privacy

The Evolution of Cybersecurity: NIST Cybersecurity Framework 2.0

/ bugejajoseph / Leave a comment
Photo by Tima Miroshnichenko on Pexels.com

The National Institute of Standards and Technology (NIST) reached a significant milestone on August 8, 2023, with the release of the draft for NIST Cybersecurity Framework (CSF) 2.0. This step marks a positive advancement since its inception in 2014. The CSF is a cornerstone in reducing cybersecurity risks, offering comprehensive guidance to organizations in comprehending, evaluating, prioritizing, and communicating these risks, along with actionable measures to mitigate them.

CSF 2.0 extends its influence, delivering invaluable cybersecurity insights to organizations of diverse sizes and industries. A pivotal change is evident in the revised title, which omits the term “Critical Infrastructure” (previously named “Framework for Improving Critical Infrastructure Cybersecurity”), highlighting its broader applicability.

At the core of CSF 2.0 lies an intensified emphasis on the indispensable role of governance in the realm of cybersecurity. Acknowledging its foundational significance, strong governance emerges as the bedrock of an effective cybersecurity program. By positioning governance as the cornerstone, the framework guides organizations in steering the other five functions—identify, protect, detect, respond, and recover—aligned with their mission and stakeholder expectations.

A compelling highlight of the draft pertains to the criticality of supply chain risk management. It underscores the imperative need for holistic risk management programs that address the vulnerabilities associated with suppliers. Additionally, a clarion call for proactive third-party risk monitoring resonates throughout the document, underscoring the importance of a vigilant stance.

In an era characterized by dynamic cyber threats, the adoption of advanced frameworks becomes an inescapable imperative. The integration of NIST CSF 2.0 into our strategic cybersecurity approach is paramount. Furthermore, forging alliances with industry leaders amplifies our collective efforts in fortifying our digital defenses against the ceaselessly evolving landscape of digital threats.

In conclusion, NIST Cybersecurity Framework 2.0 signifies a monumental stride towards bolstering our digital resilience. By embracing its principles and fostering collaborative partnerships, we equip ourselves to navigate the complex challenges posed by the digital age.

Read more here: https://www.nist.gov/news-events/news/2023/08/nist-drafts-major-update-its-widely-used-cybersecurity-framework

Explore the Future of Smart Home Technology with Amazon’s Dream Home

/ bugejajoseph / Leave a comment
Photo by Jessica Lewis Creative on Pexels.com

From Amazon’s Echo to its Ring doorbell, the tech giant has made its way into many of our homes. But do you know what Amazon is learning about you and your family? From its smart gadgets, services, and data collection, Amazon has the potential to build a detailed profile of its users.

The data collected by Amazon can help power an “ambient intelligence” to make our home smarter, but it can also be a surveillance nightmare. Amazon may not “sell” our data to third parties, but it can use it to gain insights into our buying habits and more.

We must all decide how much of our lives we’re comfortable with Big Tech tracking us. Read the story authored by Geoffrey A. Fowler here to explore ways in which Amazon and potentially other Big Tech companies are watching us.

If you want to learn more about cyber security and smart homes, don’t hesitate to get in touch with me! I’m always happy to answer any questions and always look for collaboration opportunities.

The Importance of Trustworthiness in the Age of the IoT: My First Article on Medium

/ bugejajoseph / Leave a comment

There are many definitions of trustworthiness, but in general it can be described as the ability of a system to meet its objectives while adhering to a set of principles or guidelines. In the context of the IoT, the term “trustworthiness” is often used to refer to the ability of IoT devices and systems to accurately and reliably collect and communicate data.

If you would like to learn more about trustworthiness in the IoT, I suggest reading my latest article on Medium. In the article, I discuss the importance of trustworthiness in the age of the IoT. I also describe trustworthiness and explain why it is important for devices in the IoT. Moreover, I discuss some of the factors that contribute to trustworthiness in the IoT, including reliability, security, and transparency. Finally, I offer some tips on how individuals can ensure that their IoT devices and data are trustworthy.

A Great Resource to Help you Learn about Cybersecurity

/ bugejajoseph / Leave a comment

I find the collection of resources from GoVanguard to be quite helpful for anyone interested in a career in cyber security, whether it be in academia or industry.

