVERHWSSR8LMW[SYPHHIZIPST%-QYGLQSVIWYGGIWWJYPP]XLERLYQERW
can, because we have a limited ability to perform calculations and spot areas for
MQTVSZIQIRXMRXIVQWSJIJGMIRG]

%VXMGMEP-RXIPPMKIRGIWIIQWXSLEZIXLIQSWXTSXIRXMEPXSXVERWJSVQWSGMIX]8LI
possibility of creating machines that move, walk, talk and work like humans worries
QER]JSVGSYRXPIWWVIEWSRW3RIGSRGIVRIHKVSYTMWXLI7SYXLIVR)ZERKIPMGEP
Seminary, a fundamentalist Christian group in North Carolina. SES have recently
bought one of the most advanced pieces of AI on the market in order to study
XLITSXIRXMEPXLVIEXWXLEX%-TSWIXSLYQERMX]8LI][MPPFIWXYH]MRKXLI2ESER
EYXSRSQSYWTVSKVEQQEFPILYQERSMHVSFSXHIZIPSTIHF]%PHIFEVER6SFSXMGW2ES
is marketed as a true companion who understands you and evolves based on its
experience of the world.

(ERMIP(I[I]6IWIEVGL*IPPS[EXXLI9RMZIVWMX]SJ3\JSVHW*YXYVISJ,YQERMX]
Institute, explains that the resulting increase in machine intelligence could be very
rapid, and could give rise to super-intelligent machinesQYGLQSVIIJGMIRXEXIK
inference, planning, and problem-solving than any human or group of humans.
8LITEVXSJXLMWXLISV]XLEXWIIQWMQQIHMEXIP]WXEVXPMRKMWXLEX[IGSYPHLEZIE
super-intelligent machine, whose programming no human can comprehend since it
has so far surpassed the original model. Human programmers would initially need to
WIXXLIVWX%-QEGLMRI[MXLHIXEMPIHKSEPWWSXLEXMXORS[W[LEXXSJSGYWSRMRXLI
HIWMKRSJXLIQEGLMRIWMXTVSHYGIW8LIHMJGYPX][SYPHGSQIJVSQTVIGMWIP]HIRMRK
XLIKSEPWERHZEPYIWXLEX[I[ERX%-XSEP[E]WEFMHIF]8LIVIWYPXMRK%-[SYPHJSGYW
militantly on achieving these goals in whichever arbitrary way it deems logical and
QSWXIJGMIRXWSXLIVIGERFIRSQEVKMRJSVIVVSV

3FZMSYWP]XLI2ESVSFSXLEWWSQI[E]XSKSFIJSVIMXWJYRGXMSRWEVI
indistinguishable from humans, but scientists are persistently edging closer towards
that end goal. Neuromorphic chips are now being developed that are modelled on
FMSPSKMGEPFVEMRW[MXLXLIIUYMZEPIRXSJLYQERRIYVSRWERHW]RETWIW8LMWMWRSXE
WYTIVGMEPG]RMGEPEXXIQTXEXTVSHYGMRKWSQIXLMRKLYQERPMOIJSVRSZIPX]WWEOI'LMTW
QSHIPPIHMRXLMW[E]EVIWLS[RXSFIQYGLQSVIIJGMIRXXLERXVEHMXMSREPGLMTWEX
TVSGIWWMRKWIRWSV]HEXEWYGLEWWSYRHERHMQEKIV] ERHVIWTSRHMRKETTVSTVMEXIP]

;I[SYPHLEZIXSHIRIIZIV]XLMRKMRGPYHIHMRXLIWIKSEPWXSEHIKVIISJEGGYVEG]
XLEXIZIRXLI)RKPMWLSVER] PERKYEKIQMKLXTVSLMFMX4VIWYQEFP][IH[ERXXS
create an AI that looks out for human interests. As such, the concept of a human
[SYPHRIIHHIRMXMSR[MXLSYXER]EQFMKYMX]8LMWGSYPHGEYWIHMJGYPXMIW[LIRXLIVI
QMKLXFII\GITXMSRWXSXLIVYPIW[IKMZI;IQMKLXHIRIELYQEREWEGSQTPIXIP]
biological entity but the machine would then consider anyone with a prosthetic
limb, for example, as not human.

