UK Cyber Forum Bulletin – 25th March 2018

Good evening,

Here are some opportunities you may be interested in

DCMS survey

GCHQ is assisting the Department for Digital, Culture, Media and Sport (DCMS) in the development and growth of cyber security companies in the UK. The goal is to understand the barriers to entry for companies in their early stages. To help with this work we are asking if you could fill in DCMS’ short survey (you can ignore the given-deadline!):

https://www.smartsurvey.co.uk/s/earlystagebarriers/

The intention is that this will then lead to a stronger cyber security ecosystem in the UK. There are further details available here: https://cyberexchange.uk.net/#/news/725.  If you have any questions, please email:   richard.b2@gchq.gov.uk

Free Stand at InfoSec

The Department for Digital, Culture, Media & Sport is sponsoring the UK Cyber Innovation Zone at Infosecurity Europe from 5-7 June 2018.  The competition to select 13 innovative small cyber security companies to be part of the UK Cyber Innovation Zone has been announced. One firm will also be crowned the UK’s Most Innovative Small Cyber Security Company of the Year, sponsored by Atkins.  

Now in its fourth year, this exciting competition offers a unique opportunity to:

  • Win one of 13 stands to be part of the DCMS UK Cyber Innovation Zone, including a fantastic promotional package.
  • Be crowned the UK’s Most Innovative Small Cyber Security Company 2018.

The deadline for entries is the 5 April.

For full details

Joint roundtable – IAAC /Cranfield /UK Chevening Cyber Security Fellowship Programme

IAAC is pleased to announce a joint roundtable with Cranfield University at the Defence Academy of the United Kingdom and the UK Chevening Cyber Security Fellowship Programme.  The roundtable will be held on 30th April at the Defence Academy, Shrivenham near Swindon, exploring international cyber security issues, from 1100-1500.

This will be an opportunity to meet six Chevening Fellows from India who will make opening statements, before inviting questions and discussion from the floor in a broad range of topics.  The Chevening India Fellows are:

Anish Prasad  – Deputy Director in the Central Bureau of Investigation, Indian Police Service.
Sanjay Kumar – Commandant of the Kerala Armed Police, also working in child protection and cyber security awareness.
Munish Sharma – Researcher and consultant at the Institute for Defence Studies and Analyses, New Delhi. Co-Editor, ‘Securing Cyberspace: International and Asian Perspectives,’
Munish Chadha – Commander Indian Navy, working at the Integrated Headquarters, Ministry of Defence, India.
Kanishk Gaur, Operations Manager Cyber Intelligence Centre, Deloitte India
Amit Kumar (Dubey) – Author of ‘Return of The Trojan Horse, Tales of Criminal Investigation’, National Security Expert and Cyber Crime Investigator.

This promises to be a fascinating roundtable on the issues that affect us all and shed some light on those that are particularly Indian or British in character.  Places are strictly limited. To register your interest please contact info@iaac.org.uk no later than the morning of Friday 20th April 2018.

 IAAC Diversity Workshop Notes

Workshop Aim to develop practical steps for making diversity a natural part of our cyber security profession. 

The ultimate aim is to bake diversity into the way we work and organise ourselves, as if it were diversity by design.  The notes of the workshop have been produced and are available here. The notes reflect on key considerations for approaching diversity from a design perspective.  It particularly examines user stories and workplace dynamics.   A date and time for a follow-up workshop will be announced shortly with a view to producing actionable guidance.

The next following on Diversity is on 16 May 2018 at 10am in BCS London – register here.

3CDSE Three Counties Defence and Security Expo – 31.05.18

UK Cyber Security Members are offered a 20% discount on these tickets. Currently, delegate tickets are available to purchase at the early bird discount rate of £36.00 +VAT – with the discount each ticket will cost £34.56.

www.3CDSE.co.uk/discounted-tickets
Enter password: VIP203CDSE

DASA Recruiting

The MoD are currently recruiting for three key roles in DASA, based in London (co-located at Imperial White City) and Porton Down. Closing date is 3 April 2018.

