Reuters: Beyond the Breach

By | February 9, 2015
0 Comment

My piece on disruption in the cybersecurity space. Too many companies and ideas to mention in Reuter-space, but it’s a start.  Thanks to Ian Geohegan, as ever, for his editing touch.  

Beyond the breach: cyberattacks force a defense strategy re-think | Reuters

(Reuters) – A barrage of damaging cyberattacks is shaking up the security industry, with some businesses and organizations no longer assuming they can keep hackers at bay, and instead turning to waging a guerrilla war from within their networks.

U.S. insurer Anthem Inc last week said hackers may have made off with some 80 million personal health records. Also, Amy Pascal said she would step down as co-chairman of Sony Pictures Entertainment, two months after hackers raided the company’s computers and released torrents of damaging emails and employee data.

Such breaches, say people in the industry, offer a chance for younger, nimbler companies trying to sell customers new techniques to protect data and outwit attackers. These range from disguising valuable data, diverting attackers up blind alleys, and figuring out how to mitigate breaches once the data has already gone.

“Suddenly, the music has completely changed,” said Udi Mokady, founder of U.S.-based CyberArk. “It’s not just Sony, it’s a culmination of things that has turned our industry around.”

Worldwide spending on IT security was about $70 billion last year, estimates Gartner. ABI Research reckons cybersecurity spending on critical infrastructure alone, such as banks, energy and defense, will reach $109 billion by 2020.

Several things are transforming the landscape. Corporations have been forced to allow employees to use their own mobile phones and tablets for work, and let them access web-based services like Facebook and Gmail from office computers. All this offers attackers extra opportunities to gain access to their networks.

And the attackers and their methods have changed.

Cyber criminals and spies are being overshadowed by politically or religiously motivated activists, says Bryan Sartin, who leads a team of researchers and investigators at Verizon Enterprise Solutions, part of Verizon Communications. “They want to hurt the victim, and they have hundreds of ways of doing it,” he said in a phone interview.

CLOSING THE DOOR

The result: companies can no longer count on defending themselves with decades-old tools like firewalls to block traffic and antivirus software to catch malware, and then assume all traffic that does make it within the network is legitimate.

Research by IT security company FireEye last month, for example, found that “attackers are bypassing conventional security deployments almost at will.” Across industries from legal to healthcare it found nearly all systems had been breached.

“Once an attacker has made it past those defenses they’re in the gooey center, and getting around is relatively simple,” said Ryan Wager, director of product management at vArmour.

Attackers can lurk inside a network for half a year before being detected. “That’s like having a bad guy inside your house for six months before you know about it,” says Aamir Lakhani, security strategist at Fortinet Inc, a network security company.

Security start-ups have developed different approaches based on the assumption that hackers are already, or soon will be, inside the network.

Canada-based Camouflage, for example, replaces confidential data in files that don’t need it, like training databases, with fictitious but usable data. This makes attackers think they have stolen something worthwhile. U.S.-based TrapX Security creates traps of ‘fake computers’ loaded with fake data to redirect and neutralize attacks.

California-based vArmour tries to secure data centers by monitoring and protecting individual parts of the network. In the Target Corp breach during the 2013 holiday shopping season, for example, attackers were able to penetrate 97 different parts of the company’s network by moving sideways through the organization, according to vArmour’s Wager.

“You need to make sure that when you close the door, the criminal is actually on the other side of the door,” he said.

‘THREAT INTELLIGENCE’

Funding these start-ups are U.S- and Europe-based venture capital firms which sense another industry ripe for disruption.

Google Ventures and others invested $22 million in ThreatStream in December, while Bessemer Venture Partners last month invested $30 million in iSIGHT Partners. Both companies focus on so-called ‘threat intelligence’ – trying to understand what attackers are doing, or plan to do.

Clients are starting to listen.

Veradocs‘ CEO and co-founder Ajay Arora says that while his product is not officially live, his firm is already working with companies ranging from hedge funds to media entertainment groups to encrypt key documents and data.

