Monday, 25 January 2016

Safer Internet Day 9th February


#SID2016 is a great opportunity for take schools to take stock and consider whether they are meeting current educational online requirements. 

So what can your school do?

Teachers and Staff

Get yourselves up to date with what is available to you free on the web that is age appropriate and is ready for use in class
Run lessons focused on internet safety and provide opportunities for your pupils to learn about their own online presence, the risk and potential harm as well as providing the space to gain the most from their experiences online.

Parents

Take the opportunity to find out exactly what your children are being taught in school, and find out what to look out for to protect your children and how you can also protect yourselves

School children

Access to tools and guidance so that you can teach yourselves but also have fun doing some of the tasks and watching some of the videos available.

If you want a simple page to copy and upload to your site whether a school charity or other go to

 

http://sidsays.org.uk/

 

 

Wednesday, 6 January 2016

An evening with Mike Pannett 27th January 7-8.30pm Clark Foley Centre Ilkley

Cops, Cream Tea and the Countryside

An evening with Mike Pannett
 

Clark Foley Centre Ilkley
Wednesday 27th January 7- 8.30pm
£8.00
 

Tickets available from
stu@stuhyde.com

 

This is an event to help raise funds for my daughter's World Challenge visit to Nepal in

Mike Pannett was born in York, and joined the Metropolitan Police in 1988. He became one of the youngest officers to be given his own patch, and served on the Divisional Crime Squad, Murder Squad and TSG (Riot Police).

He transferred to North Yorkshire police in 1997 as he missed the countryside – and fly fishing! He became a rural beat officer and eventually, a wildlife officer. 


In 2005 he starred in the BBC’s Country Cops and was inspired to write about his adventures in the North Yorks force. Mike served nearly twenty years in the police, during which he became one of the highest commended officers. He lives with his wife Ann, and their three children in a small village in the shadow of the North Yorkshire moors.

Saturday, 12 December 2015

Using cybX exercising to test cybercrime capability in the UK and Europe

Last week I was helping a scenario based cyber exercise at the Cabinet Office Emergency Planning College in Yorkshire. We were using the CYBX suite. It involved  8 countries managing a range of cyber challenges.


Below is the release from CYBX about the exercise and it's forerunner Silver Pilot involving many Regional and National UK cybercrime assets. cybX is managed by Serco who run the Emergency Planning College for the Cabinet Office.


Testing and exercising cybercrime units across the UK and Europe is an essential aspect of planning and preparing ourselves for the future of criminality and risk in cyberspace.


See http://www.nationalcrimeagency.gov.uk/news/776-international-cyber-crime-exercise-tests-multi-agency-response


And 


http://www.cybx.org/




Serco has taken part in a ground-breaking exercise run by the UK’s National Crime Agency (NCA) to test the international response to serious cyber crime. 

Specialists from across Europe were put through their paces using Serco’s unique and realistic cyber exercising capability - cybX - which prepares private and public sector organisations to test their ability to prepare and respond to serious cyber attacks.

 

Exercise ‘Silver Shadow’ - a multinational exercise run by the NCA’s National Cyber Crime Unit (NCCU), funded by the Foreign and Commonwealth Office and supported by the Home Office -  saw officers from eight different countries come together to assess their collective response to a simulated cyber attack on a fictitious international petroleum company.

 

The aim was to test how investigators and prosecutors would work together in the event of a complex criminal incident spanning several different legal jurisdictions, to ensure an effective response to future cyber crime attacks.

 

The week-long exercise began on Monday 30 November and took place at the Cabinet Office’s Emergency Planning College (EPC) in North Yorkshire, which is run by Serco.

 

The countries involved in the exercise were Bulgaria, Georgia, Lithuania, Moldova, Romania, Ukraine, the UK, represented by the NCA’s NCCU, and the US, represented by the FBI. A representative from Europol’s Joint Cyber Action Taskforce (J-CAT) also took part.

 

cybX compliments the wider civil resilience training Serco provides at the EPC, enabling organisations to test and improve their cyber resilience in a safe, realistic and secure environment.Management and IT staff are tested through a variety of simulated scenarios on their ability to identify and end a cyber-attack, and manage their organisation’s response. 

