security – Niel Harper

Caribbean Security & Resilience Awards Winners Announced

September 14, 2021May 6, 2022nielharper

The winners of the 2021 Caribbean Security & Resilience Awards have been announced!

Congratulations to the other award recipients:

Peter Bäckman (Dominican Republic)
Kwailan M. Bridgewater (Trinidad & Tobago)
Lysandra Capella (Curacao)
Rosa Damaris Diaz de Tejada (Dominican Republic)
Gavin Dennis (Jamaica)
David Gittens (Barbados)
Stevez Gomes (British Virgin Islands)
Garth Gray (Jamaica)
Norval West (Jamaica)

I was quite surprised to be recognised for my contributions in the Caribbean region, and deeply humbled to be in such esteemed company.

Thank you all for what you do day in and day out to keep the Caribbean region #cybersecure!!!!

The official announcement on the International Security Journal’s website can be found here.

8 Pitfalls That Undermine Security Program Success

September 13, 2021May 6, 2022nielharper

“Some of the biggest breaches have come down to small mistakes.

Hackers used a compromised password to access the company network via a virtual private network in the May 2021 Colonial Pipeline attack. A widely known vulnerability that hadn’t yet been patched was the entry point for the 2017 Equifax attack. And a bitcoin scam on Twitter started with spear phishing attacks on Twitter employees.

Of course, there’s no such thing as a perfect security program, but such events show that cybersecurity teams can’t afford to overlook anything.”

In this CSO Online article, I joined a number of security leaders to discuss eight easy-to-overlook pitfalls that can undermine an otherwise successful security strategy.

You can access the full article here!

Too Many Unanswered Questions: The Barbados National Digital Identification (DID)

March 6, 2021May 6, 2022nielharper

In September 2020, it was widely publicised that the Government of Barbados would be introducing a national digital identification (DID) card. As expected, the announcement and subsequent reports have included the usual public service rhetoric about shifting to a digital economy, delivering social benefits, increasing the efficiency of doing business, and transforming the country into an innovation hub. Putting this flowery political language aside, there are a number of questions that remain unanswered regarding the delivery of the DID project. Questions around clear policy objectives, economic value capture, social impact, technology standards and legal requirements that need to be addressed if Barbadians at-large are to truly profit from this initiative.

To be fair, a DID system represents innumerable benefits to the nation. It will serve as a key foundational element in transitioning to more accurate and efficient online delivery of government services (e-government), enhancing poverty alleviation and welfare services, reducing fraud, increasing financial inclusion, and serving national security interests.

However, without proper implementation, oversight and control, DID can inflict great harm on society, including the government or corporations profiting from the collection and storage of personal data, political manipulation of the electorate, social control of particular groups through surveillance, and restriction of access to uses such as payments, travel, and social media. Additionally, in the absence of a qualified and experienced project management team, it will most definitely be a ‘white elephant’ – a massive waste of public funds that does precious little to improve the lives of citizens. In the ensuing sections, I will provide a detailed analysis of critical risk areas that pertain to digital ID systems and what must be done to successfully alleviate them.

To read the full article, please click on this link.

Why Linux is the Most Popular Operating System

December 7, 2020May 6, 2022nielharper

If you engage in a discussion with the average IT professional about which operating system is the most popular, you will more than likely hear claims that Windows has more than a 75% market share. I argue that this is the furthest thing from the truth, and I will explain why below.

Linux operating systems are widely used in numerous software applications. From large scale social media platforms to gaming consoles to popular coding languages, it’s hard to avoid the use of Linux anywhere on the Internet. The integration of IoT, embedded systems and robotics in Linux has driven innovation across several industry verticals and is also fuelling increased market growth. Moreover, the availability of numerous open source codes and products will generate wider adoption across the world. The ongoing efforts taking place to replace conventional operating systems in the IT and telecom sectors with Linux-based systems has opened up massive growth potential for the overall market in the coming years. The increasing adoption of these systems in enterprise data centres and the explosion of data centre build-outs will have a huge impact on the growth of the market in the foreseeable future. But why is Linux so popular?

Price

What makes Linux attractive is the free and open source software (FOSS) licensing model. One of the most attractive elements offered by the OS is its price – totally free. Users can download current versions of hundreds of distributions. Businesses can supplement the free price with a support service if needed. Either way, there is no new hardware required. Another Linux benefit is the availability to download and run thousands of free, fully functional applications. In many cases, the quality of the software is equal or superior to well-known Windows applications.

Stability

This is a debatable point, and where I think Linux triumphs is because of its community. As Linux’s popularity grew, so did the number of developers and users involved in evolving the codebase. This army of highly competent and dedicated individuals has spent and continues to spend countless hours discovering and quickly correcting bugs, while also improving the code. The massive community support is in my opinion what makes Linux more stable and reliable.

Security

For the same reason underpinning its stability, Linux continues to be the most secure kernel currently running in production. When an exploit is discovered, it is immediately patched into the latest stable kernel and to all affected Long Term Supported (LTS) kernels. Taking cues from its UNIX predecessors, Linux was from the very beginning designed to be a multiuser operating system. This resulted in tighter permission and access controls for both users and applications. Consequently, attackers are pretty much disincentivized to write viruses or malware for the platform.