UK-based Darktrace, which uses math and machine learning to spot abnormalities in a network that might be an attack, has a customer base that includes Virgin Trains, Norwegian shipping insurer DNK and several telecoms companies.

But it’s slow going. Despite being open for business since 2013, it’s only been in the past six months that interest has really picked up, says Darktrace’s director of technology Dave Palmer. 

“The idea that indiscriminate hacking would target all organizations is only starting to get into the consciousness.”

BBC : The Mantra of Disruption

By | July 28, 2020
0 Comment

A piece I recorded for the BBC World Service. Not Reuters content. 

Disruptive innovation is like one of those terms that worms its way into our vocabulary, a bit like built-in obsolescence or upselling.   It’s become the mantra of the tech world, awhich sees its author Clayton Christensen, as a sort of messiah of the changes we’re seeing in industries from taxis, hotels and media. Briefly put the theory goes: existing companies are undercut and eventually replaced by competitors who leverage technology to come up with inferior but good enough alternatives — think the transistor radio displacing vacuum tube radios — or come up with wholly new products that eventually eclipse existing markets — think the iPhone killing off the MP3 player (and radios, and watches, and cameras, and guitar tuners etc.) 

A backlash has emerged against this theory, partly because it’s somewhat flawed — even Prof Christensen himself has misapplied it, as in the case of the iPhone — but also because it’s scary. Uber may be a great idea if you’re looking for a ride, but not if you’re an old-style cabbie. Airbnb is great for a place to crash, but feels like a car crash if you’re running a real b’n’b. And don’t get me started on being a journalist. 

But there’s a much bigger problem here. The tech world is full of very inspiring, bright, charismatic people and that’s one reason I choose to write about it for a living. But it has changed in the past decade or so, undeniably.   15 years ago, just before the last dot.com crash, a tome appeared: The Cluetrain Manifesto, and you’d either read it or you hadn’t. It was a collection of writings by some fine thinkers, the great bloggers of the day like Doc Searls and Dave Weinberger. The main thesis: the Internet is unlike ordinary, mass media, because it allows human to human conversations — and that this would transform marketing, business, the way we think. Markets are conversations, it said. 

For a while we were giddy with the power this gave us over corporations. We could speak back to them — on blogs, and later on what became known as social media. Even Microsoft hired a blogger and let him be a tiny bit critical of things at Redmond. 

Looking back, it was probably the last naive blast of the old dying Internet rather than a harbinger of the new. The language, if not the underlying philosophy, lives on in conferences and marketing pitches. Most social media conversations are harsh, mostly inhuman — we refer to deliberate online baiters as trolls, which I suppose makes them subhuman — and we’ve largely given up influencing the companies we do business with except in the occasional diatribe or flash hashtag full frontal mob assault.  

And more importantly, there is no longer any of that idealism or utopianism in any startup movement that I can see. For sure, we cheer on these players because they seem to offer something very seductive, from free email, calendars, spreadsheets to cheaper rides, stays, music, video and goodies, to shinier bling, gadgets, wearables and cars. And they all sing the same mantra: we’re disruptive, we’re disintermediating, we’re leveraging technology, we’re removing friction, we’re displacing old cozy cartels, we’re doing it all for you. 

The problem is that underneath this lies an assumption, an arrogance,  that technology is a natural ally of good, that disruption is always a good thing, that the geeks parlaying it into products are natural leaders, and that those opposing it are reactionaries, doomed to the scrapheap. 

The result: we’re just getting into a more rapid cycle of replacing one lot of aloof, cloth-eared giants with another lot, who in short order will be replaced by another. Microsoft, IBM, and HP, the giants of when Cluetrain was written, have been replaced by Amazon, Apple, Alibaba, Facebook and Google, all of them as hard to hold a conversation with as Microsoft ever was. And the big players of tomorrow, which may or may not be Uber, Airbnb, Tencent and Twitter, don’t seem particularly interested in a conversation either. 

We need to recover some of that old Cluetrain idealism, naivety, when we thought that what we were doing was building a new platform for anyone to use, to talk back to authority, to feel heard and appreciated — and not just a cult-like celebration of the rugged individuals who dismantled Babel only to build a bigger, shinier and more remote one its place. 