:EWXMRZIWXQIRXMWFIMRKTYXMRXSRIYVSQSVTLMGWERHXLITSXIRXMEPJSVMXWYWIMR
IZIV]HE]IPIGXVSRMGWMWFIGSQMRKQSVI[MHIP]EGORS[PIHKIH8LI,YQER&VEMR
4VSNIGXMR)YVSTIMWVITSVXIHP]WTIRHMRKQSRRIYVSQSVTLMGTVSNIGXWSRISJ
[LMGLMWXEOMRKTPEGIEXXLI9RMZIVWMX]SJ1ERGLIWXIV%PWS-&16IWIEVGLERH,60
0EFSVEXSVMIWLEZIIEGLHIZIPSTIHRIYVSQSVTLMGGLMTWYRHIVEQTVSNIGXJSV
XLI97(ITEVXQIRXSJ(IJIRGIJYRHIHF]XLI(IJIRGI%HZERGIH6IWIEVGL4VSNIGXW
Agency.

;IQMKLXEPWS[ERXXSHIRI[LEX[I[ERX%-XSHSJSVLYQERW+SMRKFEGOXS
Asimovs Zeroth Law, a robot may not by inaction, allow humanity to come to
LEVQ)ZIRMJ[IWYGGIWWJYPP]TVSKVEQQIHXLMWPE[MRXS%-[LMGLMWHMJGYPXMRMXWIPJ 
XLI%-GSYPHXLIRXEOIXLMWPE[EWJEVMWMXHIIQWRIGIWWEV]8LI%-QMKLXPSSOEXEPP
TSWWMFPIVMWOWXSLYQERLIEPXLERHHS[LEXIZIVMXGERXSIPMQMREXIXLIQ8LMWGSYPH
IRHYT[MXLQEGLMRIWFYV]MRKEPPLYQERWEQMPIYRHIVKVSYRHXSIPMQMREXIVMWOSJ
QIXISVWXVMOIW WITEVEXMRKYWMRMRHMZMHYEPGIPPWXSWXSTYWEXXEGOMRKIEGLSXLIV ERH
HVMTJIIHMRKYWXEWXIPIWWKVYIPXSKMZIYWRYXVMIRXW[MXLRSVMWOSJSZIVIEXMRKJEXX]
JSSHW 

Qualcomm, however, are seen as the most promising developers of this brainemulating technology, with their Zeroth program, named after Isaac Asimovs Zeroth
0E[SJ6SFSXMGWXLIJSYVXLPE[LIEHHIHXSXLIJEQSYW8LVII0E[WSJ6SFSXMGWXS
TVSXIGXLYQERMX]EWE[LSPIVEXLIVXLERNYWXMRHMZMHYEPW 
A robot may not harm humanity, or, by inaction, allow humanity to come to harm.
5YEPGSQQWTVSKVEQ[SYPHFIXLIVWXPEVKIWGEPIGSQQIVGMEPTPEXJSVQJSV
RIYVSQSVTLMGGSQTYXMRK[MXLWEPIWTSXIRXMEPP]WXEVXMRKMRIEVP]

8LMWI\EQTPIMWI\XVIQIFYXMJXLITVSKVEQQIVW[LSHIZIPSTSYVVWX%-EVI
MRGETEFPISJWIXXMRKXLIVMKLXHIRMXMSRWERHTEVEQIXIVWMXWETSWWMFMPMX]8LIQEMR
problem is that even basic instructions and concepts involve implicitly understood
features that cant always be spelled out. A gap in the translation might be overlooked
MJMXWRSXRIIHIHJSV SJXLIQEGLMRIWJYRGXMSRWFYXEWXLIMRXIPPMKIRGI
explosion progresses, a tiny hole in the machines programming could be enough to
lead to a spiral in disastrous AI decisions.

8LMWXIGLRSPSK]LEWI\TERWMZITSXIRXMEPEWXLIGLMTWGERFIIQFIHHIHMRER]HIZMGI
we could consider using. With neuromorphic chips, our smartphones for example
could be extremely perceptive, and could assist us in our needs before we even
ORS[[ILEZIXLIQ7EQMV/YQEVEX5YEPGSQQWVIWIEVGLJEGMPMX]WE]WXLEXMJ]SY
and your device can perceive the environment in the same way, your device will be
better able to understand your intentions and anticipate your needs. Neuromorphic
technology will vastly increase the functionality of robots like Nao, with the concept
of an AI with the learning and cognitive abilities of a human gradually moving from
GXMSRXSVIEPMX]

