BladeSec IA Logo

Company Information

Introduction
Company principles
Certifications and qualifications
Why choose BladeSec IA?
News and comment <

Products and Services

Typical work
Engaging us
Specific highlights

Travel Advice

More

Contact us
Privacy statement
Terms and conditions
Environment statement
Equality and diversity statement
 

Latest news and comment.

Comment: 2024/03/27 - At risk notice: Changes to the CJSM secure e-mail service.
BladeSec IA use a service provided by the Ministry of Justice to securely route e-mails to government and policing colleagues. This service requires some changes to be made and therefore we are announcing an "At Risk Period" where CJSM e-mails shall not be routed to us between 15:00 and 17:00 on Thursday the 4TH of April. Because of the nature of the change, please monitor the items you send to us for "bounce-back" messages. If you receive such an e-mail, please resend it after the at-risk period has expired.

The normal internet e-mail shall remain unaffected by this change.

Comment: 2024/03/25 - More on the British Library attack.
The Register comes to the same conclusion that we did. The opinion piece goes further pointing out parallels between air accident investigation and the importance of the British Library report. As we said before, the details need to be shared with every senior in every organisation. El Reg's article largely ends by pointing out that there is no IA version of the Civil Aviation Authority to call out criminal mismanagement (although negligence seems more appropriate). It remains a chilling read.

Comment: 2024/03/18 - News round-up.
There are a few things that we've been remiss in not mentioning:-

Firstly: This breaks my heart as much as an article in The Field listing details of the men who died between the signing of the 1918 Armistice Agreement at 5:45 and when it was announced on the 11TH hour, of the 11TH day of the 11TH month. If you work within IT or the technology industry, you owe it to those Post Masters who died having been falsely prosecuted to ensure that it never happens again. Never.

Secondly: Moving onto the digital attack that occurred in October last year against The British Library. In an relatively unprecedented demonstration of openness a review of the incident was published at the beginning of the month. The details of that, including the apparent attack vectors, should be shared with every senior in every organisation.

Next: There's been a massive outcry about a family photo that was posted by The Princess of Wales to social media on Mother's Day. It was "kill-filed" by various media outlets as having been doctored. Given that Google actually advertises the Pixel phone by highlighting the reality-altering features of the Magic Editor, my view is "how can we trust any image from a modern phone as being undoctored?". I get annoyed at my Nokia G22 that regularly does things that AI thinks improves the image resulting in a cartoony feel - and there is no way to switch it off. No. I think we should be grateful that the Princess of Wales edited the image by hand rather than using AI. After all, it's the minute flaws that show it's hand crafted.

Finally: Many folk who work in this sector will be aware that Professor Fred Piper died on the 12TH of March. Whilst many people knew Fred from Royal Holloway, where he was the founding director of the Information Security Group there, I knew him as one of the founders of the Institute of Information Security Professionals in 2006. The IISP went on to became the Chartered Institute of Information Security built on much of the work that Fred did, from the Skills Framework to the academic network. Not only was he one of the founding Directors, but he held the role until 2014 where he helped influence information assurance in academia and the wider industry. He was one of the humblest, most engaging academics, I knew and I will miss him.

Comment: 2024/03/06 - Safer Travel, 2024.
We're delighted that it's finally arrived, albeit a week late. That was simply down to work commitments!

Eagle-eyed readers will notice there are very few updates between the final issue of 2023 and this one. We make no apology for that as it represents a different way of working. We normally spend hours trying to integrate all the necessary changes into the first edition of the subsequent year at the same time as fielding enquiries from folk who say, "Safer Travel is out of date" without actually contributing for it. Hence, this version has only received minor changes.

Watch this space.... We suspect the next issue will top out at over 200 pages!

Comment: 2024/02/26 - The Calcutta Cup.
It was a bit of a fraught trip back from the Outer Hebrides on Saturday. The kick off for the Calcutta Cup was scheduled about twenty minutes before we made land. It meant that those first few minutes where England looked so incredibly dominant was by means of a very sporadic, poor quality mobile signal.

By the time we had checked into our hotel in Ullapool, and I had unpacked all the dog kit, Scotland had started their retaliation and were ahead - something that England never recovered from.

The match was notable for more than just the fourth successive Scottish win. Credit must go to Duhan van der Merwe for completing the first ever hat-trick by a Scotland player against England. His personal performance was the stuff legends are made from.

Comment: 2024/02/15 - Backdoored encryption is illegal.
The European Court of Human Rights (ECHR) has issued a decision highlighting that laws that require the deliberate weakening of encryption violate the European Convention on Human Rights. This is something that will be awkward for the UK's Online Safety Act, 2023 and it's largely unenforceable and now non-compliant spying clause.

