Sunday, 27 May 2018

Cyber Europe 2018 by ENISA (EU Agency for Network and Information Security)

The EU Agency for Network and Information Security (ENISA) manages the programme of pan-European exercises known as Cyber Europe #CE2018. 

The Cyber Europe exercises are simulations of large-scale cybersecurity incidents that escalate to become Cyber crises. 

I am part of ENISA's approved NIS Experts*, where I have both designed and reviewed different Cyber incidents/exercises for the pan-European Cyber Europe exercise, I wanted to share with you the opportunity to get to know more about this very important bi-annual European initiative. This year is the 5th pan European Cyber crisis exercise.

The scenario
  • Cyber Europe 2018 planners developed a scenario revolving around Aviation which can include, Civil Aviation Authorities, Air Navigation Service Providers (ANSPs), Airport Companies, Air Carriers, with potential impacts in other sector.
  • The scenario will contain real life inspired technical incidents to analyse, from forensic and malware analysis, open source intelligence, and of course non-technical incidents.
  • The incidents will build up into a crisis at all levels: local, organization, national, European. Business continuity plans and Crisis management procedures will be put at test
The exercise is organised for IT security, business continuity and crisis management teams coming from EU and EFTA Member States only.


More: https://www.enisa.europa.eu/topics/cyber-exercises/cyber-europe-programme 

*NOTE: The CEI List of Experts is a tool used solely for the purposes of assessing and identifying suitable external experts for a potential future contractual working relationship with ENISA. It is emphasised that inclusion in the list does NOT mean that you are considered to be an official representative of ENISA or in any way entitled to represent the Agency.

Saturday, 21 April 2018

'The next tech leap in our evolution'

As a "thought-provoking" moment this morning, let me share with you the following as food-for-thought...
Think for a second about the moment the next leap in our technological evolution is made. This will most probably be defined by using properly well-defined Artificial Intelligence #AI capabilities, Machine Learning #ML (most likely Deep Learning #DL, for classifying and profiling attacks/attackers, possibly minimizing the risk of being trained the wrong way), successfully adapting Chaos Engineering #ChaosEngineering on Software Defined Networks #SDN (which will have the ability to be redefined seamlessly in Real-Time by the #AI, performing any number of complicated micro-segmentations), capable of running "as a Service" in the #Cloud (hosting a whole virtual network/computer infrastructure, where the end-points are simply tabs opened on "web" browsers).

Read more at: 

#AI #ML #DL #ChaosEngineering #SDN #Cloud #Quantum #QuantumComputing #Internet #IInternet

Sunday, 4 March 2018

Security BSides London 2018 - Logo competition

This year I decided to submit a design for the Security BSides London annual logo competition. The theme for this year's event is:
"BreachDay Clock: 2mins to midnight"

Due to this year's theme, I decided to make a design that illustrates a binary clock. The binary clock is set to 23:58:00, hence, the "2 minutes to midnight". The time instead of being represented in decimal, it is represented in hexadecimal, hence the 17:3A:00. The number 1528273800 represents the epoch Date & Time of the human readable format of the Date & Time for this year's Security BSides London 2018

GMT: Wednesday, June 6, 2018 8:30:00 AM


You can find all submissions here and make sure you vote your favorite one! 

Tuesday, 30 January 2018

UK Minister for Digital on CyberSecurity..

Britain’s most critical industries are being warned to boost cyber security or face hefty fines, as the government acts to protect essential services from cyber attacks.
"We want our essential services and infrastructure to be primed and ready to tackle cyber-attacks and be resilient against major disruption to services," said the current Minister for Digital, Margot James.
In August last year, it was mentioned by the former Minister of Digital Matt Hancock, that a new government directive is being considered, that will allow regulators to inspect the Cyber Security status of companies.
More specifically, it was said that companies in the Energy, Transport, Water and Health sectors, are expected to have "the most robust safeguards".

Wednesday, 24 January 2018

The Global Risks Landscape 2018

Towards the end of each year, we tend to come across several reports and white papers that discuss the cyber-threat predictions/concerns for the following year. However, I do believe that very few of these reports really attempt to dig deep when it comes to emerging Cyber related threats and really discuss future trends. 

I have had several discussions regarding the future of cyber risk exposure and how cyber risk assessments will start experiencing a significant shift in the following months. There is a bigger picture when it comes to cyber threats and cyber crime. It is not only how much a data breach or business disruption will cost, but at what scale it affects people's lives. This is the moment we need to take a step back and look at magnitude and implications. The main reasons why things should be expected to dramatically change in the Cyber front between 2018-2020, are briefly outlined below:

a) The General Data Protection Regulation (GDPR). GDPR has brought Information Security and Cyber Security into the boardroom as a discussion topic, "motivating" stakeholders to act upon the requirements before the regulation is finally in effect (25 May 2018). You should also consider that the disclosure of a breach needs to take place within 72 hours from the moment it was detected, the increased cost of responding to a data breach, and the fines imposed under GDPR.    
b) The number of Cyber attacks expected in 2018 and their impact, according to the Cyber Security Breaches Survey conducted for 2017. (FYI: The official Cyber Security Breaches Survey 2018 detailing business action on cyber security and the costs and impacts of cyber breaches and attacks will be publish in April 2018).
c) Now consider the domino effect when it comes to the scale and magnitude of the cyberattacks anticipated by 2020, in contrast with the current state of readiness of business entities and their dependencies across all industries. 

The recently published Global Risk Report by the World Economic Forum (www.weforum.org) has highlighted some very important facts regarding the risk perception for the year 2018. Cyberattacks are now perceived as a global risk of highest concern, especially to business leaders in advanced economies. Cyber is also viewed by the wider risk community as the risk most likely to intensify in 2018 according to the publish Global Risks Report