Mind the air-gap: Singapore’s web cut-off balances security, inconvenience | Reuters

By | August 27, 2016
0 Comment

A piece I co-wrote on Singapore’s decision to effectively air-gap most of its government computers — beyond security, military and intelligence. This is not something they’ve done lightly, but it does feel as if they might not have thought it all the way through. On the other hand, there were quite a few people I spoke to who said this might be the thin end of a larger wedge. And what does this mean for the cybersecurity industry? 

Mind the air-gap: Singapore’s web cut-off balances security, inconvenience | Reuters:

By Jeremy Wagstaff and Aradhana Aravindan | SINGAPORE

Singapore is working on how to implement a policy to cut off web access for public servants as a defense against potential cyber attack – a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term ‘smart nation’.

Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say.

Ben Desjardins, director of security solutions at network security firm Radware, called it ‘one of the more extreme measures I can recall by a large public organization to combat cyber security risks.’ Stephen Dane, a Hong Kong-based managing director at networking company Cisco Systems, said it was ‘a most unusual situation’, and Ramki Thurimella, chair of the computer science department at the University of Denver, called it both ‘unprecedented’ and ‘a little excessive.’

But not everyone takes that view. Other cyber security experts agree with Singapore authorities that with the kind of threats governments face today it has little choice but to restrict internet access.

FireEye, a cyber security company, found that organizations in Southeast Asia were 80 percent more likely than the global average to be hit by an advanced cyber attack, with those close to tensions over the South China Sea – where China and others have overlapping claims – were particularly targeted.

Bryce Boland, FireEye’s chief technology officer for Asia Pacific, said Singapore’s approach needed to be seen in this light. ‘My view is not that they’re blocking internet access for government employees, it’s that they are blocking government computer access from Internet-based cyber crime and espionage.’

AIR-GAPPING

Singapore officials say no particular attack triggered the decision, but noted a breach of one ministry last year. David Koh, chief executive of the newly formed Cyber Security Agency, said officials realized there was too much data to secure and the threat ‘is too real.’

Singapore needed to restrict its perimeter, but, said Koh, ‘there is no way to secure this because the attack surface is like a building with a zillion windows, doors, fire escapes.’

Koh said he was simply widening a practice of ministries and agencies in sensitive fields, where computers are already disconnected, or air-gapped, from the Internet.

Public servants will still be able to surf the web, but only on separate personal or agency-issued devices.

Air-gapping is common in security-related fields, both in government and business, but not for normal government functions. Also, it doesn’t guarantee success.

Anthony James, chief marketing officer at cyber security company TrapX Security, recalled one case where an attacker was able to steal data from a law enforcement client after an employee connected his laptop to two supposedly separated networks. ‘Human decisions and related policy gaps are the No.1 cause of failure for this strategy,’ he said.

‘STOPPING THE INEVITABLE’?

Indeed, just making it work is the first headache.

The Infocomm Development Authority (IDA) said in an email to Reuters that it has worked with agencies on managing the changes ‘to ensure a smooth transition,’ and was ‘exploring innovative work solutions to ensure work processes remain efficient.’

Johnny Wong, group director at the Housing Development Board’s research arm, called the move ‘inconvenient’, but said ‘it’s something we just have to adapt to as part of our work.’

At the Land Transport Authority, a group director, Lew Yii Der, said: ‘Lots of committees are being formed across the public sector and within agencies like mine to look at how we can work around the segregation and ensure front-facing services remain the same.’

Then there’s convincing the rank-and-file public servant that it’s worth doing – and not circumventing.

One 23-year-old manager, who gave only her family name, Ng, said blocking web access would only harm productivity and may not stop attacks. ‘Information may leak through other means, so blocking the Internet may not stop the inevitable from happening,’ she said.

It’s not just the critics who are watching closely.

Local media cited one Singapore minister as saying other governments, which he did not name, had expressed interest in its approach.

Whether they will adopt the practice permanently is less clear, says William Saito, a special cyber security adviser to the Japanese government. ‘There’s a trend in private business and some government agencies’ in Asia to go along similar lines, he said, noting some Japanese companies cut internet access in the past year, usually after a breach.

‘They cut themselves off because they thought it was a good idea,’ he told Reuters, ‘but then they realized they were pretty dependent on this Internet thing.’