Reuters: With WebRTC, the Skype’s no longer the limit

By | December 12, 2014
0 Comment

Something I wrote for Reuters: 

With WebRTC, the Skype’s no longer the limit

By Jeremy Wagstaff

SINGAPORE Thu Dec 11, 2014 4:07pm EST

(Reuters) – WebRTC, a free browser-based technology, looks set to change the way we communicate and collaborate, up-ending telecoms firms, online chat services like Skype and WhatsApp and remote conferencing on WebEx.

Web Real-Time Communication is a proposed Internet standard that would make audio and video as seamless as browsing text and images is now. Installed as part of the browser, video chatting is just a click away – with no need to download an app or register for a service.

WebRTC allows anyone to embed real-time voice, data and video communications into browsers, programs – more or less anything with a chip inside. Already, you can use a WebRTC-compatible browser like Mozilla’s Firefox to start a video call just by sending someone a link.

Further ahead, WebRTC could add video and audio into all kinds of products and services, from GoPro cameras and educational software to ATMs and augmented reality glasses. Imagine, for example, wanting to buy flowers online and being able, at a click, to have the florist demonstrate arrangements to you live via a video link.

WebRTC will be a market worth $4.7 billion by 2018, predicts Smiths Point Analytics, a consultancy. Dean Bubley, a UK-based consultant, reckons over 2 billion people will be using WebRTC by 2019, some 60 percent of the likely Internet population.

Most of these will be mobile. Some versions of Amazon’s Kindle multimedia tablet, for example, have a ‘Mayday’ button which launches a WebRTC-based video call with a customer service representative.

By the end of the decade, consultants Analysys Mason reckon there will be 7 billion devices supporting WebRTC, nearly 5 billion of them smartphones or tablets. Automatic voice and video encryption means web conversations should be safe from eavesdropping or external recording.

FROM DREAM TO REALITY

“The promise is fantastic,” said Alexandre Gouaillard, chief technology officer at Singapore start-up Temasys. “There’s always a problem with timing, between dream and reality.”

Initially championed by Google, WebRTC was adopted by Mozilla and Norway’s Opera Software – between them accounting for more than half of the world’s browsers. In October, Microsoft committed to including a version of WebRTC on its Internet Explorer browser, leaving only Apple as the main holdout. An Apple spokesperson declined to discuss the company’s plans for WebRTC in detail.

Last month, technical experts agreed a compromise on a key sticking point: which of two encoding standards to use to convert video. All sides agreed to support both for now.

Some prominent names are staking out the WebRTC arena.

Skype co-founder Janus Friis this month launched Wire, a chat and voice messaging app that uses WebRTC, and Ray Ozzie, who created Lotus Notes and was chief software architect at Microsoft, is challenging messaging and conferencing services with Talko, an app using WebRTC. Mozilla has teamed up with U.S.-based TokBox to launch Hello, a plug-in-free, account-free web conferencing service within its Firefox browser.

Dozens of mobile apps already leverage WebRTC – including Movirtu’s WiFi-based CloudPhone, allowing voice calls over WiFi. Movirtu CEO Carsten Brinkschulte says WebRTC “gives us a lot of things that are free that are normally very hard to do.”

“A MAGNIFIER”

This makes some incumbents nervous. One is the $2 billion web and video conferencing industry. And telecoms firms are still reeling from free voice and messaging services like WhatsApp and Skype. Even those companies look vulnerable as WebRTC reduces the cost of setting up a competing service.

“WebRTC is a magnifier,” says Bubley, the consultant. “It makes the opportunities bigger and the threats worse, and everything faster.”

Some, though, are putting up a fight.

Microsoft is rolling out a web-based version of Skype that will, eventually, require no extra software and will be compatible with all WebRTC browsers. And Cisco, whose WebEx is king of web-based video conferencing, has been active in developing standards. But, says Bubley, “it’s in no desperate rush to accelerate.”

