scada – Stilgherrian

05 August 201805 August 2018

Weekly Wrap 427: Cybers, and Melbourne in winter

It was a busy fortnight from Monday 23 July to Sunday 5 August 2018, and this pleases me. So much written, across two cities. And I had a lovely time in Melbourne.

Articles

The My Health Record story no politician should miss, ZDNet Australia, 23 July 2018. The controversy around Australia’s digital health records system is, if anything, growing.
Poor cybersecurity could destabilise increasingly complex energy grids, ZDNet Australia, 26 July 2018.
Canberra still in denial over My Health Record concerns, ZDNet Australia, 30 July 2018.
Avoid distractions to focus on the long cyber game: ASD chief, ZDNet Australia, 31 July 2018.
AI can deliver ‘faster better cheaper’ cybersecurity, ZDNet Australia, 1 August 2018.
Startups going global should go GDPR: Lawyer, ZDNet Australia, 2 August 2018.
My Health Record: Canberra is still missing the point, ZDNet Australia, 3 August 2018.

Media Appearances

On Monday 23 July, I spoke about My Health Record on ABC Adelaide, and on ABC Darwin. I won’t be posting recordings, because I’ve pretty much said it all in the articles.
On Tuesday 24 June, I spoke about My Health Record on Leigh Stark’s podcast The Wrap.
On Thursday 26 July, I spoke about Google’s â‚¬4.3 billion fine for anti-competitive behaviour on ABC Radio’s The World Today.
On Wednesday 1 August, I was one of the people interviewed for a story on ABC Radio’s The World Today, ‘Australia needs to be concerned’: Facebook and cyber security. There’s also a text version at ABC News, Cyber security experts warn Australia not immune from election meddling via Facebook.

Podcasts

None. I really must catch up on the podcast production.

Corporate Largesse

On Tuesday 24 July, the lunchtime briefing held at the excellent Bentley Restaurant and Bar in Sydney was paid for by Frost & Sullivan, CQR Consulting, Indra Australia, and Zscaler.
There was plenty of good food and drink at the SINET 61 cybersecurity innovation conference, held at The Langham, Melbourne on 31 July and 1 August. Note that I paid for my own flights and accommodation.

The Week Ahead

I’ll be back in New South Wales this week, starting off with the errands and medical appointments in Sydney on Monday before taking the train back to Wentworth Falls. I may well do some writing as well. The writing continues Tuesday through Thursday.

On Friday I’m back in Sydney for another medical appointment, a lunchtime meeting in Pyrmont, and a visit to the National Archives of Australia’s premises at Chester Hill. I hope that last errand will produce a fascinating document for you.

Further Ahead

I’ve pencilled in:

CLOUDSEC Australia 2018, Sydney, 28 August.
D61+ LIVE, Brisbane, 18â€“19 September. (TBC)
Australian Cyber Conference, formerly the Australian Information Security Association (AISA) National Conference, Melbourne, 9â€“11 October.
International Association of Privacy Professionals ANZ (iappANZ) Annual Summit, Privacy: Handling the Seismic Shift, Melbourne, 1 November. (TBC)

[Photo: Kill me now bro. Graffiti on a concrete anti-terrorist block at Melbourne’s Southern Cross station, photographed on 5 August 2018.]

04 September 201611 September 2016

Weekly Wrap 327: Spring is far more painful than planned

My week of Monday 29 August to Sunday 4 September 2016 was full of pain. I didn’t realise how seriously I’d been injured last weekend. Somehow, however, there’s plenty of things to report.

The injury I mentioned last week turned out to be a severe contusion — that’s bruising — of the ribs. It was just short of a fracture, but oddly enough the bruising is usually more painful, and that pain will be with me for several weeks. It’s strong painkillers, anti-inflammatories, and rest for me.

I strongly recommend never getting severe rib contusions.

All last week’s planned events were cancelled. It’s a good thing, therefore, that things emerged from the pipeline.

Articles

Four Corners points to critical gap in our cybersecurity, Crikey, 30 August 2016.
Why Dropbox’s data breach response is still wrong, ZDNet Australia, 31 August 2016.

Media Appearances

The highlight of my week was the start of series two of ABC TV’s award-winning drama series The Code, because I was the technology consultant for this series. That meant I was part of the scripting process, something I’ll write about another time. The six-part series is currently screening on ABC1 on Thursday nights at 2030, and is on ABC iView.
Also on Thursday, ZDNet posted two short videos in their Security TV series, The impending cybersecurity disaster of industrial control systems and The Internet of Insecure Things, and why we’re still in denial. They’re part of a feature on Cyberwar and the Future of Cybersecurity.

Podcasts

None, but next episode of The 9pm Edict podcast will be recorded and streamed live on Tuesday 6 September at 2100 AEST.

Corporate Largesse

None.

The Week Ahead

Monday is a relatively quiet day. I’m being interviewed about The Code at 1430, but apart from that it’s production planning and administrivia, I think.

On Tuesday, it’s an episode of The 9pm Edict podcast.

Past that, well, it depends on the pain levels and the mood. This much pain doesn’t exactly cheer one up. But I’d like to get down to Sydney for at least one day. Stay tuned.

