Earlier today I chaired a fascinating seminar for patient groups and professional organisations which discussed healthcare acquired infections (HCAIs) and, in particular, what needs to be done to better prevent such infections in community (rather than hospital) settings.

As the meeting continued, I was struck by the surprising number of parallels that exist between what needs to be done to cut the risk of such infections and what needs to be done to improve information security.

For example, there were those a few years ago who thought the situation with HCAIs in hospital was so bad that nothing effective could be done.  They have been proved wrong by the success of the initiatives taken over the last five or six years to reduce dramatically the incidence of MRSA and C Difficile in hospitals (80% and 60% reductions respectively). Likewise there are those who throw up their hands in horror about the current tide of cyber security problems and seem to believe that our systems will always be irredeemably compromised.  Hopefully, they will also be proved wrong in a few years time.

The response to HCAIs was in the past seen as better and stronger technical solutions (i.e. ever more powerful antibiotics) and, whilst such solutions remain necessary for those who are infected, the sharp reductions have been achieved by other means – largely through achieving major changes in behaviour amongst staff and patients (i.e. better and more effective hand-washing, greater emphasis on cleanliness etc).  This is mirrored by the increasing recognition that social engineering and behavioural change is an enormously important component of better cyber security and information assurance.

Similarly, without being too Cameron-esque about it, we all have to be in this together. Everyone has to play their part.  Thus, patients and their visitors need to understand the importance of washing their hands with alcohol gel and remembering to do it.  In the same way, individual computer users need to adopt precautions to prevent their systems being compromised.  At the same time, product manufacturers must play their part in making their products less vulnerable to infection (e.g. catheter or commode design can be used to make HCAIs less likely, just as computer software and hardware can have security built in).

Likewise, you cannot help but notice that meetings, whether about HCAIs or addressing cyber security, always conclude that more public education is needed and that the message needs to start at primary school ….

Well, I thought they were interesting parallels ….

Earlier today I went to see the Ealing Studios classic “Whisky Galore” at the Odeon Cinema in Panton Street.  The film, of course, describes the actions of Scottish islanders in recovering a cargo of whisky from a shipwreck at a time of acute whisky shortage during the Second World War despite the best efforts of Her Majesty’s Customs and Excise.

The film is a paeon to the joys of looting.

Indeed, it is nothing short of incitement to loot.

Yet earlier today Jordan Blackshaw and Perry Sutcliffe-Keenan were both jailed for four years at Chester Crown Court for using Facebook to incite people to riot.

So will the Managers of the Odeon Cinema in Panton Street now expect to be arrested under sections 44 and 46 of the Serious Crime Act for intentionally encouraging another to assist the commission of an indictable offence?

They may need to watch themselves …..

 Of course, the police may like to wait until after next week’s showings of “Kind Hearts and Coronets” – an incitement to murder members of the aristocracy if ever I saw one …..

I gather that the Total Politics Blog Awards are now in progress.  I want to make it quite clear that I will not be in the least bit affronted should you chose to vote for this blog by clicking here.

The Royal Air Force mission statement is:

“‘An agile, adaptable and capable Air Force that, person for person, is second to none, and that makes a decisive air power contribution in support of the UK Defence Mission”.

That is pretty clear and fits in with the RAF image, “The Few” and all that.

By contrast the mission of the United States Air Force is:

 ”To fly, fight and win in air, space and cyber space.”

The “and win” bit is maybe a tad more aggressive than making a decisive contribution, but the interesting bit is the inclusion of cyber space.

Now this may be a bureaucratic land-grab with the USAF making a bid for the cyber-security leadership role in the United States Government, but it does pose the question who has the lead for cyber-defence in the United Kingdom?  Answers on a postcard (or email) please. 

An intriguing story is drawn to my attention by Team Cymru, leading experts on cybersecurity issues.  This highlights some strange goings on with the electronic voting system used in the 2004 American Presidential Elections in the State of Ohio.  As I remember it, early exit polls from Ohio suggested that John Kerry had won the state but that as the votes were counted it appeared that the exit polls were wrong and that Ohio had voted for George W Bush.  The electoral college votes from Ohio were pivotal and had they gone for Kerry he would have become President. 

The report says:

“A new filing in the King Lincoln Bronzeville v. Blackwell case includes a copy of the Ohio Secretary of State election production system configuration that was in use in Ohio’s 2004 presidential election when there was a sudden and unexpected shift in votes for George W. Bush.

