CyberCrime represents one of the biggest threats to society and human progress to be encountered in the past 70 years. As a business, it is by far the biggest on the planet with a balance sheet that would see it joining the G8 within the next 3 years given its continued exponential growth. With these criminal activities only attracting sensational reporting in the context of stolen passwords and account details, society soldiers on not understanding the detail and not understanding the growing threat. Attacks are tolerated in much the same way as a snowstorm!
Military, national defense, and security organizations, along with police and government can no longer cope and are in large part unable to defend and protect their citizens. The IT industry and those engaged in Cyber Defence are struggling too and remain in a reactive defense mode - mostly responding after the fact/act! The Dark Side not only enjoy the first-mover advantage, they are unbounded by the Law, Ethics, or indeed any constraints!
There are also rogue states and terrorists plus many other groups also leveraging the openness of societies to attack, and often straying into/exploiting criminal resources! At the same time the defenders tend to be far and few on the ground, generally underfunded and resourced, and often unappreciated and poorly paid/rewarded. For sure, it is time to rethink this arena and change our thinking on how we approach defense.
This lecture is Part 1 of a rethink/reeducation process: ‘Attack Scenarios’ approaches the transformation process by getting students to think as if they are attacker so that in Part 2; ‘Defence Scenarios’ they can get ahead of the game to anticipate and respond ahead of an attack. This they do in RED Team mode with an opportunity to design their own criminal empire on screen!
Environmental and social impacts of water projects_Pradeep Kumar (NWA)_2011India Water Portal
Water resource projects are needed to meet the growing demands of India's increasing population for food, industry, domestic use, and power. However, they can negatively impact the environment and communities. Key impacts include the displacement of people and loss of livelihoods during construction. Forests and wildlife habitats are also affected. During operation, positive impacts are irrigation for agriculture and increased aquatic life, but negative impacts include waterlogging and changes to natural ecosystems. Project developers aim to manage these impacts through measures like compensatory forestation, relocation of affected communities and wildlife, and management of water usage.
Raw remote sensing images contain errors that must be corrected through pre-processing before analysis. Pre-processing involves radiometric, geometric, and atmospheric corrections. Radiometric corrections address distortions in pixel values from issues like noise, striping, or dropped scan lines. Geometric corrections rectify distortions caused by terrain, sensor geometry, and platform movement using ground control points. Atmospheric corrections reduce haze effects through techniques like dark object subtraction that assume minimum surface reflectance values. Pre-processing is essential for producing accurate, georeferenced images suitable for analysis and interpretation.
This document discusses several approaches for atmospheric correction of remote sensing imagery:
1) Image-based methods like the dark pixel method and regression method estimate and remove atmospheric path radiance.
2) The empirical line method uses ground targets of known reflectance to model atmospheric effects.
3) Radiative transfer models precisely account for atmospheric conditions using numerical models like MODTRAN or 6S to convert pixel values to surface reflectance.
4) Relative correction methods normalize images without absolute calibration to surface reflectance. Atmospheric correction is needed to accurately analyze surface properties from remote sensing data and compare images acquired at different times or wavelengths.
This document summarizes a report on using GIS and remote sensing for natural resource mapping and management. It was prepared by Kamal Abdurahman for his supervisor at Koya University. The report describes using satellite imagery to map geology, vegetation, soils, and land use/land cover in a region of the Middle East. Imagery was analyzed using GIS software to extract spatial information on natural resources for sustainable management and decision making. Field verification involved collecting GPS points to validate mapped resources. Final maps of the study area's geology, soils, vegetation and land use were produced at a scale of 1:25,000.
This document provides an overview of remote sensing. It defines remote sensing as acquiring information about the Earth's surface without physical contact using sensors. It discusses various remote sensing platforms, data sources, processes, applications, organizations, and history. The key applications of remote sensing mentioned are land use mapping, agriculture, forestry, water management, and environmental monitoring. Satellite images are provided as examples to illustrate monitoring of deforestation and flood damage assessment.
This document provides information on the Cauvery Delta Zone of Tamil Nadu, including its geographical distribution, rainfall data, soil types, and issues affecting the region. The key points are:
1) The Cauvery Delta Zone covers an area of 14.47 lakh hectares across 8 districts and 28 taluks, with Thanjavur district making up the largest portion.
2) The region receives an average annual rainfall of 1078 mm, with the highest rainfall occurring in October, November, and December.
3) The soils include alluvial soils in the old delta region which are clayey and prone to cracking, and lateritic soils in the new delta region which are sandy with low
Remote sensing (RS) and geographical information systems (GIS) are revolutionising irrigation management. They represent a relatively cheap and rapid method of acquiring up-to-date information over a large geographical area. and are the only practical way to obtain data from inaccessible regions. At small scales, regional phenomena which are invisible from the ground can be clearly visible. Presented at the 1st World Irrigation Forum, 2013, Mardin, Turkey.
Environmental and social impacts of water projects_Pradeep Kumar (NWA)_2011India Water Portal
Water resource projects are needed to meet the growing demands of India's increasing population for food, industry, domestic use, and power. However, they can negatively impact the environment and communities. Key impacts include the displacement of people and loss of livelihoods during construction. Forests and wildlife habitats are also affected. During operation, positive impacts are irrigation for agriculture and increased aquatic life, but negative impacts include waterlogging and changes to natural ecosystems. Project developers aim to manage these impacts through measures like compensatory forestation, relocation of affected communities and wildlife, and management of water usage.
Raw remote sensing images contain errors that must be corrected through pre-processing before analysis. Pre-processing involves radiometric, geometric, and atmospheric corrections. Radiometric corrections address distortions in pixel values from issues like noise, striping, or dropped scan lines. Geometric corrections rectify distortions caused by terrain, sensor geometry, and platform movement using ground control points. Atmospheric corrections reduce haze effects through techniques like dark object subtraction that assume minimum surface reflectance values. Pre-processing is essential for producing accurate, georeferenced images suitable for analysis and interpretation.
This document discusses several approaches for atmospheric correction of remote sensing imagery:
1) Image-based methods like the dark pixel method and regression method estimate and remove atmospheric path radiance.
2) The empirical line method uses ground targets of known reflectance to model atmospheric effects.
3) Radiative transfer models precisely account for atmospheric conditions using numerical models like MODTRAN or 6S to convert pixel values to surface reflectance.
4) Relative correction methods normalize images without absolute calibration to surface reflectance. Atmospheric correction is needed to accurately analyze surface properties from remote sensing data and compare images acquired at different times or wavelengths.
This document summarizes a report on using GIS and remote sensing for natural resource mapping and management. It was prepared by Kamal Abdurahman for his supervisor at Koya University. The report describes using satellite imagery to map geology, vegetation, soils, and land use/land cover in a region of the Middle East. Imagery was analyzed using GIS software to extract spatial information on natural resources for sustainable management and decision making. Field verification involved collecting GPS points to validate mapped resources. Final maps of the study area's geology, soils, vegetation and land use were produced at a scale of 1:25,000.
This document provides an overview of remote sensing. It defines remote sensing as acquiring information about the Earth's surface without physical contact using sensors. It discusses various remote sensing platforms, data sources, processes, applications, organizations, and history. The key applications of remote sensing mentioned are land use mapping, agriculture, forestry, water management, and environmental monitoring. Satellite images are provided as examples to illustrate monitoring of deforestation and flood damage assessment.
This document provides information on the Cauvery Delta Zone of Tamil Nadu, including its geographical distribution, rainfall data, soil types, and issues affecting the region. The key points are:
1) The Cauvery Delta Zone covers an area of 14.47 lakh hectares across 8 districts and 28 taluks, with Thanjavur district making up the largest portion.
2) The region receives an average annual rainfall of 1078 mm, with the highest rainfall occurring in October, November, and December.
3) The soils include alluvial soils in the old delta region which are clayey and prone to cracking, and lateritic soils in the new delta region which are sandy with low
Remote sensing (RS) and geographical information systems (GIS) are revolutionising irrigation management. They represent a relatively cheap and rapid method of acquiring up-to-date information over a large geographical area. and are the only practical way to obtain data from inaccessible regions. At small scales, regional phenomena which are invisible from the ground can be clearly visible. Presented at the 1st World Irrigation Forum, 2013, Mardin, Turkey.
Watershed management aims to enable sustainable production and minimize hazards to natural resources like soil and water. A watershed is a geographical area that drains to a common water body. Key components of watershed management programs include soil and water conservation measures, water harvesting, and crop management and alternate land use systems suited to land capability. The overall objectives are improved livelihoods through increased incomes while protecting watershed resources.
This document provides information on designing a drip irrigation system. It discusses collecting data on the field, water sources, crop details, and climate. Key steps in the design process are outlined, including calculating water requirements based on reference evapotranspiration, crop coefficients, and canopy factors. Methods for selecting emitters, laterals, and submains based on flow rates and hydraulic considerations are described. The goal of the design is to maintain high system efficiency and uniform moisture for optimizing crop yield.
REMOTE SENSING & GIS APPLICATIONS IN WATERSHED MANAGEMENT Sumant Diwakar
This document discusses remote sensing and GIS applications for watershed management. It describes how remote sensing can be used to characterize watersheds by mapping attributes like size, shape, drainage patterns, geology, soil, land use, and groundwater potential. Remote sensing data can be integrated with socioeconomic data and used to delineate watershed boundaries, prioritize watersheds for development, and generate action plans. The document also outlines steps for watershed demarcation, characterization using tools like GEOMORIS, and prioritization using methods such as the sediment yield index.
The document summarizes a watershed assessment of the Tenmile Watershed that was selected as a pilot project to improve water quality. The assessment identified critical sources of pollution, evaluated the effectiveness of conservation practices, and informed outreach efforts to landowners. Modeling identified areas with the highest potential to contribute phosphorus, nitrogen, sediments, and pathogens to the watershed. Cover crops were shown to reduce phosphorus and nitrogen levels. A survey found the greatest threats to be agriculture and development, while funding and lack of information were barriers to adopting practices. Outreach is now targeted based on the watershed assessment results.
The document discusses the key components of a cadastre system including cadastral maps, field books, plot registers, land registers, titles, deed documents, cadastral databases and data models. Cadastral maps show property boundaries and include identification numbers for individual parcels. Field books record survey details of land parcels. Plot registers and land registers keep records of parcel ownership. Titles are issued as proof of land ownership. Deed documents provide information about land transactions. Cadastral databases and data models organize parcel information in a structured format.
This document provides information on various irrigation methods including micro irrigation, sprinkler irrigation, and drip irrigation. Micro irrigation methods like drip irrigation and sprinkler irrigation are described as having high water use efficiency of 40-80% compared to conventional methods. The key components and advantages of drip irrigation systems are outlined, including precise water application and fertilizer use, water savings of 40-70%, and suitability for different soil types. Sprinkler irrigation is described as useful for irregular land, excessive slopes, or scarce water availability, and the main components of sprinkler systems are identified. Contour farming is also briefly introduced as a method used on steep slopes where land is divided into horizontal terraces.
The document discusses gazettes, which are official government publications used to notify the public of notices, orders, and other information. It notes that gazettes are published by state and federal authorities and can consolidate notifications. Gazette plans show specific boundaries or spatial information specified in gazettes, such as areas being reserved, leased, or having reservations revoked. The preparation of gazette plans involves data collection, drafting, approval by the Director of Survey, and submission of copies. Gazette plans must contain certain information and are used by Land Offices to draft gazettes for publication.
This document summarizes the groundwater experiences of Maharashtra, India. It discusses the state's extensive groundwater survey work including delineating groundwater potential areas and establishing networks of observation wells and quality monitoring stations. Community participation is emphasized in groundwater development and management initiatives. Various programs are highlighted such as watershed development projects, artificial recharge efforts, and innovative techniques to strengthen drinking water sources in a sustainable manner. Overall the document outlines Maharashtra's systematic scientific approach to groundwater resource assessment, planning and management.
Remote sensing uses atmospheric windows to observe Earth features. Shorter wavelength solar energy is reflected to observe features during the day, while longer wavelength thermal energy emitted by features can be observed at night with non-photographic sensors. Scattering by particles in the atmosphere degrades image quality, especially in the ultraviolet and blue wavelengths. Rayleigh scattering causes the blue sky and red sunsets, while Mie and non-selective scattering occur by particles of different sizes and scatter all wavelengths equally. Atmospheric absorption also affects different wavelengths to varying degrees.
Urban soils have several distinguishing characteristics compared to natural soils due to human activities like construction that disturb and modify the landscape. [1] Urban soils have vertical and spatial variability in their composition due to practices like stripping, filling, and mixing during development. [2] They also tend to have compacted structures, surface crusts, and contain contaminants from anthropogenic materials and activities. [3] Proper management of urban soils is important for environmental and public health reasons given the potential for contact with pollutants and their role in urban green spaces and trees.
Remote sensing provides information about objects on Earth through reflected or emitted radiation captured from a distance. In India, remote sensing is used extensively for agriculture and resource management. The document outlines the various applications of remote sensing in agriculture, including crop production forecasting, crop damage assessment, soil mapping, and drought monitoring. It also describes India's remote sensing program developed by ISRO to design, build, and launch satellites, and the various centers established for remote sensing education and applications.