Further Ahead

I’m going to the Palo Alto Networks Cyber Security Summit in Sydney on 22 September, the AISA National Conference in Sydney on 18-20 October, the Ruxcon Security Conference in Melbourne on 22-23 October, and an event in Melbourne I can’t tell you about yet on 17 November.

[Photo: Almond Blossom at Bunjaree Cottages, Day Four, one in a series of daily photos taken of an almond tree at Bunjaree Cottages near Wentworth Falls, 100km west of Sydney — although the images are of different parts of the tree. This one was taken on 2 September 2016.]

02 May 201301 November 2013

Talking LulzSec and more on ABC Download This Show

ABC logo My third radio spot for this busy radio week was Marc Fennell’s Download This Show, which we recorded on Wednesday morning.

Can you imagine being able to control a crematorium, a powerstation or traffic lights somewhere out the world from your laptop? Welcome to the mysterious search engine Shodan. If Google is the search engine for web pages than Shodan is the Google of “things”. Also in this episode we examine the state of Lulzsec in Australia and experiment with the new crowdsourcing app SeeSaw.

My fellow panellist was Claire Porter, technology editor for News.com.au. And here’s the full audio.

Podcast: Play in new window | Download (12.4MB)

01 June 2012

Talking Stuxnet and Flame worms on ABC Local Radio

The Stuxnet worm that attacked Iran’s uranium enrichment program was indeed launched by the US, according to a major investigative report published by the New York Times shortly before I was due to appear on ABC Local Radio this evening.

So guess what we talked about.

Yes, the Stuxnet worm, as well as the newly-discovered Flame worm that’s been in the news this week — including my Day 1 piece for Crikey and Day 2 for CSO Online.

The host was Dom Knight, and here’s a recording of the whole conversation.

Podcast: Play in new window | Download (6.3MB)

15 May 201216 May 2012

AusCERT 2012: What’s changed since 2011?

I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

22 May 201103 May 2013

Weekly Wrap 50

A weekly summary of what I’ve been doing elsewhere on the internets. This week was mostly about the AusCERT information security conference on the Gold Coast, although a few things relating to the previous week dribbled through.

Podcasts

Patch Monday episode 88, “Social business + cloud != revolution”, based on material recorded at NetSuite’s SuiteWorld conference the previous week.

Articles

What a lot of articles we have this week! I was covering AusCERT as part of the ZDNet Australia team, and the Technology Spectator article was actually written the week before. There’ll be more AusCERT articles next week.

AusCERT 2011: Firms ignore ID theft risk, for ZDNet Australia, which is based on some of Bennett Arronâ€™s comments during the conference’s opening keynote.
AusCERT 2011: Son of Stuxnet within a year: expert, ZDNet Australia. The source code for Stuxnet is out there. Security analyst Eric Byres reckons that’ll show everyone how to make sophisticated malware, and the “Russian business network” will be first off the rank.
Privacy is a commodity, for Technology Spectator, in which I bite the hand that feeds me by criticising the comment they use.
AusCERT 2011: Black hats and whitegoods, for ZDNet Australia. We’re creating the Internet of Things by turning everything into a network device. But when was the last time you heard an appliance manufacturer talking about network security? CBS Interactive’s Brian Haverty came up with the OARSUM headline.
AusCERT 2011: Bank theft goes truly mobile, for ZDNet Australia.
AusCERT 2011: Silent victims thwart cybercops: Qld Police, for ZDNet Australia.
Qld cops denounce ‘ethical hacking’, for ZDNet Australia. This headline is a bit of a misdirection. Ethical hacking is generally when the target has given permission, such as when someone is hired to do penetration testing. The kind of hacking games at black hat conferences, which is what Detective Superintendent Brian Hay was talking about, probably don’t fit into this category.

Media Appearances

I was asked to do a bit of trickery before Bennett Arron’s keynote at AusCERT. It didn’t go quite as planned. When Munir Kotadia produced the Day 1 Highlights video, he made sure that no-one forgot.

Corporate Largesse

I travelled to the Gold Coast for the AusCERT Conference on information security. My air fares, accommodation and breakfast were covered by CBS Interactive, ZDNet Australia’s parent company, as is normal for freelancers so that doesn’t count as largesse. AusCERT provided free conference entry, as is normal for any media attending, and that included meals and drinks at the social events. In the goodie bag was: webroot Personal Security and Mobile Security for Android from, erm, webroot; notebooks from webroot and Juniper Networks; PostIt-style thingies from Symantec; pens from RSM Bird Cameron, Citrix, Netgear and M86 Security; a Rubik’s Cube from WatchGuard; 3D glasses from SecurityLab; a yoyo from McAfee; and, via a voucher, an AusCERT conference t-shirt. I’ll have more to say about this later. I was also given a t-shirt by Sophos and a stubbie holder from Splunk.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Sunrise over the Pacific, Surfer’s Paradise, taken from my room at the Crowne Plaza Hotel in 17 May. I didn’t really bother trying to take a good photo, it’s just a snapshot from my phone. Sometimes I wonder why I bother.]

[Update 3 May 2013: Edited to fix broken link to Patch Monday podcast.]