Tag: Internet of Things

Short post: Offense on the Defense

Apart from love, here too all is fair. Hence, the offense may be pushed into defense every once in a while. Yes, think that one through.
Or, that is misinterpreting it. Offense and defense do a danse macabre while the content fights out at higher abstraction levels. Think that one through ..!

[Edited to add: this link, and this one. Others apply as well.]

OK, ’nuff for now, and this:
DSC_0705
[Not even unique, as a NY wedgie; only just (…) the prettiest]

Preventing detection

At last, there’s a resurgence of non-preventative infosec (#ditchcyber) efforts. As, e.g., here (in Duts though the orig would be Engrish ..?) and here (a decent one, almost making the right point; co-typical ..? and on second reading, a bit empty of actual actionable advice). Hinting at leaving the Prevention Imperative and refocusing on Resilience.
Because ‘deperimetrisation’ may have clouded the longer-term, more strategic failure of locking oneself in and shooing away the so grossly underestimated enemies by one’s own utterly ridiculous overestimation of … authority, power, capabilities and competences, considered-self-evident importance (quod non…). The dumb not realising how dumb they actually are…

We’ve said this before, over and over again. And we’ll say it again. Because the Laggards (hey remember yesterday’s post?) still haven’t got it, deeply enough into their veins.

But, we have a start of that at last. Why only now? Because even the most conservative (sic) can no longer hold the fort (sic) of box-shipping at all levels? Anyway:
DSC_0804
[Rebound into the heavens!]

Why ‘cyber’s still a dud

[Oh yes @CyberTaters will warp the pings re this post. And #ditchcyber!]

For one, all (sic) of ‘cybersecurity’ (quod non) is incomprehensible to those that consider themselves ‘leaders’ in one way or another in practices where actual infosec should be top of mind. Since the (for quite too large a part) despicable mice (of this story) don’t see their own folly, these kindergarten emperors will be found to wear their new clothes well… but not ‘get’ what it takes to start developing ideas how to actually lead in the infosec field. Starting with debunking Internet myths and hype-FUD but also starting the sea changes needed to achieve something (if maybe not everything).

For another, since all the hype-FUD only leads to Technology focusing, where those that would still not have thus-focused houses on order should be fired; decades of developments would have to have been easily dealt with – though it is rocket science, it’s hence not that hard. Hey, designing and building a probe to Pluto, isn’t there an app for that?
Leaving the other 99.9% (well…) of work in the area of People (and don’t start me on Process..! see my posts over the past couple of weeks). Which, even if it would be understood what needs to be done in that field, would be known to be near impossible to pull off, let alone in the short term.

Hence by simple (?) logic, ‘cyber’whatever is a dud.

Sobering:
DSCN2508
[You know where, or not; every corner needs to be beautiful…]

Waves of IoT

Tinkering with the great many (unknown) unknowns of the IoTsphere, it occurred to me that there are various intermediate phases to deal with before we can consider ourselves comprehensively outdone after the Singularity (dystopian with P(X)=1).

By which I mean the following ‘growth’ model:

  • Current-day operations: Factory ‘robots’ or process plants being (factory-)centrally controlled from e.g., typical classical (?) control rooms. And ATMs, the robots without arms!
  • IoT in its four distinct forms. With ‘robots’ moving out of their prothesis confines, as e.g., here. Possibly with some ANI.

    Both these levels can be regarded to have operational level problems; ethical, security/privacy, industry-disruptions and comprehensively new business and labour models, etc.etc. but relatively definitely operational, to be solved.

  • At a tactical level, there’s AGI stuff to be figured out.
    Ethics, ‘robots’ like self-driving/autonomous cars [yes, yes, I know those two are very much not the same!] as proxies for humans, with all the rights and duties including how to enforce those, and Privacy on a much larger, impactful scale. Including also, all problems you thought to have solved in the previous rounds, now coming back to haunt you and be very much harder to solve.
  • The Strategic level, with ASI all around. To repeat, including also, all problems you thought to have solved in the previous rounds, now coming back to haunt you and be very much harder to solve.

This, as just a briefest of summaries of all sorts of dilemmas to be figured out. Sonner rather than later, or bingo (points of nu return) will have been passed sooner than you realise. I’ll try to help out with a post here and there, or course ;-]

For now:
DSCN8357
[At what stage will AI understand the genius of this design ..?]

The need for a new security framework

… I feel the need for it. A new security framework.

Because what we have, is based on outdated models. Of security. Of organisations. Of how the world turns.
Bureaucracy doesn’t cut it no more. The very idea of hierarchically stacked framework sets (COSO/CObIT/ISO27k1:2013/…) likewise, is stale.
And the bottom-up frameworks en vogue, e.g., OSSTMM (if you don’t know what that is all (sic) about, go in shame and find out!) and core work like Vicente Aceituno Canal’s, haven’t found traction enough yet, nor are they integrated soundly enough (yet!!) into further bottom-up overarching approaches. Ditching the word ‘framework’ as that is tainted.

But what then? At least, OSSTMM. And physical security. And SMAC. And IoT. And Privacy (European style, full 100.0%, mandatory). And business-organising disruption, exploded labour markets, geopolitics, et al.

OK. Who of you has pointers to such an Utopia ..? [Dystopian angles intended]

Unrelated:
DSCN6146
[Your guess. Not Nancy. But is it Reims ..?]

Disruption, -parity

Just wondering: How’s the disruption in your ICT coming along ..?

Seriously; hardly at all ..!?