This document discusses deficit irrigation techniques for row crops in humid regions. It describes how managed depletion irrigation (MDI) can provide drought mitigation, environmental protection, and optimized crop yields. Small plot studies on soybeans and cotton were conducted to determine optimal MDI levels and timings. A new irrigation scheduling tool called MOIST+ was developed that incorporates recommendations from the yield studies and uses soil matric potential sensors and a water balance model to provide deficit irrigation recommendations. The tool and techniques were demonstrated on producer fields.
This document provides an overview of geographic information systems (GIS). It begins with a definition of GIS as a system that integrates hardware, software, and data to capture, store, analyze and display spatially referenced information. The document then outlines the historical background of GIS, the key components including hardware, software, data, procedures and personnel. It also describes the GIS process, common application areas, what makes GIS unique in its ability to handle spatial information, technologies used in GIS like digitization, and the two main data formats of raster and vector. Finally, it discusses the importance of GIS for urban planning by allowing layered maps and helping businesses target customers.
This document discusses differential GPS (DGPS), which improves the accuracy of GPS positioning. It works by using a stationary GPS receiver at a known location to calculate error corrections, which are transmitted to a roving receiver to improve its position accuracy. DGPS can reduce GPS errors from sources like atmospheric delays, satellite orbit issues, and multipath effects, providing sub-meter accuracy compared to the 5-10 meter accuracy of standard GPS. It allows real-time position correction or post-processed correction through data from a fixed base station.
This document discusses the use of geographic information systems (GIS), remote sensing (RS), and global positioning systems (GPS) for forest mapping and management. It explains that these technologies have revolutionized forest resource assessment by reducing time and costs. GIS is useful for tasks like resource management, harvest planning, fire management, and map production. RS provides accurate data over large areas, while GIS allows for spatial analysis and mapping. Together these tools provide crucial information for planning and managing forest resources. The document also outlines some future prospects and challenges for using these technologies in forestry.
Application of gis and remote sensing in agricultureRehana Qureshi
This document summarizes the applications of remote sensing and GIS in agriculture as presented by Rehana Khaliq. It discusses how GIS systems capture and analyze geospatial data to integrate information and perform analysis. Remote sensing is defined as obtaining information about objects without physical contact using sensors. The document outlines how remote sensing and GIS have been applied to agriculture for tasks like crop mapping and monitoring, yield estimation, and precision agriculture. It also discusses their applications in forestry, land use mapping, and urban planning. While remote sensing provides valuable data, it notes that measurement errors and data interpretation can sometimes be challenging. In conclusion, the document argues that remote sensing and GIS are promising tools to enhance sustainable agriculture and development through
This document discusses the functions and values of riparian buffers. It notes that vegetated riparian buffers provide many benefits, including water quality enhancement, stormwater and flood management, bank and shoreline stabilization, temperature modification, wildlife habitat protection, and pollution absorption. Riparian buffers are complex ecological areas that serve as transitional zones between water and upland areas. Their multifunctional abilities are greater than traditionally thought under agricultural best management practices.
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016PIYAL Bhuiyan
Photogrammetry is a method of surveying that uses photographs to prepare maps and plans. There are two main types: terrestrial photogrammetry uses ground-based photos, while aerial photogrammetry uses photos taken from aircraft. Aerial photogrammetry involves advanced planning, flying missions to take overlapping vertical photos with specialized cameras, conducting ground control surveys, and compiling the photos into maps. It is used for tasks like topographic mapping, infrastructure planning, and military surveillance.
Despite a security landscape now embracing: People; Companies; Governments; Devices; Networks; Services; Vehicles; Properties; LAND; SEA; AIR; SPACE; CYBER and INFORMATION, people and organisations still tend to see all this as someone else problem. In reality, it concerns all of us. Governments can no longer protect their citizens and nor can any company IT/Security Dept!
“In an ideal world: responses to Cyber and Terror would be automated and immediate”
The Dark Side has grown rich and powerful by investing in R&D and the latest technology; adopting distributed team working and a global market for talent and resources; and they are winning this war with an estimated $1.5Tn income in 2019. We have to adopt the same strategies to survive let alone win. Global sharing and cooperation are key along with people, staff, management, board, NED and Chairman education/training/involvement. At this time it is rare to find a ‘Cyber Seat’ on the main board of any organization, but it is a new and critical essential!
Every profession, along with education courses, has now been parsed into specialisms - as series of ‘soda straws’ or pipes giving a narrow view and focus with little chance of ‘cross-pollination’. Even IT and Systems Security is now sliced into many different facets spanning coding and encryption through to malware; electronic and physical attacks; technology and people.
Covering all of these specialisms in a single course can be difficult let alone a single lecture. But this lecture attempts to do just that (or at least a large slice of it) in a 3-hour session of two 90min sessions. It is done so against the backdrop of an established set of Security Laws.
The primary objective is to give the student a broad view of the wider threats and how they are perpetrated and linked together. Some technical aspects are not explicitly included, but they are reserved for other detailed sessions.
Watershed management aims to enable sustainable production and minimize hazards to natural resources like soil and water. A watershed is a geographical area that drains to a common water body. Key components of watershed management programs include soil and water conservation measures, water harvesting, and crop management and alternate land use systems suited to land capability. The overall objectives are improved livelihoods through increased incomes while protecting watershed resources.
This document provides information on designing a drip irrigation system. It discusses collecting data on the field, water sources, crop details, and climate. Key steps in the design process are outlined, including calculating water requirements based on reference evapotranspiration, crop coefficients, and canopy factors. Methods for selecting emitters, laterals, and submains based on flow rates and hydraulic considerations are described. The goal of the design is to maintain high system efficiency and uniform moisture for optimizing crop yield.
REMOTE SENSING & GIS APPLICATIONS IN WATERSHED MANAGEMENT Sumant Diwakar
This document discusses remote sensing and GIS applications for watershed management. It describes how remote sensing can be used to characterize watersheds by mapping attributes like size, shape, drainage patterns, geology, soil, land use, and groundwater potential. Remote sensing data can be integrated with socioeconomic data and used to delineate watershed boundaries, prioritize watersheds for development, and generate action plans. The document also outlines steps for watershed demarcation, characterization using tools like GEOMORIS, and prioritization using methods such as the sediment yield index.
The document summarizes a watershed assessment of the Tenmile Watershed that was selected as a pilot project to improve water quality. The assessment identified critical sources of pollution, evaluated the effectiveness of conservation practices, and informed outreach efforts to landowners. Modeling identified areas with the highest potential to contribute phosphorus, nitrogen, sediments, and pathogens to the watershed. Cover crops were shown to reduce phosphorus and nitrogen levels. A survey found the greatest threats to be agriculture and development, while funding and lack of information were barriers to adopting practices. Outreach is now targeted based on the watershed assessment results.
The document discusses the key components of a cadastre system including cadastral maps, field books, plot registers, land registers, titles, deed documents, cadastral databases and data models. Cadastral maps show property boundaries and include identification numbers for individual parcels. Field books record survey details of land parcels. Plot registers and land registers keep records of parcel ownership. Titles are issued as proof of land ownership. Deed documents provide information about land transactions. Cadastral databases and data models organize parcel information in a structured format.
This document provides information on various irrigation methods including micro irrigation, sprinkler irrigation, and drip irrigation. Micro irrigation methods like drip irrigation and sprinkler irrigation are described as having high water use efficiency of 40-80% compared to conventional methods. The key components and advantages of drip irrigation systems are outlined, including precise water application and fertilizer use, water savings of 40-70%, and suitability for different soil types. Sprinkler irrigation is described as useful for irregular land, excessive slopes, or scarce water availability, and the main components of sprinkler systems are identified. Contour farming is also briefly introduced as a method used on steep slopes where land is divided into horizontal terraces.
The document discusses gazettes, which are official government publications used to notify the public of notices, orders, and other information. It notes that gazettes are published by state and federal authorities and can consolidate notifications. Gazette plans show specific boundaries or spatial information specified in gazettes, such as areas being reserved, leased, or having reservations revoked. The preparation of gazette plans involves data collection, drafting, approval by the Director of Survey, and submission of copies. Gazette plans must contain certain information and are used by Land Offices to draft gazettes for publication.
This document summarizes the groundwater experiences of Maharashtra, India. It discusses the state's extensive groundwater survey work including delineating groundwater potential areas and establishing networks of observation wells and quality monitoring stations. Community participation is emphasized in groundwater development and management initiatives. Various programs are highlighted such as watershed development projects, artificial recharge efforts, and innovative techniques to strengthen drinking water sources in a sustainable manner. Overall the document outlines Maharashtra's systematic scientific approach to groundwater resource assessment, planning and management.
Remote sensing uses atmospheric windows to observe Earth features. Shorter wavelength solar energy is reflected to observe features during the day, while longer wavelength thermal energy emitted by features can be observed at night with non-photographic sensors. Scattering by particles in the atmosphere degrades image quality, especially in the ultraviolet and blue wavelengths. Rayleigh scattering causes the blue sky and red sunsets, while Mie and non-selective scattering occur by particles of different sizes and scatter all wavelengths equally. Atmospheric absorption also affects different wavelengths to varying degrees.
Urban soils have several distinguishing characteristics compared to natural soils due to human activities like construction that disturb and modify the landscape. [1] Urban soils have vertical and spatial variability in their composition due to practices like stripping, filling, and mixing during development. [2] They also tend to have compacted structures, surface crusts, and contain contaminants from anthropogenic materials and activities. [3] Proper management of urban soils is important for environmental and public health reasons given the potential for contact with pollutants and their role in urban green spaces and trees.
Remote sensing provides information about objects on Earth through reflected or emitted radiation captured from a distance. In India, remote sensing is used extensively for agriculture and resource management. The document outlines the various applications of remote sensing in agriculture, including crop production forecasting, crop damage assessment, soil mapping, and drought monitoring. It also describes India's remote sensing program developed by ISRO to design, build, and launch satellites, and the various centers established for remote sensing education and applications.
This document discusses deficit irrigation techniques for row crops in humid regions. It describes how managed depletion irrigation (MDI) can provide drought mitigation, environmental protection, and optimized crop yields. Small plot studies on soybeans and cotton were conducted to determine optimal MDI levels and timings. A new irrigation scheduling tool called MOIST+ was developed that incorporates recommendations from the yield studies and uses soil matric potential sensors and a water balance model to provide deficit irrigation recommendations. The tool and techniques were demonstrated on producer fields.
This document provides an overview of geographic information systems (GIS). It begins with a definition of GIS as a system that integrates hardware, software, and data to capture, store, analyze and display spatially referenced information. The document then outlines the historical background of GIS, the key components including hardware, software, data, procedures and personnel. It also describes the GIS process, common application areas, what makes GIS unique in its ability to handle spatial information, technologies used in GIS like digitization, and the two main data formats of raster and vector. Finally, it discusses the importance of GIS for urban planning by allowing layered maps and helping businesses target customers.
This document discusses differential GPS (DGPS), which improves the accuracy of GPS positioning. It works by using a stationary GPS receiver at a known location to calculate error corrections, which are transmitted to a roving receiver to improve its position accuracy. DGPS can reduce GPS errors from sources like atmospheric delays, satellite orbit issues, and multipath effects, providing sub-meter accuracy compared to the 5-10 meter accuracy of standard GPS. It allows real-time position correction or post-processed correction through data from a fixed base station.
This document discusses the use of geographic information systems (GIS), remote sensing (RS), and global positioning systems (GPS) for forest mapping and management. It explains that these technologies have revolutionized forest resource assessment by reducing time and costs. GIS is useful for tasks like resource management, harvest planning, fire management, and map production. RS provides accurate data over large areas, while GIS allows for spatial analysis and mapping. Together these tools provide crucial information for planning and managing forest resources. The document also outlines some future prospects and challenges for using these technologies in forestry.
Application of gis and remote sensing in agricultureRehana Qureshi
This document summarizes the applications of remote sensing and GIS in agriculture as presented by Rehana Khaliq. It discusses how GIS systems capture and analyze geospatial data to integrate information and perform analysis. Remote sensing is defined as obtaining information about objects without physical contact using sensors. The document outlines how remote sensing and GIS have been applied to agriculture for tasks like crop mapping and monitoring, yield estimation, and precision agriculture. It also discusses their applications in forestry, land use mapping, and urban planning. While remote sensing provides valuable data, it notes that measurement errors and data interpretation can sometimes be challenging. In conclusion, the document argues that remote sensing and GIS are promising tools to enhance sustainable agriculture and development through
This document discusses the functions and values of riparian buffers. It notes that vegetated riparian buffers provide many benefits, including water quality enhancement, stormwater and flood management, bank and shoreline stabilization, temperature modification, wildlife habitat protection, and pollution absorption. Riparian buffers are complex ecological areas that serve as transitional zones between water and upland areas. Their multifunctional abilities are greater than traditionally thought under agricultural best management practices.