%GGSVHMRKXS*VERO1IILER[LSIZIV[VMXIWXLIVWXWYGGIWWJYP%-TVSKVEQ+SSKPI
LITVIHMGXW MWPMOIP]XSFIQEOMRKXLIVYPIWJSVEPP%-W-JJYVXLIV%-MWHIZIPSTIH
FEWIHSRXLIVWXWYGGIWWJYPZIVWMSRJSVI\EQTPIMRXLI[E]XLEXXLIMRXIPPMKIRGI
I\TPSWMSRGSRGITXWYKKIWXW XLIVIMWERMQQIEWYVEFPIVIWTSRWMFMPMX]JSVXLEX
developer to do things perfectly. Not only would we have to trust the developer to
program the AI fully and competently, we would also have to trust that they have the
MRXIKVMX]XSQEOITVSKVEQQMRKHIGMWMSRWXLEXVIIGXLYQERMX]WFIWXMRXIVIWXWERH
are not solely driven by commercial gain.

When robots do reach their full potential to function as humans do, there are
many possible consequences that understandably worry the likes of the Southern
)ZERKIPMGEP7IQMREV]%OI]GSRGIVRSJ(V/IZMR7XEPI]SJ7)7MWXLEXXVEHMXMSREPP]
human roles will instead be completed by machines, dehumanising society due to less
human interaction and a change in our relationships. Even Frank Meehan, who was
MRZSPZIHMR%-FYWMRIWWIW7MVMERH(IIT1MRHFIJSVIXLI][IVIEGUYMVIHF]%TTPI
ERH+SSKPIVIWTIGXMZIP] [SVVMIWXLEXTEVIRXW[MPPJIIPXLEXVSFSXWGERFIYWIHEW
company for their children.

9PXMQEXIP]XLIVWXWYGGIWWJYP%-TVSKVEQQIVGSYPHLEZIJYRHEQIRXEPGSRXVSPERH
MRYIRGISZIVXLI[E]XLEX%-TVSKVIWWIWERHEW%-[MPPPMOIP]GSQIXSLEZIELYKI
impact on society, this control could span the human race as a whole. So a key
question now stands: How can we trust the directors of one corporation with the
future of the human race?

8LIVITPEGIQIRXSJLYQERWMRIZIV]HE]JYRGXMSRWMWEPVIEH]LETTIRMRKVMWMRK
numbers of self-service checkouts mean that we can do our weekly shop without
any interaction with another human being. Clearly this might be a much more
convenient way of shopping, but the consequences on human interaction are obvious.





This could end up with machines

burying all humans a mile underground
(to eliminate risk of meteor strikes),
separating us in individual cells (to stop us
attacking each other) and drip feeding us
tasteless gruel (to give us nutrients with
no risk of overeating fatty foods).

Redening office IT. PowerEdge VRTX.

As Meehan goes on to say, fundamental programming decisions will

probably be made by the corporation in secret and no one will
[ERXXSUYIWXMSRXLIMVHIGMWMSRWFIGEYWIXLI]EVIWSTS[IVJYP8LMW
would allow the developer to write whatever they want without
GSRWIUYIRGISVMRTYXJVSQSXLIVTEVXMIW3JGSYVWI%-[MPPMRMXMEPP]
start out as software within consumer electronics devices, and
companies have always been able to develop these in private before.
&YXEVKYEFP]XLIJYXYVISJ%-[MPPRSXFINYWXERSXLIVGSRWYQIV
XIGLRSPSK]VEXLIVMX[MPPFISRIXLEX[MPPGLERKIWSGMIX]EXMXWGSVI8LMW
gives us reason to treat it differently, and develop collaborative public
forums to ensure that fundamental programming decisions are taken
with care.

ture

an race?