The filing also includes the revealing deposition of the late Michael Connell. Connell served as the IT guru for the Bush family and Karl Rove. Connell ran the private IT firm GovTech that created the controversial system that transferred Ohio’s vote count late on election night 2004 to a partisan Republican server site in Chattanooga, Tennessee owned by SmarTech. That is when the vote shift happened, not predicted by the exit polls, that led to Bush’s unexpected victory. Connell died a month and a half after giving this deposition in a suspicious small plane crash.

Additionally, the filing contains the contract signed between then-Ohio Secretary of State J. Kenneth Blackwell and Connell’s company, GovTech Solutions. Also included that contract a graphic architectural map of the Secretary of State’s election night server layout system. 

Cliff Arnebeck, lead attorney in the King Lincoln case, exchanged emails with IT security expert Stephen Spoonamore. Arnebeck asked Spoonamore whether or not SmarTech had the capability to “input data” and thus alter the results of Ohio’s 2004 election. Spoonamore responded: “Yes. They would have had data input capacities. The system might have been set up to log which source generated the data but probably did not.”

Spoonamore explained that “they [SmarTech] have full access and could change things when and if they want.”

Arnebeck specifically asked “Could this be done using whatever bypass techniques Connell developed for the web hosting function.” Spoonamore replied “Yes.”

Spoonamore concluded from the architectural maps of the Ohio 2004 election reporting system that, “SmarTech was a man in the middle. In my opinion they were not designed as a mirror, they were designed specifically to be a man in the middle.”

A “man in the middle” is a deliberate computer hacking setup, which allows a third party to sit in between computer transmissions and illegally alter the data. A mirror site, by contrast, is designed as a backup site in case the main computer configuration fails.

Spoonamore claims that he confronted then-Secretary of State Blackwell at a secretary of state IT conference in Boston where he was giving a seminar in data security. “Blackwell freaked and refused to speak to me when I confronted him about it long before I met you,” he wrote to Arnebeck.

On December 14, 2007, then-Secretary of State Jennifer Brunner, who replaced Blackwell, released her evaluation and validation of election-related equipment, standards and testing (Everest study) which found that touchscreen voting machines were vulnerable to hacking with relative ease.

Until now, the architectural maps and contracts from the Ohio 2004 election were never made public, which may indicate that the entire system was designed for fraud. In a previous sworn affidavit to the court, Spoonamore declared: “The SmarTech system was set up precisely as a King Pin computer used in criminal acts against banking or credit card processes and had the needed level of access to both county tabulators and Secretary of State computers to allow whoever was running SmarTech computers to decide the output of the county tabulators under its control.”

Spoonamore also swore that “…the architecture further confirms how this election was stolen. The computer system and SmarTech had the correct placement, connectivity, and computer experts necessary to change the election in any manner desired by the controllers of the SmarTech computers.”

In the Connell deposition, plaintiffs’ attorneys questioned Connell regarding gwb43, a website that was live on election night operating out of the White House and tied directly into SmarTech’s server stacks in Chattanooga, Tennessee which contained Ohio’s 2004 presidential election results.

The transfer of the vote count to SmarTech in Chattanooga, Tennessee remains a mystery. This would have only happened if there was a complete failure of the Ohio computer election system. Connell swore under oath that, “To the best of my knowledge, it was not a fail-over case scenario – or it was not a failover situation.”

Bob Magnan, a state IT specialist for the secretary of state during the 2004 election, agreed that there was no failover scenario. Magnan said he was unexpectedly sent home at 9 p.m. on election night and private contractors ran the system for Blackwell.

The architectural maps, contracts, and Spoonamore emails, along with the history of Connell’s partisan activities, shed new light on how easy it was to hack the 2004 Ohio presidential election.”

Interesting, if true.

One of the most enjoyable things that I do in Parliament is to chair the judges for the annual  information technology competition for primary schools, Make IT Happy, organised by PITCOM (the Parliament IT Committee).  Earlier this week around 120 children – the regional winners – came to Parliament with their teachers to receive their awards and to hear which schools had been judged the national winners.

This year the entries were of a particularly high standard and all the regional winners had done extremely well, but especial congratulations went to the national winners:

1st Prize – Wales – St. Julian’s Primary School

2nd Prize – London – Northwood Primary School

3rd Prize – South East – Milbourne Lodge School

Top prize-winners were St Julian’s Primary School in Newport where the children had come up with the idea of making short “how to” videos, addressing common IT problems.

The BBC is reporting that:

“Both reactors at the Torness nuclear power station have been shut down after huge numbers of jellyfish were found in the sea water entering the plant.”

The report continues:

“It is not known why there are so many jellyfish in the area.