Specifically, the GoVanguard InfoSec Encyclopedia is an excellent resource for beginners and experienced professionals alike. It contains a wealth of information on various aspects of information security and is constantly being updated with new and improved content. If you are looking to get into the field of information security, or simply want to learn more about it, the GoVanguard InfoSec Encyclopedia may be a great place to start.

Here is a look at their resource list:

This repository also covers “OSINT Tools Used” and “Exploitation Enumeration and Data Recovery Tools” in addition to the aforementioned resources.

The FTC wants to crack down on mass surveillance 

/ bugejajoseph / Leave a comment

The practice of gathering, analyzing, and profiting from data about individuals is known as commercial surveillance. Due to the volume of data gathered by some companies, individuals may be vulnerable to identity theft and hacking. Indeed, the dangers and stakes of errors, deception, manipulation, and other abuses have increased as a result of mass surveillance. The Federal Trade Commission (FTC) is seeking input from the general public on whether additional regulations are necessary to safeguard individuals’ privacy and personal data in the commercial surveillance economy.

Photo by Lianhao Qu on Unsplash.

I advise you to attend the open forum on September 8, 2022, particularly if you are a researcher focusing on the topic of privacy and security. Also, if you are developing your own system or perhaps planning your next research project, I highly recommend you look at some of the topics identified by the FTC as these are likely to affect the design of your project. Here are the topics mentioned: “Harms to Consumers”, “Harms to Children”, “Costs and Benefits”, “Regulations”, “Automated Systems”, “Discrimination”, “Consumer Consent”, “Notice, Transparency, and Disclosure”, “Remedies”, and “Obsolescence”. Pay particular attention to the topic “Automated Systems” if your system uses AI/ML technologies.

More information can be found here: https://www.ftc.gov/legal-library/browse/federal-register-notices/commercial-surveillance-data-security-rulemaking and https://www.ftc.gov/news-events/news/press-releases/2022/08/ftc-explores-rules-cracking-down-commercial-surveillance-lax-data-security-practices

Popular smart home brands may be allowing the police to conduct warrantless home surveillance

/ bugejajoseph / Leave a comment

The security cameras in our smart homes from well-known smart home brands like Amazon and Google might not just be watching over our pets. According to an article in The Verge, they can also aid law enforcement in their investigations of crimes, but only if we do not mind the police viewing our footage without a warrant.

That implies that the police can access our private information without first presenting proof that an emergency situation exists. Police will probably only make use of this access for lawful objectives, such as preventing crime or attempting to locate a missing person in need of assistance. However, it does raise some issues regarding what may transpire when this technology becomes even more widely used and available.

What if, for instance, this access is utilized to locate and detain activists or protestors who have not breached any laws? Citizens may only exercise caution when shopping, be aware that their smart device may record personal information, and, if possible, enable end-to-end encryption.

If you have any questions about how to secure your smart home, do not hesitate to contact me.

The CNIL’s Privacy Research Day

/ bugejajoseph / Leave a comment

The first CNIL’s International Conference on Research in Privacy took place in Paris yesterday, June 28, and was broadcast online for free. In addition to providing a great opportunity to consider the influence of research on regulation and vice versa, this conference facilitated the building of bridges between regulators and researchers.

During the day, experts from different fields presented their work and discussed its impact on regulation and vice-versa. I attended it online — there were many interesting topics covered by the different panelists. The topics ranged from the economics of privacy, smartphones and apps, AI and explanation, and more. Surely, one of the panels that I liked was that on AI and explanation. 

Machine learning algorithms are becoming more prevalent, so it is important to examine other factors in addition to optimal performance when evaluating them. Among these factors, privacy, ethics, and explainability should be given more attention. Many of the interesting pieces I see here are related to what I and my colleagues are working on right now and what I have planned for my upcoming projects.

You are welcome to contact me if you are curious about what I am working on and would want to collaborate.

Panel Discussion on the topic of Designing IoT Systems

/ bugejajoseph / Leave a comment

I was invited to participate in a panel discussion at Malmö University on Friday, April 8th. The topic of “Designing IoT Systems” was the one I was asked to speak about. There were representatives from Sony and Sigma Connectivity in the panel with me. Concerns about trustworthiness were a major topic of discussion during the session. 