8LIX[SMHIEWLS[IZIVEVIRXQYXYEPP]I\GPYWMZI[IGERWYVVIRHIV
huge dependence to a servant. If we give the amount of dependence
that leads parents to trust AI with the care of their children, society
will have surrendered a great deal. If AI is allowed to take over every
previously human task in society, we will be at its mercy, and humanity
is in danger of becoming subservient.
AI enthusiasts are right to say that this technology can give us countless
advantages. If done correctly, well have minimum negative disruption
to our relationships and overall way of life, with maximum assistance
[LIVIZIVMXQMKLXFIYWIJYP8LITVSFPIQMWXLEXXLIJYPPHIRMXMSR
of correctly hasnt been established, and whether it ever will be is
HSYFXJYP(IZIPSTIVW[MPPEP[E]WFIJSGYWWIHSRGSQQIVGMEPWYGGIWW
the problem of balance in everyday society will not be their concern.
&EPERGIGSYPHEPWSFISZIVPSSOIHF]XLIVIWXSJLYQERMX]EWMXJSGYWIW
SRI\GMXIQIRXJSVXLIPEXIWXXIGLRSPSK]8LMWQEOIWWXYQFPMRKMRXSE
computer-controlled dystopian society a real danger.
If humans do become AI-dependent, a likely consequence is apathy
MRSXLIV[SVHWWPSXLERSXLIVGSRGIVRSJ7)7 ERHEKIRIVEPPEGOSJ
awareness or knowledge, because computers will have made our input
redundant. Humanity cannot be seen to have progressed if it becomes
blind, deaf and dumb to the dangers of imperfect machines dictating
our lives. Luddism is never something that should be favoured, but
restraint and extreme care is needed during the development of such
a precarious and transformative technology as AI.

8LIWIJSVQEXMZIWXEKIWSJHIZIPSTQIRX[MPPFILYKIP]MQTSVXERX3RI
of the key reasons that the Southern Evangelical Seminary are studying
Nao, is because of worries that super-intelligent AI could lead to
humans surrendering a great deal of trust and dependence with the
TSXIRXMEPXSXVIEXEWYTIV%-EWKSH'SRZIVWIP](V7XYEVX%VQWXVSRK
6IWIEVGL*IPPS[EXXLI*YXYVISJ,YQERMX]-RWXMXYXIFIPMIZIWXLEXE
super-intelligent AI wouldnt be seen as a god but as a servant.

e
How an w trust the dire
ctors o
f one c
orpora
tion with

fu
he

um
he h
ft

The rst and only full integration of servers, storage, networking and management in only 5U.
Up until now, there hasnt been an IT solution designed specically for an office environment.
Enter the new Dell PowerEdge VRTX powered by the Intel Xeon processor, an integrated
end-to-end solution built specically for the growing office. Its the only 5U PowerEdge
shared infrastructure platform design based on input from over 7,000 customers, featuring
four integrated servers, 48TBs of storage, networking and systems management to simplify
all aspects of IT. You inspired it. Dell built it.

(SRXKMZI]SYVWIPZIWXSXLIWIYRREXYVEPQIR
machine men with machine minds and machine
hearts! You are not machines! You are not cattle! You
are men! You have a love of humanity in your hearts!
Charlie Chaplin, The Great Dictator (1940)

&DOO


Premier
Dell PartnerDirect Partner

IRUDTXRWHRUHPDLO
'HOO#VRIWER[FRXN



)LQGRXWDERXW6%/
VKDUGZDUHVROXWLRQVDWKWWSZZZVRIWER[FRXNKDUGZDUH

G-Cloud
With the launch of G-Cloud, SBL have focused heavily on
significantly expanding our Cloud Services portfolio to
the PSN Public Sector Network. SBL deliver a number of
secure Cloud Services across the Public Sector through
the medium of the G-Cloud initiative. SBLs innovations
will support the Government Cloud Strategy to transform
the public sector ICT estate into one that is agile, cost
effective and environmentally sustainable. Working with
leading global security vendors various research projects
and pilots are currently underway to scope the delivery of
the next generation of Community Cloud Services via the
DOBUS platform.

SBL can announce that the following services are now available via the CloudStore:

DOBUS

SBL DOBUS and Lumension End Point

Management Security Suite

DOBUS To Go

SBL Cloud Enabled Device, Design and

Integration Services

Egress Switch Email and File Encryption

SBL Cloud Ready Training Services

Egress Switch Secure Web Forms

SBL VMware Virtualisation and Cloud Ready

Healthcheck

SBL Mobile Device Management

SBL Secure Hosted Asset Sentry SAM Portal

AirWatch Mobile Device Management

SBL Cloud Services Consultancy

SBL Becrypt MDM for iOS

SBL are pleased to be continuing to

promote our portfolio of cloud services
in the latest CloudStore. Having had a
presence in the CloudStore from the
beginning, SBL are committed to this
increasingly important framework as a
route to market for our solutions and
continue to develop new services in
response to the changing needs of our
public sector customers.