The mechanisms behind the decision make for interesting reading too, as we largely have to thank our friends(!) in Russia for this finding. It gets even weirder than that, as it was a legal challenge against Russia's Federal Security Service (the FSB) who demanded technical information from Telegram in order to assist in the decryption of a user's communications in 2017. The user originally challenged the order in Russia unsuccessfully - unsurprisingly. The thing was, somebody clearly overlooked the fact that Russia was a technically a member of the Council of Europe from from 1996 until its invasion of Ukraine in 2022. This means that the appeal, lodged in 2019 had to be considered by the ECHR until a decision was made; which it now has.

Good manners saves me from making a comment citing both the UK Government and Russia in the same sentence!

Comment: 2024/02/01 - Safer Travel 2024.
Now that we have passed the inordinately busy January and started into February, we can start to plan for the pro-bono and expenses-only work we do. Part of that is the first edition of the 2024 version of Safer Travel.

There are a number of modifications that are outstanding; mainly around having a "plan B", and what it should look like whilst dealing with disasters in foreign places. Equally, now that everybody has become an expert on videoconferencing, there's a never ending stream of advice on that particular front that we need to sort through. We hope to have the first edition for 2024 in place by the end of February as the changes are not terribly extensive. When that's sorted there will be a significant review in time for the second edition. As always, we will try to get it out prior to the Scottish summer holidays.

In a related note, this year marks my 25TH wedding anniversary and we have some very interesting, and extensive travel planned for much later in the year. I think the travel shall encompass every form of travel that is listed in Safer Travel. Whilst I didn't set out to do this, it feels that that highlights how extensive the anniversary travel is!

News: 2024/01/21 - Network upgrade - Work completed.
As with all these things, we ended up starting half an hour late, but broadly everything went to plan. All services are back on-line as of 12:30.

News: 2024/01/21 - Network upgrade - Work commencing.
The router upgrade as highlighted below is scheduled to commence at 10:00. Another message shall be posted when everything's back to normal.

News: 2024/01/15 - Network upgrade.
BladeSec IA need to swap out a network router that will shortly be end-of-lifed. We are proposing to undertake this on the morning of Sunday the 21ST of January when it will have no impact on any customers. In the last 24 hours, the router has exhibited some instability, and so we may need to bring forward the change. In this case, we shall only do this after customer reports have been issued / collected and so a short-notice outage would occur after 14:00 on the stated day.

It must be emphasised that whilst the outage will have no affect on customers, this will result in no connectivity for internal BladeSec IA information systems. Whilst e-mail and the BladeSec IA website shall continue to be fully operational, the gateway and customer reporting servers shall be taken offline. Any customer having a critical issue, should use the appropriate telephone contact rather than e-mail during this time.

The customer facing service shall be fully operational by 08:00 on Monday 22ND.

Comment: 2024/01/10 - The Post Office scandal - the last word.
I think that it's fair to say that the public reaction to Mr Bates vs. The Post Office has been unprecedented.

At long last the poor souls that have been battling to get their reputations and livelihoods back, fair compensation and even widespread recognition are on the brink of achieving all this. This is great and shows the power of the media. That said, I do find myself irritated that it took a TV dramatisation for it to enter the public conscience and for it to be prioritised by politicians and criminal justice organisations. Only now are we seeing a force of thought, and the potential prosecution of responsible staff in Post Office Limited and Fujitsu.

What is wrong with society that it took a fact-based work of fiction to fix such an atrocity?

News: 2024/01/09 - Website updates.
We have finally relented, and fully automated the mechanism we use to post news and comments, and other changes to the BladeSec IA website. It should mean that these will appear more regularly rather than in blocks of two or three (or not at all). The only bit that we can't do automatically is purge the cache from the content delivery network, however, most changes should percolate through in less than 24 hours despite this.

Comment: 2024/01/05 - Mr Bates vs. The Post Office.
It was a very impressive dramatisation, and serves to highlight the outstanding predicament of so many sub-postmasters.

If you haven't watched it, please do so on STV Player or ITVX.

This programme should be mandatory viewing for senior civil servants, MPs, MSPs and all directors and C-Level executives of organisations of national interest. If you think you can get away with it or that what you do doesn't affect people's lives, to quote Abe Lincoln, "You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time". And that's the rub; the internet is "all of the people". In this day and age, eventually, somehow, even against the odds, no matter how careful you are, and despite NDAs and confidentiality agreements... The truth will always come out.