SURVEYING - Photogrammetry (CE 115) Lec2 By Afia Narzis Spring 2016PIYAL Bhuiyan
Photogrammetry is a method of surveying that uses photographs to prepare maps and plans. There are two main types: terrestrial photogrammetry uses ground-based photos, while aerial photogrammetry uses photos taken from aircraft. Aerial photogrammetry involves advanced planning, flying missions to take overlapping vertical photos with specialized cameras, conducting ground control surveys, and compiling the photos into maps. It is used for tasks like topographic mapping, infrastructure planning, and military surveillance.
Despite a security landscape now embracing: People; Companies; Governments; Devices; Networks; Services; Vehicles; Properties; LAND; SEA; AIR; SPACE; CYBER and INFORMATION, people and organisations still tend to see all this as someone else problem. In reality, it concerns all of us. Governments can no longer protect their citizens and nor can any company IT/Security Dept!
“In an ideal world: responses to Cyber and Terror would be automated and immediate”
The Dark Side has grown rich and powerful by investing in R&D and the latest technology; adopting distributed team working and a global market for talent and resources; and they are winning this war with an estimated $1.5Tn income in 2019. We have to adopt the same strategies to survive let alone win. Global sharing and cooperation are key along with people, staff, management, board, NED and Chairman education/training/involvement. At this time it is rare to find a ‘Cyber Seat’ on the main board of any organization, but it is a new and critical essential!
Every profession, along with education courses, has now been parsed into specialisms - as series of ‘soda straws’ or pipes giving a narrow view and focus with little chance of ‘cross-pollination’. Even IT and Systems Security is now sliced into many different facets spanning coding and encryption through to malware; electronic and physical attacks; technology and people.
Covering all of these specialisms in a single course can be difficult let alone a single lecture. But this lecture attempts to do just that (or at least a large slice of it) in a 3-hour session of two 90min sessions. It is done so against the backdrop of an established set of Security Laws.
The primary objective is to give the student a broad view of the wider threats and how they are perpetrated and linked together. Some technical aspects are not explicitly included, but they are reserved for other detailed sessions.
What is Psychological Safety in the Workplace?Case IQ
This document discusses how cultivating psychological safety and civility in the workplace can positively impact an organization's bottom line. It defines psychological safety as employees feeling comfortable speaking up without fear of negative consequences. The document outlines signs that psychological safety may be lacking, such as absenteeism and isolation. It also provides examples of leadership behaviors and organizational practices that can undermine psychological safety. Finally, it proposes conducting a psychological safety assessment through surveys and interviews in order to develop an action plan to improve workplace culture.
The document discusses best practices for using social media and communications strategies. It provides tips for social media engagement, including being authentic, prioritizing storytelling, curating content, tapping into relevant events and breaking news, and understanding mobile usage. Metrics for technology usage in Rwanda are presented, and questions are provided to help understand corporate strategies and resources before developing a communications plan.
Frauds, Scams and Phishing.pptx Engineering Leadershipshivanggoyal17
This document discusses scams, fraud, and phishing. It defines these terms and explains that they are major threats that exploit online vulnerabilities. The document aims to research strategies to tackle this problem by raising awareness and protecting victims who may lack knowledge. It examines the motivations and key actors, including scammers, victims, technology, and lack of awareness. The psychology of both scammers and victims is explored to better understand, prevent, and recover from these crimes. The document also discusses the role of engineering leaders in innovating ethical solutions, creating awareness, identifying scams, and collaborating with experts.
It has been said that Social Media is the future of advertising. .docxchristiandean12115
It has been said that Social Media is the future of advertising. What is your opinion of social media? Does it empower or exploit?
I believe that Social Media can be both and operates on a fine line. For those over the age of 18, you are aware of the information you are putting out there and the privacy levels of which it is shown. I personally am not bothered by the targeted advertising of which social media is the vehicle because I choose what I participate in and what information I am offering up. For the younger audience that is less aware and more malleable it can work both ways. It can be a great outlet to further self expression, but it can also be detrimental in influencing young minds to look to external sources for self acceptance.
Is social media really worth the kind of money that investors are paying?
Yes, as we move away from print and cable, social media and streaming services are becoming the easiest way to get marketing impressions. If done successfully, items or campaigns trend and reach a huge audience for a lower cost.
Explain what “Like”ing someone’s post on Facebook means to you.
For me "like"ing is a way for me to express my interest in something someone shared. I am fairly selective about liking and only do so when I agree with something, fing entertainment from the content, or have an emotional connection to something shared. I only like content that resonates with me. For some others I think "like"ing something is just a way to identify they read or watched the content and were listening.
Does knowing others “Like” what you “Like” influence you? Explain.
I would not say it particularly influences whether I like something, but does expose or impress upon me new content I might be interested in. I find I enjoy content of those who have common "likes" since we have similar taste. Facebook actually use an algorithm to gear your feed to show content of those who you "like" more. For example, during the presidential elections you likely got more content that agreed with your viewpoints as you liked others who had similar viewpoints and that content then got prioritized on your feed. This can be good because you may not be interested in content of which does not resonate with you, but also bad in limiting your viewpoint.
How do companies use social media to advertise?
Mostly, social media is used by companies to produce targeted marketing through big data or as a vehicle to create trendy content that catches like wildfire. For example, the ALS Ice Bucket Challenge, which raised awareness and donations for ALS by inciting popular content people wanted to be involved in. Marketing till social media was largely hands off, now it's all about the power of the people.
Is social media empowering or exploiting teens?
I think it can be on both ends of the spectrum. From their perspective I think most teens feel they now have a vehicle for their voice and a way to express themselves. From a more adult perspective I.
This document summarizes an organizational politics presentation. It discusses how politics exists in all organizations and can be understood and managed. It provides research findings on how political activity increases at higher levels and in larger organizations. It also discusses the ethical use of political power and influence strategies like rational persuasion. Overall, the presentation aims to help people become better "organizational politicians" by understanding sources of power, gaining political skills, and using their influence in an ethical manner for the benefit of their departments and organizations.
Sophie Potter of ReachOut.com and Alison Michalk of Quiip share tips & wisdom for creating safe, welcoming and supportive online communities. Presentation from ConnectingUp 2014.
Tier One Personnel Group provides consulting, analysis, and training services including security assessments, intelligence analysis, and pre-deployment training tailored for missions. Their analysts are highly qualified former special operations personnel with security clearances who have supported special mission units. They use innovative technologies to integrate intelligence and operational experience to support clients for any operation anywhere.
This document discusses office politics and provides advice on how to navigate them effectively. It acknowledges that politics are natural and unavoidable in organizations where people have different interests and goals. It argues that politics themselves are neither good nor bad, but how they are implemented can be good or bad. The document provides tips on developing "political intelligence" to better understand sources of power within an organization and build relationships. It emphasizes using one's power to advance the business rather than harm others. The overall message is that while office politics may be annoying, learning to participate effectively can help one achieve goals and get things done.
Taking A Strategic Approach to Social MediaMartin Thomas
The document discusses how social media is changing expectations around speed, responsiveness, and access to information and organizations. It notes that connected customers now expect organizations to respond in real time and be transparent. However, many institutions struggle with this new environment because their structures and cultures are not configured for real-time interactions and lack of control. The document argues organizations need to transform their structures, roles, and business models to adapt to these new socio-cultural shifts and connected customers.
Digital Advocacy: Using Social Media to Mobilize your Audienceamplifi advoc8tor
How do you use social media to inform, involve and inspire your audience in a connected world? This workshop was delivered for members of the Edmonton Chamber of Voluntary Organizations.
No doubt Aldous Huxley and George Orwell would be pleased to see cameras and surveillance devices everywhere, just as they predicted, but they would then be amazed to find that we buy and install them and become upset if no one is watching! So the Dystopian futures they both predicted and feared are not here yet, but they might just be in the pipeline, and being built a device at a time by us!
Only 70 years ago close observation and surveillance was difficult and very expensive. Today, it is so very cheap, efficient, and everywhere: in our pockets; on our wrists; in our homes, offices, cars, trains, planes; in the streets and on the highways and major roads.
To some degree every country has embraced all the possibilities presented by the technology to make their societies safer and more progressive as organisms, but now here comes AI. Automatic voice, face, finger, eye, action, movement and habit recognition writ large along with all our messages, entertainment, work and recreation patterns monitored 24x7, so inference engines can check if we are good, bad, dangerous, safe, under threat and so on!
Some countries are now employing such technology to judge, sentence, and commit people for criminal acts and ant-social behaviours etc. At this point we have to proceed with care in the recognition that data errors ‘happen’ and human biases can be built in at the birth of such AI systems. Nothing is ever perfect - not people, and certainly not our machines, and we have to progressively drive out bias snd error…
The future of work is changing. Forces of change are affecting the three major dimensions of work: the work itself, who does the work, and where work is done. Delivering projects, requires project managers working globally, across time zones, cultures and with technology. This is causing considerable anxiety—and with good reason. The future of project management, therefore, stands at an important juncture and requires the knowledge of Artificial Intelligence (AI), Emotional Intelligence (EQ) and Cultural Intelligence (CQ). Emotional intelligence skills such as influencing, persuading, social understanding and empathy will become differentiators as artificial intelligence and machine learning take over work. Emotional intelligence (EQ) , with its ability to understand how skilfully one manages personal emotions and harnesses the emotional drivers in others, will continue to be fundamentally important. But in the connected world where all global markets are accessible with the click of a mouse, another dimension will be critical - Cultural Intelligence (CQ). A balance of these three field and/or skills is a must have for all project managers and organisations that deliver value through project management. We need to learn how to work in this new environment and how we can excel. The aim of this presentation is to explain how, AI, EQ and CQ is set to transform project management, and show how project managers can develop these capabilities and be ready for the future.
The speaker discusses the future of project management and the emerging "Project Economy" in a disruptive world. As project managers, they are leaders who can connect with others to openly share ideas for navigating uncertainty. The Project Economy extends project management concepts into new domains like society, resilience, and globalization. Leading ethically involves understanding triggers to human values and emotions in order to make good decisions, build trust, and effectively lead teams and organizations through change and disruption.
This document discusses strategic conversations and strategy development. It contains quotes and perspectives on leadership, collaboration, technology, strategy, and strategic conversations. The document advocates for strategic conversations to reduce uncertainty and leverage human talent. It provides models and questions to guide strategic conversations, emphasizing the need to identify opportunities and focus resources for maximum impact and returns.
The document discusses the benefits of "T-shaped leaders" who have both deep expertise in one field as well as broader skills and knowledge of other areas. It describes the "T-shaped" leadership style as having a vertical stem representing mastery of one topic and a horizontal bar representing complementary skills in communication, creativity, and understanding other fields. The document argues that businesses need diverse teams with both specialized expertise and the ability to think broadly and solve problems creatively. It asserts that nurturing T-shaped leaders will help businesses adapt to new technologies and competitive challenges in the hospitality industry.
Similar to CYBER ATTACK SCENARIOS - Part 1: Building The Red Team (20)
When I was asked to give a companion lecture in support of ‘The Philosophy of Science’ (https://shorturl.at/4pUXz) I decided not to walk through the detail of the many methodologies in order of use. Instead, I chose to employ a long standing, and ongoing, scientific development as an exemplar. And so, I chose the ever evolving story of Thermodynamics as a scientific investigation at its best.
Conducted over a period of >200 years, Thermodynamics R&D, and application, benefitted from the highest levels of professionalism, collaboration, and technical thoroughness. New layers of application, methodology, and practice were made possible by the progressive advance of technology. In turn, this has seen measurement and modelling accuracy continually improved at a micro and macro level.
Perhaps most importantly, Thermodynamics rapidly became a primary tool in the advance of applied science/engineering/technology, spanning micro-tech, to aerospace and cosmology. I can think of no better a story to illustrate the breadth of scientific methodologies and applications at their best.
It should be no surprise that AI is treading a similar path to computing which began with single-purpose machines tasked for payroll calculations, banking transactions, or weapons targeting et al, but nothing more! It took decades for General Purpose Computing to emerge in the form of the now ubiquitous PC. Today, AI is still in a single-purpose/task-specific phase, and we have no general-purpose platforms, but their emergence is only a matter of time!
Recent AI progress has seen a repeat of the media debate and alarmist warnings for our computing past, compounded by consequential advances in robotics. In turn, this has promoted numerous attempts to draw biological equivalences defining the time when machines will overtake humans. But without any workable definitions or framework that tend to little more than un/educated guesses. Recourse to IQ measures and the Touring test have proved to be irrelevant, and without a reference framework or formal characterisation, continued discussion and debate remain futile
We therefore approach this AI problem from the bottom up by defining the simplest of machines and lifeforms to derive clues, pointers and basic boundary conditions . This sees a fundamental Entropic description emerge that is applicable to both machine and lifeforms.
This presentation is suitable for professionals and the public alike, and is fully illustrated by high-quality graphics, animations and, movies. Inevitably, it contains some mathematics that non-practitioners will have to take on trust, but the focus is on defining the key characteristics, parameters, and important features of AI, our total dependence, and the future!
Note: A 40 min session for a predominantly ley audience and not all the slides presented here were used on the day. Their inclusion here is in response to those audience members requesting more detail at the end of/during the event.
