NCVO
Cyber Essentails

PNC data makes a dash for freedom

The Police National Computer system has lost 150,000 records from it’s database.

First reported in the Times, this is another data loss for the Police in what is starting to look like a long line of errors by it’s staff.

It is not being considered a cyber attack and no red flags appear tp have been raised by the Police or the NCSC.

As a long time systems developer, I do think it does however raise an important issue, “WHERE ARE THE BACKUPS”. I spent many of my early years as computer operator on some sizable mainframes and mini’s. The one thing we always had were backups that we could go back to, a day, a week, a month or even a year, sometimes longer. So why can the police forces IT people just not recover the data?

The upshot of this blunder is that many cases will now no longer be heard, many criminals will walk free and more crimes may be committed.

This whole issue is likely to get buried quickly as it is quite embarrasing to say the least, but somewhere heads probably should roll, or at least, be severely chastised. Maybe a night in the cells!

UPDATE 16/01/2021

Priti Patel, has annouced that engineers are looking at recovering data, but they are not sure how much can be recovered. See https://www.bbc.co.uk/news/uk-55691710 for more.

XMAS Opening 2020

With the holiday season nearly upon us, the Institutions offices will be open for business as below.

December

23rd – Open
24th – Closed
25th – Closed
26th – Closed
28th – Closed
29th – Closed (Open for Email)
30th – Closed (Open for Email)
31st – Closed

January 2020

1st – Closed
2nd – Closed
3rd – Closed
4th – Open

Wishing you all a good break.

Compealing Code Chemistry

In the forth part of this series on Compealing Code, Paul Lynham covers some of the chemistry required to achieve this goal.

Compealing-Code-Chemistry-1

Thoughts on the NHS Covid App

I recently got notified via the NHS app that we had been in contact within somone who had coronavirus. A bit of an initial shock for my wife and I as we have been quite good, since lockdown ended apart from once a week shopping we have only been out 4 times.

The next suprising thing was that we were told to isolate for just 7 days not 14 as advertised. After searching for info via Googgle, we came across an article explaining why only 7. It appears we came into contact with this person probably 7 days earlier at an undisclosed venue and time.

This led us to believe we were probably in the local super store doing our weekly shop.

The Test and Trace app apparently relies on you being within 2 metres of someone for around 15 minutes, it then tags each others phone numbers so it can be used when you log a positive result it can notify all the phones you have been near within that rule.

So it raises a few issues.

  • Bluetooth can be used as a distance gauge, but is more than a bit flakey. Ideally you need three phones to be fairly accurate. Bluetooth works upto a maximum distance of between 10-30 metres, resolution with two phones is therefore not accurate to 2 metres. Also the surrounds may block or enhance the signals.
  • The app does not log GPS data, if it did, it might be able to give you a reasonable idea of where you were on the day. I suspect this was a GDPR concern but in my mind to know where you were on a particular day would be useful.
  • Thirdly, there is no indication of time when you could have been in close proximity to the person. Again this would be useful in identifing where you were at that time.

Some problems I see here as an experienced software developer and database administrator, and even as an individual with a logical mind are :-

  • If you live in a flat and someone is above or below your position and you or they have coronavirus and your app is activated it could be possible to trip the algorithim to log your telephone numbers.
  • I live near a railway crossing that is so renown for being down for 20 mins+, it is so bad it has it’s own Twitter account! I could be in the car behind, infront or to the side with the windows closed and the telehone number could still be exchanged.
  • At the shop I could be checking out one or two checkouts from the infected person, protected by the plastic shields installed to protect the staff as well, I am equally protected but still the telehone number could still be exchanged.
  • The store has it’s own cafe, and the tables are now effectively little bubbles with plastic shields around each table blocking (hopefully) the chance of infection.

I am certainly not against the app, and Test and Trace is a necessity, but it leaves some serious concerns. If any of the three examples above could possibly trigger an alert, why or should I self-isolate? What recourse do you have to override the decision or reversed and how can the integrity of such a override be maintained.

I am fortunate that I work from home, but my wife works with the elderly and has had to stay at home as she was tagged as well.

I do think the data collected needs to include date, time and location plus the telephone number. It would at least offer some comfort to the victim who has got the alert to understand how and when they were exposed.

Also the messaging needs to reflect this, rather than just saying 7 or 14 days. That is a clear message, but we need more information.