Comment: 2024/01/02 - For Rebecca....
I watched the first episode of Mr Bates vs. The Post Office in absolute horror. I had a knot in my stomach as the entire disregard for humanity played out. I have never witnessed a dramatisation that so closely mirrored the reason BladeSec IA does what it does. We don't sell boxes and every bit of consultancy is backed by fact and decades of experience. We value the integrity of our's and client data just as much as the confidentiality and availability and that means that our customers trust us - to safeguard vulnerable adults, or to ensure children's voices are heard, to police environment enforcement and to manage evidence forensically. We do it, not just because it's important, but because people's lives depend on it.

As the credits rolled on the first episode, I was reminded of the point my late father lost faith in banking. He was an old-school bank manager that liked pens, paper and writing everything down. (This was one piece of advice that I have ruthlessly stuck to - If you write it down, you don't go wrong.) When his bank was computerised, the closing balance did not tally with the paper record that he had insisted was maintained. I recall that it was not a massive amount, but because he had sought evidence that the computer system was accurate, one of his tellers was quickly able to identify that the amount outstanding was, to the penny, the same as the funds held in the charity and non-profit accounts. When my father phoned the helpline to point this out, whomever he spoke to realised that that category of account had not been transferred onto the computer system. My father maintained that he heard some typing, and the outstanding balance on his branch was changed to nil. He maintained that if somebody can do that without seeing the evidence of the cash at hand or without the authority of the branch manager, computerisation was always going to be met with suspicion.

My father was lucky in some ways as ultimately, his bank made the transition reasonably well, although I note that I had cause to complain to a different bank several years later, when I went to get a mini-statement from an ATM and discovered that the date the statement was issued was three days prior to the "last transaction".

That's why this remains so important....

Comment: 2024/01/01 - Happy New Year!
Unlike recent years, we've decided to stay put, and so I am penning this from the security cart shed rather than the Isle of Lewis. Perhaps it is something to do with the fact that we're entering the thirteenth year of BladeSec IA.... or maybe not.

Looking back at the last three months, we've been inordinately busy, doing inordinately interesting things for our inordinately special clients. We're delighted to have a couple of new clients on-board who have been very vocal in championing our skills and abilities with other bodies.

I continue to look in frustration at the "traditional" consultancy sector. It is clear that it survives by never admitting failure, never scaling to provide best value and pandering to procurement by being so large, it can't fail - except to deliver best value client focused programmes. Many government departments are bought into the hype looking for "digital delivery partners" that can offer "development, hosting, administration, infrastructure, security services, data centre, on-prem, cloud, hybrid, UK-based, security cleared and ready-by-a-week-Tuesday". If that were divided up into smaller lots, you can imagine the value that would be provided to the tax-payer; all in return for an overarching programme manager - and you never know, some programmes may deliver to time, to budget, to specification.

With that, here is our tongue in cheek look at the last twelve months:-

  • Average distance travelled to work: 12.7 miles.
  • Distance to farthest job: Over 5000 miles.
  • Oddest destination to be back in: Stirling.
  • Value of donations made by BladeSec IA to support good causes: £225-00.
  • Amount of time donated by BladeSec IA staff pro-bono: 26 days.
  • Date the magenta toner was finally replaced in the office laser printer: 21ST December, 2023 (Technically, it was still going, but they're all so old, it's getting a bit grainy.)
  • The number of times, Suilly the security cart shed dog has had to be taught recall: 5 (and counting).
  • Number of dummies eaten by Suilly the security cart shed hound: 3.
  • Number of dummies lost by Suilly the security cart shed hound: Nil (was 2, but then he found them again).
  • Oddest item bought on-line by a member of BladeSec IA staff: A set of "cleaning picks". (Which I am told are for getting into really small areas!)
  • Top ten albums on the security cart shed playlist: Road by Alice Cooper, Felsenfest by dArtagnan, All We Have Is Now by Elephant Sessions, Soapbox Heroes by Enter the Haggis, IMPERIA by Ghost, Starcatcher by Greta Van Fleet, Live from Nowhere in Particular by Joe Bonamassa, Gettin' Old and Growin' Up both by Luke Combs and Live at The Old Fruitmarket by Rura.
  • Average score given to Indiana Jones and the Dial of Destiny: Seven out of ten. (Considerably better than Crystal Skulls!)
  • Amount of money received by BladeSec IA for anything other than consultancy: £nil. (Was it ever going to be anything else?
  • Number of technology products sold By BladeSec IA: None.
Happy New Year!


Click here for older News & Comment.