Scott Cattaneo, Commercial Manager, SBL

For more information,

please contact SBL on:
Tel:

Email: cloud@softbox.co.uk
Web: www.softbox.co.uk
3VWIEVGL7&0SRXLI'PSYH7XSVI
http://govstore.service.gov.uk/cloudstore/
TM

REVIEW

A new feature in this years event was an academic presentation. Char Sample, Security Solutions Engineer
EX'EVRIKMI1IPPSR9RMZIVWMX]FVMIJIHHIPIKEXIWSRXLIPEXIWXVIWIEVGL[LMGLEREP]WIWERHUYERXMIWXLI
XLVIEXZIGXSVWFEWIHYTSRXLIGLEVEGXIVMWXMGWSJTSXIRXMEPWEXXEGOIVW8LIVIMWMRGVIEWMRKMRXIVIWXMR']FIV
7IGYVMX]6IWIEVGLEWSYVMRHYWXV]QSZIWXS[EVHWMRGVIEWIHTVSJIWWMSREPMWQERH'EVRIKMI1IPPSRMWSRI
SJXLIYRMZIVWMXMIWEPVIEH]GSRXVMFYXMRKXSXLI']FIV7IGYVMX]6IWIEVGL;MOMXLEX7&0ERRSYRGIHHYVMRK
the IA Practitioners Event.

The IA Practitioners

EVENT 2014

eview

7&0MW[SVOMRK[MXLMRHYWXV]TEVXRIVWERH9RMZIVWMXMIWMRGPYHMRK3\JSVH&MVQMRKLEQ6IEHMRK(I
1SRXJSVXERH=SVOXSEWWMWX[MXLXLITVSHYGXMSRSJXLI']FIV7IGYVMX]6IWIEVGL;MOMERHGS
SVHMREXMSRGSPPEXMSRERHQSRMXSVMRKSJMXWGSRXIRX6IGIRXGSPPEFSVEXMSR[MXL%GEHIQMEERH-RHYWXV]
both here and overseas has served to identify a clear and profound requirement for a central
repository of useful and leading edge cyber security research, information, and best practice
KYMHERGIQEXIVMEP7&0LEWHIZIPSTIHXLMW;MOMXSTVSZMHIHIZIPSTERHQEMRXEMREVIWXVMGXIH
space in which practitioners will be able to access this information in one place.

8LIJSYVXLERRYEP-RJSVQEXMSR%WWYVERGI
-% 4VEGXMXMSRIVW)ZIRXXSSOTPEGIEX=SVO
6EGIGSYVWISRXL
XL1EVGL

-%4VEGXMXMSRIVW)ZIRXHIPMZIVIHSRFSXLQ]TVSJIWWMSREPVIUYMVIQIRXWERH
expectations. An excellent event! (IPIKEXI*IIHFEGO
In addition to keynotes/plenary sessions, delegates had the choice of attending one of six
workshops on each day. Feedback from these sessions indicates that delegates not only
IRNS]FYXFIRIXJVSQXLISTTSVXYRMX]XSMRXIVEGX[MXLTIIVW')7+ERHZIRHSVWSR
HMZIVWIXSTMGWWYGLEW%HZERGI']FIV8LVIEXW4VEGXMGEP%TTPMGEXMSRSJ-%MRER%KMPI
World and An Industry Perspective of Cyber Security Skills.

&VSYKLXXS]SYF]')7+ERH7&0XLMW]IEVWIZIRX[EWGLEMVIHF]'LVMW9PPMSXX
8IGLRMGEP(MVIGXSVERH'LMIJ7IGYVMX]%VGLMXIGX')7+[MXL'SPMR;MPPMEQW7&0
&YWMRIWW(IZIPSTQIRX(MVIGXSV
ZMWMXMRK4VSJIWWSVEX(I1SRXJSVX9RMZIVWMX]
reprising his role as the Master of Ceremonies throughout.

Practitioners
Event 2014

Commenting on the event Chris Ulliott stated It was always going to be

HMJGYPXXSFYMPHSRXLIWYGGIWWIWSJTVIZMSYWIZIRXW]IXXLIUYEPMX]SJ
speakers and attendee interaction made this years IA Practitioners Event even
bigger and better. Seeing the venue packed to its maximum with enthusiastic
debate between all attendees, serves to show me that the IA community is
not only growing, but is also one that is keen to be involved in advancing the
profession. Its a valuable opportunity for CESG to interact directly with the
practitioners who deal with cyber issues on a daily basis.

