2021 ISACA Technology for Humanity Award

I am pleased to announce that I have been selected as the recipient of the 2021 ISACA Technology for Humanity Award, with the citation:

“For contributions to capacity building across the world towards the development of affordable, open and user-centric Internet infrastructure.”

Since 2010, I have worked with organizations such as the Internet Society, IETF, IEEE, Branson Centre for Entrepreneurship, United Nations, TEN Habitat, Google, NBCUniversal, European Commission, and others to lead, implement and/or support capacity building programs towards the implementation of open, affordable, secure and user-centric Internet infrastructure and applications in Africa, Asia-Pacific, Latin America & the Caribbean, and Europe.

This award recognises these contributions.

Hearty congratulations to all of the 2021 ISACA Global Achievements Award recipients!!!!

Blockchain Framework and Guidance

The Information Systems Audit and Control Association (ISACA) just released the ‘Blockchain Framework and Guidance’ publication.

“Blockchain Framework and Guidance provides an overview of blockchain, including history, types, benefits, features, concepts and use cases, and offers a framework for the adoption of blockchain technology across enterprises. The ISACA blockchain framework provides foundational information, practical guidance and proposed tools for proper blockchain implementation, governance, security, audit and assurance. The unique aspects of blockchain technology and the blockchain touchpoints with existing technology ecosystems are explained in detail. In addition, Blockchain Framework and Guidance maps existing technology implementation disciplines into the process of blockchain adoption.”

As a member of ISACA’s Emerging Technology Advisory Group, I served as an Expert Reviewer of this document.

You can access this excellent resource through ISACA’s Bookstore.

Why Linux is the Most Popular Operating System

If you engage in a discussion with the average IT professional about which operating system is the most popular, you will more than likely hear claims that Windows has more than a 75% market share. I argue that this is the furthest thing from the truth, and I will explain why below.

Linux operating systems are widely used in numerous software applications. From large scale social media platforms to gaming consoles to popular coding languages, it’s hard to avoid the use of Linux anywhere on the Internet. The integration of IoT, embedded systems and robotics in Linux has driven innovation across several industry verticals and is also fuelling increased market growth. Moreover, the availability of numerous open source codes and products will generate wider adoption across the world. The ongoing efforts taking place to replace conventional operating systems in the IT and telecom sectors with Linux-based systems has opened up massive growth potential for the overall market in the coming years. The increasing adoption of these systems in enterprise data centres and the explosion of data centre build-outs will have a huge impact on the growth of the market in the foreseeable future. But why is Linux so popular?

Price

What makes Linux attractive is the free and open source software (FOSS) licensing model. One of the most attractive elements offered by the OS is its price – totally free. Users can download current versions of hundreds of distributions. Businesses can supplement the free price with a support service if needed. Either way, there is no new hardware required. Another Linux benefit is the availability to download and run thousands of free, fully functional applications. In many cases, the quality of the software is equal or superior to well-known Windows applications.

Stability

This is a debatable point, and where I think Linux triumphs is because of its community. As Linux’s popularity grew, so did the number of developers and users involved in evolving the codebase. This army of highly competent and dedicated individuals has spent and continues to spend countless hours discovering and quickly correcting bugs, while also improving the code. The massive community support is in my opinion what makes Linux more stable and reliable.

Security

For the same reason underpinning its stability, Linux continues to be the most secure kernel currently running in production. When an exploit is discovered, it is immediately patched into the latest stable kernel and to all affected Long Term Supported (LTS) kernels. Taking cues from its UNIX predecessors, Linux was from the very beginning designed to be a multiuser operating system. This resulted in tighter permission and access controls for both users and applications. Consequently, attackers are pretty much disincentivized to write viruses or malware for the platform.

Support

While Linux and the operating systems using the kernel are free, supporting those operating systems typically requires companies and end users to pay for support subscriptions. As such, they are guaranteed to get the latest software technologies, hardware support and security patches integrated into their environment and onto their physical or virtual machines. They can also take advantage of the availability of many talented developers across the globe who can support their deployments.

All that sounds nice, but who really uses Linux anyway?

