2012 secau Security Congress
3-5 December, 2012
Perth, Western Australia
Professor Steven Furnell
Infosec: Lots of safeguards and no protection?
It is hard to escape IT security, with related safeguards to be found on most of the devices, applications and services that we use. The average user is faced with a plethora of threats that they are warned to ignore at their peril, and many will consequently devote significant time to security-related tasks and interactions. In spite of this, they can still face the risk of attacks and exploitation against their systems, and so may arguably feel that they have gained a tangible security overhead, but have relatively little to show for it. This presentation will consider the extent of the burden that security can place upon users (including the time, difficulty and constraints involved), and the extent to which these can be offset through better attention to the technology itself and through changing the culture of those that must use it.
Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at Plymouth University in the United Kingdom, and an Adjunct Professor with Edith Cowan University in Western Australia. His interests include security management and culture, computer crime, user authentication, and security usability. Prof. Furnell is active within three working groups of the International Federation for Information Processing (IFIP) - namely Information Security Management, Information Security Education, and Human Aspects of Information Security & Assurance. He is the author of over 220 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). He is also the editor-in-chief of Information Management & Computer Security, and the co-chair of the Human Aspects of Information Security & Assurance (HAISA) symposium (www.haisa.org). Further details can be found at www.plymouth.ac.uk/cscan, with a variety of security podcasts also available via www.cscan.org/podcasts. Steve can also be followed on Twitter (@smfurnell).
Getting away with murder
In 2009 the news that the renowned Northern Ireland Dentist Dr Colin Howell and his former lover Hazel Buchanan had murdered their respective spouses in 1991 was something of a sensation. The fact that lies, intrigue, sex and Christianity were all bound up in a web of deceit rocked the Province. Colin Howell had confessed to Police and pleaded guilty in his subsequent Court Hearing.
In 1991 two bodies were found in a car in a garage. Police were satisfied that the pair a serving Police Officer, (the Husband of Hazel Buchanan) Father to two young children and the Wife of a local Dentist (Lesley Howell) Mum to four children under the age of five had committed suicide. This conclusion by Police was despite the fact that it was known that it was their respective spouses who were ‘having an extra marital affair.’ Had the ‘lovers’ got away with ‘the perfect murder?’ It was only some 18 years later when Colin Howell confessed to these murders that the shock waves were felt in every quarter.
The investigation by the Police Service of NI in 2009 into the murders led to a guilty plea from Colin Howell. His former lover Hazel (now Stewart) remarried this time to a retired police Superintendent pleaded ‘not guilty.’ During the most sensational criminal trial ever seen in Northern Ireland, Howell gave evidence against Hazel Stewart for the Crown, she exercised her ‘right to silence’. A jury unanimously found Stewart guilty of the double murders. She intends to appeal her conviction. How did they get away with murder for so long? Why did the original Police investigation get it so wrong? What did the Police Ombudsman for NI conclude?
All of these questions will be addressed by Rosemary in her keynote address. Rosemary will set the scene by discussing how the Dentist and his young lover felt they were “Waltzing in Time” as they plotted to kill their spouses in what appeared to be the ‘perfect murder’. Why did Colin Howell confess? Rosemary will deliver some incredible facts about this case during her presentation.
Rosemary Craig spent 15 years in the private sector at senior management level in advertising, marketing and public relations. A graduate in psychology (and mature student) she relinquished her lucrative career to realise her life time passion – to read law at Queen’s University Belfast. She was quickly head hunted by the Anderson McAuley retail group where her past experience in retailing coupled with her legal expertise added a further dimension to her talents. A specialist in employment law she undertook a confidential role for the Goodyear Tyre & Rubber Company (NI) prior to the Company ceasing to trade in NI. As graduate from Sandhurst Military College she spent ten years (PT) as an Officer in the British Army. She saw Service in some of the worst times of the NI Troubles while holding down her FT employment roles.
In the public sector she was Director & Legal Adviser to the Green Park Health Care Trust where she introduced business techniques to the Medical Profession. She graduated from the University of Leicester with a Masters Degree in International Industrial Relations and Employment Law. Her Dissertation entitled “An Equal Force?” focused on the role of women in management within the Royal Ulster Constabulary as espoused by the equality legislation of 1976 and mirrored the Patten Commission recommendations of its time.