Past civilisations have nurtured small populations of those trying to understand and manipulate nature to some advantage in materials, tools, weapons, food, and wealth. However, they never formed communities and lacked the means of recording, communicating, and sharing successes and failures. They also lacked a common framework/philosophy to qualify them as scientists, but that all began to change in the 16th Century. In this lecture we consider the progression to a philosophy of science, and the underlying principles and assumptions that now guide scientific inquiry.We also examines the nature of scientific knowledge, the methods of acquisition, evolution, and significance over past centuries, and reflect on the value to society.
In the struggle to solve problems, deliver understanding, and reveal the truth about our universe, science had to suffer and survive: ignorance, bigotry, established superstitions, and the ‘diktats’ of religions and politics, and latterly, falling education standards mired by social media. We chart that ‘scientific’ journey emphasising the importance of observation, experimentation, and the search for universal laws. Ultimately, this essentially Aristotelian perspective was challenged and overtaken by the rise of empiricism, which emphasised the importance of sensory experience and the limitations of human knowledge.
Science continues to evolve and provide us with the best truths attainable with our leading edge technologies of observation and experimentation. Today, it stands as the greatest and richest contributor to human knowledge, understanding, progress, and wellbeing. In turn, debates and controversies are ongoing, shaping the field and philosophy which remains essential for understanding the nature of scientific knowledge and the models it creates. But unlike any belief system, the answers and models furnishers by science are not certain and invariant, they tend to be stochastic and incomplete - ‘the best we can do’ at a given time.
In this workshop session we identify aging technology design concepts, old business and operating models, plus energy supply limits as the prime constraints of 6G and beyond. We also identify the notion of an erroneous spectrum shortage born of the bands and channel mode of operation which is fundamentally unsuited to 6G and IoT demands in the near and far future.
We strongly link optical fibre in the local loop with future wireless systems and the need for very low-energy ‘tower-less’ systems. We also postulate a future demanding UWB and HWB (Hyper) with transmission energies ~𝛍W and signals below the ambient noise level. This will be necessary to power an IoT of >2.4Tn Things which we estimate to be necessary for Industry 4/5 and sustainable societies.
It is hard to understate the importance of ‘Thermodynamics’ in providing an almost complete (Grand Unified Theory) picture of the inner physics of energy transfer spanning machines and chemistry thro information.
Apparently, Einstein had two favourite theories: General Relativity and Thermodynamics! He championed both because of their ‘beauty’, completeness, and emergent properties purely derived from the fundamental consideration of how the universe works.
The origins of this topic mainly reside in the Industrial revolution and the realisation that the early machinery was grossly inefficient. E.G. Engines were only converting the energy consumed to ~2% of useful work output. This drew the attention of Savery (1698), Newcomen (1712), Carnot (1769), and for the next 200 years the conundrum of lost energy occupied many of the greatest scientific minds. This culminated in Rudolf Clausius (~1850)publishing his theory of Thermodynamics with further refinement by Boltzmann (1872).
Why was all this so important? In the 1700s a ‘beam engine’ weighing in at >20 tons consumed vast amounts of coal, to deliver an output ~10hp. Today a Turbofan jet Engine can deliver >30k hp at a weight of ~6 tons. This is the difference between working with little understanding, and today where our knowledge is far more complete. Our latest challenges tend around non-linear loss mechanisms associated with turbulent air and fuel flow.. And like many other fields we have to step beyond our generalise mathematical models and turn to the power of our computers for deeper insights.
Ultimately all machines, mechanisms, computing processes and information itself, involve the transformation of matter and/or bits, and thus they are Entropic and subject to the theory of Thermodynamics. This lecture therefore presents a foundation spanning the history and progress to date in preparation for the embracing other science and engineering disciplines.
This document discusses systems and complexity from multiple perspectives. It begins by exploring definitions of systems and noting their complexity can range from simple to complicated to complex. Complex systems are characterized as having emergent behaviors that are unpredictable and non-linear. The document then examines trends toward greater complexity in both natural and designed systems. It emphasizes that simple solutions are inadequate for complex problems and notes the biggest challenge is many do not comprehend the shift from a linear to non-linear world.
IoT growth forecasts currently tend to span 30 – 60 Bn ‘Things’ by 2030. However, this ignores the central IoT role in realising sustainable societies where raw materials and component use have to see very high levels of reuse, repurposing, and recycling. In such a world almost everything we possess and use will have to be tagged and be electronically addressable as a part of the IoT. Such a need immediately sees growth estimates of 2Tn or more over the span of Industry 4 and 5. On the basis of energy demands alone, it is inconceivable that the technologies of BlueTooth, WiFi, 4, 5, and 6G could support such demand, and nor are the signaling and security protocols viable on such a scale.
The evolution of the IoT will therefore most likely see a new form of dynamic network requiring new lightweight protocols employing very little signal processing, together with very low energy wireless technologies (in the micro-Watt range) operating over extremely short distances (~10m). This need might be best satisfied by a new form of ‘Zero Infrastructure Mesh Networks’ that engage in active resource sharing, lossy probabilistic routing, and cyber security realised through an integrated ‘auto-immunity’ system. Ultimately, we might also envisage data amalgamation at key nodes that have a direct connection into the internet along with an additional layer of cyber checks and protection.
We justify the above assertions by illustrating the energy and network limitations of today’s 5G networks and those already obvious in current 6G proposals. We then go on to detail how a suitable IoT MeshNet might be configured and realised, along with a few solutions and emergent outcomes on the way.
Recently, it has become increasingly evident that we have engineers and scientists reaching a professional level of practice without a clear understanding of the scientific method, its origins, and its fundamental workings. There also appears to be a lack of appreciation of our total dependence on the truths that science continually reveals. How this situation ensued appears to vary from country to country, and the flavour of education system encountered by students. But a common complaint is the progressive dumbing down of the science curriculum along with a dire shortage of qualified teachers. This also seems to be compounded with the increasing speciation of science and engineering into narrower and narrower disciplines. So this situation (crisis?) prompted a request for a corrective series of foundation lectures focussed on healing these educational flaws across relevant disciplines, graduating and practicing levels. This then is the first in this foundation series.
Uncanny Valley addresses our reactions to humanoid objects, such as robots, a video game characters, or dolls, and how they look and act ‘almost’ like a real human. Feeling of uneasiness or disgust in the observer are addressed directly, rather than familiarity or attraction. The theory was proposed by Japanese roboticist Masahiro Mori in 1970 and has been explored by many researchers and artists since. It has application in AI, robotics, MMI, and human-computer interaction, and helps designers to create more appealing devices that can interact with people in various domains, such as industry, education, entertainment, defence, health care, et al.
In this lecture we explain and demonstrate the fundamentals before extending the principle to sound, motion, actions, and eyes as an output mechanism. We also note that all this poses some challenges and risks in the potential for reduced the emotional connections, empathy, acceptance, and trust between humans and machines. On a further dimension the potential to create threat and terror can be useful opportunity in the military domain. It is thus important to understand the causes and effects of the uncanny valley in the wider sense in order to meet the needs of each application space
Only 40 years ago, the rate of technologically driven change was such that companies could re-organize efficiently and economically over considerable periods of time, but about 30 years ago this changed as the arrival of new technologies accelerated. We effectively moved from a world of slow periodic changes to one where change became a continuum. The leading-edge sectors were fast to recognize and adopt this new mode of continual adaptation driven by new technologies. This saw these ever more efficient and expansive companies dominating some sectors. For the majority, however, it seems that this transition was not recognized until relatively recently, and a so new movement was born under the banner of digitalization. This not only impacts the way people work, it affects company operations and changes markets, and it does so suddenly!.
Perhaps the most impactive and recent driver of change in this regard has been COVID which saw the adoption of video conferencing and working as a survival imperative in much less than a month. This now stands as a beacon of proof that companies, organizations, and society, can indeed change and adapt to the new at a rate previously considered impossible. The big danger for digitalization programmes now is the simple-minded view that there are singular (magic) solutions that fit every company and organization, but this is not the case. The reality is that the needs and culture of an organization are not the same and may not be uniform from top to bottom.
Manufacturing necessitates very steep hierarchical management structures and tight control to ensure the consistency of the quality of products. On the other hand, a research laboratory or design company requires a low flat management hierarchy and an apparently relaxed level of control. This is absolutely necessary to foster creativity, innovation, and invention. This presentation gives practical examples of management and organizational, extremes. We then go on to highlight the need to embrace AI and Quantum Computing over the coming decade to deal with future technologies, operating
and market complexity.
The aspirational visions of Society 5.0 coined by many nations around 2015/16 have now been eclipsed by technological progress and world events including another European war, global warming, climate change and resource shortages. In this new context, the published 5.0 documents now seem naive and simplistic, high on aspiration, and very short on ‘the how’. The stark reality is that the present situation has been induced by our species and our inability to understand and cope with complexity.
“There are no simple solutions to complex problems”
What is now clear is that our route to survival and Society 5.0 will be born of Industry 4.0/5.0 and a symbiosis between Mother Nature, Machines, and Mankind. Today we consume and destroy near 50% more resources than the planet might reasonably support, and merely improving the efficiency of all our processes and what we do will only delay the end point. And so I4.0 is founded on new materials and new processes that are far less damaging, inherently sustainable, and most importantly, readily dispensable across the planet.
“Reversing global warming will not see a climatic reversal to some previously stable state”
In this presentation, we start with the nature of climate change, move on to the technology changes that might save the day, the impact of Industry 4.0/5.0, and then postulate what Society 5.0 might actually look like.
In a world of accelerating innovation and increasingly complex digital services, applications, appliances, and devices, it seems unreasonable to expect customers to understand and maintain their own cyber security. We are way past the point where even the well educated can cope with the compounded complexity of an ‘on-line-life’. The reality is, today's products and services are incomplete and sport wholly inadequate cyber defence applications.
Perhaps the single biggest problem is that defenders have never been professional attackers - and they don’t share the same level of thinking and deviousness, or indeed, the inventiveness of their enemies. Apart from an education embracing the attack techniques, and in some cases, engaging in war games, the defenders remain on the back foot However, there a number of new, an potentially significant, approaches yet to be addressed, and we care to look at the problem from a new direction.
In the maintenance of high-tech equipment and systems across many industries, identifiable precursors are employed to flag impending outages and failures. This realisation prompted a series of experiments to see if it was possible to presage pending cyber attacks. And indeed it was found to be the case!
In this presentation we give an overview of our early experimental and observational results, long with our current thinking spanning networks through to individual hackers, and inside actors.
When people are exposed to the new for the first time their reaction, quite rightly, is generally one of caution and perhaps a degree of suspicion. And, when that ‘new born’ is a novel technology, reactions can quickly become amplified and biased toward the dystopian by the sensationalism of media and mis-information of social networks. In this modern era I think we can also safely assume that Hollywood has more than a ‘bit part’ in nurturing extreme reactions with movies such as Terminator, AI and Ex-Machina.
Our purpose here is to dispel the modern myth that technology is, or can be, inherently evil and a direct threat to humanity. We do so by positing three basic axioms:
“Without technology we would know and understand
almost nothing”
“The greatest threat to humanity is humanity”
“If technology progress and societal advance stall, then civilisations collapse”
Having briefly establishing these in the context of our wider history, we focus on the Industrial Revolutions and their beneficial upside and consequential negatives. We then move on to examine Robotics, Artificial Intelligence, Artificial Life, and Quantum Computing in the context of our current needs and realising sustainable futures, and the survival of our civilisation.
Connecting Everything Vital to Sustainability
Mobile network evolution has followed a reasonably predictable path almost entirely focused on the needs of human communication. The transition from 1 to 2G was dictated by the economics of reliability, performance, and scale, whilst 3, 4, and 5G saw the transition to mobile computing with full internet access, AI and an ever-expanding plethora of applications. But 5G could be the end of the line as cell-site energy demands have become excessive at ~10kW.
Midway between the migration from 4G to 5G, M2M and the IoT machines overtook the human population of 8Bn people with near (estimated) 20Bn devices. Current IoT growth rates suggest a 40 - 60Bn population by 2030 to 2050. However, we present evidence that it could be far more ~ 1,000Bn ‘Things’. This is based on the observation of the number of IoT components populating modern vehicles, homes, offices, factories and plants, along with smart ‘human implants’ and ‘smart bolts’ plus the instrumentation of civil; structures.
The bold assumption that 5G would be a dominant player in the IoT is now patently one of naivety and the world has become far more complex with over 10 wireless standards currently in use. So, this poses the question; will 6G rise to the challenge? We see this as highly unlikely as the diversity of need is extremely broad, and we propose that it could be the end of tower based networks for a lot of applications. A migration to mesh-nets, UWB and (Hyper Wide Band) for the IoT at frequencies above 100GHz seems the most obvious engineering choice as it allows for far simpler designs with extremely low power at sub $0.01/device cost. 5G is already on the margins of being sustainable, and a ‘more-of-the-same’ thinking 6G can lonely be far worse!