  • Android is Linux-based (there are currently more than 2.5 billion Android devices, representing 85% of the mobile market and 40% of all devices connected to the Internet)
  • AWS, Azure, Google, Rackspace and others use Linux to deliver their cloud services
  • Linux is running on most resource constrained devices, including IoT hardware and Raspberry Pi boards
  • A large percentage of home Internet routers run Linux
  • Telco networks are largely Linux-based (e.g. AT&T, Verizon, Nippon Telephone & Telegraph, China Mobile, Vodafone, Telefonica, etc.)
  • Science-based organizations, particularly those running supercomputers, rely on Linux (e.g. NASA, CERN, NOAA, universities, etc.)
  • The defence industry uses Linux to run submarines, ground control systems, radar, aircraft carriers, warships, etc.
  • Countries like the US, China, North Korea, Germany, Estonia, Iceland, Spain, India, Brazil, etc. use Linux in multiple public sector applications, especially for education, law enforcement, military, and e-government
  • National e-voting systems across the world predominantly use Linux
  • Embedded control systems for power utilities, water companies, manufacturing, auto assembly, etc. all use Linux
  • Most global stock exchanges run on Linux
  • Most in-flight entertainment systems run on Linux
  • Sabre, the ubiquitous airline reservation system, runs on Linux
  • Connected car systems run on Linux
  • The most innovative software such as OpenStack, Docker, Juju, Kubernetes, etc. were all designed initially to support Linux
  • Linux supports 32-bit and 64-bit x86, ARM, MIPS, SPARC, POWER microprocessors – making it highly portable
  • Linux runs on many types of obscure and outdated hardware

And the list can go on and on…

What are your thoughts on Linux?

The Roles of Digital Currencies and Cryptocurrencies in Central Banks

The University of the West Indies – Cave Hill Campus presents an expert panel discussion on ‘Building Digital Economies: The Roles of Digital Currencies and Cryptocurrencies in Central Banks.’

The speakers will be yours truly, Dr. Justin Robinson, and Stephen Phillips. We will be exploring the use of digital currencies and cryptocurrencies in accelerating digital economies across the Caribbean regions.

Key topics to be discussed will include, but are not limited to, online payments, regulatory frameworks, legislative reform, financial inclusion, digital IDs, and other relevant areas.

Don’t miss it!

Cybersecurity: Risks, Progress and the Way Forward in Latin America & the Caribbean

I will be chairing this Global Cyber Forum on 21 October 2020, where we will be discussing the state of cybersecurity capacities and capabilities across the Caribbean region.

Our speaker will be Kerry-Ann Barrett, Cybersecurity Policy Specialist at the Organization of American States (OAS), where she offers technical assistance to Member States in the development and implementation of their national cyber security strategies as well as assists in the implementation of various technical projects with the OAS Cybersecurity Program.

The overall basis for the session will be the 2020 Cybersecurity Report prepared by the Inter-American Development Bank (IDB), Organization of American States (OAS), and the Global Cyber Security Capacity Centre, University of Oxford. Our discussions will focus on the progress made thus far across the Caribbean, and what steps are necessary to move to the next level, including key areas such as national cybersecurity strategies, related action plans, or other cybersecurity capacity-building programs.

Tune in for what will be an engaging and informative session!

The Cost of 1GB of Mobile Data: Why It Matters!

While not the only barrier to access, the high cost of data is the biggest factor keeping people offline. Undoubtedly, those countries/regions with the least affordable data are also those with the fewest people connected to the Internet. A failure to deliver affordable Internet access keeps citizens offline and compounds global inequalities.

From a personal perspective, I have complained bitterly over the years about the cost of mobile data in my country Barbados and how it negatively impacts economic growth and the effective transition to a digital economy. Based on available statistics, the cost of 1 GB of mobile data in Barbados is USD$9.32 (ranked 196th globally).

In comparison, below are the prices/rankings for a sample of other countries:

>> India: $0.09 (1st)
>> Somalia: $0.50 (7th)
>> Russian Federation: $0.52 (9th)
>> China: $0.61 (12th)
>> Denmark: $0.80 (29th)
>> Brazil: $1.01 (38th)
>> United Kingdom: $1.39 (59th)
>> Hong Kong: $2.55 (101st)
>> United Arab Emirates: $3.78 (130th)
>> Jamaica: $3.88 (138th)
>> United States: $8.00 (188th)
>> Canada: $12.55 (209th)
>> Cuba: $13.33 (212th)
>> Bermuda: $28.75 (225th)

High mobile data costs also have a negative knock-on effect on the diffusion of existing and emerging technologies and applications (e.g. IoT, smart cities, telemedicine, mobile payments, etc.), many of them with high social benefits.

Do you know where your country ranks? What do you think of these statistics?

Cybersecurity pros are badly in need of MENTORS: And here’s why…

Finding and keeping cyber-talent is a top global concern for public- and private-sector organizations alike. Yet, the prevailing theory among industry analysts is that there is a talent crisis, with ‘experts’ predicting that by 2022 there will be more than 1.8 million unfilled jobs.

The above graphic highlights one of the industry’s most glaring shortcomings: Everyone wants to hire cybersecurity pros, but no one wants to develop, guide, instruct and enhance the career effectiveness of inexperienced/entry-level candidates. It’s a self-destructive, self-refuelling, self-fulfilling prophecy – And it NEEDS to STOP! We simply don’t have an assembly line of top-tier, experienced cyber pros to choose from.

So how do we develop the next generation of cybersecurity leaders? What are some of the individual actions veteran security leaders can take? How do we help those without the finances to obtain expensive security training and certifications? What role does the government have to play?