There is of course the political and legal issues including why only 18% of those who should self-isolate do. It would need some high profile policing and fines to ensure compliance. I do not think there is the will to prosecute people though. This leaves those obeying the rules, feeling exasperated.

Finally the way to beat the system or reduce the chances of the app tagging you is to turn Test and Trace off when at home and when you believe you are in a safe zone, turning it back on when you leave the zone of safety.

Bletchley Park

Professor John Ferris of the University of Calgary has written a book about Bletchley’s role during the second world war (WW2). In his book he says that Bletchley was not the war winner we have all come to know and love.

He does say it was important to the war effort, but that our intelligence services were not as clued up as perhaps the Germans were at the beginning of the war. We did however catch up and in some areas surpassed them.

Personally, I see Bletchley as something more, it brought together people like Tutte, Flowers and Turing who sowed the seeds of modern day computing.

While ENIAC was the first publicly accepted computer, Bletchley had been running its secret predecessor Collussus, had been built, used and destroyed to keep it’s secrets.

If it was not for the popularised history of Bletchley, many films and documentaries would never have been made. If it wasn’t for people like Tony Sale, Bletchley would have remained hidden from the world and America would have invented the modern computer.

Ferris’s book Behind the Enigma is out shortly and will be an interesting read.

It is more about our intellegence services and their history and the effects of modern technologies, methos and the effects of people like Edward Snowdon.

Sir Roger Penrose wins Nobel Prize

The Institution would like to congratulate Sir Roger Penrose on his Nobel Prize for Physics and his work on Black Holes.

Sir Roger is well known to the Institution and back in 2001 he did a presentation to the IAP Symposium at Trinity House near Tower Hill.

A mentor of Stephen Hawking, Sir Rogers work on black holes is shared with Reinhard Genzel and Andrea Ghez. He is a mathematical physicist from the University of Oxford, and demonstrated that black holes were an inevitable consequence of Albert’s Einstein’s general theory of relativity.

Computing is essential to the modern day modelling that scientists use to simulate the theories they have. It has driven a huge drive in the development of super computers and AI is now being developed to take things further.

It is great to British scientists being leading figures in thier fields.

UK Cyber Security Council recruiting for two business analysts

One of the Institutions partners the Chartered Institute of Information Security is recruiting for two Business Analysts for the UK Cyber Security Council Formation Project. The project is a Government initiative, funded through the Department for Digital, Culture, Media and Sport (DCMS), being delivered by the Cyber Security Alliance, of which the IAP and CIISec are members, under the leadership of the Institution of Engineering and Technology.

Find a role description with main duties and responsibilities here

If you are interested in applying please send your CV and a covering letter to jill.trebilcock@ciisec.org

Please note that the closing date is Thursday 17th September.

London Hotels – Members Offer

The Institution has agreed a 20% discount for our members and their families with the Blue Orchid Hotels group based in London.

They have several hotels including the Tower Suites, The Rochester, and The Wellington.

You can find thier website @ https://www.blueorchid.com/en/index.html

If you use this offer please let us know what you thought about your stay.

We hope in the future to add more hotels around the country and in Europe.

2020 – AGM Calling Notice

AGM-2020-Calling-Notice

Job Slot

Short term contract available

The Institution is supporting this Government initiative and via one of our partners, a Business Development Consultant contractor position has arisen.

A need has arisen on the UK Cyber Security Council Formation Project (the project) for a clear Strategy and Value Proposition for the Council. Therefore we are recruiting for a Business Development Consultant as a Contract position up to 60 days work at £700 per day.
 
The project is a Government initiative, funded through the Department for Digital, Culture, Media, and Sport (DCMS), being delivered by the Cyber Security Alliance, of which CIISec is a member, under the leadership of the Institution of Engineering and Technology. CIISec is running two of the workstreams.

This consultant will be critical in establishing the income for the Council from organisations and entities who would join as Members and Associates/Affiliates, as well as setting out the strategy for the Council in its first few years. 

We attach a role description and suggested format of the deliverable, as this shows the scope of the work required.

If you are interested in applying please send your CV and a covering letter to jill.trebilcock@ciisec.org

Please note that the closing date is 20th July 2020

We also welcome those outside of CIISec membership to apply so please feel free to share this email with any colleagues or friends that could be suitable for this role.