Water temperatures along the east coast of Scotland have been relatively normal, but it is thought higher than average temperatures elsewhere in the North Sea may be a factor.

Operations at nuclear power plants in Japan have been disrupted by large numbers of jellyfish in recent years.”

I am sure many people will be disturbed by the idea of plagues of jellyfish around our shores, but when they start clogging up the inflow of cooling water into nuclear power stations it is time to get worried.

Climate change is real.  It is happening and some of its effects are not what you might expect.

Sophos’s NakedSecurity site tells the cautionary tale of the company chief executive and the slighted IT administrator who took his revenge:

“Imagine you’re giving a presentation to the board of directors at your company. You have your PowerPoint slides all ready, you’re projecting onto a 64 inch screen… what could possibly go wrong?

Well, what would you do if your carefully composed presentation was replaced on the big screen by images of a naked woman? My guess is that you wouldn’t know where to put your laser pointer..

52-year-old Walter Powell used to be an IT manager at Baltimore Substance Abuse System Inc, until he was fired in 2009. Clearly someone who believed that revenge should be served red hot, Powell used his computer knowledge to hack into his former employer’s systems from his home and install keylogging software to steal passwords.

On one occasion, Powell took remote control of his former CEO’s PowerPoint presentation to the board of directors, and projected pornographic images on the 64 inch TV.

According to media reports, Judge M. Brooke Murdock gave Powell a two year suspended sentence, and ordered him to 100 hours of community service and three years’ probation.”

Interestingly, I read this on my way home from hearing a presentation from the CEO of a very large corporation who had described in passing the processes (that even he described as draconian) his company follows in monitoring the activites of employees who hand in their notice,  which includes checking what company files they access and download, reviewing their outgoing email traffic and monitoring memory stick usage. Once caught, twice shy?

It is estimated that in twenty-five years time two-thirds of the world’s population will live in areas of significant water stress and shortage.  This will be one of the factors – along with climate change, rising sea level and the loss of arable land – that will drive major population migration and feed into global insecurity.

A year ago there were reports that East African nations were struggling to contain an escalating crisis over control of the waters of the river Nile.  According to the Guardian:

“The nine countries through which the world’s longest river flows have long been at loggerheads over access to the vital waters, which the British colonial powers effectively handed wholesale to Egypt in a 1929 agreement.

Egypt has always insisted on jealously guarding its historic rights to the 55.5bn cubic metres of water that it takes from the river each year and has vetoed neighbouring countries’ rights to build dams or irrigation projects upstream which might affect the river’s flow.”

Now, India has been accused of “water terrorism” against Pakistan:

“India is rapidly moving towards its target of making Pakistan totally barren by building dams on three major rivers including Chenab, Jhelum and Indus flowing into Pakistan from the Indian side of the border. These dams are being built in blatant violation of international laws and Indus Water Treaty singed between the two countries to ensure equitable distribution of water resources. Pakistan has, long been challenging these moves of the Indian authorities and the issue had been referred to international arbitration on various occasions. Both Islamabad and New Delhi have held several rounds of talks to resolve the matter but no tangible results could be achieved. Realising the nefarious designs of the Indian leadership, political parties in Pakistan term New Delhi actions as ‘water terrorism’. Recent talks on Baglihar Dam between the two sides remained unfruitful and Pakistan is understood to have decided to seek international arbitration once again to secure its share of the water.
Yesterday, a report published in all national newspapers has raised alarm bell when an Indian engineer, Jee Parbharkar, speaking at a seminar organised by The Federation of Association of South and Central Asian Countries (FIESCA) in Nepal, said if all on-going dam projects on rivers originating from Kashmir were completed in time, India would be in a position to stop water flow to Pakistan completely by 2020. He further claimed that by 2020, India would be producing such a quantity of hydel power that it would be able to export it to neighbouring countries including Pakistan. Pakistani delegate to the seminar, Sultan Mahmood said that India has already started producing electricity from four big and 16 small dams while the work on third dam is in full swing near Kargal Valley. In this dam, 45 per cent of Indus water would be diverted to its reservoir through a tunnel.
Such a situation is not acceptable under any circumstances and it is about time that our leadership takes the matter seriously and move all international forums available to raise this sensitive issue. Indifference of concerned authorities had already damaged Pakistan’s cause and if nothing is done fast, Pakistan soon would be a barren state.”

A few days ago I reported on the call for a “general obligation for data security”.

Now comes this report on CBS (thanks to FutureCrimes):

I wonder how many companies and government agencies are equally careless in this country?

It makes leaving a paper on a photocopier seem old hat …..