Among telecoms companies, Telefonica bought TokBox “to learn about the space, and they’ve largely left us to pursue that,” said TokBox CEO Scott Lomond. SK Telecom and NTT Docomo are also experimenting with the technology.

But those championing WebRTC say the technology isn’t so much about challenging what’s available today, but more about creating opportunities for new products and services tomorrow.

Cary Bran, vice president at Plantronics, a headset maker, sees a time when online gamers won’t just be able to see and talk to each other, but feed heart-rate and other sensor data into the game, “making it more difficult or easy based on the user’s level of engagement.”

More prosaically, TokBox is working with banks in the United States and Europe to provide branch visitors with video links to specialists, cutting down on staffing costs.

Such options, says TokBox’s Lomond, only scratch the surface of what’s possible. “I don’t think the broader market has fully appreciated how potentially disruptive this is,” he says.

Reuters: Making cars safer: have the driver do less

By | December 12, 2014
0 Comment

A piece I wrote for Reuters. BBC version here

Making cars safer: have the driver do less

By Jeremy Wagstaff

SINGAPORE Tue Nov 11, 2014 4:00pm EST

Nov 12 (Reuters) – As millions of cars are under recall for potentially lethal air bags, designers are trying to reduce the need for the device – using sensors, radar, cameras and lasers to prevent collisions in the first place.

With driver error blamed for over 90 percent of road accidents, the thinking is it would be better to have them do less of the driving. The U.S.-based Insurance Institute for Highway Safety found that forward-collision warning systems cut vehicle-to-vehicle crashes by 7 percent – not a quantum leap, but a potential life saver. Nearly 31,000 people died in car accidents in 2012 in the United States alone.

“Passive safety features will stay important, and we need them. The next level is now visible. Autonomous driving for us is clearly a strategy to realise our vision for accident-free driving,” said Thomas Weber, global R&D head at Mercedes-Benz .

While giving a computer full control of a car is some way off, there’s a lot it can do in the meantime.

For now, in some cars you can take your foot off the pedal and hands off the wheel in slow-moving traffic, and the car will keep pace with the vehicle in front; it can jolt you awake if it senses you’re nodding off; alert you if you’re crossing into another lane; and brake automatically if you don’t react to warnings of a hazard ahead.

How close this all comes to leaving the driver out of the equation was illustrated by an experiment at Daimler last year: adding just a few off-the-shelf components to an S-class Mercedes, a team went on a 100 km (62 mile) ride in Germany without human intervention. “The project was about showing how far you can go, not just with fancy lasers, but with stuff you can buy off the shelf,” said David Pfeiffer, one of the team.

Such features, however, require solving thorny problems, including how to avoid pedestrians.

While in-car cameras are good at identifying and classifying objects, they don’t work so well in fog or at night. Radar, on the other hand, can calculate the speed, distance and direction of objects, and works well in limited light, but can’t tell between a pedestrian and a pole. While traffic signs are stationary and similar in shape, people are often neither.

For a better fix on direction there’s LiDAR – a combination of light and radar – which creates a picture of objects using lasers. Velodyne’s sensors on Google’s autonomous car, for example, use up to 64 laser beams spinning 20 times per second to create a 360-degree, 3D view of up to several hundred metres around the car.

Mercedes’ ‘Stop-and-Go Pilot’ feature matches the speed of the car in front in slow traffic and adjusts steering to stay in lane using two ultrasonic detectors, five cameras and six radar sensors. “This technology is a first major step,” said R&D chief Weber. “(However distracted the driver is), the system mitigates any accident risk in front.”

HOLY GRAIL

The next stage, experts say, is a road network which talks to cars, and where cars talk to other cars. General Motors has said its 2017 Cadillac CTS will transmit and receive location, direction and speed data with oncoming vehicles via a version of Wi-Fi.

Other approaches include using cameras to monitor the driver. Abdelaziz Khiat, at Nissan Motor’s research centre in Japan, uses cameras to track the driver’s face to detect yawns, a drooping head suggesting drowsiness, or frowns that may indicate the onset of road rage.

