January 17, 2009

Information Infrastructure Protection: Managing complexity, risk and resilience.



The Technology Strategy Board, The Centre for the Protection of National Infrastructure (CPNI) and the Engineering and Physical Sciences Research Council (EPSRC) have allocated an indicative amount of £6m to invest in highly innovative collaborative research and development projects in the area of Information Infrastructure Protection. Additional funding may be provided by the Economic and Social Research Council (ESRC) for proposals which include relevant work of high quality.

The tools, techniques and services developed will contribute to tackling the ever increasing threat to information systems. This investment targets the increasing complexity and dependency challenges that UK government and businesses face, whilst providing significant market opportunities to a strong UK capability base. The focus will be on the development of technologies and their associated supply chains that will offer significant quantitative improvements in:

•    the understanding, monitoring and subsequent improved management of complex interdependent information infrastructures, within and between organisations, leading to enhanced security in all sectors of the UK economy (SME to Large enterprise)

•    the development of improved business resilience and risk assessment services within the UK to predict and manage risks in next generation information systems, and
•    the acceleration of their deployment to market.

For more information go here



November 7, 2008


Follow me and updates from the Technology Strategy Board here



Three new government-backed research projects will see businesses, universities, a city council and other research and technology organisations working collaboratively to address the challenge of ensuring that privacy and consent is preserved in the next generation of identity management systems.

The Technology Strategy Board, Engineering and Physical Sciences Research Council (EPSRC) and Economic and Social Research Council (ESRC) have joined forces to back the three projects with an investment of over £5.5 million.

The three projects are:

Encore, which will focus on the issue of providing more rigorous means for individuals to grant and revoke their consent for the use, storage and sharing of personal data, bringing together technological, procedural and regulatory developments.

VOME, a research project that will reveal and utilise end users’ ideas and concepts regarding privacy and consent, facilitating a clearer requirement of the hardware and software required to meet end users’ expectations.

Privacy Value Networks (pvnets), will generate a detailed understanding of individuals’ and organisations’ conceptions of privacy and identity across a range of contexts and timeframes – using a range of techniques including in-depth privacy value and devalue chains analysis to model the impact of the personal information.

Explaining the background to the decision to invest in the three projects, the Technology Strategy Board’s Chief executive, Iain Gray, said: “The next few years will see governments and businesses around the world making substantial investments in identity management infrastructures. In order to prepare UK businesses for competition in this global market, practical and cost effective solutions need to be developed which inspire public confidence by improving privacy and enabling consent as an integral part of future procurements.”

“Society demands a lot from personal data systems. We want them to give us the freedom to buy, vote and bank on the internet but we also want them to protect us from the threat of terrorism and identity theft without invading our privacy”, said Professor David Delpy, Chief Executive of EPSRC. “This fundamental research has a unique approach, looking at both the technological advances that need to be made alongside the social considerations and implications. The long term aim is to ensure a good balance between freedom and security for everyone.”

More Interdependence

June 3, 2008

last Tuesday the lights went out, not for everyone but in some areas of the county.

It seems that a seemingly innocuous set of events sent shock waves through the UK’snational power supply system. A string of unrelated events came together to cause national grid, the operator of the electricity transmission grid, to issue it’s highest warning. This looks to be caused by two main power stations going offline in quick succession. These then caused a cascade effect rippling though the UK making power voltages sang and amp reduce. The grid then responded by asking generators to produce more power to make up for this shortfall – which they did.

A seemingly unprecedented sequence of events or  the norm of interdependency?



It looks like hackers have started to use social networking tools to keep in contact. share information and organise themselves. A new social networking site, house of hackers, has been formed and already has over 900 members (8th may 2008). Formed by the ethical hacker think tank GNU citizen, who’s recent published works include zero day exploits for quicktime on MS Vista, SNMP scans of the Internet and how to crack the BT home hub product. This does suggest, as we have known, both black and white hackers are becoming more organised, but is this a new phenomenon?

The tradition of organised groups within the hacking community goes back to when the word hacker was synonymous with exploring and creating new ways of doing things. The one of the first recorded groups was known as the 414’s which used technology computer equipment to ‘break’ into systems ranging from US research laboratories to hospitals. The ethical debate around the terms black, grey and white hackers is one which has been raging both internally within the community and externally for some years now. I will leave that for another day!

This new development using social networking technology and web 2.0 technology moves, quite conspicuously, the hacker community into a new era. Groups that normally would be siloed and quite insular now have the opportunity to share information and co-ordinate for both good and bad purposes, how this will evolve we will see over time.

This all may seem quite disconcerting but some of the most innovative people have been born out of the hacker community, in the more traditional sense of the word. Steve Jobs, co-founder of Apple, Bill Gates, founder of Microsoft and more recently Larry Page, founder of Google have all made a immense impact the commercial world and have transformed society over a relatively short time period.

The challenge for the innovation platform is how do we harness the power of these communities to deliver innovative research which will benefit the UK and  maybe change the world in the same way that Gates and Jobs have?


Cyber Security KTN

May 6, 2008

On May 1st Nigel Jones, Director or the Cyber Security Knowledge Transfer Network, was featured in the daily telegraph

As some of you will know the EPAC call sandpit attendees went on a tour around Terminal 5 at Heathrow airport last Nov, it was impressive. Most of you will also know that things didn’t go according to plan in the opening week. Thousands of bags have been lost or delayed en-route, hundreds or cancelled flights and lots of irate passengers.

But what happened?

Well reports have been range from lack of training, internal staff communications, lift failures, system logins not working and car-park spaces not being available. The question is how much of this could have been prevented and foreseen and how much could not. There is a theory within critical information infrastructure analysis which speaks of major failures starting with a small insignificant event which on its own would not even be noticed. This then snowballs into a bigger event and so on until a major problem develops and a major event occurs.

This is known in scientific terms as a cascade effect or failure.

But was this what happened at T5? Well we know that extensive testing/modelling/dry runs were performed in the months prior to go live, but were assumptions made like baggage handlers being in place on time? All the logins working and users signed in? There we enough car parking spaces!?

In this complex and interdependent world, a small disruption to the supply chain have dramatic ramifications if left uncontrolled and unchecked.  Just-in-time services work well and deliver huge efficiency savings but they are much less resilient than traditional systems.

T5 may well be one of these occasions.