Seventy years on from AI appearing on the public scene and all the optimistic projections have been largely overtaken with systems outgunning humans at all board, card and computer games including Chess, Poker and GO. Of course; general knowledge, medical diagnosis, genetics and proteomics, image and pattern recognition are now all firmly in the grasp of AI.
Interestingly, AI is treading a similar path to computing in that it began with single purpose/task machines that could only deal with a company payroll calculations or banking transactions and nothing more! General purpose computing emerged over further decades to give us the PCs and devices we now enjoy. So, AI currently runs as task specific applications on these general purpose platforms, and no doubt, general purpose AI will also become tractable in a few decades too!
Recent progress has promoted a deal of debate and discussion along with hundreds of published papers and definitions that attempt to characterise biological and artificial intelligence. But they all suffer the same futility and fail! Without reference to any formal characterisation, all discussion and debate remains relatively meaningless.
Somewhat ironically, it was the defence industry that triggered the analysis work here. Two of key steps to success were: the abandonment of all performance comparisons between biological and machine entities; and the avoidance of using the human brain as some ‘golden’ intelligence reference.
This presentation is suitable for professionals and public alike, and comes fully illustrated by high quality graphics, animations and movies. Inevitably, it contains (engineering) mathematics that non-practitioners will have to take on trust, whilst professionals may wish challenge on the basis that the focus on getting a solution rather than the purity of the process!
This document discusses emerging technologies and their potential impacts. It covers topics like artificial intelligence, quantum computing, robotics, cyborgs, smart materials, fusion power, artificial life, malware, biobots, network bots, and more. The document notes that many of these technologies are still in early experimental stages and face challenges before being ready for widespread use. It also discusses debates around AI safety and the relationship between humans and increasingly intelligent machines.
We are engaged in a war the like of which we have never seen or experienced before. Our enemies are invisible and relentless; with globally dispersed forces working at all levels and in all sectors of our societies. They are better organised, resourced, motivated, and adaptive than any of our organisations or institutions, and they are winning. This war is also one of paradox!
“The cost to many nations is now on a par with their GDP”
“No previous war has seen so many suffer so much to (almost) never retaliate”
“We are up against attackers who operate as a virtual (ghost-like) guerrilla army”
“No state can defend its population and organisations, and they stand alone - isolated and exposed”
“A real army/defence force would rehearse and play all day and very occasionally engage in warfare. We, on the other hand, are at war every day but never play, war-game, or anticipate new forms of attack”
To turn this situation around we need to understand our enemies and adopt their tactics and tools as a part of our defence strategy. We also have to be united, and organised so the no one, and no organisation, stands alone. We also have to engage in sharing attack data, experiences and solutions.
All this has to be supported by wargaming, and anticipatory solutions creation.
The good news is; we have better, and more, people, machines, networks, facilities, and expertise than our enemies. All it requires is the embracing of advanced R&D, leadership, sharing, and orchestration on a global scale.
In 2015/16 a number of bodies/nations set about defining societies they would aspire to in the near future. Each vision document similarly described some idealistic, egalitarian, super-smart, human centred, state providing a near uniformity of living conditions, and opportunity. At the same time, each society would be free of adversity, with economic development guided by ecological and human need. Of course, economic growth was defined to continue in line with the past. Very nice, but a product of old linear thinking and modelling!
It is now approaching 2022 and in the past 5/7 years our base silicon technology has advanced to enjoy a >30 fold increase in computing power. Our top end mobile devices would now challenge a super computer of 1996/7 era, whist AI systems now pervade our homes, offices, vehicles, professions and all our on-line services. At the same time, information overload has started to rival some medical conditions!
All of this has also been compounded by two years of COVID-19 lockdowns and restrictions that have seen the normalisation of social isolation, limited travel, working and eduction from home, virtualised medicine and care, support services, shopping and meetings. In turn, this has resulted in empty offices, towns and cities. Concurently, climate change, global warming, pollution, finite resources, a stressed planetary system, and social unrest have suddenly become urgent issues. Against this backdrop it really seems to be time to revisit those Society 5.0 Visions and the limited linear thinking that contrived them!
In this presentation we examine many of the core parameters and assumptions to highlight existing, or soon to be realised, solutions and remedies. In doing so, a different picture of Society 5.0 emerges.
The biggest force for social change since the first industrial revolution has been adjusting to, and taking advantage of, the new and accelerating capabilities of our advancing technologies. And in our entire history, the dominant technology driver has been silicon-based electronics. It has prompted revolutions in Computing, Telecoms, Automation, AI, and Robotics that radically changed the human condition. Today, that same exponential revolution is accelerating us into Industry 4.0 and onto Industry 5.0.
The consequential transformation of medicine, industrial design and production, farming, food, processing, supply and demand has seen living standards improve and life expectancy widen. Many of our institutions have also seen tech-driven transformations in line with industry. If there has been a down-side to this progression, it has been our inability to transform the workforce ahead of new demands. Unemployment has persisted whilst reeducation and retraining have been on the back foot, whilst, the net creation of new jobs has always exceeded the demise of the old. As a result, leading countries in the first world now have labour shortages at all levels right across the spectrum.
Recently, COVID-19 has demonstrated that we have the technology and we can rapidly reorganise and change society if we have to. So in this presentation, we examine ‘the force functions’ and changes engineered to date, and then peer over the horizon to sample what is to come in terms of technologies and working practices…
Throughout my career in science, engineering and management I attended numerous meeting where many misconceptions and misinterpretations were evident. Perhaps the most expansive and expensive were the probabilities assumed and calculated for system reliability and/or product manufacturing quality. Eventually, I began to refer to this as ‘five nines’ problem!
Not fully understanding the origins of the reliability measures, it is so easy to demand a 99.999% instead of 99.99% up time for an electronic system. What could be easier? At face value it appears to be trivial and straightforward! Likewise, taking a 5s manufacturing plant up to a 6s defect level turns out to be a monumental engineering challenge! And at the time of writing 6s has never been achieved!
It appears that to few engineering and management courses address this topic, and if they do, it is as a scant reference of insufficient depth. So, we see far too many students understand in any depth, if at all! And when they become managers they just ‘don’t get it’!
This presentation and the associated lecture have been specifically created to address this problem with relevance to BSc, BA, MSc and MBA students along with anyone needing a refresher or explicit introduction to the topic. In addition to the graphics, animations and movies, the lecture is also littered with practical examples and the outcomes of case studies.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
1. 0 1 1 0 1 0 0 0 1 1 0 1 1 1 0 0 1 0 0 1 1 1 0
1 0 0 1 1 1 0 1 0 1 1 0 1 0 1 1 1 0 0 0 0 1
1 1 0 1 1 1 0 0 1 0 0 1 1 1 0 1 0 1 1 0 1 0 1
C Y B E R
A T T A C K
SCENARIOS
p e t e r c o c h r a n e . c o m
Prof Pet er Coch rane OBE
2. STUDENT ALERT
This Lecture is a primarily a RED TEAM exercise
where we move between reviewing the field to a group
looking to create a new Cyber Attack Business
Be prepared to adapt an attacker mind-set and to think
the unthinkable!
The process will be highly interactive and to fully
understand you will have to fully engage
Te
xt
3. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Where do we start?
T h e s p e c t r u m & S c a l e o f A t t a c k e r s !
4. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Where do we start?
T h e s p e c t r u m & S c a l e o f A t t a c k e r s ! Military
Nat Defence
Intelligence
Services
Terrorists
5. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Where do we start?
T h e s p e c t r u m & S c a l e o f A t t a c k e r s !
Medium
Game
Medium
Gain
Short
Game
Low
Gain
Long
Game
Massive
Gain
Boy In a
Bedroom
Start Up
Small
Business
Medium
Business
Large
Business
Global
Business
Public
Bodies
Military
Nat Defence
Intelligence
Services
Terrorists
6. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Where do we start?
T h e s p e c t r u m & S c a l e o f A t t a c k e r s !
Medium
Game
Medium
Gain
Short
Game
Low
Gain
Long
Game
Massive
Gain
Boy In a
Bedroom
Start Up
Small
Business
Medium
Business
Large
Business
Global
Business
Public
Bodies
Military
Nat Defence
Intelligence
Services
Terrorists
Zip Planning
Opportunistic
Vision
Plan
£0
Vision
Mission
Partners
Plan £X
MD CEO
Board
Investors
R&A £XX
Military
Civil Service
Fully Funded
MD CEO
Board
Investors
Management
MD CEO
Board
Divisions
Management
7. F r e e d o m s
W h a t c a n b e d o n e ?
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Terrorists
Intelligence
Services
Military
National
Defence
Police
Government
Bounded and constrained by
G e n e v a C o n v e n t i o n , l e g a l
s y s t e m s , h u m a n m o r a l i t y ,
s o c i a l n o r m s a n d p u b l i c
opinion/acceptability…
Unbounded & unconstrained
Subject to nothing & no one!
D e f e n d e r s
8. F r e e d o m s
W h a t c a n b e d o n e ?
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Terrorists
Intelligence
Services
Military
National
Defence
Police
Government
Bounded and constrained by
G e n e v a C o n v e n t i o n , l e g a l
s y s t e m s , h u m a n m o r a l i t y ,
s o c i a l n o r m s a n d p u b l i c
opinion/acceptability…
Unbounded & unconstrained
Subject to nothing & no one!
I n
f
i n
i t
e
f r
e
e
d
o
m
f
i n
i t
e
l i m
i t
e
r
s
D e f e n d e r s
9. a s s u m i n g
A t T a c k e r
M I N D S E T S
W E A R E T H E
R E D T E A M
This turns out to be a really good
stance in trying to understand
the motivations, methods,
structures and ethos of this ‘Dark
Side’ of humanity and how they
contrast with the governments,
institutions, industries, and
peoples they attack and exploit!
Fr
o
m
h
er
e
o
n
w
e
s
p
ea
k
A
N
D
th
in
k
a
s
if
w
e
a
r
e
b
la
c
k
h
a
ts
/a
tta
c
k
er
s
r
ev
iew
in
g
a
n
d
p
la
n
n
in
g
11. A t t a c k e r
Clarity of purpose is a must !
This is a minimal requirement before
we start any form of enterprise - and
time needs to be devoted to
thinking, examining, evaluating every
aspect if we are to achieve success !
What is our target sector to be?
What role are we aiming for?
What are the tools we have ?
What is our unique offering ?
Why choose a given sector?
How are we going to enter?
How do we select targets?
How are we to attack?
12. T O S u c c e e d
Essential to be professional & dedicated
Defines the desired future
position of the company
Details the company’s business
objectives, ambition and ethos
General process/action(2) necessary
to realise goals/long-term mission
An ordered fine grain detailing/list of
all that has to be done to achieve the
objectives including all contingencies
“ Great success does not happen by accident,
it demands great effort, good investment,
dedication to achieving the vision, professional
management and leadership”
13. S e r i o u s
We have to be professional
“ All the failed start up
ventures I have engaged
with have suffered poor
or inadequate staffing
and/or management,
funding or marketing ,
and at no time was it
the idea or the tech
after due diligence had
been completed”
“ We can learn a lot
from the study of those
that have gone before”
14. Business Model
Who to attack - the why, how and what
Like business or armies: Professionals do not
waste resources or act in some random way:
they have a Vision, Mission and a Plan!
15. Business Model
Who to attack - the why, how and what
Like business or armies: Professionals do not
waste resources or act in some random way:
they have a Vision, Mission and a Plan!
Methodologies
Access Points
When/Where/
How/Teams &
Tools/Duration
Choose a Target: and Research,
Assess Value/Worth and Potential
RoI Quantify and Identify all
Vulnerabilities/key opportunities
Retribution, Disruption, Discrediting,
Behavioural Change, Political Steer/
Gain, Commercial Damage, Reputation
Damage, Business Disabling, Money
Making, Propaganda +++++
Political, Economic, Market,
Societal, Criminal Superiority,
Global Order Change, Regime
Change+++++
16. MODUS OPERANDI ?
Professional = success/profitable
Ape small, medium, large, national,
multinational scale operations/business
structures/practices with management
chain, people recruiting and investments!
Political, Economic, Market, Societal, Criminal Superiority, Global Order Change, Regime Change+++++
Recruit those who worked in legitimate
businesses attended Business School,
served in the Military & have been
well trained & educated to meet
commercial and defence needs
Recruit well educated and
qualified/experienced tech
teams with deep knowledge
of defence/attack methods
17. target space
Published industry surveys help !
Organisations advertise where they are strong
and where they are weak, who is rich and who is
poor, and the likely attack complexity/challenges
The commercial media provide company/product/sales reviews, and
then there is the Stock Market for Valuations and Share Price.
Companies House (UK), and The Securities & Exchange
Commission USA hold all Company returns
(Reports and Accounts) available
for public inspection!
18. Pick a target
Who to attack - the why and how
We need to know and understand the target
in order to formulate and execute an effective
attack and realise the desired outcome/RoI
Objective: Define precisely what is to be achieved - The RoI
Target: Research, Assess RoI, Quantify, Identity Weaknesses and Opportunities
Plan: Methodology, Point of Access, Tool(s) to be Deployed, When and Duration
Deployment: Proceed as planned but be prepared to adapt in real time
Ongoing: IFF successful/targets met - step and repeat , IFF not move on
19. C R A z y ta r g e t s
Published and advertise what they do!
