MAPPING day 2: fixing things when they go wrong, the need for perspective management and more besides

Ever wondered what happens to your
data when it ends up in one of these?
The next speaker in today's MAPPING Assembly was responsibility for fire-fighting, when security emergencies occur and need a swift, effective response. Coming from a small country that did not actually do anything bad on the internet but presumably outsourced its data crises and security leaks to larger, more technically ambitious countries, the speaker listed some of the things that can upset the serenity of the internet, such as sinkholing, keylogging and malware infections [at this point this blogger wonders whether someone out there has been attacking, which appears to be on a go-slow this morning and has shown a marked reluctance to find things ...]. 

The speaker then reviewed the effect on his jurisdiction of the recent Heartbleed virus. Experience of this attack demonstrated that ISPs have an important role to play in assisting their users to preserve security. Indeed, any halfway competent ISP will know who is using its service, who is sending out bulk emails and spreading spam etc.  Any software put out for consumer use should already be configured for security purposes, he added: it should not be necessary for consumers to have to do the job themselves -- though there is a discussion as to whether security settings should be a default setting or merely an option.  If unsafe software were, for example, infected meat, national governments would be swift to prevent its importation, so why should software be treated differently? The comparison is not as strange as it seems: much medical equipment, for example MRI scanners, is software-driven. If it is insecure or cannot be operated properly, it can be dangerous.  At any rate, it's axiomatic that all software that is supplied to Europe for use in Europe must be subject to European legal standards, notwithstanding that it may be compliant with its own home-grown legal standards.

Not all intruders
are so conspicuous ...
Defence of networks was next discussed. This is crucial since networks are being attacked on a daily basis. Attacks must first be detected before they can be defended. The existence of a new member of the network must be identified, as well as the "mother" address as a rendezvous protocol with which the attacker or intruder communicates. Attackers try to copy the normal communication patterns of legitimate users, and the same websites, in order to make themselves look less conspicuous. Attackers will also be active when other network users are, rather than all by themselves in the middle of the night. Some will even communicate via means such as Twitter. Encryption is helpful in the face of intrusive attacks, but more is needed: any diligent company should keep looking for signs that someone else has penetrated its network -- and this is best done by looking at messages sent out from it, particularly if they match the behaviour of known malware. Netflow, which tells you which routers are talking to which other routers, is also a useful source of information here.

Finding evidence of new attacks is difficult, the speaker concluded, because you may be looking for something that hasn't yet happened and it can be tricky to discern relevant threat-related data from the noise that a network might in any event be generating.

In discussion, participants mentioned the exponential growth of reported computer fraud, which has taken place at a time when calls for greater information-sharing are still being made. The main issue here is not just computer security but perception management -- politician awareness is low and there are no votes in cyber-crime, of which consumers are insufficiently aware.  Meanwhile, the potential profitability of data exfiltration and the low risk of detection make it an attractive proposition. Against this, insurance against cyber attacks is being increasingly tied to satisfying acceptable security standards, and business are running ahead of governments in protecting their data since their money depends upon it.  Raising awareness among SMEs and start-ups is the wrong place to start: what they want is to be able to buy safe off-the-peg software that they can trust, rather than having to invest in developing their own protection.

A further speaker, representing the police, urged the audience to trust the police -- which, in his jurisdiction, was guided in all operative matters by the provisions of the European Convention on Human Rights and data protection legislation. Some police action involves surveillance, but this requires (i) authorisation and (ii) justification before the court when evidence obtained by means of it is placed before a court.  Enforcement is difficult, he said, since courts struggle to understand the technical issues involved: the courts are struggling to deal with even matters such as online pornography.  In addition, most internet-related crime spans jurisdictions and is therefore expensive and impractical to chase.

Another speaker, who had worked for an international military alliance, spoke of cyber-security in various contexts, conceding that a big weakness of even the best policies and security systems was the fact that people are people and, even in a top security environment, will display human characteristics such as curiosity (eg plugging in a USB stick, contrary to security instructions, since they wonder what's on it).

At this point, this blogger absented himself so that he could revise his presentation, for delivery immediately after lunch.
MAPPING day 2: fixing things when they go wrong, the need for perspective management and more besides MAPPING day 2: fixing things when they go wrong, the need for perspective management and more besides Reviewed by Jeremy on Wednesday, May 21, 2014 Rating: 5


  1. Should we think about the internet as a separate defined territory with its own set of laws and oversight institutions? That might be better than ad hoc solutions being developed. The internet needs to be developed in a coherent way so that it provides the optimal infrastructure for mass participation and opening up as many new business niches as possible. At the moment no one really seems to be guiding the overall development of the internet which probably means it is not being developed as well as it could.

