mobile-logo
 

Author: Faud Khan

Nov
21
2016
Cyber Security Secure By Design Secure Coding

Saw this post today about programmers discussing the unethical and illegal things they’ve been asked to do and it really made me think about all the battles I had as a young cyber security practitioner. Fortunately I was very fortunate in that I had lots of support and worked for an organization who respected security at the onset of my career in cyber security more than 20 years ago. This helped me when I experienced the other side of the coin where executives wanted things like breaches covered up and threaten you with lawsuits if you refuse to obey or speak out….. And yes that happened to me once.  The choices that I made then and throughout my career were and still are shaped by those experiences and my ethics.

Five years ago Marc Andreessen penned his famous “Why Software Is Eating the World” essay in The Wall Street Journal. Today software is feasting on the world; its footprint is in our businesses, our smart phones, our physical activities, leisure and even sleep. This footprint is only going to grow exponentially with the Internet of Things (IoT) as are the opportunities for those with less principles or ethics to take advantage especially in terms of unethical coding and the misuse of the treasure troves of data that many companies are custodians of today.

Companies who are data custodians but do not have the required cyber security for their customer’s data, either through negligence and incompetence, are doing a disservice to their customers. However, despite the rash of data hacking in recent years, it is not all negative. More and more executives appear to have turned the corner and are now willing to listen and learn about how to better protect their companies and their customer’s data. Moreover, I strongly believe that relatively new legislation such as PIPEDA in Canada will motivate many companies to not just think about meeting a requirement but how to better secure their organizations. Believe it or not being cyber secure is, and will be, a differentiator in many markets as those who are unwilling to invest in better cyber security will do so to the detriment of their customers, shareholders and themselves. Going forward executives will be in the cross hairs of data breaches and will have to own up to any oversight on their part in terms of cyber security and the protection of their customer’s data.

That said my advice to all employees is to protect yourselves. Ensure that requests to perform unethical activities are recorded with data, time, and people — record, who, why and what and remember to keep your journal encrypted. If you are asked to do something that is completely illegal contact a lawyer and report it to the relevant authorities. If and when you leave the organization for these reasons make sure you report it during your exit interview. You ethical duty is to make them aware of it and that you have recorded all aspects of the activity. It is then up to them to deal with it as it is their responsibility to ensure secure software.

0
Nov
17
2016
Aviation IoT Uncategorised

Today as CEO of TwelveDot, I was fortunate to be able to present a talk entitled “The Attack Surface of Aircraft” at the first Labour Market Strategy Day hosted by the Canadian Council for Aviation and Aerospace (CCAA). The well represented aviation sector group that was there discussed how labour issues are impacting the aviation sector – not unlike the way labour issues are impacting the cyber security industry. Although this was not a cyber event, the goal was to educate attendees about how cyber security is going to change all of this.

My presentation opened with details on how aircraft are currently being targeted by hackers but then focused on the necessary skills that are required to deal with this and complete testing of this magnitude. Both the aviation and cyber security industries are experiencing the same labour shortage and issues so we need a national strategy going forward. And it will need the support of academia, government and industry .

The session generated some great discussions and there seems to be consensus that Canada needs a national strategy. CCAA will work with members to draft some concepts of bringing all relevant parties together to grow this Labour Market Strategy Day and TwelveDot is ready to make its contribution here. Lastly, in case you did not know, Canada is actually #5 for aviation solutions globally…….not too shabby.

FYI:

http://www.avaerocouncil.ca/

http://www.avaerocouncil.ca/en/labour-market-strategy-day-home

 

 

 

0
Jul
26
2016
Cyber Security IoT Sensors

OTTAWA, July 26, 2016 – TwelveDot Inc. (TwelveDot) is pleased to announce that it has been awarded another project within the Cyber Security Cooperation Program (CSCP) – a program launched on February 4, 2014 by the Government of Canada.

A five-year $1.5M initiative, the CSCP was developed in support of Canada’s Cyber Security Strategy. Its mission is to improve security of Canada’s vital cyber systems through grants and contributions to owners and operators, industrial and trade associations, academics and research organizations in support of eligible projects. The Government of Canada believes that securing the Internet of Things (IoT) is important and the CSCP is part of its efforts to do so.