IA Practitioners
)ZIRXHIPMZIVIH
on both my professional
requirements and
expectations. An
excellent event!
Delegate
Feedback

3ZIVEXXIRHIIWVIKMWXIVIHJSVXLIIZIRXQEOMRKMXXLIFMKKIWX-%
4VEGXMXMSRIVW)ZIRXWSJEVEPSRK[E]JVSQXLILYQFPISVMKMRWMRXLIVWX
(-4'3+)ZIRXLIPHSRXL7ITXIQFIV[LIRXLIVI[IVINYWX
HIPIKEXIWERHI\LMFMXSVW
8LIGSRXMRYMRKKVS[XLERHTSTYPEVMX]SJXLI-%4VEGXMXMSRIVW)ZIRXMWMRRS
small part attributable to the fact that we do listen to the feedback we receive
and continually seek to improve the event and enhance the experience for
delegates and sponsors alike.
Some of this years enhancements included a mobile site so delegates
GSYPHOIITEFVIEWXSJXLIEKIRHEERHIZIRXMRJSVQEXMSR(MKMXEPHMWTPE]
screens also provided quick reference to information and iPad stations
provided the opportunity for instant feedback on the presentations.

Lead Sponsor

8LI-%4VEGXMXMSRIVW)ZIRXEPWSQEOIWTVSZMWMSRJSVXLI-87IGYVMX]3JGIVW*SVYQ
-873* 1SVIXLEREHIPIKEXIWEXXLIIZIRX[IVIVIKMWXIVIHEW-87IGYVMX]
3JGIVWERHXLIVI[IVIGPSWIHWIWWMSRWEZEMPEFPIJSVXLIQVYRRMRKEPSRKWMHIXLI
main programme each day.
8LEROWXSXLISVKERMWIVWJSVEVVERKMRKXLMW-X[EWXLIFIWXIZIRXSJMXWX]TI-
have attended and I will be back next year!! (IPIKEXI*IIHFEGO
8LVSYKLSYXXLIX[SHE]WSJXLIIZIRXXLIVI[EWERI\LMFMXMSRJIEXYVMRKEVIGSVH
WXERHWWLS[GEWMRK[IPPORS[RERHIQIVKMRKZIRHSVWERHTVSJIWWMSREPFSHMIW
TVSZMHMRKG]FIVVIPEXIHWIVZMGIWMRGPYHMRK1S(()
7--74&'7ERH%41+%W
well as dedicated vendor presentations and workshops, both the delegates and
ZIRHSVWFIRIXJVSQXLIJEGIXSJEGIRIX[SVOMRKSTTSVXYRMX]XLEXXLII\LMFMXMSR
EVIETVIWIRXWWEMH2EXEPMI1YVVE]1EVOIXMRKERH)ZIRXW1EREKIVEX7&08LI-%
Practitioners who attend the event value the chance to get hands-on with the latest
technologies and to ask questions of the manufacturers.

Lead Networking
Sponsor

8LI-%4VEGXMXMSRIVW)ZIRXMWVIRS[RIHJSVXLIUYEPMX]SJMXWMRTYXTEVXP]
because the programme is kept strictly to time and topic but also by working
EGVSWW')7++SZIVRQIRX(ITEVXQIRXWERH:IRHSVGSQTERMIW[IEVIEFPI
to draw on a vast resource of speakers from different backgrounds who
provide excellent and stimulating input to the conference. Some of this years
speakers included:

It was always
going to be
difcult to build
on the successes of
previous events, yet,
the quality of speakers
and attendee interaction
made this years
IA Practitioners Event
even bigger and better.

Tom Loosemoore, Deputy Director Delivery Strategy, Government Digital

Services, explained how breaking projects down into bite size incremental
HIPMZIVMIWMREREKMPI[E]LEWIREFPIH+(7XSHIPMZIVEVWXGPEWWYWIV
I\TIVMIRGIERHLS[+(7MWYWMRKMRWIVZMGIQSRMXSVMRKXSIREFPIEVETMH
response to any problem.
Mario Kempton, Head of Security at NCA, introduced the work of the
VIGIRXP]JSVQIH2EXMSREP'VMQI%KIRG]ERH8MRE,SPQIW,IEHSJ9/
)RKEKIQIRX')689/KEZIERMRXIVIWXMRKMRWMKLXMRXSXLISTIVEXMSRSJ')68
9/
1EVO(IEVRPI]'LMIJ(MKMXEPERH-RJSVQEXMSR3JGIV,16'spoke on
IEVP]MRWMKLXWJVSQXLIXSTI\TPEMRMRKLS[,16'EVIVIXLMROMRKLS[XLI]
aggregate data, using Cloud Computing and open source technology to
MQTVSZIWIGYVMX]8LI]EVIEPWSYWMRK8VERWEGXMSRERH1EGLMRIHEXEEREP]XMGWEW
security tools and being smart about what they put back into the open source
community.