DASA Operations Leads (x2)

https://www.civilservicejobs.service.gov.uk/csr/index.cgi?SID=c2VhcmNoX3NsaWNlX2N1cnJlbnQ9MiZwYWdlYWN0aW9uPXZpZXd2YWNieWpvYmxpc3QmdXNlcnNlYXJjaGNvbnRleHQ9NTMzNTExNzUmY3NvdXJjZT1jc3FzZWFyY2gmb3duZXJ0eXBlPWZhaXImcGFnZWNsYXNzPUpvYnMmam9ibGlzdF92aWV3X3ZhYz0xNTc2NjI4Jm93bmVyPTUwNzAwMDAmcmVxc2lnPTE1MjA4NzE4NDUtOWUxNjUxZGY4MjRlY2JhYmM2ZDBlMDBkYmM0NjkyOTlhOTJlOTg4YQ==

DASA London Innovation Partner (x1)

https://www.civilservicejobs.service.gov.uk/csr/index.cgi?SID=cGFnZWNsYXNzPUpvYnMmam9ibGlzdF92aWV3X3ZhYz0xNTc2Nzg2JnVzZXJzZWFyY2hjb250ZXh0PTUzMzUxMTc1JnNlYXJjaF9zbGljZV9jdXJyZW50PTImcGFnZWFjdGlvbj12aWV3dmFjYnlqb2JsaXN0Jm93bmVydHlwZT1mYWlyJm93bmVyPTUwNzAwMDAmY3NvdXJjZT1jc3FzZWFyY2gmcmVxc2lnPTE1MjA4NzE2ODAtZmRkMzhiMDQ3Y2E0NzNmNmIxOGUwNzIyZjIwNGUzYjVjZjQ2N2ZkYQ==

Free Online Network 

You might be interested in joining this free network run by one of our members.  It is the UK Cyber Network at www.ukcyber.net

DMARC and Quad 9

The Global Cyber Alliance (details of who they are below) are keen that you all know about their two schemes which are free to use and will help protect you and your clients.  They cannot understand why everyone is not using these and would appreciate any feedback from you on them about why they are not more widely used.

I don’t think they have had a lot of feedback from small companies – so any feedback you can give them would be much appreciated.  You can email Terry Wilson at twilson@globalcyberalliance.org

Quad9
Quad9 is a free-to-use cyber protection platform which protects you from criminal web sites. Quad9 is a collaboration of the Global Cyber Alliance, Packet Clearing House and IBM.  To use it you need to change your DNS settings to 9.9.9.9.  If you are not familiar with DNS, go to www.quad9.net where there are simple to use videos and guides. Typically, this takes one minute to configure your PC or mobile device.  In just one day in 2017, Quad9 blocked people in 150 countries from accessing 1.4 million malicious web sites.

DMARC
DMARC is the simple, trusted solution that brings together email authentication protocols, and adds reporting and compliance. In just a few easy steps, you can set up DMARC today to protect your organization from email fraud.

DMARC stands for Domain-based Message Authentication, Reporting and Conformance It’s like an identity check for your organisation’s domain name. A DMARC policy allows a sender to indicate that their messages are protected and tells a receiver what to do if one of the authentication methods passes or fails – either send the message or reject the message to junk. DMARC also helps prevent accounts on your organisation’s website domain.

There are monthly DMARC webinars which get good feedback

11 April 12:00 GMT 7:00EDT https://attendee.gotowebinar.com/rt/1175782938962669313

11 April 17:00 GMT 12:00EDT https://attendee.gotowebinar.com/rt/6279002332052475905

About the GLOBAL CYBER ALLIANCE 

You are probably boarded with hearing constant news stories of Global cyber crime and how there are loads of sources of advise which you should be taking. The Global Cyber Alliance is a not for profit NGO who’s task is to combat the systemic causes of cyber crime rather than simply talking about it. Our philosophy is “do something and measure it” which implicitly is a way of saying “we don’t just talk about cyber”. As a not for profit we give all our solutions away as we are a genuinely altruistic organisation to combat  cyber criminals.
Unlike law enforcement and other organisations our mission is solely prevention of cyber crime. We aim to remove the objections that most people have to adopting cyber solutions, these are often :