  2. As one of the following presenters remarked on the creativity of a society vs. the establishment of an IP regime, I'd like to through into the discussion.

  3. The comment "Should we think about the internet as a separate defined territory with its own set of laws and oversight institutions?"

    reflects a similar comment on a recent thread and would draw a similar response from me: no one-world state exists to provide such unilateral each-country's sovereignty defying law.

    As might be guessed, reaching a state as to decide what "the right way" means will not be easy, and the "right way" may in fact not exist given that different sovereigns may (more likely will) result in unworkable non-optimum compromise positions.

  4. I wonder whether when the Kat live-blogs a multiday conference, the blogging might be reserved to a separate section of the site. I'm a patents guy by nature, and find it very easy to miss posts directed at my field among the flood of 7 posts on INTA, 6 posts on MAPPING, and so forth. Perhaps a single precis of the event on the main page would be interesting for those who want to delve further, but it comes across as conference overload to me.

  5. Thanks, Anonymous of 14:56 -- while live blogging of events is generally well received, I can see your point. I can keep series of event-related blogs on a separate page and may well give this a try in the near future to see how it goes.

  6. Not for the first time we see patent fanbois trying to dictate what we should or should not expect to find on IPKat. Jeremy, as you often hold polls on certain policy aspects, perhaps your full readership might have a chance to decide how we would like you and your hard-blogging fellow Kats to bring us all the best in IP news.
    Personally I find I am well able to skip over posts which hold less interest for me, but I appreciate some people may well only be able to digest 140 characters of pure analysis. [/sarcasm] let the IP people speak!

  7. Hang on... I'm not sure what I did wrong here to get such a blast of sarcasm.

    I gave a view from my perspective, and offered up one solution as I saw it. Normally I enjoy the wide range of topics insightfully covered here on IPKat, as it takes me out of my practice area. But multiple long posts all on the same theme over a short period of time do make it easy to lose or miss the very relevant and interesting article of only a day or two ago on another theme.

    I don't see what my point has to do with patents, other than that it's my background, and might help the editors understand why I, and perhaps others, don't necessarily find it easy or useful to follow several long posts seriatim in a short space of time all on one specialist theme. The same view (I guess) might apply to a reasonable proportion of the audience regardless of field of interest.

    And I'm not really sure that a weblog is the appropriate place for name-calling. That sort of thing ought to have stopped in the playground. I really was only trying to give feedback which, as I saw it, might be welcomed by the editors, and at least seems to have been.

  8. Interesting to think about how responsive a successful IP blog should be to its readers. Steve Jobs' philosophy seemed to be that people don't know what they want until you show it to them, leading him to open up the field of phone ergonomics to allow high levels of aesthetic and emotional interaction with devices. Google is working on more semantic approaches to analysing search terms, trying to figure out what people really want, rather than being tied to the search terms they've used. I'm sure that will lead to trying to figure out what else they 'could' want, or perhaps what they 'should' want. It will be interesting to see what form of democracy IPKat decides to adopt.

  9. Anon @ 13:18.
    Sorry if I touched a nerve. All of this started about a week ago a when one of the many anonymous commenters said about one of Darren's posts "And might I say that the return of some articles on patents has come not a moment too soon. There really has been too much published regarding trademarks and copyright recently, that the title IPKat has become confusing at best, possibly even fraudulent.". Several people felt this was a touch parochial. I conflated that remark with yours @07:50, which was possibly a bit unfair. However, if Jeremy takes up my suggestion of a poll, maybe we (meaning the Kats) can indeed come up with a formula that the majority of readers find will useful yet still manageable for those with busy lives.

  10. Andy J,

    I was one of the Anon's that posted on the earlier thread.

    My intent there was a simple one: to set the record straight that "IP" just did NOT mean "Is Patent only."

    It still does not mean that - no matter the mix of coverage to various facets of Intellectual Property.

  11. Andy J's suggestion of a poll is noted, but we Kats will want to discuss this among ourselves first. Given the pressure we are under in trying to deliver the goods, we may be unwilling to accommodate any poll result that has that effect but we'd also feel awkward about ignoring it!

  12. Thought I'd mention I'm trying to follow the BIO Convention from afar. However no one seems to be writing blogs about the talks, as the IPKats would have done had they attended. I'm now more appreciative of your efforts when you attend conferences. Thank you.


All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here:

Powered by Blogger.