The goal of this new project is to assess current IoT technologies and determine the threat and risk vectors for Internet of Things (IoT). TwelveDot, which has significant experience in IoT including its development of iBeacon solutions, Mach-12 and HiveSense, will create a test bed for evaluating IoT based technologies not just in the laboratory but also in production deployments. Included in this will be the creation of a monitoring technology specific to IoT deployments for identification of attacks on these networks. TwelveDot will produce a research report and guidance document for industry in both languages for publication in the spring of 2017.

IoT is growing at an exponential rate. According to Cisco, there will be 26.3 billion networked devices in 2020, up from 16.3 billion in 2015. In just four years time the number of devices connected to IP networks will be more than three times the global population.

Global Devices and Connections Growth

 

 

Source: Cisco VNI Global IP Traffic Forecast, 2015–2020

Furthermore, according to the International Data Corporation, the worldwide IoT market will grow from $655.8-billion (U.S.) in 2014 to $1.7-trillion in 2020 with a compound annual growth rate of 16.9 per cent. Despite this Canadian business appears to be behind the curve on security especially in IoT. A survey of top-level Canadian executives conducted on behalf of Microsoft Canada revealed that over half said they were completely unaware of IoT, 72 per cent were confused by it and 24 per cent said they had no sense of how it could impact their businesses. Consequently the need for education regarding IoT in Canada is great. TwelveDot is aiming to contribute to helping fill this need through this research project and bring some much needed education to securing these solutions.

“It is an honour to be awarded a second project under the CSCP program. Our first project was for mobile application security using TwelveDot’s proprietary GCAM methodology. We look forward to delivering on the mission of this project as well as helping to close the IoT gap in Canada by educating both businesses and citizens.” said Faud Khan, CEO and Chief Security Analyst, TwelveDot.

 

About TwelveDot Inc.

TwelveDot is a team of IT specialists that is obsessed with solving information and cyber security issues, in particular, the ones your company or organization faces. We help businesses of all sizes handle information and cyber security challenges and issues efficiently and cost-effectively. While organizations and companies struggle to ensure their data and operations are secure on a daily basis, many miss vital warning signs that something is amiss. This is where we come in as we are the canary in your cyber security coalmine. We are devoted to being your unbiased, objective and collaborative partner. We respect your privacy and will never share your sensitive information or keep your data. We want to help companies better understand their true data risks and how their teams can manage these risks effectively on a daily basis. We demystify the marketing speak of security solutions and focus on identifying and dealing with the risk and exposure elements.

 

For more information, please contact:

Faud Khan

Tel: 613.447.3393

Email: faud.khan@twelvedot.com

0
Mar
21
2016
Foreign Markets General News Security

Earlier, this year, we were accepted into the The Canada-Netherlands Cyber and Security Technologies Soft Landing Platform. As a result, I am wrapping up my second visit to the Hague Security Delta (HSD) from another full week of meetings with potential clients and partners. It has been a wonderful experience and I wanted to take this opportunity to thank all of those who have helped us. Special gratitude goes out the following individuals and groups who helped us in this program:

1. Canadian Embassy staff Robyn in the Netherlands for several introductions.
2. Innovation Quarter staff Chris, Philip and Martijn for taking me out when I was jet lagged to show me sights, educate me to conducting business in NL and most of all providing introductions to companies.
3. Martin@HSD for many introductions and connecting me with the Netherlands Foreign Investment Agency
4. Bernadette formerly of InvestOttawa who provided the intro to Innovation Quarter

Over the next few months we are hopeful to see the fruits of our labour in NL. If this goes real well, we could be setting up our first international office in the Hague as well. If your a SMB in Canada looking for new markets realize that there are programs and people who are there to help you in the Netherlands. Canada and the Netherlands have a great relationship as a result of WWII and this mutual friendship should not be underestimated. Please feel free to reach out to me if you would like more details and contact information on the program.

0
Jan
21
2016
Cyber Security Healthcare Security Standards Uncategorised

With the recent rash of Healthcare data breaches it raises an important concern why is this happening? Especially, given the regulatory frameworks in place to protect patient data. We could spend many resources to determine the root cause of these issues however, there might be a better approach to begin with.

