IoT Regulation: The Carrot and the Stick

Security is a real concern among consumers when it comes to the Internet of Things (IoT) which have time and again succumbed to a litany of attacks due to poor protection mechanisms and vulnerabilities. Yet vendors remain slow to implement the 13 guidelines contained in the UK DCMS Secure by Design Code of Conduct published way back in 2018 and which aligns with the international standard ETSI EN 303-645.
To help boost uptake, the UK Department for Culture, Media and Sport put out a tender to the industry to devise a scheme that would incentivise manufacturers to demonstrate proactive security compliance to customers. The result was the IASME scheme which offers three levels of compliance – Basic, Silver and Gold – in a bid to encourage the industry to take action. Those meeting the criteria can then display the associated badge on their products, reassuring customers. It’s the carrot, if you will, ahead of the legislation expected to be brought in next year under the Product Security and Telecommunications Infrastructure (PSTI) Bill.

Read more

Superintelligence Will Not Be Controlled

The invention of Artificial Intelligence will shift the trajectory of human civilization. But to reap the benefits of such powerful technology – and to avoid the dangers – we must be able to control it. Currently we have no idea whether such control is even possible. My view is that Artificial Intelligence  – and specifically its more advanced version, Artificial Super Intelligence– could never be fully controlled.  

Read more

Competing For Talent: How to Close the Cybersecurity Skills Gap

The cybersecurity sector is experiencing an unprecedented skills shortage and the bad news is that it is set to get worse. According to recent figures from the Department for Media, Culture and Sport (DCMS), there is an annual deficit of 14,000 entering the market which will lead to cumulative shortages. It is a situation further exacerbated by the Great Resignation which is seeing an exodus from the industry due to high stress levels and burn out rates, with more than a third tempted to quit their jobs.
There is particular demand for those in middle management or senior roles with three years of experience or more, according to the DCMS report, which is likely to cause problems for businesses over the next few years while new entrants hone their craft.

Read more

The Current Intersection of Universal Design and Cybersecurity and Why It Must Expand

Many businesses develop cybersecurity programs without considering universal design. This results in programs that fail to meet the needs of the entire workforce. Even worse, inaccessible cybersecurity programs can force workers to miss out on important security tips and insights. This can lead to data breaches that damage a company’s brand reputation and bottom line. 
A clear understanding of the relationship between cybersecurity and universal design is a must, especially as more industries become common targets for cyberattack. Cybersecurity professionals can apply universal design best practices in their everyday work. In doing so, they can develop and maintain best-in-class cybersecurity programs.

Read more

OT/ICS Security Training

This article is inspired by a recent article on the Computerworld site for Denmark, where one of the CISO’s for a big energy company lamented the lack of formal skills in the cybersecurity community on the security requirements for Operational Technology (OT) and Industrial Control Systems (ICS). This triggered light research from me on the options out there for relevant trainings and certifications.

Read more

It’s Time to Secure the Water Sector from Cyber Threats

he Biden administration is reportedly considering a first-ever integrated action plan for global water security, linking global access to clean, reliable water to U.S. national security for the first time. At home, the linkage between national security and security of the water and wastewater sector is self-evident by its very definition as critical infrastructure. Yet decades of chronic underinvestment and under-resourcing of federal support to the industry has left this life-supporting and life-sustaining infrastructure vulnerable to cyber threats.

Read more