 

The training gives participants a greater understanding of their organisation’s risks, strengths and areas for improvement, as well as a better understanding of the communications and relationships they need with their supply chain, customers and other stakeholders, including law enforcement.

 

Richard Preece, Serco's Director of cybX, commented: “It’s been a privilege to support members of the UK and international law enforcement community. Every day we hear about another cyber-attack and our training has helped the NCA to improve their capability to tackle cyber crime.

 

“It’s one thing to invest in the best technology, but organisations must also invest in developing their people and test their capabilities. Serco’s training puts employees from the board room to server room through their paces, enabling organisations to be more resilient to the inevitable cyber-attack.”

 

Further details on the NCA website

Sunday, 6 December 2015

Urgent Cumbria Flood Appeal

URGENT   Cumbria 2015 Flood Appeal

An appeal launched to raise funds to support the individuals and communities devastated by the December flooding and storms in Cumbria.



Friday, 4 December 2015

Wetherspoons Hack

The company Wethersoons seems to have been hit by the next in a long series of hacks.
See http://www.computerweekly.com/news/4500260119/Wetherspoon-pub-chain-warns-customers-of-data-breach for a good update

Some simple issues

1. In a breach, even if full financial data is released the data can be used to "con" victims into releasing other data. Using "Social Engineering" offenders may be able to act as if they are your bank or credit card company and illicit data that could compromise your personal financial security. Have a look at www.getsafeonline.org the UK primary site for cyber security
2. If you are a CEO or Chair of a company, anticipate that you will be in the front line in the event of a breach. In all cases, the top of the organisation has to become the voice of the business. Do you as a company think about how you would cope in the event of an attack, do you exercise or test your processes. for large organisations see www.cybx.org for a very sophisticated approach
3. At board level, do you understand what your IT staff do, have you seen a Firewall in action, do you know the parameters and policy for managing your data? Have your managers and supervisors engaged in creating a common understanding of your technological needs? Do you have access to effective and available technical staff when it goes wrong?

Wetherspoons CEO John Hutson has apologised quickly and rectified as well as identified that the breach could not occur again. The ICO no doubt will have further questions as will the media and shareholders, time spent preventing will ofen far outweigh the costs and time of investigating.

Who's next?

Saturday, 21 November 2015

Reflections on the Chancellors Cyber Speech at GCHQ

This article is replicated in Policing Insight


“Reflections on the Chancellors Cyber speech at GCHQ” 

Stuart Hyde QPM 
Policing Insight. November 2015



On Tuesday this week the Chancellor gave an impressive outline of the UK response to the multiple threats to Cybercrime and Cyber terrorism. In a positive contribution he outlined a range of actions and investments across Government linked to outstanding contributions from industry that will be aimed at keeping the UK safe online. The full text is below
George Osborne speech at GCHQ 17th November 2015

Whilst the speech was fascinating and sparked of a real joined up approach including some very interesting anecdotes, there remains concern that some of the solid foundations he talks of, may not be delivered, and that the investment in Cyber intelligence and Analysis could be undermined. In brief here are some of the concerns that should be tackled:
The risk of further cuts to policing could weaken the police response to Cybercrime and the support Forces can give to Regional Cyber Crime Units and the NCCU 
The training provision for officers and staff in Cyber issues is not mature enough yet to enable effective response to the very wide range of cyber-enabled and cyber-dependant criminality.  
The investment in the prevention of cybercrime, particularly through GetSafeOnline is minimal and directly contrasted with the huge costs of CyberStreetWise  
Exercising is sporadic, and although highly sophisticated facilities such as CYBX exist (run under the auspices of the Emergency Planning College) lack of financial support has discouraged many organisations including public and private sector from investing in such activities.
The national scheme supporting Cybercrime Information Sharing Partnerships is inconsistent across the UK. Despite being a National model not all regions have them. This undermines the ability of Government agencies to reach out to vulnerable industry and circulate common security messages. Many regions don’t have them yet, despite it being a national initiative.
A Review of the curriculum in schools for ICT and Computer Studies could be adopted to try and ensure that the education children receive about Cyber reflects their current or future usage. The encouragement for coding is to be welcomed but a wider review may help to better align learning across the education sector with current trends in Cyber development.
The previous Government was extremely keen on the concept of the Big Society. This should not escape the attention of Cyber. Opportunities to recruit Cyber Police Specials within industry to actively support policing should be encouraged. There are very small examples of this which could be developed further particularly in the wake of further police cuts

