Verify publishes technical guide
The team behind GOV.UK Verify has stepped up the effort to support its integration with government services, with the publication of a technical guide on Github.
It follows the earlier publication of an onboarding guide for the online identity assurance process, providing more information for technical delivery teams. A blogpost highlighted the need to explain issues such as a public key infrastructure and how to request certificates.
The Verify team plans to conduct more user research on the guides and is looking for feedback from government users.
Cloud based CCTV shows vulnerabilities
Cloud based and traditional DVR based CCTV systems suffer major security vulnerabilities, according to research conducted for video surveillance company Cloudview.
It has published a white paper that says flaws inherent in most systems make it too easy for intruders to hijack connections to the device’s IP address.
During the research five routers, digital video records (DVRs) and IP cameras running the latest software were placed on the open internet. One device was breached within minutes, within 24 hours two were under the control of an unknown attacker, and a third was left inoperable.
“Any insecure embedded device connected to the internet is a potential target for attacks, but organisations don’t seem to realise that this includes their CCTV system,” said Andrew Tierney, the independent consultant who carried out the research. “It can easily provide a gateway to their entire network, enabling anyone with malicious intent to corrupt all their systems or extract huge amounts of data.”
Axelos points to cyber weakness
UK organisations are putting their reputation and customer trust at greater risk by failing to provide their staff with effective cyber security awareness and capability to defend against cyber attacks, according to the latest research from Axelos.
The joint venture between the Cabinet Office and Capita found that most organisations are underestimating the “human factor” of employee behaviour in corporate cyber risk. 75% of large organisations suffered staff-related security breaches in 2015, with 50% of the worst breaches caused by human error.
While 42% executives responsible for information security said their training was “very effective” at providing general awareness of the risks, only 28% said they were very effective at changing behaviour in relation to information security.
For ensuring compliance with regulatory requirements, 37% rated their training as very effective, but only 33% gave it the rating for reducing exposure to the risk of information security breaches. A similar minority of 32% were “very confident” that the training was relevant to staff, despite 99% citing security awareness as important to minimise the risk of security breaches.
Hypercat identifies smart city priorities
Hypercat, the consortium promoting the use of the internet of things (IoT) in smart cities, has highlighted the priorities for the Old Oak and Park Royal Development urban redevelopment in London.
Its interim Smart Strategy emphasises three themes: transport and the public realm, utilities infrastructure and smart sustainability. It also makes recommendations around green measures, promoting integration and connectivity, and innovation.
This is aimed at making the development an exemplar for 'smart' regeneration, in using the latest technology to boost economic growth and improve the quality of life for residents.
Victoria Hills, chief executive officer of the Old Oak and Park Royal Development Corporation, said: “I’m keen that the OPDC can quickly build upon the interim Smart Strategy so we can embed technology, innovation and smart approaches into everything we do to plan, design, build, and finance the UK’s largest regeneration project.”
Image: Otto Normalverbraucher, public domain via Wikimedia Commons