Join the club. Of almost all. Public, private, large, small; all organisations suffer your fate of [barely; outdated browser] being able to read all about the Great New stuff that’s out there, but seeing nothing of it in your daily work. Strange, eh?
Or is it again the short-term impact being overestimated until it’s “too” “late” to join in, for most orgs ..? Because the real talent, the people that actually want something out of life either with, through your org or without it, elsewhere, will have gone to that elsewhere with all their motivation, and you’re left with the dull, exhausted, numbed-by-the-avalanche-of-downsizing-rounds petrified staff [you deserve, if you don’t pay attention]?

So, be positive; hunt for the opportunities and push your people to do the same! While also bulldozering through the roadblocks, often (middle? elsewhere too?) management having been trained to the hilt with objection finding, -raising stamina to defend the stasis quo [intended]. Close the gap, from veering into nothingness off the path of innovators, to return to lead at the head.

Oh well; for now:
DSC_1026
[Needs serious renewal above the shoulders; DC]

Nice note

Just a long-form quote this time, by Norm Laudermilch:

In addition, we should stop using the term “advanced threat” to describe the threats we see every day. It’s too common to hear a recently breached company point to a “very sophisticated cyber attack perpetrated by a nation-state”, which makes it sound like this was something undetectable and impossible to stop. Gartner analyst Neil MacDonald calls this the “dog ate my homework” excuse. More likely we find that it was just another piece of malware cranked out by one of the latest exploit toolkits, delivered via spear-phishing or targeted malvertising, perpetrated not by highly advanced nation-state adversaries but by comparatively low-tech cyber crime gangs. Even if a nation-state attacker crafts an extraordinarily unique and complex malware payload, they’re probably using the common delivery vectors mentioned above. Why? Because these attacks work every time.

Emphasis mine and I second. Until quantumcrypto is cracked, each, any and all cracks are of sophistication Zero. Or One, at most. Combining the most basic of ‘attacks’ i.e. exploits of negligence. Read the full article, and agree. Oh, and [self-plug] there could be side benefits in sloppiness, like this – IF deployed properly. And have your press release at hand, like this one.

So, …
DSC_1024
[Surpreme court; would you want your ball there?]

Ah, your home controlled by …?

In the race to grasp as much of the market as possible, which is understandable, one party jumps in to create the API of APIs we’ve all been waiting for, among others (since this) in this domotics category.
But … will we surrender even our in-house as-yet unconnected lifeblogging data to one of the parties that don’t have the best of track records re privacy …? I mean this one. With an odd name

Oh yes, I hear you suppress your fears … with empty words, given that even at chip level intrusion and (data) extrusion seems to have been possible, and in the wild, already for years.
So, this one party grabbing your data at software level may even be an ‘improvement’ for transparency … the devil you know (but still don’t see) – how’zat for self-censorship in your house? Even when with a required warrant, will (tending to casual, ubiquitous) surveillance in your own home be the future?

Well, I’ll go cleaning up. With said product (name) of course…. And:
DSCN1283
[Preferably, the non-scratching kind … London already a decade ago]

Simple link: BYOD is the New Wi-Fi

Very true. Though we may even say: BYOD was the new WiFi, as BYOD is so 2013 … but let’s await the resurrection of WiFi when IoT-in-the-shape-of-ubiquitous-computing takes off…
BYOD is the New Wi-Fi – Infosecurity Magazine.

Signalling healthy process

Yet some more cross-over ideas from the IoT world into the administrative bureaucratic office world: Streams of transactions as signals.
Of the health of the process, of course. To be defined, obviously, as the fit to the surroundings. The fit may be off, either intentionally (wanting to let the world adapt to the process, enforcing (?) change) or unintentionally left blank                i.e., having to cope with exceptions to what was envisaged as transactions’ content or form.

Now apply yesterday’s first picture of process control.
Now, too, consider what one could do with sampling theory (as a subset of ‘Shannon’, if properly elaborated, possibly skirting with ‘classical’ statistics ..?). Taking 2log(n) samples (where n is the number of transactions ..?? Just a wild guess) and being able to reconstruct the ‘signal’ then taking its integral (discrete transactions … just summing it up ..?) for the total. Or Fourier-transforming it all and … get your basic theory straight before dreaming of moving on so don’t start at the other end as ‘accountant’…! And/or treating exceptions (as e.g., found by the sort of analysis that these girls/guys are so good at; that not even being meant as a cynical qualifier) as noise to the signal. Never fully suppressable, but useful to pick up secondary signals, stacked in their variation of frequencies, amplitudes an wavelet transformations. That all tell you something, if you listen. Whether you want perfect, over-HiFi replay [intermission: Ugh I’m getting old, even knowing that HiFi was a thing…], or lively veracity, actual fullness of music. And take in again the ole’ industrial process control with its recipe / derivative function(s), et al., and be able to better control it all from the ‘dashboard’ in the control room. When all of the routine stuff, the routine 80%, of business is done by … ‘robots’. Humanoid or digital-machines, IDC.

And hey, while we’re at it, why not throw in attempts to include in bookkeeping not only discrete numbers (arbitrarily rounded to hunderds, of random currencies) but Real numbers or even Complex numbers as well ..? The latter, e.g., to indicate VAT surcharges, etc.; leading to tuples-as-single-‘numbers’ in bookkeeping. Maybe somewhat harder to track that all is booked correctly, but also maybe powerful in capturing singular transactions and some processing rules/logic, and controls, in one tuple (‘record’).

Where AI may then be applied to do sanity checks. Not on this author; no AGI or ASI would suffice…

OK, for now:
DSCN1436
[“What a shoe box” but yes that *is* the Bata shoe museum, Toronto]

Maverisk / Étoiles du Nord