Now is the time to make a dramatic but effective shift towards making the UK the safest place online.
Looking at some of the specific comments within the speech
“Before the dreadful events of the weekend we had already indicated that we would be increasing substantially the resources we dedicate to countering the terrorist threat posed by ISIL. “
It is interesting that this is not a reaction to the tragic events in Paris but a broader and historic reaction to the threat of an online ISIS/ISIL. The investment is being targeted against a particular threat, one of many currently facing the UK cyber environment.
“The Prime Minister has made clear that across the agencies a further 1,900 staff will be recruited to keep Britain safe from terrorist attack.”
The 2000 additional staff for the estimated £400M a year seems quite expensive, however the additional on-costs and technology costs will be excessive in order to retain the edge required to tackle the enormous online threat. The issue of further police cuts should, however, not be ignored. These intelligence officers and analysts will create opportunities to arrest or intervene to prevent attacks, or to mitigate risk. That, in many cases, will increase the requirement for specialist policing services including armed tactical support. Whilst this is the right thing to do, it will have an additional demand for the police service at a time of contraction. 
“The answer is not just in more resources, but in ensuring those who keep us safe have the right legal framework, that allows them to do their job while preserving the values and freedoms which we are so determined to defend.” 
It is also right that throwing money at something is not always the best solution, but it helps. Linking a review of funding and investment with a review of legislation will help to make the new resources much more effective. However, the people of the UK will need to balance their need for protection against their desire for privacy, a difficult challenge at the best of times
“As Chancellor I know about the enormous potential for the internet to drive economic growth, but I am also acutely aware of the risk of cyber-attack harming our economy and undermining the confidence on which it rests.”
The harm to businesses of an attack or a leak of data is considerable. The recent TalkTalk crisis threw the Chief Executive, Baroness Dido Harding, into the media spotlight as TalkTalk struggled to come to terms with the media avalanche that descended upon them. CEOs cannot avoid being in the frontline when an attack takes place and the disruption to a company will be dramatic and potentially irrecoverable. It is interesting to see the very positive pre- Christmas adverts from TalkTalk now rebuilding its reputation and branding.  
“And I also know that we can’t afford to build strong cyber defences unless they rest on the solid foundations of sound public finances.”
The wider public finances issue is a very real requirement for the UK. However, a number of the initiatives through these announcements will require the solid foundations of policing. Neighbourhood policing, a service connected to its communities, the capacity to support arrests or disruption, specialist cybercrime and digital forensics capabilities, compliance with ISO 17025, flexibility to support substantial human surveillance, post incident management and evidence recovery to name but a few of the roles inevitable to support making the UK online world safer. All currently at risk.
“Citizens need to follow basic rules of keeping themselves safe – installing security software, downloading software updates, using strong passwords.”
CyberStreetWise has fixated over the past few weeks about its three word campaign, but find any reference to TalkTalk on the site, you won’t. Yet the TalkTalk saga was an issue that may have affected 10% of the population. And who talks for Cyberstreetwise, no one, it’s anonymous. This is not the best use of investment. Far outstripping it is the very versatile and responsive GetSafeOnline, which involves industry and others with very little investment from Government, effectively run on a shoestring. If we want citizens to protect themselves we need to invest in better and much more effective and responsive campaigns run by real public people. 
“Companies need to protect their own networks, and harden themselves against cyber attack…The starting point must be that every British company is a target, that every British network will be attacked, and that cyber crime is not something that happens to other people… We established the Computer Emergency Response Team for the UK, and the Cyber Information Sharing Partnership so companies could share what they knew.”
If we want to engage business in making the UK safer online then the government should enforce the CISP programme (see above) it takes far too long to launch and then run CISPs. Getting them moving and putting a little investment in, will provide a truly national response between Government, Police and Industry. Here are the areas with CISPs. The North East comes online very soon.