There are multiple dimensions to the institutionalisation of cyber capacity building. For example, there’s a national response and an enterprise response — and ideally the two should be coordinated (but most often are not).

There are established commercial training and certification programs, which can verify the capabilities of individuals. However, while these certifications can be used to get hired, organizations still have to continuously invest in their employees’ development. This is particular important given how rapidly the threat landscape changes.

From a national perspective, capabilities need to be developed to build trust in the online systems that underpin the digital economy. Part of building trust is creating a workforce of cyber pros to address key threats. Government should create a workforce development program as part of a national cybersecurity strategy, and it should address training at the college, university and professional certification levels.

But in the absence of such actions by corporations or countries, we cybersecurity leaders need to take up the charge. We need to commit to mentoring as many young professionals as we humanly can. It’s not only incumbent upon us to support their career progress, but also to give back to the profession as well as contribute to the overall trust model that underpins the global Internet. Let’s do our part!

What Do Great Airports and Great Cybersecurity Have In Common?

My 5 best airports are as follows:

  1. Singapore Changi Airport
  2. Tokyo International Airport – Haneda
  3. Seoul Incheon International Airport
  4. Hamad International Airport – Doha
  5. Hong Kong International Airport

Conversely, my 5 worst airports are:

  1. Newark Liberty International
  2. Berlin Schönefeld International
  3. Charles de Gaulle-Paris International
  4. Reykjavik International Airport
  5. London Gatwick International

Great airports are designed to manage high volumes of traffic while maintaining robust, granular security. They get the basic and advanced things right, while maintaining user friendliness and efficiency. They provide seamless connectivity, and are agile and responsive. They combine people, process and technology effectively. And they involve all stakeholders in continuous improvement plans. Great cybersecurity also does these things well!

Expert Insights on Cyber Threats and Security

It is only a matter of time before an organisation experiences some kind of cyber incident.

In this podcast conversation with ICT Pulse, I discussed, among other things, how the threat landscape is changing, what should be included in a good Cybersecurity Incident Response Plan, whether cyber insurance is a good idea, and what is the top cybersecurity concern businesses face today.

Check it out here!

Facts vs Fiction: What’s the ‘Right to be Forgotten’ Really About?

There’s still a vigorous debate going on about the ‘right to erasure’, also referred to by some as ‘the right to be forgotten.’ Its detractors strongly argue that it is tantamount to censoring lawful and factual information, and is dubious on principle. They also believe it to be deeply flawed as a method of protecting privacy.

I believe those to be simple-minded positions. The ‘right to erasure’ allows for data subjects to have their data scrubbed when it is no longer necessary for the purpose an organization originally collected it. It is also key when there is no overriding legitimate interest for an organization to continue with the processing. It also protects an individual when their data is being processed unlawfully or when an organization has to adhere to a court ruling.

To be more specific, Article 17 of the GDPR outlines the conditions under which the right to be forgotten takes precedent. An individual has the right to have their personal data erased when:

  • The personal data is no longer required for the original purpose an organization collected or processed it;
  • An organization is relying on an individual’s consent as the lawful basis for processing the data and that consent is withdrawn;
  • An organization is relying on legitimate interests as its justification for processing an individual’s data, the individual objects to this processing, and there is no overriding legitimate interest for the organization to continue with the processing;
  • An organization is processing personal data for direct marketing purposes and the individual objects to this processing;
  • An organization processed an individual’s personal data unlawfully;
  • An organization must erase personal data in order to comply with a legal ruling or obligation; and
  • An organization has processed a child’s personal data to provide them with specific information services.

However, there are several instance which override the right to erasure:

  • The data is being used to exercise the right of freedom of expression and information.
  • The data is being used to comply with a legal ruling or obligation.
  • The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
  • The data being processed is necessary for public health purposes and serves in the public interest.
  • The data being processed is necessary to perform preventative or occupational medicine. This only applies when the data is being processed by a health professional who is subject to a legal obligation of professional secrecy.
  • The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair halt progress towards the achievement that was the goal of the processing.
  • The data is being used for the establishment of a legal defense or in the exercise of other legal claims.
  • Furthermore, an organization can request a “reasonable fee” or deny a request to erase personal data if the organization can justify that the request was unfounded or excessive.

As is evident by a deeper look at the GDPR, a number of factors contribute to successfully having your data erased. Each request has to be assessed individually, the request must not interfere with other fundamental rights, it shouldn’t take precedent over the public interest, or countermand law enforcement requirements, etc. It is NOT a lawful reason to erase history or hide data about yourself that is embarrassing, and it doesn’t generally allow you to obscure your criminal past.

That being said, the issue of outdated and irrelevant information remaining indefinitely online is one that law has not effectively addressed (especially in the Internet Age). And it’s a dilemma that is predominantly more harmful for those who aren’t public figures — the folks who are in greater need of privacy protections from the law.