Planning for the next IA Practitioners Event is already under way and will see the
IZIRXVIXYVRMRKXSXLI=SVO6EGIGSYVWIMRIEVP]
'SRXEGXXLIIZIRXWXIEQEX7&0
)ZIRXW$WSJXFS\GSYO 
for more information.

6IJVIWLQIRXWEXXLIIZIRXEVIWIVZIH[MXLMRXLII\LMFMXMSREVIEXSQE\MQMWIXLI
RIX[SVOMRKSTTSVXYRMX]JSVHIPIKEXIW[MXLXLIMVTIIVWERHSYVI\LMFMXSVW8LI)ZIRXW
8IEQMWHIHMGEXIHXSFYMPHMRKVIPEXMSRWLMTW[MXLZIRHSVWRI[XSXLI-%4VEGXMXMSRIVW
)ZIRXERHEP[E]W[IPGSQIWWYKKIWXMSRWERHVIUYIWXW8LII\LMFMXMSREPWS
LSWXIHXLI;LMXI,EX6EPP]ERSVKERMWEXMSRJSVQIHMRF]MRHMZMHYEPWJVSQXLI
9/-RJSVQEXMSR7IGYVMX]MRHYWXV][LMGLSVKERMWIWRSRGSQTIXMXMZIQSXSVWTSVXW
events to raise funds for charities working with vulnerable children.
(See more at http://info.whitehatrally.org)
CESG had a strong presence in the exhibition area with a number of technical and
policy staff on hand during the day. In addition, they offered an hour of dedicated tea
XMQIWYVKIVMIWEXXLIMVWXERHEXXLIIRHSJXLIVWXHE]EPPS[MRKHIPIKEXIWXSTVI
FSSOETTSMRXQIRXWERHWTIRHXMQI[MXLEWTIGMEPMWXSRESRIXSSRISVSRIXSJI[ 
basis to discuss their concerns and get answers to any questions they had.
8LIIZIVTSTYPEVRIX[SVOMRKHMRRIVSRXLIIZIRMRKSJHE]SRITVSZMHIHJYVXLIV
opportunity to build relationships. Pre-dinner drinks and excellent food and wine
[IVIIRNS]IHF]HIPIKEXIW[LSXLIRWIXXPIHHS[RXSPMWXIRXSXLIGYWXSQEV]
EJXIVHMRRIVWTIEOIV8LMW]IEV[IMRZMXIH8:TVIWIRXIV4IRR]1EPPSV][LSKEZIER
interesting and amusing account of her journey from being in her own words a total
waster to a champion rally driver.
As might be expected throughout the conference there was considerable interest
in the then imminent implementation of the changes to the Government Protective
1EVOMRK7GLIQI8LIETTVSEGLYRHIVXLIRI[+SZIVRQIRX'PEWWMGEXMSR7GLIQI
MWJSVMRGVIEWIHPSGEPEYXSRSQ]ERHEGGSYRXEFMPMX]8LIKYMHMRKTVMRGMTPISJXLI
+SZIVRQIRX'PEWWMGEXMSR7GLIQIMWXLEXEPP+SZIVRQIRXMRJSVQEXMSRLEWEZEPYI
and requires a basic level of protection and individuals are personally responsible and
accountable for exercising good judgement in securing the information.
8LIPEWX[SVHSRXLMWGEQIJVSQ')7+WXEXMRKXLEX8LIVIMWRSXERH[MPPRSXFIE
check list for achieving network security. It is up to the data owner to assess the risk
and take appropriate counter measures.
8LI-%4VEGXMXMSRIVW)ZIRXMWGSRWMWXIRXP]TVEMWIHF]FSXLHIPIKEXIWERHWTSRWSVWJSV
the quality of its speakers, exhibition and organisation and enjoys its reputation as a
must attend event in the IA calendar.