Safety, security, privacy, reliability, and resilience tend to be identified by several researchers as the main trustworthiness concerns in the IoT domain. These concerns are there to ensure that systems function as intended in a variety of situations.

According to several academics, the most challenging aspects of designing trustworthy IoT systems are achieving privacy and security. From applications to devices, each layer of the Internet of Things has its own set of security risks and potential attacks. From a research perspective, a hot topic is that of building energy-efficient security, along with scalable and dynamic security architectures. Preserving data privacy in the IoT, on the other hand, is also particularly challenging. Existing IoT privacy mechanisms are often built for single services, and not necessarily for interdependent, dynamic, and heterogeneous services. Building new privacy preservation techniques for interdependent services is a hot topic, as is federated learning when it comes to data privacy.

Panel discussion on the topic of “Designing IoT Systems”

Finally, there are a number of standards that pertain to trustworthiness. ISO/IEC 30147 “Integration of trustworthiness in IoT lifecycle processes” and ISO/IEC 30149 “IoT trustworthiness principles” are two ISO/IEC standards.

If you want to collaborate with me or learn more about a specific topic that is related to my research topics, please send me an email.

The Internet of Things and Security

/ bugejajoseph / Leave a comment

The Internet of Things (IoT) is changing the way we live. The IoT is the idea of having devices that are connected to each other and can be controlled via the Internet. Cameras, refrigerators, alarm systems, televisions, and other electronic gadgets are examples of such devices. The IoT has contributed to giving people an improved quality of life.

But how can we put our trust in all of these IoT devices? How can we be sure they will not turn against us? How will we know whether or not the device we are utilizing is safe? All of these questions are key to unlocking growth in the IoT.

IoT devices can be both, physical and virtual in nature. They can have a variety of different functions, from being a simple remote control to being a complex system that monitors the environment, collects data, and sends it back for analysis.

Many people do not realize that their smart home devices may contain security vulnerabilities that hackers could exploit. Hackers can enter a smart home or even switch off the power by exploiting weaknesses in IoT devices such as connected door locks and lighting systems. For instance, over the course of one week, a study by the UK-based consumer group Which? discovered 2,435 malicious attempts to enter into devices with weak default usernames and passwords in a fake “smart home.”

Cybersecurity is a critical responsibility for organizations of all sizes, but manufacturers, in particular, must do more to ensure that IoT devices are secure from hackers and do not endanger consumer lives. Recently, in the UK, the Product Security and Telecommunications Infrastructure (PSTI) Bill was introduced subjecting stricter cybersecurity rules for manufacturers, importers, and distributors of IoT technologies. This new legislation intends to better protect consumers’ IoT devices from hackers, as well as help the IoT market get the trust it needs to reach its full potential. 

If you would like to learn about IoT security and how to safeguard your IoT devices, please get in touch.

The Importance of Information Ethics in the Digital Age

/ bugejajoseph / Leave a comment

Over the years, the world has witnessed a technological evolution that has resulted in the World Wide Web becoming a location where information about individuals is acquired and spread. Information ethics is a subset of ethics that investigates the impact of information technology on society. It draws on a variety of fields, including philosophy, law, and computer science. Information ethics seeks to assist us in thinking about how we, as individuals, companies, governments, and societies, think about information: what it is, where it comes from, and how we use it. With the rapid rise of ubiquitous computing and networks, it is becoming an increasingly essential topic of research.

As our world gets more interconnected, individuals must make more responsible decisions about how they acquire, use, and share information with others. Making these decisions can be challenging at times, especially when there is little information available to assist us in deciding what is acceptable and what is not. If one’s actions or inactions have the potential to cause harm to others, one should be held accountable. Information ethics looks at what is right and wrong in relation to information systems. But where can we find these rules, and how can we apply them to the Internet, particularly to the Internet of Things, where certain key decisions are made automatically by machines?

This is a topic that I have been researching for the past few months. I was able also to publish a paper on this topic. If you are a scholar or simply are interested to explore ethics, I recommend reading the book “Ethics & Technology: Controversies, Questions, and Strategies for Ethical Computing” by Herman T. Tavani.