Organisations give away so much
information and we can infer where they
are strong/weak, how rich/poor they are,
and the likely attack complexity/effort
required
Trade Press: Service and Supplier deals and contracts visible
Tech Papers: System and network detail - ie Block Chain Configs
Job Adverts: Define experience and expertise and experience requirements
WebSites: Often detail/divulge some customer, supplier, data operational info
Presentations: Business models, modes of operation, mobility, equipment, nets
Tech Support: So very knowledgable and helpful…along with Sales/Marketing
20. S i t e M a p s
These are so very handy!
Many big organisations are so very helpful in revealing
how they are organised and provide short cuts to
every corner of their on-liner and campus empires
https://www.bp.com/en/global/corporate/site-map.html
https://www.ourtesco.com/our-facilities-at-welwyn/interactive-3d-map/
https://www.tesco.com/help/site-map/
https://www.att.com/sitemap/
https://www.next.co.uk/site-map
S
m
a
l
l
s
a
m
p
l e
21. govuk should be gov.uk
D E S I G N G U I D E S
Suppose you want to spoof a site !
Many big organisations are so very helpful
how they are organised and provide sh
every corner of their on-liner and campus
https://design.tax.service.gov.uk/hmrc-content-style-guide/
https://designnotes.blog.gov.uk/2014/02/18/two-new-design-guides/
DVLA:Your outstanding vehicle tax refund from an overpayment is pending.
Please visit our secure link to process https://dvla.govuk-ol11.com/?c=2
ON MY SCREEN THIS WEEK: Nice Web Site :-)
Really!
https://design-system.service.gov.uk/sitemap/
22. govuk should be gov.uk
D E S I G N G U I D E S
Suppose you want to spoof a site !
Many big organisations are so very helpful
how they are organised and provide sh
every corner of their on-liner and campus
https://design.tax.service.gov.uk/hmrc-content-style-guide/
https://designnotes.blog.gov.uk/2014/02/18/two-new-design-guides/
DVLA:Your outstanding vehicle tax refund from an overpayment is pending.
Please visit our secure link to process https://dvla.govuk-ol11.com/?c=2
ON MY SCREEN THIS WEEK: Nice Web Site :-)
Really!
https://design-system.service.gov.uk/sitemap/
W
E
c
a
n
D
0
M
U
C
H
b
e
t
t
e
r
T
h
is
is
a
l
a
z
y
d
e
s
ig
n
e
r
24. Windfalls Beyond belief
An infinity of personal accounts and passwords
We can buy acres of this
on the DarkWeb!
25. CRAzy Behaviour
Just a few samples of on-line tips!
Organisations give away so much
information and we can infer where they
are strong/weak, how rich/poor they are,
and the likely attack complexity/effort
required
https://aws.amazon.com/solutions/case-studies
Based on monthly spend: the top 10 Amazon AWS customers:
•Turner- $10 M
•BBC - $9 M
•Baidu - $9 M
•ESPN - $8 B
•Netflix - $19 M
•Twitch - $15 M
•LinkedIn - $13 M
•Facebook - $11M
https://cloud.google.com/customers
https://www.ibm.com/cloud/case-studies/
26. W at c h & L i s t e n
In public and on line - unguarded chatter
Very few organisations give their
people any form of security training or
advice on travel and meetings and they
divulge so much when asked!
Social Media
Restaurants
Coffee Shops
Friends/Relatives
Gatherings/Events
Meetings of all kinds
++++++
So much can be gained from the minor investment of a few drinks,
a meal, the hire of a professional snooper, direct purchases on the
Dark Web et al
27. H a c k e r A n a t o m y
A s k i l l e d s p e c i a l i s t f o r h i r e a n y t i m e
28. Cyber Crime Market
W h a t ’ s o u r % t a r g e t o f t h i s g i a n t p o t ?
“With entry costs relatively low and profits exceeding those of
traditional crimes, cyber is an attractive choice for most criminals.
Thus, we can expect cybercrime cases to reach new heights in 2020.”
29. Cyber Crime Market
W h a t ’ s o u r % t a r g e t o f t h i s g i a n t p o t ?
“With entry costs relatively low and profits exceeding those of
traditional crimes, cyber is an attractive choice for most criminals.
Thus, we can expect cybercrime cases to reach new heights in 2020.”
C re a t i n g a n e w ‘ D a r k B u s i n e s s’
d e m a n d s t h a t s t u d y & f u l l y u n d e r s t a n d t h e
o p p o r t u n i t y s p a c e & c o m p e t i t i o n
30. Assessment
M a r k e t R e a l i t y 2 0 2 0
Attacks escalating
Target surface growing
Attackers winning the war
Attacker rewards up by the year
Defenders have ineffective defences
Targets not collaborating or sharing
Defenders disorganised and underinvesting
People remain the biggest attack opportunity
All security tools still reactive and mostly outdated
An open/collaborative attacker market is far superior
CyberCrime economy is now eligible to join G8 !
31. Assessment
M a r k e t R e a l i t y 2 0 2 0
Attacks escalating
Target surface growing
Attackers winning the war
Attacker rewards up by the year
Defenders have ineffective defences
Targets not collaborating or sharing
Defenders disorganised and underinvesting
People remain the biggest attack opportunity
All security tools still reactive and mostly outdated
An open/collaborative attacker market is far superior
CyberCrime economy is now eligible to join G8 !
A
G
r
ea
t
O
p
p
o
r
tu
n
ity
s
p
a
c
e
fo
r
a
n
y
n
ew
ed
u
c
a
ted
c
a
p
a
b
le
a
n
d
in
n
o
v
a
tiv
e
en
tr
a
n
t
S
ta
r
tu
p
32. SCENARIOs
Description of possible events
Creation Mechanisms:
•Thinking
•CopyCat
•Searching
•Workshops
•Wargaming
•Consultants
•Brainstorming
•BrownPaper Fair
•Post It Note Panic
•Follow The Heard
•Dynamic Reactivity
Can we ‘dream up’ and consider all the potential
possibilities that we might exploit as attackers ?
33. SCENARIOs
Description of possible events
Creation Mechanisms:
•Thinking
•CopyCat
•Searching
•Workshops
•Wargaming
•Consultants
•Brainstorming
•BrownPaper Fair
•Post It Note Panic
•Follow The Heard
•Dynamic Reactivity
Can we ‘dream up’ and consider all the potential
possibilities that we might exploit as attackers ?
M
e
T o o
O R
N O T
M
e
T o o
V i s i b l e
I n v i s i b l e
o b l i q u e
34. P r i m e M o t i v a t i o n s
A re we b r i n g i n g a n y t h i n g n e w t o t h e g a m e ?
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/
Prime Motivation
Making $$$$
Prime Motivation
Trade Secrets
Military
Security
Prime Motivation
Domination and
TakeOver
35. P r i m e M o t i v a t i o n s
A re we b r i n g i n g a n y t h i n g n e w t o t h e g a m e ?
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/
Prime Motivation
Making $$$$
Prime Motivation
Trade Secrets
Military
Security
Prime Motivation
Domination and
TakeOver
If
w
e
a
r
e
a
n
ew
s
ta
r
t
s
h
o
r
t
o
f
fu
n
d
s
w
e
n
eed
s
o
m
e
q
u
ic
k
a
n
d
d
ir
ty
to
g
et
s
o
m
e
b
itc
o
in
fa
s
t
40. A l a r g e f i n a n c i a l P OT
A w e l l d e f e n d e d c o r e & w i d e o p e n p e r i p h e r y !
41. A l a r g e f i n a n c i a l P OT
A w e l l d e f e n d e d c o r e & w i d e o p e n p e r i p h e r y !
A target rich opportunity:
• Wealthy technophobic (organisation?) customers
• Processes, protocols and methodologies well known
• Millions of people involved with dispersed offices
• Multiple points of access PSTN, VOIP, Network+
• Staff trained to help customers BIG and small
++++
• Many possible attack modes: Phishing, Whaling,
Malware, Man-in-the-Middle, Insider, Contractor,
bribery, corruption, coercion
42. A l a r g e f i n a n c i a l P OT
A w e l l d e f e n d e d c o r e & w i d e o p e n p e r i p h e r y !
A target rich opportunity:
• Wealthy technophobic (organisation?) customers
• Processes, protocols and methodologies well known
• Millions of people involved with dispersed offices
• Multiple points of access PSTN, VOIP, Network+
• Staff trained to help customers BIG and small
++++
• Many possible attack modes: Phishing, Whaling,
Malware, Man-in-the-Middle, Insider, Contractor,
bribery, corruption, coercion
n
o
t
ex
a
c
tly
v
ir
g
in
ter
r
ito
r
y
b
u
t
n
o
t
s
o
ta
r
g
eted
a
s
w
e
m
ig
h
t
ex
p
ec
t
a
n
d
th
u
s
w
o
r
th
c
o
n
s
id
er
in
g
43. “Exploit disguise, camouflage, human fallibility, do
the unexpected - exploit first mover advantage”
A t t a c k e r A d v a n t a g e
U n b o u n d e d l e ve ra g i n g e ve r y d e g re e o f f re e d o m
“Weaponise the position, knowledge, expectation,
and easy to access resources of targets”
“Take advantage of surprise in the time, place,
method and direction of attack”
“If possible design attack modes that can go
undetected to be utilised many times and/or remain
dormant until triggered
44. “Exploit disguise, camouflage, human fallibility, do
the unexpected - exploit first mover advantage”
A t t a c k e r A d v a n t a g e
U n b o u n d e d l e ve ra g i n g e ve r y d e g re e o f f re e d o m
“Weaponise the position, knowledge, expectation,
and easy to access resources of targets”
“Take advantage of surprise in the time, place,
method and direction of attack”
“If possible design attack modes that can go
undetected to be utilised many times and/or remain
dormant until triggered
Th
e
id
ea
l
s
c
en
a
r
io
is
to
a
tta
c
k
/s
u
c
c
eed
a
n
d
m
o
v
e
o
n
u
n
d
etec
ted
a
n
d
th
en
r
ep
ea
t
la
ter
45. M o r e w i s d o m s
A 650 BC book really worth reading
“All warfare is based on deception”
“The whole secret lies in confusing the target(s), so that
he cannot fathom our real intent.”
“Engage target(s) with what they expect; it is what they
are able to discern and confirms their projections. It
settles them into predictable patterns of response,
occupying their minds while you wait for the extraordinary
moment — that which they cannot anticipate.”
Audio Book
https://www.youtube.com/watch?v=X7rhovBK_eA
46. S tat u s Q u o
D i s t r i b u t i o n o f a t t a c k s
http://www.wordlistresearch.com/2017
B ro w s e rO t h e r s
S c a m
W W W
M a l w a r e
Wo r m
B r u t e F o rc e
D D o S
A n i n d i c a t i v e a n a l y s i s o f a v a s t
n u m b e r o f r e p o r t s g i v i n g g u i d a n c e
i n o u r d e c i s i o n m a k i n g
47. market potent ial
R e l a t i v e 2 0 1 9 C y b e r E a r n i n g s
https://bit.ly/2Uu0QaD
“With entry costs relatively low and profits exceeding those of
traditional crimes, cyber is an attractive choice and we can expect
cybercrime cases to reach new heights in 2020 and beyond.”
48. market potent ial
R e l a t i v e 2 0 1 9 C y b e r E a r n i n g s
https://bit.ly/2Uu0QaD
“With entry costs relatively low and profits exceeding those of
traditional crimes, cyber is an attractive choice and we can expect
cybercrime cases to reach new heights in 2020 and beyond.”
C
y
b
er
C
r
im
e
is
th
e
s
in
g
le
b
ig
g
es
t
a
n
d
m
o
s
t
s
u
c
c
es
s
fu
l
b
u
s
in
es
s
o
n
th
e
p
la
n
et
49. W h e r e d o w e f i t ?
2 0 1 9 R e l a t i v e E a r n i n g s b y S i l o
https://bit.ly/2Uu0QaD
Cyber-crime groups operate as regular companies
hiring specialised staff and management. Some have
public personas to maintain a good reputation. Most
of their sales are on the dark web - reputation is key.
50. W h e r e d o w e f i t ?
2 0 1 9 R e l a t i v e E a r n i n g s b y S i l o
https://bit.ly/2Uu0QaD
Cyber-crime groups operate as regular companies
hiring specialised staff and management. Some have
public personas to maintain a good reputation. Most
of their sales are on the dark web - reputation is key.