The call and indeed love of the law in tandem with academia brought her full circle back to University life. She is a law lecturer with the University of Ulster and delivers all post graduate modules. Today she tempers academia with her work in the Legal Profession in a continuing career. She was requested by the Office of the First and Deputy First Minister to appoint the new Northern Ireland Police Ombudsman. It is testament to her reputation for fairness and justice in the legal profession and her dealings with people that led to this prestigious appointment. She has served on the Bench of the Youth and Family Courts in the County Court Division of Belfast for the past 29 years. She was recently appointed as a European Adviser on the SMART and RESPECT European Projects due to her experience with the Security Forces and knowledge of the law.
Where automation ends and people begin
We all want a magic button that fixes our network security problems. Automated tools can improve a weak computer security posture by preventing new infections and disrupting command and control channels. In reality, though, the scope of these tools will always be limited to the most basic of attacks. A strong security posture requires not only automated equipment, but people to program the equipment and to act on its output. Cisco CSIRT (Cisco Security Incidents & Response Team) has taken a pragmatic approach where automated equipment better serves the purpose of providing intelligence to highly-trained IT staff, rather than attempting to replace the security staff.
As an computer security specialist with more than two decades of experience, Gavin Reid works with some very interesting people – from leaders in the vanguard of information security, to hackers in the computer underground. Gavin leads the Computer Security Incident Response Team at Cisco Systems – a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cyber security incidents. With annual revenue of $44 Billion and the bulk of transactions conducted over the Internet, Cisco is a prime target for cyber attack and exploitation. As an active member of the computer security community, he also supports FIRST and chairs the working group responsible for the Common Vulnerability Scoring System. Gavin joined Cisco in 1999 from the National Aeronautics & Space Administration where he oversaw IT Security at the Johnston Space Centre. He lives in North Carolina (USA)
Hacktivism: Ethical Issues in Benevolent Hacking
In the largely unregulated area of internal review and development there are opportunities for harm to occur. By hacking into the files of staff members, with or without their knowledge and consent, it is obviously possible to discover things that can be used against the interests of the staff member. There need to be principles and policies that control such hacking.
Accountability, liability, responsibility are all hard to legislate and enforce. Ownership of software and intellectual property will sometimes be in dispute.
Currently, the whole area depends upon the attitudes, behaviours, scruples, and preferences of the ‘hackers’ and the management who engaged them. The potential for harm arising in such a situation is significant and could result in restrictive regulation being imposed upon the industry/profession. Better to anticipate and manage the issues before government and community act in crisis to control.
The key questions are, ‘why is this important?’, ‘whose business is it?’, ‘what can be done about it?’, ‘what principles apply?’, and ‘how might it be regulated?’.
By analogy with other areas of professional behaviour and regulation Colin Honey will clarify the issues and suggest some possible ways forward.
Colin Honey is an applied ethicist. For more than 20 years he was a head of College at the University of Western Australia. He was founding Director of the Kingswood Centre for Applied Ethics and taught ethics in the professions to accountants, police, nurses and doctors, dentists and media students. From Perth he went to Cambridge and he continues there for a term every year as a member of a research team specialising in applied ethics. Otherwise he lives and works in Melbourne.
Trained in philosophy in Melbourne, theology in Cambridge, and bioethics in Edinburgh, Colin has been a visiting fellow in New York, Cambridge, and in several other centres in America. He has designed medical ethics decision-making processes which are now used in some of these centres.
Colin says that he does not aim to give answers. He says that he likes to clarify issues and stimulate others to apply their ethical principles and values consistently, coherently and inclusively.
Public policy and legislation have occupied much of his time both here and in Britain. He has given hundreds of radio broadcasts and has appeared on television on the ABC, and the Seven, Ten and Nine Networks.
He likes to see participation in decision-making; and he likes to see people making intelligent and informed decisions.He says that his diversions include joke-telling, restoring old cars, learning Italian (and visiting Italy), learning to play the pipe-organ, and cross-cultural involvement in the community.