Month: April 2017

INTERPOL World 2017 Congress to lead industry dialogue for a unified approach to combat future crime

(45)

According to a report published by TechSci Research, the global biometrics market size is set to cross $24 Billion by 2021. A further report from Technavio on the global multimodal biometrics market indicated CAGR of more than 15% over the forecast period.  Of this marked growth, fingerprint recognition technology holds the largest single factor authentication segment and is predicted to continue to hold this pole position for the foreseeable future.

Richard Forsyth, UK & Ireland Sales Manager of ievo Ltd, the Newcastle-based manufacturer of biometric recognition systems, explains this growth, “In light of recent appalling terrorist attacks across the world, the need for security has never been greater. Whilst travel and immigration will no doubt continue to hold the largest share of the biometric system market, and the USA still the largest customer, I suspect the less dramatic use of fingerprint readers across a wide range of sectors is actually the main driver of growth, certainly for ourselves.”

“The primary reason for this is that fingerprint recognition systems can provide a bigger return on your investment. Cheaper, more traditional alternatives such as numeric key pads or magnetic swipe cards have fundamental potential security flaws, which biometrics can hugely reduce. These potential flaws equate to the reliance on secondary credentials, which can be a continuous draw on a company’s budget, something that is not applicable to a biometric system. Biometric systems can also prevent theft through highly accurate data reporting and can highlight and monitor attendance patterns directly linked to individual users. This helps to keep both accurate staff working hours for payroll and can also provide accountability. Traditional systems using secondary credentials can be shared, lost or replicated, biometrics counter this potential flaw. Additionally, and probably of more importance to end customers, biometric recognition systems provide an infallible access control system that can be used for a variety of additional purposes without any additional cost involved.”

“A typical example may be a Government data centre where various levels of access are required. To be even considered for such a contract, the access control system would have to be CPNI (Centre for the Protection of National Infrastructure) approved, which we are, whilst our readers, which control access points such as turnstiles, barriers, doors or even data racks, integrate seamlessly with well-known access control systems from such global manufacturers as Paxton, PAC and Honeywell.”

“The resultant data can be used not only for access control and reporting but also for personnel records such as payroll – indeed, this is particularly useful in the construction and industrial sectors when a large site will have a number of sub-contractors in addition to directly employed personnel; the access system becomes important not only for just security, but also for payrolls and contract payments.”

“Within other sectors, biometric recognition systems are gaining market share for other reasons – within the education sector, for example, in addition to access control they are being used for foolproof library control and even the control of free school meals. Within the leisure sector, our gym operating clients, for example, prefer them to traditional means as they prevent any fraudulent entry and rapidly pay for themselves.”

(53)

Titania has been announced as a 2017 recipient of the Queen’s Award for Innovation. This is the highest official award that can be given to a UK business and shows significant proof of growth, innovation and success.

The brainchild of a cyber intelligence specialist in the security sector, Titania comes from humble beginnings; but, with a truly unique technology offering, founder and CEO, Ian Whiting, has proven that his company is open for big business – prestigious customers include the UK government, the FBI, PayPal, BT and Deloitte.

“To me, the Queen stands for everything that is right and good about the UK, during the war she worked as a mechanic and military driver and insisted on not being evacuated,” said Nicola Whiting, COO at Titania. To receive an award from someone who has shown unfailing strength in a time of constant attack, is an honour and a fitting analogy when thinking about the vigilance and foresight needed for cyber security.”

In the past eight years, Titania has grown from a start-up to a team of 50 people servicing over 80 countries worldwide, with a 400% growth rate in the past year. With 90% of business coming from exports, it’s a great case study for how entrepreneurial British companies can grow in international markets and one of the reasons why Titania has been highlighted as a beacon of British success.

“Awards like these showcase the spirit of Britain,” continued Whiting. “The UK’s international success owes a lot to bedroom entrepreneurs and enthusiasts who drive forward new innovation and ideas ensuring the UK is a major player in the global market.”

Titania’s core technology, Nipper Studio, takes the guess work out of cyber security auditing. Replicating the detailed processes of top industry consultants, it intelligently automates a labour-intensive process, allowing organisations to streamline their cyber security workload at a time when the threat continues to grow at a rate that is impossible to resource. Recent research from cyber security association (ISC)2 highlights, the critical skills gap in cyber, with a predicted shortfall of 1.8m cyber security workers by 2022. Technology and smart automation can help to overcome this global issue and ensure that the cyber security essentials are always covered.

For the UK SME sector, Titania has developed a free risk assessment tool, which incorporates 21 key security checks, 17 of which are from the Government’s Cyber Essentials programme, providing growing businesses an easy place to start in their mission to keep their organisation safe.

The Queen’s Award will be presented by the Royal Family at a special ceremony later this year.

(109)

THE MINISTER for Digital and Culture has offered reassurances over the impact of a data protection law coming into force next year on the use of facial recognition technology for crime-fighting purposes.