Indeed, some cyber security experts said Singapore may end up regretting its decision.

‘I’m fairly certain they would regret it and wind up far behind other nations in development,’ said Arian Evans, vice president of product strategy at RiskIQ, a cyber security start-up based in San Francisco.

The decision is ‘surprising for a country like Singapore that has always been a leader in innovation, technology and business,’ he said.

(Reporting by Jeremy Wagstaff and Aradhana Aravindan, with additional reporting by Paige Lim; Editing by Ian Geoghegan)

Singapore’s M1 aims narrowband deployment at the sea

By | August 27, 2016
0 Comment

Singapore telco M1 is getting Nokia to install an NB-IoT network atop its 4G one, interestingly with an eye not just to land but to sea. 

NB-IoT stands for Narrowband Internet of Things, and is the GSM world’s answer to narrowband technologies such as LoRa and Sigifox that threaten to take away a chunk of their business when the Internet of things does eventually take off. Why use expensive modems and services when you’re just trying to connect devices which want to tell you whether they’re on or off, full or empty, fixed or broken?  

Techgoondu reports: “While that network caters to heavy users who stream videos or songs on the go, a separate network that M1 is setting up at the same time is aimed at the smart cars, sensors and even wearables.

They said pricing will likely vary with each solution or package, with some companies saving costs from deploying large amounts of connected sensors. However, others that require the bandwidth, say, to deliver surveillance videos over the air, would likely stick with existing 4G networks.

And while many NB-IoT devices are still on the drawing board – standards for the network were only finalised in June – M1 executives were upbeat about jumping on the bandwagon early.

Alex Tan, the telco’s chief innovation officer, said the technology would open up new business opportunities in the years ahead.”

A press release from M1 says it’s working with the ports authority — Singapore is one of the biggest ports in the world — to  “explore the deployment of a network of offshore sensors to augment the situational awareness of our port waters,” according to Andrew Tan, Chief Executive of the Maritime and Port Authority, MPA.

This follows Sigfox’s deployment in the city state last month. It also pips to the post rival Singtel who have been talking since February about running a trial of NB-IoT with Ericsson.  (Update: “Our preparation to trial NB-IoT is well underway. We are working with our vendors and industry partners to conduct lab trials in December, with a view to launch an NB-IoT network by mid-2017.”)

Here’s my earlier piece on LoRa

LoRa offers a cheaper link to the Internet of Things | Reuters

By | September 7, 2016
0 Comment

My piece on the rise of narrowband networks: LoRa offers a cheaper link to the Internet of Things | Reuters:

Remote control : LoRa offers a cheaper link to the Internet of Things

By Jeremy Wagstaff

LAUNCESTON, Australia, Reuters – The future of communications may be 5G, where mobile networks push bandwidth-heavy video to phones and pull data from self-driving cars, but some firms see an alternative: farm irrigation equipment, donation boxes and oysters, connected by a technology called LoRa.

LoRa (for Long Range) is among a clutch of narrow band technologies that connect devices cheaply over unlicensed spectrum and vast distances, needing very little power.

The catch: they can only send small parcels of data rather than the gigabytes most wired and mobile standards aspire to.

But, advocates say, that may be more than enough.

‘It turns out you don’t need that huge an infrastructure, and it can be driven by small devices that are very smart and not very expensive,’ says Mike Cruse, CEO of Definium Technologies, which is building LoRa-based devices for farmers, universities and mines.

The so-called Internet of Things (IoT) has long promised to hook up devices, from aircraft to hair dryers, enabling owners to monitor, control and collect data from them remotely. Spending on the IoT will hit $6 trillion between 2015 and 2020, according to PricewaterhouseCoopers.

But the reality has been slow catching up. Ericsson this year almost halved the number of connected devices – including smartphones – it sees by 2020 to 28 billion.

Part of what’s holding things back, critics say, is that solutions are too expensive and elaborate for what is needed. Most involve cellular connections, which are either impractical in rural areas or beyond a user’s budget.

Take Richard Gardner, who runs a 2,500 hectare (6,178 acre) farm in Tasmania and pays A$1,200 per sensor for a cellular-based soil moisture measuring system. He’s working with Definium to design one costing a tenth of that.