C
y
b
er
C
r
im
e
h
a
s
s
o
m
e
o
f
th
e
b
es
t
b
u
s
in
es
s
p
r
a
c
tic
es
/m
a
n
a
g
er
s
a
n
d
EV
IL
p
eo
p
le
o
n
th
e
p
la
n
et
51. d a r k w e b
U l t i m a t e To o l B o x
Cheat Sheet: https://tek.io/2UhhRpA
A TOR (or similar) Browser or similar required to gain access
WARNING
This is the Devils Domain - SEE NEXT SLIDE
Fully developed hacker tools
Tech support and tutorials
Latest attack tips & methods
Consultant hackers for hire
Password/Account databases
R&D Programmes to join
Investors and money handling
+++++
On-line SuperStore for the hacker and criminal
communities with a vast army of professional
contributors and leading edge products
52. STUDENT WARNING
I d o n o t re c o m m e n d e n t e r i n g t h i s d o m a i n , BU T i t i s t h e o n l y
re a l wa y o f a p p re c i a t i n g t h e f u l l p o t e n t i a l - S O i f yo u d o
d e c i d e t o h a ve l o o k , t h e n :
1) Use an old machine/fake ID in a coffee shop
2) Have your camera, mic, tracking turned off
3) Make sure all location service options are off
4) Employ security (Norton et al) throughout
5) Only have a single app (TOR) installed
6) DO NOT complete any transactions
7) Reveal no personal info whatsoever
8) Factory reset machine when done
9) Security scan machine on boot
RECOMMENDATION: Enter, take a look, get a taste, get out
53. M O R E R E A D I N G
O t h e r d i m e n s i o n s o f D a r k N e t s
How the Dark Web works (ZDNet)
10 things you didn't know about the Dark Web (ZDNet)
This dark web market is dedicated to compromising your emails (ZDNet)
Dark Web 101:Your guide to the badlands of the internet (CNET)
The United Nations: "We're all facing the same global cyber-threat" (TechRepublic)
Four misleading myths about the Dark Web (TechRepublic)
The light side of the Dark Web (TechRepublic)
IBM Security takes us on a tour of the Dark Web (TechRepublic)
54. 2019 TOP 10 ATTACKS
Human instinct, emotion, rational is at the wheel
The skilled attackers have
access to a global market
of data and well honed
tools via the Dark Web
•Malware: A growing catalogue of brutality and sophistication
•Phishing: Preying on the naive, gullible, tired, unprepared
•Man-in-the-Middle: Pretending to be someone/something else
•Denial of Service: Disrupting business, services, access, nets
•SQL Injection: Introduces false instructions and requests
•Zero/Day One: Invisible and lying in wait for an opportunity
•Cross Scripting: Reprogramming appearance/purpose/function
•ID Spoofing: Log-On illegal access/entry to accounts and sites
•Password: Stolen, Brute Force, Cracked, Directory Trial & Error
•Drive By: Malicious script embedded in an insecure website
55. 2019 TOP 10 ATTACKS
Human instinct, emotion, rational is at the wheel
The skilled attackers have
access to a global market
of data and well honed
tools via the Dark Web
•Malware: A growing catalogue of brutality and sophistication
•Phishing: Preying on the naive, gullible, tired, unprepared
•Man-in-the-Middle: Pretending to be someone/something else
•Denial of Service: Disrupting business, services, access, nets
•SQL Injection: Introduces false instructions and requests
•Zero/Day One: Invisible and lying in wait for an opportunity
•Cross Scripting: Reprogramming appearance/purpose/function
•ID Spoofing: Log-On illegal access/entry to accounts and sites
•Password: Stolen, Brute Force, Cracked, Directory Trial & Error
•Drive By: Malicious script embedded in an insecure website
W
e
h
a
v
e
to
d
ec
id
e
to
fo
llo
w
th
e
c
r
o
w
d
o
r
a
d
o
p
t
a
d
iffer
en
t
s
tr
a
teg
y
/a
p
p
r
o
a
c
h
57. Why attack ?
What is the primary motivation
Always nice to have a target in mind!
Really useful for
business planning !
58. Why attack ?
What is the primary motivation
Always nice to have a target in mind!
Really useful for
business planning !
Yummy!
>100Bn by 2525
>1000Bn by 2030
What a great and growing
attack portal !
59. attack TYPE?
A b ro a d c h u rc h o f o p t i o n s
Most attack modes are easily detected and
rendered visible, but there are skilled and
undetected attackers who come and go…&
the damage shows up (much) later !
•Unauthorised access to a digital network, system and/or its data
•To access personal/secure people/businesses information
•Hacking for criminal/illegal/unsolicited purposes
•Unauthorised use of a computer/network
•Malware installation/infection
•Denial of service
•Mischief
•++++
The intentional distortion of
communication and the
purposeful corrupting of
data can be devastating
for societies, commerce &
democracy, but profitable
for Dark Businesses
60. attack TYPE?
A b ro a d c h u rc h o f o p t i o n s
Most attack modes are easily detected and
rendered visible, but there are skilled and
undetected attackers who come and go…&
the damage shows up (much) later !
•Unauthorised access to a digital network, system and/or its data
•To access personal/secure people/businesses information
•Hacking for criminal/illegal/unsolicited purposes
•Unauthorised use of a computer/network
•Malware installation/infection
•Denial of service
•Mischief
•++++
The intentional distortion of
communication and the
purposeful corrupting of
data can be devastating
for societies, commerce &
democracy, but profitable
for Dark Businesses
M
is
c
h
ief
c
a
n
b
e
a
p
o
w
er
fu
l
w
a
y
o
f
c
r
ea
tin
g
d
is
tr
a
c
tio
n
fr
o
m
th
e
m
a
in
ev
en
t
61. R a n d o m H a c k s
Domain of the opportunistic amateur
The small fry nuisance that occasionally
strike it lucky and gain access to web sites
and other facilities and get headline
coverage/featured in the media
“ A keyboard is a very poor substitute
for thinking, investigating, planning,
and a good business model”
“ But very occasionally this army of
hams stumble onto something useful -
and we should watch them just in case”
62. R o g u e S t a t e
Military-business professional approach
May be military and/or security service
based or indeed outsourced to peripheral
pseudo-companies in or out of country
Their vision, mission and plan is generally
wide and diverse with everything from stealing
money and intellectual property to military
defence/attack, political subversion and
regime change…
Beyond technology we might expect spies,
collaborators, plants, blackmail victims, the
duped and more/much worse
63. Every malware type is speciated
and we are also seeing a deal of
interbreeding using Artificial Life
Top 10 Malware 2019
A highly dynamic profile changing by the Quarter
64. Every malware type is speciated
and we are also seeing a deal of
interbreeding using Artificial Life
Top 10 Malware 2019
A highly dynamic profile changing by the Quarter
Th
is
is
s
u
c
h
a
s
a
fe
a
r
ea
to
en
g
a
g
e
in
a
s
th
e
s
o
u
r
c
e
c
a
n
r
em
a
in
h
id
d
en
w
h
ils
t
b
o
ts
d
o
a
ll
th
e
w
o
r
k
65. Almost everything imaginable is
available at a price on The Dark Net
including ‘call-off-contact’ support,
workforce and consultants!
Assembling a Tool Box
What can we access and exploit that involves no work?
Let’s make a start by looking at the
most popular recently in use but
not forget that a lot of the old can
be got at zero, or near zero costs &
reused, resurrected, repurposed,
modified, and used as ‘seeds’ for
new configurations and types!
66. Attack Tools 2020
Just one of numerous ‘stores’ on the Dark Web
We don’t have to code as we can
download all the tools required to
become a super Hack - and there
are skilled ‘dark consultants’
available for hire if help is needed!
67. M a l w a r e / O S
Attacks by Mobile Device
Android
Windows
Other
iPhone
>20M Species of
Malware Recorded
for Android Alone
Best Ball Park Estimate
of different/speciated
malware types >60M
This is fundamentally a
display of basic design
weakness and a good
indicator of where to
focus attacks!
Where should we target if you
were are to maximise the RoI
and minimise the cost of entry?
68. To o l s c r e at i o n
A well funded/distributed global industry
Growth curve for just one mobile sector
and one particular OS up to early 2019
extracted from operational data
Extrapolating out to the
end of 2020 and this will
have grown to ~ 35k
Number of new &
speciated tools
76. Defence Rating
Directly related to target wealth!
R
ic
h
C
o
u
n
tr
ies
w
ith
g
o
o
d
d
efen
c
es
o
ffer
v
er
y
b
ig
r
ew
a
r
d
s
IFw
h
en
a
s
u
c
c
es
s
is
r
ea
lis
ed
p
o
o
r
C
o
u
n
tr
ies
w
ith
p
o
o
r
d
efen
c
es
s
ee
v
er
y
s
m
a
ll
r
ew
a
r
d
s
ev
en
w
h
en
s
u
c
c
es
s
es
a
r
e
p
len
tifu
l
77. Attack strategies
M i n d g a m e s b a s e d o n w h a t we k n o w
•Access: A growing catalogue of brutality and sophistication
•Phishing: Preying on the naive, gullible, tired, unprepared
•Man-in-the-Middle: Pretending to be someone/something else
•Denial of Service: Disrupting business, services, access, nets
•SQL Injection: Introduces false instructions and requests
•Zero/Day One: Invisible and lying in wait for an opportunity
•Cross Scripting: Reprogramming appearance/purpose/function
•ID Spoofing: Log-On illegal access/entry to accounts and sites
•Password: Stolen, Brute Force, Cracked, Directory Trial & Error
•Drive By: Malicious script embedded in an insecure website
78. t h e w e a k e s t L i n k
Pe o p l e a r e b y f a r t h e s i n g l e b i g g e s t r i s k
I n o r g a n i s a t i o n s l a r g e a n d
s m a l l , i t o n l y t a k e s o n e t o
m a k e a n e r r o r, b e c o m e
c o r r u p t e d , g e t u p s e t ,
g i v e i n t o t e m p t a t i o n ,
t u r n t o t h e D a r k S i d e !
“ Pe o p l e a re i n h e re n t l y k i n d a n d h e l p f u l
a n d w i l l r u s h t o y o u r a i d s h o u l d t h e y
t h i n k y o u a r e h a v i n g d i f f i c u l t y o r a n d
s o m e k i n d o f d i f f i c u l t y ”
“ T h e y a re a l s o ve r y p l e a s e d t o f o l l o w
y o u r i n s t r u c t i o n s i f t h e y p e r c e i v e t h a t
y o u a r e k i n d a n d t r y i n g t o h e l p t h e m ”
79. Exploiting Human traits
D y n a m i c a n d N o n - L i n e a r - E a s y t o A c c e s s
Sa
http://www.wordlistresearch.com/2017/12/negative-words
H
app
ignoran
vengef
trustin
corruptibl
helpfuinnocen
careles
gullible
fallibl
kin
carin
Naiveunthinkin
frustrate
reckless
unaware
competitiv
depresse
angr
caring
carefuldeceptive
crafty
selfish
selfless
cunning
sill
dum
scheming
open
close
80. W e a k P a s s w o r d s
C a t a l o g u e s a va i l a b l e o n t h e D a r k We b
People in organisations and at
home use these and make
their accounts easy to crack
81. O p e n & C l o n e d
C a t a l o g u e s o n t h e D a r k W e b
Vast amounts of our data are public
or have been stolen and/or cloned
82. enraged employee
F r u s t r a t e d b y f a i l u r e t o a d v a n c e
Feels unappreciated and undervalued
Always overlooked for promotion
Really dislikes management chain
At odds with the company values
Stays on site & creates damaging failures and/or data changes
Leaves the company and plants software bombs/backdoors
Open to bribery and corruption and the stealing of IP
83. i n n o c e n t e m p l o y e e
Feels insecure and has become over helpful
Naive, open, careless, needs to be seen to be useful
Gullible and careless with information
Talks too much when care is needed
Unquestioning and so very supportive
Random information and data
Tends to be careless and make mistakes
Open to being ‘steered’ by a skilled manipular
84. M a l i c i o u s e m p l o y e e
Hates successful, happy, people & feels cheated
Perhaps a bad, poor, disrupted, deprived home/childhood/education
Probably something of a social misfit and/or sociopath/psychopath
Likely intolerant less empathic - with fewer friends than most
Normally angry and upset about almost everything
Random acts of physical and software damage
Open to suggestion and acting as an agent of crime
Open to bribery and corruption and the stealing of almost anything
85. H O N E Y P O T S
Applies equally to both sexes
Older man - younger woman
Older woman - younger man
Careless talk, briefcase, laptop access
Access to some informal meetings
Overhearing telephone calls
Listening device planting
Geo tracking/bugging
Spyware install
Long term investment and
strategy most often used
by rogue states for .Gov
& industrial spying with
operations spanning years
86. T h e V i s i t o r S
Consultants, Contractors, Temps
Long term investment and
strategy most often used
by rogue states for spying
government & industrial
spying operations spanning
tears
On site(s) and embedded inside the company
Online and general info/document access
Engaged with management/workforce
Hidden cameras and sound recording
Eyes and ears engaged 24 x 7
HD/Thumb Drive Theft
Bugging device planting
Software installs
+++++
Rogue States, Criminals, Hackers
Opportunists, The Corrupted and
Corruptible
87. A long-game investment by rogue states
Enjoy a normal (looking) career and life
Undercover for their country full-time
Likely to progress and be promoted
Fully trusted as team members
Usually well educated/capable
Seldom engage in sabotage
Mainly gathering data/info
+++++
S p o t T h e S p y
Recruited in as bona fide employees
88. Wireless to 3,4,5G, WiFi connection wide
open to theft, eaves dropping, link hacking
device in hand
N o w t h e d o m i n a n t m o d e
90. S tat u s Q u o
C y b e r C r i m e E c o n o m y
E A S Y E N T R Y 1
M o s t l y v e r y p o o r p r o t e c t i o n
B e h i n d t h e
F i r e W a l l
i n o n e
s m a l l
s t e p
N o P a s s w o rd s
E a s y P a s s w o r d s
F a c t o r y D e f a u l t
91. E A S Y E N T R Y 2
M o s t l y v e r y p o o r p r o t e c t i o n
92. E A S Y M o n e y
L o w c o s t h u m a n / ro b o t a t t a c k s
93. P h i s h i n g
E x p o n e n t i a l G r o w t h
Always in a race against security teams
looking to shut them down
Security teams report phishing URLs
regularly, but some use web hosts/domains
that ignore reports
Most kits have a short life, and the phishing
window is growing smaller
H i g h l y s u c c e s s f u l / p r o f i t a b l e ;
a n d v e r y e a s y t o a u t o m a t e f o r
e M a i l , T X T a n d s p e e c h
94. P h i s h i n g
E x p o n e n t i a l G r o w t h
o f S p e c i e s s e e s a ra p i d
S h o r t e n i n g L i f e t i m e s
Days to Deactivation
Cumulative%ofKitsDeactivated
25%
50%
75%
100% Cumulative % of kits deactivated
0 40 80 120 160 200
95. P h i s h i n g
E x p o n e n t i a l I n n o v a t i o n
Akamai
96. soft target 1
Ol d p eople and technophobes
Potential RoI
Savings + Pension Pot +
Bank + Cards + eAccounts
Point of Access
Old laptop with no SW updates
Ineffective Malware Protection
Ineffective firewall and Passwords
Default settings on smart TV et al
WiFi visible and easily accessible
Already part of a BOTNET…
Human Weakness
Kind, Helpful, Compliant!