“We have built the National Cyber Crime Unit so cyber criminals are brought to justice.”
The Cybercrime Units across the UK linked to the National Unit are working together to address a range of cyber-attacks. Building up their knowledge and experience and exercising together, is helping to develop a good model for the future. However, with forces reducing budgets it is probable that the model could be undermined as Chiefs and PCCs seek alternative ways to spent scant resources
“We developed clear guidance for businesses, including the Cyber Essentials scheme, which already has over a thousand companies accredited.”
The scheme itself is simple yet effective but with the absence of an effective national model of CISPs it is left to a multitude of fora to distribute and promote the scheme. Of equal value is the 10 Steps to Cyber Seciurity a Board level tick box that should be a common statement for all organisations. 
“We built cyber security into every stage of the education process. We established Cyber First and cyber apprentices to make sure that we got the talent we needed coming into the field…. And most ambitiously, we will be rolling out a major programme for the most talented 14 to 17 year olds, involving after-school sessions with expert mentors, challenging projects, and summer schools where those on the scheme can see where their cyber skills can take them. ”
Keeping the “Cyber” learning up to date is essential and making it relevant really does mean we can keep the UK safe. In an interview BBC Radio5 Live had with the hacker Charles Float, he talked about his frustration at the technology education provided in school and his lack of interest. I make no judgement about his actions but there must be a better way to channel bright and knowledgeable school children who are orientated towards gaming, and moving them away from hacking. Ensuring that people who hack, even if only to have an advantage within an online game, know that disrupting other players online access is illegal might be a start.
“It is a bold, comprehensive programme that will give Britain the next generation of cyber security, and make Britain one of the safest places to do business online.”
I agree it is a big investment, but one that is essential to retain a safer online UK. However, there are still risks that this strategy could be undermined, unfortunately by the same person proposing it.
“Today I can announce that in 2016 we will establish a single National Cyber Centre, which will report to the Director of GCHQ. The Centre will be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact.”
It will be useful to see the details of the Cyber Centre in particular its engagement with Police Forces and how it will strengthen the Regional Cyber Crime Units and the NCCU. 
Overall it was a positive step. Some of my comments may appear to be negative, they are not meant to be. Any investment in this area is welcome but we need to ensure that the good intentions are not undermined by the economic realities facing Policing particularly.
There is an opportunity to bring Cyber issues into the current psyche of leaders across all sectors which would substantially help to create a safer online UK. As a policy or strategy it does, however, stand alone, as there does not appear to be an alternative from others and I look forward to seeing alternative strategies to keep online UK safe from other political parties particularly the Opposition.
Stuart Hyde QPM
Cyber commentator 
Vice president www.hightechcrimecops.org
Vice President www.polcyb.org
Associate www.cybx.org
Director of Solutions www.cclgroupltd.com

Tuesday, 17 November 2015

Cybercrime and George Osbornes speech




Whilst the speech by George Osborne was fascinating this morning  and full of some interesting anecdotes,  I am concerned, however, that the solid foundation he talks of will not be delivered and that the investment in Cyber intelligence and Analysis will be undermined. In particular perhaps we need the following

  1. No further cuts to policing and strengthen the police Cyber capability through Regional Cybercrime Teams and the NCCU
  2. Provide effective training and education for all Police Officers in Cybercrime prevention and detection
  3. Increase REAL investment and effectiveness in Prevention of cybercrime, particularly through GetSafeOnline and move some of the huge costs of CyberStreetWise towards it.
  4. Increase the number of joint industry and law enforcement exercising on Cyber attacks
  5. Enforce the Cybercrime Information SharingPartnerships. Many regions don’t have them yet, despite it being a national initiative
  6. Review the curriculum in schools for ICT and Computer Studies to better reflect the here and now and help gifted students stay on track (see comments of Charles Float R5Live)
  7. Increase the use of Cyber Specials to support Law Enforcement

Now is the time to make a dramatic but effective shift towards making the UK the safest place online.

Popular Posts in last 7 Days