‘There’s a lot of technology out there that works now, it’s just very expensive. We’ve got something now that we think has better attributes and is cheaper,’ says Gardner, who has invested in Definium and says he already has other farmers keen to buy the company’s products.

 

Making all this possible is LoRa, a narrow band standard adopted by the likes of Cisco and IBM, where the thumbnail-sized radios that send and receive data sell for a dollar or less.

Dutch enthusiasts are building a global community of open-source LoRa gateways, called the Things Network. Nodes send and receive messages – about a tenth of the size of an SMS – every couple of minutes to once every few hours. Followers have rolled out their own experimental networks using the community’s software in cities from Colombia to Russia.

Founder Wienke Giezeman says a $300 gateway – the router connecting the LoRa nodes to the Internet – will be available next month. Half a dozen would be enough to cover an average-sized city. ‘This,’ he says, ‘is going to push the next phase of growth.’

And LoRa isn’t the only narrow band technology in town.

Weightless, a British-based alliance, is one. Another is a proprietary U.S. technology run by a company called Ingenu, as is Sigfox, a French firm, which has raised $150 million from companies including Samsung Electronics.

The biggest potential losers are the telecoms companies, the traditional gatekeepers to the coverage these networks now claim. Ericsson says only 1.5 billion of the 16 billion IoT devices it reckons will be connected in 2021 will rely on cellular networks.

Some telecoms firms are counting on NB-IOT, a narrow band standard adopted by the industry that would use their existing cellular networks. Others are hedging their bets by building LoRa and other narrow band networks.

SK Telecom, for example, has rolled out a network across South Korea which it said would cost users a tenth of what they would pay to attach devices to its 4G network.

RELATED COVERAGE

Likely winners from LoRa networks in IoT Lagging, however, is how best to use these networks.

Charles Anderson, an analyst at IDC, says governments and companies are still pondering what might work, and what end users might want.

In the meantime, smaller players are feeling their way. One visitor to a booth at a recent IoT show in Singapore suggested connecting donation collection boxes so she’d know when they need emptying.

Rishabh Chauhan of The Things Network says the community is still experimenting – from remotely monitoring mouse traps to whether moored rowboats have filled with water. ‘It seems people have a use case, but want to see it on a small level. They’re still prototyping,’ he said.

Much of the pioneering work is outside cities, where existing networks are poor.

Gardner, the farmer, for example, sees the potential for monitoring water flow and levels, the voltage in his electric fences, or his crop sprinklers. Knowing whether they’re working properly would save two trips a day and cut fuel bills, he says.

In a back-room lab, Definium’s Cruse shows some of the sensors he’s designing for clients, all of which could easily connect to a LoRa network.

They include one for measuring salt levels for shrimp farmers in Bangladesh; an LED street lamp for a mining company that could be controlled remotely; a squirrel trap which would alert a catch, and a biosensor attached to an oyster to gauge its health.

Pocket-sized Smartphone Breathalyzer

By | August 1, 2016
0 Comment

Further to my piece on smell sensing tech, it seems that breathalyzers, which use gas sensors like this one: Alcohol Gas Sensor, are getting smaller. This one attaches to a smartphone, fits in a pocket and costs $35. (Via Interesting Engineering)

That’s not the cheapest one out there — this BACtrack Ultra-Portable Personal Keychain Breathalyzer probably is — but I think it’s probably the cheapest that connects to a phone. 

Some more links on the matter: 

Drinkmate | Specifications

 Blood alcohol content – Wikipedia, the free encyclopedia

 

BBC World Service – Smell tech

By | July 28, 2020
1 Comment

At the end of this program is my piece on smell technology, if you like that kind of thing. BBC World Service – Business Daily, UK FinTech Mulls a Post-Brexit Future (with everything else going on it might seem a bit flippant, or maybe light relief. 

Can the UK’s financial technology or FinTech sector maintain its global lead after Brexit? We speak to Lawrence Wintermeyer, the chairman of the industry’s trade body Innovate Finance, about what he hopes the British government will negotiate in a new deal with the EU. Also, Michael Pettis, professor of finance at Peking University, tells us what Brexit looks like from China and why financial markets have been resilient to the initial shock of the referendum’s result. Plus, what’s the point of a smart phone that can smell? Jeremy Wagstaff, Thomson Reuters’ chief technology correspondent for Asia, says you may be surprise.