The General Data Protection Regulation (GDPR), which is designed to give citizens more control over their personal data, comes into force from 25 May 2018.

Simon Gordon, founder of ground-breaking CCTV image sharing platform Facewatch, wrote a letter to Philip Davies MP, expressing concern that the new law could “potentially prevent the legitimate use of facial recognition” to “prevent criminals/suspected criminals and terrorists from being flagged up as well as missing children being found.”

(71)

By: Art Swift, President, prpl Foundation

The Internet of Things is rapidly turning a new generation of products “smart” by adding computing power, network connectivity and sophisticated software. From cars to routers and drug infusion pumps to drones, they now offer a wealth of possibilities for tech savvy owners keen to push their device capabilities to the limits. But at the same time there are logical reasons why lawmakers and regulators need to lock down certain functionality – for the safety and well-being of their citizens.

Joseph Steinberg’s recent assessment of IoT security being one of the biggest tech battles that will be fought in the year ahead is very astute and an issue which the prpl Foundation has been helping to settle by working with manufacturers and developers, regulators and educating the public.  While the rules laid out by regulators effectively work to lock down the firmware on consumer devices so it can’t be altered, sending them on a collision course with consumers, there has been little in the way of technology innovation to address this conundrum.

But there doesn’t have to be this divide.  Regulators can get what they want to be able to control safety aspects and equally, consumers should be able to tweak and customise technology that they buy to get what they want.  And it can be done securely. The problem at the moment is that current IoT systems simply aren’t architected in a way which will allow for this kind of granularity. With open source development, secure boot based on a root of trust anchored in the silicon and hardware virtualisation that are all laid out in the prpl Security framework, it can keep both regulators and consumers happy.

The framework covers three major areas:

Open source: Too many proprietary systems rely on ‘security-by-obscurity.’ But this concept simply doesn’t work any longer. Firmware binary code can often be found online, or reverse engineered with debugging tools like JTAG and interactive disassemblers like IDA. Given the increasing complexity of code, we need to get as many eyeballs on it as possible. The focus should be on creating a top quality, highly usable, secure and robust end product.

Secure boot: The method of updating firmware in embedded systems is fundamentally flawed because this software is typically not cryptographically signed. This means an attacker could reverse engineer the code, modify it, reflash the firmware and reboot to execute arbitrary code. We must ensure IoT systems only boot up if the first piece of software to execute is cryptographically signed by a trusted entity. It needs to match on the other side with a public key or certificate which is hard-coded into the device. Anchoring the “Root of Trust” into the silicon in this way will make it tamper proof.

Hardware-assisted virtualisation: Security by separation is one of the fundamental rules of IT security. Yet lateral movement within the hardware is possible on most IoT systems, opening up yet more vulnerabilities to exploit. Hardware-level virtualization will prevent this lateral movement and preserve security by separation. With the help of a secure hypervisor it can provide a foundation to containerize each software element, keeping critical components secure and isolated from the rest. Secure inter-process communication allows instructions to travel across this secure separation in a strictly controlled mode.

Building security into the hardware of embedded systems in this way will help regulators lock down specific harmful functions whilst allowing consumers free reign to tweak other parts of their product. Technology advances only if innovation is allowed to thrive. And with a blueprint for an open, hardware-led approach to securing embedded computing, we can finally achieve it.

It’s a win-win for innovation and regulation.

(126)

June 12 – 13, 2017

Titanic Chaussee Hotel Berlin

Security of Things World is the industry event for engaged, high level, international executives from across all sectors that are affected by the need for security of the Internet of Things. Connect with over 300 peers on June 12-13 in Berlin to learn, network and share best practice strategies at the only dedicated forum where all stakeholders who play an active role in the security of IoT come together. Join the conversations at the Security of Things World this June in Berlin to accelerate market adoption and gain a deeper business and technical understanding of Industry 4.0 and the security of IoT landscape.

Main topics in 2017:

• Securing your cyber physical systems
• Expanding your IT Security to the cloud
• Business Continuity Management in practice
• Data privacy in an interconnected world
• Security strategies evolved

For further information about the event, check out:

www.securityofthingsworld.com 

(106)

16th-17th May 2017

Hosted in London, the Cybersecurity Protecting Critical Infrastructure Conference will provide the ideal platform to bring together government, companies and organisations from the private and public sectors to discuss and share the latest content on Cybersecurity Solutions and Critical National Infrastructure. (CNI)

The 2-day conference will provide an insight into current and emerging challenges and threats, best practices, policy updates, solutions and case studies.

The conference is designed for CISOs, Heads of IT, CTOs, Chief Security Officers, Cyber Architects, Thought leaders, Academics and Senior Cyber leaders from Critical National Infrastructure (CNI) and Cybersecurity Solution Providers.

http://www.cspci1.com/ 

(60)