Specifically, healthcare providers, product and service companies need to change their approach to how they collect and protect patient data. The protection chain and data lifecycle needs to be completely understood. Only then can we ensure that data breaches do not become the norm.

TwelveDot using sound security principles based on ISO Security Standards has developed an organizational approach to addressing healthcare security. We have created a White Paper entitled “A Systematic Approach to Cyber Health” that details what organizations need to accomplish and our approach to put them in a position to better secure data handled.

Our goal is that only using a systematic approach to cyber security can healthcare providers ensure they protect their patient data.

Please download it here, and as usual please reach out to us with your questions, comments and issues in healthcare.

0
Jan
05
2016
Aviation Cyber Security

Well it is hard to believe that 5 years have come and gone since I have started TwelveDot. It seems like just yesterday that we had our first big win with a customer who is still doing business with us BTW. It is great to see how many customers are coming back to use our services. I think this speaks to the quality of our staff and commitment to customer service. I would like to thank all our customers new and old who took a chance on us.

We are looking forward to another 5 years of business and developing new markets in the Middle East and Asia in the next few years. Thanks to our staff and partners who have made us successful to date and we look forward to working with all of you in the future.

All the Best,

Faud and the team at TwelveDot

 

0
Nov
01
2015
Cyber Security Infrastructure IPv6

Recently, I was asked to present to mobile operators in Malaysia on the topic of IPv6 security. As Malaysia is currently considering regulatory requirements to move to IPv6 some of the operators are struggling with being able to understand the security implications of moving to this new protocol.

The key aspects of my talk {which I am attach below} basically consider the following:
1. Create and maintain an ISMS
2. Threat Model all solutions options for architectural changes
3. Monitor at 6to4 for signs of suspicious activity
4. Evaluate security vendors for ability to monitor IPV6 traffic
5. Don’t let the vendors push you around. If they want your money they need to add the security features you want.
6. Evaluate all technology prior to deployment including technical assessments of the each device and platform being introduced to the network.
7. Ensure your lab is stocked with attack code and toolkits
8. Train, train, train your staff to be comfortable with v6
9. Understand we are still learning and will be for a while. Don’t be afraid to discuss your issues with your competitors because I can tell you they are experiencing the same issues.

Thanks again to MCMC for inviting me to share my knowledge. I look forward to visiting Kuala Lumpur again soon.

 

Presentation: IPv6 Security Best Practices – Oct 20_2015_v1

0
Aug
31
2015
Cyber Security Education General News

Over the past few months, we have been working with the Chang School at Ryerson to develop a one day seminar on cyber security. The goal is to get more executives and board members comfortable talking about security and ensuring they have strong security strategies regardless of sector. The staff at Ryerson have been great at supporting our ideas and concepts and are helping this course become a reality. From an educational perspective, these are the key aspects that will be discuss during the session:

  1. Principles of a Cyber Security Strategy
  2. A Case Study
  3. Implementing a Risk Management Process
  4. Preparing for a Breach including a drafting a Breach and Cyber Security Playbook

There will be lots of open discussions and examples on these topics and you can pick my brain on these issues specific to your company or sector. I am looking forward to spending the day exchanging, learning and sharing. Bring your questions and problems and I hope to see you on Sept.24th. More details to the course and registration are located here http://ow.ly/QeiK2.

 

Faud Khan

 

0
Aug
25
2015
Infrastructure IoT IPv6 ISO Standards

 

Starting next week Canada will be hosting the 3rd meeting of the WG 10 IoT in Ottawa.

These meeting are building towards the completion of ISO 30141 A Reference Architecture for IoT. We have many of the biggest companies, consortiums, special interest groups all in attendance. While, I am attending as an expert my focus is on the security and privacy elements of IoT. Over the summer,  I lead a SRG to develop the draft content for a Conceptual Reference Model (CRM) for this standard. While it is still a work in progress we are making significant strides on a base model.

I will provide more details next week once we begin our sessions and some details on what the major themes are.

 

0
« Previous Page