These advanced safety features are fine – if you can afford them. The Insurance Institute survey found that the forward collision warning systems were available in fewer than one in every 20 registered vehicles in 2012.

In key markets across emerging Asia, says Klaus Landhaeusser, regional head of government relations at Bosch , many first-time car buyers don’t want to spend more than $2,500. For that, he said, “you won’t be able to introduce any safety features.”

Road conditions are also key. “It will be a long time before we have software and algorithms that can see everything happening” on the roads in emerging markets, said Henrik Kaar, at auto safety equipment market leader Autoliv Inc.

And not everyone welcomes this progress. Some drivers complain the technology is intrusive, or is inconsistent. “If a safety feature is seen as intrusive or bothersome, a driver may try to circumvent or disable it,” said Chris Hayes, a vice president at insurer Travelers.

The key appears to be ensuring that while humans remain in charge of the vehicle, they have good information and features that correct the errors they make.

“For a long time, people thought it was an all-or-nothing jump between humans in charge and fully autonomous vehicles,” said Michael James, senior research scientist at Toyota Motor’s U.S. technical centre. “I don’t think that’s the case anymore. People see it as a more gradual transition.”

 

(Additional reporting by Norihiko Shirouzu; Editing by Ian Geoghegan)

BBC: Cars we can’t drive

By | July 28, 2020
0 Comment

Let’s face it: we’re not about to have driverless cars in our driveway any time soon. Soonest: a decade. Latest: a lot longer, according to the folk I’ve spoken to.

But in some ways, if you’ve got the dosh, you can already take your foot off the gas and hands off the steering wheel. Higher end cars have what are called active safety features, such as warning you if you stray out of your lane, or if you’re about to fall asleep, or which let the car take over the driving if you’re in heavy, slow moving traffic. Admittedly these are just glimpses of what could happen, and take the onus off you for a few seconds, but they’re there. Already.

The thinking behind all this: More than 90% (roughly, depends who you talk to) of all accidents are caused by human error. So, the more we have the car driving, the fewer the accidents. And there is data that appears to support that. The US-based Insurance Institute for Highway Safety found that forward collision warning systems led to a 7% reduction in collisions between vehicles.

But that’s not quite the whole story. For one thing, performing these feats isn’t easy. Getting a car, for example, to recognise a wandering pedestrian is one of the thorniest problems that a scientist working in computer vision could tackle, because you and I may look very different — unlike, say, another car, or a lamppost, or a traffic sign. We’re tall, short, fat, thin, we were odd clothes and we are unpredictable — just because we’re walking towards the kerb at a rate of knots, does that mean we’re about to walk in to the road?

Get this kind of thing wrong and you might have a top of the range Mercedes Benz slam on the brakes for nothing. The driver might forgive the car’s computer the first time, but not the second. And indeed, this is a problem for existing safety features — is that a beep to warn you when you’re reversing too close to an object, or you haven’t put your seatbelt on, or you’re running low on windscreen fluid, or bceause you’re straying into oncoming traffic? We quickly filter out warning noises and flashing lights, as airplane designers have found to their (and their pilots’) cost.

Indeed, there’s a school of thought that says that we’re making a mistake by even partially automating this kind of thing. For one thing, we need to know what exactly is going on: are we counting on our car to warn us about things that might happen, and, in the words of the tech industry “mitigate for us”? Or are these interventions just things that might happen some of the time, if we’re lucky, but not something we can rely on?

If so, what exactly is the point of that? What would be the point of an airbag that can’t be counted on to deploy, or seatbelts that only work some of the time? And then there’s the bigger, philosophical issue: for those people learning to drive for the first time, what are these cars telling them: that they don’t have to worry too much about sticking to lanes, because the car will do it for you? And what happens when they find themselves behind the wheel of a car that doesn’t have those features?

Maybe it’s a good thing we’re seeing these automated features now — because it gives us a chance to explore these issues before the Google car starts driving itself down our street and we start living in a world, not just of driverless cars, but of cars that people don’t know how to drive.

This is a piece I wrote for the BBC World Service, based on a Reuters story.