Naive, uneducated, unaware
Subject to Phishing, SPAM, SCAM,
Default settings on smart TV et al
WiFi visible and easily accessible
Below par passwords/security settings
Passwords recorded in a little book
Prone to being taken in by:
MS Support, ISP Fault/Testing/
Service Cut Off, A call from
the bank …
97. soft target 2
Hard working & busy families
Potential RoI
Savings + Services + Sales
Bank + Cards + eAccounts
Point of Access
PC, laptop, tablets, games consoles
Ineffective FireWalls and Malware
Protection across multiple machines
and platforms, weak/no passwords
Default settings on smart TV et al
WiFi @ home and mobile - visible
and easily accessible
Human Weakness
Busy tired parents + innocent children
Not well educated/fully aware,
disconnected from children activity.
Unable to keep up with software/OS
upgrades across all machines, no one
has oversight…
Passwords used multiple times
Prone to being taken in by:
Spoof URL, RansomeWare, Freebies
and low cost kit Day One plus too
good to be true offers, Surveys…
98. soft target 3
The frantic/busy mobile worker
Potential RoI
Customer, Project, Contract,
Sales, Production, Delivery
Data +Account/Co Access
Point of Access
Laptop, tablet, mobile(s), open Blue
Tooth/WiFi, weak MalwareProtection
across multiple machines/platforms,
repeated/reused simple passwords,
automated log on to known/regular
wifi providers
Human Weakness
Busy, in a hurry, stressing environment
Not well trained, briefed, supported
Subject to Phishing, SPAM, SCAM,
Default settings on smart TV et al
WiFi visible and easily accessible
Below par passwords/security settings
Passwords used multiple times
Prone to being taken in by:
Spoof WiF, URL, Device Request
to Link, blind to shoulder surfing
and device theft + USB Plants…
99. soft target 4
T h e S M E / S t a r t U p S e c t o r
Potential RoI
B i l l i n g +eAccounts+Bank+IP+
User/Customer Info
Point of Access
Laptop, tablet, mobile(s), open Blue
Tooth/WiFi, weak MalwareProtection
across multiple machines/platforms,
passwords/access management, many
visitors and meetings, automated log
on to known/regular wifi providers
Human Weakness
Busy, in a hurry, stressed environment
Equipment self provision, sharing
culture, subject to Phishing, SPAM,
SCAM, numerous home and office
wifi appliances et al
No dedicated security team and no
oversight
Passwords used multiple times
Prone to being taken in by:
Spoof WiF, URL, Device Request to
Link, blind to shoulder surfing and
device theft + USB Plants…
100. T h e V I S I TO R ( S )
S a l e s m a n , C o n t r a c t o r + +
Potential RoI: Collects random/
targeted info-Plants, USB/LAN
Dongles - removes drives/discs
Human Weakness Exploitation
Escorted/Freedom of movement -
allowed to be alone, given LAN/Net
access, observes screens, fax, papers,
whiteboards. Conversations overhead
vacuum up all logistic and other info,
observes personal device numbers,
brand variations, mobiles & cameras
for that later planning of an attack
Inadequate visitor checks/validation in
the interest of serving a fast moving
economy and relationships
Prone to being taken in by:
Spoof WiF, URL, Device Request
to Link, shoulder surfing blind &
device theft + USB Plants…
101. h a r d ta r g e t 1
C o mpanies that don’t divulge detail
How is the
Network
Configured?
All protected by strong
encryption 128/256 keys
and disparate routing
102. h a r d ta r g e t 3
L a r g e / I n t e r n a t i o n a l C o m p a n i e s What is actually
in this Cloud?
All protected by strong
encryption 128/256 keys
and disparate cloud
connects
103. T h e soft SIDE OF HARD
L o c a l L o o p , H o m e , M o b i l e , W i F i , B l u e To o t h , L A N
VPN
PN
VPN
PN
Dedicated
Fibre
VPN
PN
Dedicated
Fibre
VPN
PN
VOIP Network Service
Reseller
with direct routing
104. T h e soft SIDE OF HARD
L o c a l L o o p , H o m e , M o b i l e , W i F i , B l u e To o t h , L A N
VPN
PN
VPN
PN
Dedicated
Fibre
VPN
PN
Dedicated
Fibre
VPN
PN
VOIP Network Service
Reseller
with direct routing
Inherently
Insecure
Wired
&
Wireless
Inherently
Secure
Fibre
PN/VPN
Strong
Encryption
Hidden
VPN &
Routings
105. R E A L L Y h a r d t a r g e t s
G o ve r n m e n t , I n s t i t u t i o n s , M i l i t a r y, I n f ra s t r u c t u re + +
N o t re a l l y a g o o d i d e a t o a t t a c k : T h e f o rc e s
o f M I 5 , M I 6 , G C H Q , Po l i c e w o u l d r a i n d o w n !
T h i s d o m a i n i s o n e f o r t h e r o g u e s t a t e s & t h o s e
t h o s e c o n t e m p l a t i n g s o m e f o r m o f w a r / s a n c t i o n s
106. T I M E TO AT TAC K
O n t h e b a s i s o f w h a t
w e h a v e c o v e r e d s o f a r !
107. STUDENT Attack Scenario
O u r s e l e c t e d / r i c h Ta r g e t s : R e t a i l , S M E s , L o g i s t i c s
A l l Ta r g e t s a r e p r o f i t a b l e a n d o p e n t o r a n s o m a t t a c k s
T h e y c a n s u r v i v e a a 2 0 - 2 5 % o f t u r n o v e r o f d e m a n d
A l l a r e d e a d i n t h e w a t e r i f t h e y c a n n o t a c c e s s t h e i r d a t a
109. A c c e s s m e t h o d s
A l l a v a i l a b l e h u m a n a n d n e t m o d e s p o s s i b l e
G a i n p h y s i c a l a c c e s s a s a v i s i t o r
L e a v e a d r i v e i n W C o n c o r r i d o r f l o o r, a n o f f i c e d e s k
H a n d b r o c h u r e s a n d d r i v e s t o t h e f r o n t d e s k
L e a v e b r o c h u r e s a n d d r i v e s i n r e c e p t i o n a r e i f p o s s i b l e
I n s e r t U S B a n d C AT 5 / 5 d o n g l e s i n t o a c c e s s i b l e s o c k e t s
L e a v e a d u l t e r a t e d AV a d a p t e r s / d o n g l e s i n m e e t i n g r o o m s
D i s g u i s e S T U X m a x a s a P D F
E m b e d o n b l a n k t h u m b d r i v e s
E m b e d o n s a l e s t h u m b d r i v e s
E m b e d i n e M a i l s a n d We b S i t e
C r e a t e a d u m m y c o m p a n y
S e e d w e b s i t e , e M a i l s , C a t a l o g u e , S u p p o r t M a t e r i a l s
L i k e w i s e a l l b r o c h u r e s t h u m b d r i v e s a n d f r e e b e e s
C l o s e / E x p u n g e a l l t r a c e s o f c o m p a n y d a y b e f o r e i s s u i n g r a n s o m n o t e s
110. S p e c i a t i o n
A r t i f i c i a l L i f e B r e e d i n g M a l w a r e
111. A t t a c k A l g o r i t h M
G e t t i n g S T U X m a x o n t o L A N s a n d M a c h i n e s
S T U X m a x A c t i v i t y ( t a k e s p l a c e o u t o f h o u r s )
1 ) S e a r c h o u t P C s , L a p t o p s , Ta b l e t s , M o b i l e s S w i t c h e s , S e r v e r s
2 ) S e a r c h o u t b a c k u p d r i v e s a n d C l o u d A c c o u n t s
3 ) I n f i l t r a t e a n d s i t q u i e t f o r 3 0 d a y s d o i n g n o t h i n g
4 ) S T U X m a x n o t a c h i e v i n g ( 1 - 2 ) i n 2 0 d a y s s e l f d e s t r u c t
5 ) R e p o r t b a c k p e n e t r a t i o n a n d p o s i t i o n i n g i m m e d i a t e l y
6 ) S i t q u i e t f o r a f u r t h e r 1 0 d a y s d o i n g n o t h i n g
7 ) O n d a y a d e f i n e d d a t e ( ~ d a y 4 1 ) e n c r y p t a l l f i l e s a n d d r i v e s
8 ) W h e n ( 7 ) c o m p l e t e d a l l S T U X m a x e l e m e n t s t o s e l f d e s t r u c t
112. C o l l e c t i n g t h e $ $ $
B y t h e c o m p a n y o r b y t h e d e v i c e / s e r v i c e / f a c i l i t y ?
1 ) D i r e c t P a y m e n t i n t o B I T C O I N o n l y
2 ) D e s t r o y a l l e v i d e n c e a n d e r a s e a n y a u d i t t r a i l s
3 ) L a y f a l s e t r a i l s a n d p l a n t e r r o n e o u s e v i d e n c e
4 ) W h e n p a y m e n t c o m p l e t e d r e l e a s e e n c r y p t i o n k e y ( s )
5 ) W h e n p r o j e c t e d R o I a c h i e v e d s l o w l y ‘e v a p o r a t e ’ ( 3 )
6 ) W h e n c o m p l e t e d r e v i e w c o m p l e t e a 3 6 0 r e v i e w o f s u c c e s s
7 ) R e f i n e a t t a c k f r o m t h e l e s s o n s l e a r n e d
8 ) L a u n c h a s e c o n d b u t b i g g e r w a v e f u n d e d b y A t t a c k O n e
9 ) R e p e a t ( 6 - 8 ) u n t i l t h e t a r g e t s r e s p o n d w i t h e f f e c t i v e d e f e n c e s
1 0 ) D o ( 9 ) a t t h e p o i n t w h e r e R o I f a l l s s h o r t o f t a r g e t e a r n i n g s
1 1 ) I t i s t i m e t o c o n f i g u r e a n e w f o r m o f m o n e y m a k i n g a t t a c k !
113. C o l l e c t i n g t h e $ $ $
B y t h e c o m p a n y o r b y t h e d e v i c e / s e r v i c e / f a c i l i t y ?
1 ) D i r e c t P a y m e n t i n t o B I T C O I N o n l y
2 ) D e s t r o y a l l e v i d e n c e a n d e r a s e a n y a u d i t t r a i l s
3 ) L a y f a l s e t r a i l s a n d p l a n t e r r o n e o u s e v i d e n c e
4 ) W h e n p a y m e n t c o m p l e t e d r e l e a s e e n c r y p t i o n k e y ( s )
5 ) W h e n p r o j e c t e d R o I a c h i e v e d s l o w l y ‘e v a p o r a t e ’ ( 3 )
C L A S S D I S C U S S I O N
P r o s a n d C o n s o f ( 1 - 5 )
114. P r e p a r e f o r
C L A S S D I S C U S S I O N
A f t e r t h e D e f e n c e S c e n a r i o s
M o d u l e n e x t w e e k
117. F U T U R E S
P r o j e c t e d n e a r & f a r
Multiplexed Attacks
M&A
Resource Hi-Jacks
AI + AL Attack Scenario Creation
AI Behavioural Analysis of People, Machines, Networks
118. Things that Think want to Link
and
Things that Link want to Think
F I N - Q & A ?
www.petercochrane.com