Support

While Linux and the operating systems using the kernel are free, supporting those operating systems typically requires companies and end users to pay for support subscriptions. As such, they are guaranteed to get the latest software technologies, hardware support and security patches integrated into their environment and onto their physical or virtual machines. They can also take advantage of the availability of many talented developers across the globe who can support their deployments.

All that sounds nice, but who really uses Linux anyway?

Android is Linux-based (there are currently more than 2.5 billion Android devices, representing 85% of the mobile market and 40% of all devices connected to the Internet)
AWS, Azure, Google, Rackspace and others use Linux to deliver their cloud services
Linux is running on most resource constrained devices, including IoT hardware and Raspberry Pi boards
A large percentage of home Internet routers run Linux
Telco networks are largely Linux-based (e.g. AT&T, Verizon, Nippon Telephone & Telegraph, China Mobile, Vodafone, Telefonica, etc.)
Science-based organizations, particularly those running supercomputers, rely on Linux (e.g. NASA, CERN, NOAA, universities, etc.)
The defence industry uses Linux to run submarines, ground control systems, radar, aircraft carriers, warships, etc.
Countries like the US, China, North Korea, Germany, Estonia, Iceland, Spain, India, Brazil, etc. use Linux in multiple public sector applications, especially for education, law enforcement, military, and e-government
National e-voting systems across the world predominantly use Linux
Embedded control systems for power utilities, water companies, manufacturing, auto assembly, etc. mostly use Linux
Most global stock exchanges run on Linux
Most in-flight entertainment systems run on Linux
Sabre, the ubiquitous airline reservation system, runs on Linux
Connected car systems run on Linux
The most innovative software such as OpenStack, Docker, Kubernetes, etc. were all designed initially to support Linux
Linux supports 32-bit and 64-bit x86, ARM, MIPS, SPARC, POWER microprocessors – making it highly portable
Linux runs on many types of obscure and outdated hardware

And the list can go on and on…

What are your thoughts on Linux?

ICT PULSE: Cyber Threats and Security in the Caribbean 2016 Update – Interview with Niel Harper

April 15, 2016December 18, 2020nielharper

ICT Pulse: Niel, it has been two years since our last Expert Insights Series, give us a quick recap of what have been the most prevalent incidents in Barbados and/or in the Caribbean region since 2014?

Niel Harper: Over the last 2 years, various government web sites in Barbados have been compromised and defaced by hackers. Websites included the Barbados Government Information Service (BGIS), Barbados Stock Exchange (BSE), Barbados Revenue Authority (BRA), Royal Barbados Police Force, and the Barbados Supreme Court, to name a few. Private websites such as the Barbados Advocate were hacked as well. There are still no data protection laws in the country, so due to absence of mandatory breach notifications, the few reported incidents are only the tip of the iceberg.

The prevalence of ATM skimming attacks have also increased. However, because the marketplace is dominated by mostly Canadian banks, Sarbanes-Oxley regulatory requirements have led to stronger controls, and many of the skimming attacks have resulted in arrests.

In the wider Caribbean, there have been similar trends of government websites being compromised. A number of organizations in St. Vincent, Grenada, St. Kitts & Nevis and other countries have been subject to malicious online attacks. One of the major commonalities across the region is that organizations with limited resources and untrained personnel have been the targets of successful attacks. This is a key reason why capacity building is critical to improving the region’s overall cyber response capabilities.

ICTP: How has the threat landscape changed over the past two years? Are there any particular areas of concern that you have for Caribbean organizations?

NH: The smartphone footprint continues to grow and with it the attack surface of mobile devices. That being said, many device manufacturers are focusing their efforts on enhanced security as a product differentiator. Still, end user education is necessary as an additional layer of protection against malicious threats.

Given the increased hardening of operating systems and applications, attackers are focusing on areas lower down the ‘stack’ such as BIOS, firmware, and graphics chipsets. Controls such as boot security, trusted execution, and active memory protecting are making these attacks more difficult, but I expect these types of threat vectors to increase.

Newer technologies such as IoT (Internet of Things), M2M (machine-to-machine) communication, Network Functions Virtualization (NFV), and Software Defined Networks (SDN) are growing in terms of their deployment base. But this also introduces significant challenges in terms of security: single points of failure, open source software, and complexity. The fact that commonly used items such as televisions, refrigerators, and even automobiles, are now accessible through the Internet has vastly changed the threat landscape, and should force manufacturers and end users alike to focus more on cybersecurity.

The explosion of cloud computing, the increasing popularity of crypto-currencies, and the emergence of mobile payments (e.g. Apple Pay, Google Wallet, etc.) are also areas for concern with regard to an expanding threat surface.

All of these areas are of particular concerns for Caribbean organizations, especially those who are seeking to be on the cutting edge […]

The entire interview can be found on the ICT Pulse website at: http://bit.ly/1T9iMQv