-XLMROXLMW]IEVWIZIRXLEWFIIRI\GIPPIRXEGPIEVMRWMKLXMRXSLS[
Government Departments are working, how Suppliers are working with
them to achieve IA Compliance. It has been very useful that vendors had
to discuss a topic without too much sales pitch. (IPIKEXI*IIHFEGO

*MVWXPIXQIWE][LEXEJERXEWXMGNSF]SYERH]SYVXIEQHMHTYXXMRKXSKIXLIVERH
running yet another successful IA Practitioner event. As both a delegate visiting
the stands and listening to conference presentations and as a Director for the
IISP manning our stand and taking questions and queries from members and CCP
applicants I found again, that the conference provides an excellent opportunity to
update myself regarding current policy, network and provide support and guidance
to members and applicants. Thank you again. Exhibitor Feedback

Brought to
You By

8LEROWXSXLI
organisers for arranging
this. It was the best
event of its type I have
attended and I will be
back next year!!
Delegate
Feedback

&

EVENTS

lmanac

AofEvents

2014

CYBER WEEK 2014

June-SEPT

at De Montfort University

9/+VIIGI97%%YWXVEPME.ETER&VE^MP'LMRE-XEP]4SPERH'EREHE

JUNE
23 - 26

3-4

10 - 11

IA14
London, UK

OWASP APPSEC
EUROPE
Cambridge, UK

CFET 2014
Canterbury, UK

25

8,)9634)%2
CONFERENCE ON CYBER
WARFARE AND SECURITY
ECCWS-2014
Piraeus, Greece

PSN SUMMIT
London, UK

7-9

CLOUD WORLD
FORUM 2014
London, UK

17 - 19

26

IFSEC INTERNATIONAL 2014

London, UK

THE CYBER
SECURITY
SUMMIT
London, UK

23 - 26
SECURITY & RISK
MANAGEMENT SUMMIT
Washington D.C, USA

19TH AUSTRALASIAN
CONFERENCE ON
INFORMATION SECURITY
AND PRIVACY (ACISP 2014)
Wollongong, Australia

16 - 18
PRIVACY ENHANCING
TECHNOLOGIES
SYMPOSIUM (PETS14)
Amsterdam, Netherlands

22 - 23
RSA CONFERENCE
ASIA PACIFIC & JAPAN
Marina Bay Sands, Singapore

ST14 NORTH
Manchester, UK

AUGUST

SEPTEMBER

2-7

17 - 21

3-5

9 -11

22 - 24

BLACK HAT USA

Las Vegas, USA

RYPTO 2014
6(INTERNATIONAL
CRYPTOLOGY
CONFERENCE)
California, USA

9TH CONFERENCE
ON SECURITY AND
CRYPTOGRAPHY FOR
NETWORKS
%QEP-XEP]

27 - 29

8 -10

7-28,)8,
INTERNATIONAL
CONFERENCE ON
THE SECURITY OF
INFORMATION AND
NETWORKS
Glasgow, UK

6(-28)62%8-32%0
CONFERENCE ON
CRYPTOGRAPHY AND
SECURITY SYSTEMS
(CSS14)
Lublin, Poland

9TH INTERNATIONAL
WORKSHOP ON
SECURITY
(IWSEC 2014)
Hirosaki, Japan

TDWI BI
SYMPOSIUM
London, UK

14 - 15
SELECTED AREAS IN
CRYPTOGRAPHY
(SAC2014)
Montreal, Canada

8th - 12th September 2014

JULY

16 - 17
17 - 18

Hugh Aston Building, De Montfort University

8 -12
CYBER WEEK
Leicester, UK



24 - 26
17
19
8,-)))
(LATINCRYPT) THIRD
INTERNATIONAL
CONFERENCE ON
CRYPTOLOGY AND
INFORMATION
SECURITY IN LATIN
AMERICA
Resort Costao do
Santinho, Brazil

INTERNATIONAL
CONFERENCE ON
TRUST, SECURITY
AND PRIVACY IN
COMPUTING AND
COMMUNICATIONS
Beijing, China

25
4TH CYBER RISK AND
DATA PROTECTION
INSURANCE FORUM
London, UK

Visit

www.softbox.co.uk
for more information


cyber talk@softbox.co.uk
www.softbox.co.uk/cyber talk
cybertalkmagazine

$']FIV8EPO9/