  • Prohibitive cost, hence our solutions are free to use
  • Complexity, hence we have ensured that our solutions can be understood by anyone and published in 13 languages
  • Privacy, hence we do not keep or sell personal information which included IP addresses
  • Transparency, as an NGO and not for profit we adhere to external scrutiny and make all of our solutions available to the share ware community
  • We believe that in the war against cyber crime security should not be a competitive advantage and that collaboration between “defenders” is key

77% of businesses can have their email spoofed such that a criminal can pretend to be them on line. In fact it’s is reported that 1 in 5 emails are a “spoof” email. 90% of cyber crime starts form a phishing link or email. This is where we started our mission. Our recent launch of www.quad9.net allows users to make a simple configuration per device (or per site) and gain protection from over 1million criminal sites. We do this by allowing users to point their DNS to our unique IP address at 9.9.9.9. Untechnical users can do this within 30 seconds once they have watched our easy to understand videos. DNS is like the “phone book” of the internet, it translates addresses like www.anydomain.com to an IP address which often looks like 192.168.0.1. All browsers and anything which uses a web name always uses DNS. All we have done is taken some of the existing DNS infrastructure within the internet and “inoculated’ it against web sites which contain viruses, malware or are cyber crime sires.
This is not censorship or filtering as the user is free to browse content of their choosing or inclination but they are assured that the users are seeing what they intend, no users choose to contract a virus or to be tricked out of money. We combine 19 sources of intelligence on cyber crime sites, one of which is the IBM X-force platform. By running this through a complex algorithm we determine a constantly evolving list of over 1million crime ware sites
Our unique business model means we are funded by altruistic donors. Many people say “it’s free there must be a catch”. We were initially funded by the New York District Attorney and founded by NY-DA and the City of London Police. Both of the world premier financial centres determined that fighting cyber crime using conventional techniques of prosecution within national borders was loosing ground against an international stateless force of mobile cyber criminals. Hence high scale prevention became the best option.
The internet was formed in happier times by academics and cyber defence was not at it’s core, hence it’s often possible to pretend to be some one else on the internet. DMARC was a standard available to the internet since 2010. By using DMARC organisations can use DNS to confirm that they are who they say they are. DMARC and Quad9 combined is an incredibly powerful force. DMARC alone simply means that other people can not email pretending to be you or your business. Clearly victims are more likely to click on a link if it actually comes from the email of their actual bank not something similar to their bank. Also you are less likely to fall victim to a conventional fraud by email if you can trust the source. However, now combined with quad9 if you were to fall victim to a phishing scam we have massively reduced the chance of you being able to access the criminals site. Lets not forget that viruses are out there and everywhere and their main mission is to propagate before causing damage. Viruses almost always try and communicate with their creator’s control web site. Again this is where quad9 comes into play to prevent the virus accessing the control site.
Where people have deployed quad9 we have seen reports of a 70% reduction in the number of times virus defences have detected an active virus. Of users who have deployed DMARC we have seen massive reduction in people pretending to be the legitimate business. HMRC as an example watched the number of spoof emails decrease from 500million per annum to 100million.
It’s time to clean up the internet. We expect our water to be clean and drinkable, we expect our power to be reliable we want our phone and mobile signal to be there to call for the emergency services when we need them. We have become used to faster and faster internet and we become stressed when our internet connection is off air. However we tolerate an internet connection rife with viruses scammers and criminals. So to defend our selves we buy firewalls, virus protectors and much more, then  we still fall victim to cyber crime, is this right. We don’t tolerate our water supplier giving us dirty water and then expecting us to clean it ourselves then still get diseases as a result. Isn’t it time for the internet companies to adopt services such as quad9 so that we don’t have to have this conversation with the 150million businesses on the planet, the 4billion internet connected users and (next year) the 50billion IOT

Leave a Reply

Your email address will not be published. Required fields are marked *