Cars Need a Root of Trust

Fiat Chrysler has suffered a widely publicised attack where hackers remotely killed a Jeep. The resolution has been to send a USB stick in the post to owners, for which they have been criticised. The criticism is in two parts.

Continue reading “Cars Need a Root of Trust”

Smart Card Management – Choose your process carefully

Earlier in my career I had the privilege of working for Intercede, a company supplying smart card management systems. A core capability was the ability to manage the card lifecycle and credential lifecycle (e.g., PKI certificate), as distinct from other systems that manage credentials and placed them on cards without managing the card lifecycle. A part of the sales pitch was if you don’t manage the card lifecycle in the system, you will end up with a spreadsheet to manage the cards.
Continue reading “Smart Card Management – Choose your process carefully”

Cyber Essentials: going mainstream?

As I’m sure many of the readers of this blog will be aware Cyber Essentials is a UK Government scheme encouraging organisations to adopt good practice in information security. It includes an assurance framework, and a simple set of security controls, to protect IT.

It was launched in a big fanfare in June of last year; it became mandated for certain UK Government IT contracts in October 2014; but it has seen relatively low take-up. Or at least thus far. Continue reading “Cyber Essentials: going mainstream?”