Daily Tech Digest - March 23, 2019

Digital Convergence’s Impact on OT Security

istock 1023224312
A significant component of the challenge is that IT and OT networks are founded on very different, and often highly contradictory priorities. IT networks generally follow the well-established Confidentiality/Integrity/Availability (CIA) model. The emphasis in on ensuring the confidentialityof critical data, transactions, and applications, maintaining network and data integrity, and only then ensuring the protected availabilityof networked resources. These priorities tend to be the basic building blocks of any security strategy. Conversely, OT networks depend upon and operate with an exactly inverted model. The safetyand availabilityof resources is the topmost priority. Assembly lines, furnaces, generators, and other large systems simply should never go offline. Monitoring critical systems, such as pumps, valves, and thermostats is essential since any system errors can translate into huge financial loss, and pose catastrophic risk to the life and well-being of workers and communities.



Why Isn't Your Current Approach to Scaling Agile Working?


When looking to scale organizational agility, the people in your organization need to own their new way of working. For that to happen, they will have to create their own process that works in their specific context. When people create their process, they will learn what works for them, and then a new culture ‘the way we do things here’ will emerge. To implement someone else’s model is like providing an answer before knowing the question, which likely will not be successful. Instead, consider to start with the simplest process that works; then build upon it using Empirical Process Control and a framework that makes transparent to all what to improve; that framework is called Scrum. There is a story that in 2001 Toyota wanted to publish a book called “The Toyota Way”. Upon hearing of this, their CEO said he opposed the title, suggesting it should be called “The Toyota Way 2001” because next year their way of working would have changed.


Six Recommendations for Aspiring Data Scientists


One of the skills that I like to see data scientists demonstrate is the ability to make different components or systems work together in order to accomplish a task. In a data science role, there may not be a clear path to productizing a model and you may need to build something unique in order to get a system up and running. Ideally a data science team will have engineering support for getting systems up and running, but prototyping is a great skill for a data scientists to move quickly. My recommendation here is to try to get different systems or components to integrate within a data science workflow. This can involve getting hands on with tools such as Airflow in order to prototype a data pipeline. It can involve creating a bridge between different systems, such as the JNI-BWAPI project I started to interface the StarCraft Brood War API library with Java. Or it can involve gluing different components together within a platform, such as using GCP DataFlow to pull data from BigQuery, apply a predictive model, and store the results to Cloud Datastore.


Three Questions to Gauge Emotional Intelligence

For work teams to succeed, your employees need to trust one another. It’s been found that high-trust environments promote higher worker engagement, with the research finding that on the opposite end, when trust is compromised, people “become withdrawn and disengaged.” ... Building trust requires multiple emotional intelligence competencies. It means understanding what the other person is expressing, sensing what they’re feeling, being conscious of your own behavior, and altering your behaviors with each individual. I’ve found this interview question is a great opportunity to probe how much thought a candidate gives to all these elements. ... Increasingly, employees and customers are flocking to companies that have a social purpose — a desire to do something good for the world — in addition to their profit motives. EY reports that these companies have been shown to far outperform the S&P average. If your company has a purpose, a candidate who has prepared for the interview will likely know it. But asking them to recite a line they read somewhere on your corporate website won’t tell you much.


Improve help desk management for smooth IT operations


A regular time sink in IT management is duplicate work in the help desk from a lack of communication among systems administrators, developers or other support staff. Recurrent problems are fixed superficially and are liable to arise again in a future ticket. Each fix increases the burden of platform maintenance, as help desk agents apply change after change. While specific log restraints streamline issue management, industry analyst Clive Longbottom presented another option for help desk management improvement: Adopt a natural language processing and knowledge management system. NLP augments help desk management with a system that analyzes the language in tickets, compares it to previous entries and helps identify patterns. Knowledge management also helps discover relationships between current and past issues and alerts IT staff to those connections to provide greater context for resolution. Legacy IT service management systems are reactive and require a person or machine to open the ticket before it can be resolved. Through the implementation of AI, IT teams turn the help desk into a proactive system -- and reduce their workloads.


Defining a Distinguished Engineer

A technical leader should build up others and empower their colleagues to do things that are more challenging than what they might think they are capable of. This is key for growing other members of an organization. I personally believe you don’t need a high title to take on a hard task, you just need the support and faith that you are capable of handling it. That support should come from the distinguished engineer and be reflected in their behavior towards others. A technical leader should also make time for growing and mentoring others. They should be approachable and communicate with their peers and colleagues in a way that makes them approachable. They should welcome newcomers to the team and treat them as peers from day one. A distinguished engineer should never tear others down but they should be capable of giving constructive criticism on technical work. This does not mean finding something wrong just to prove their brilliance; no, that would make them the brilliant jerk


Why AI will make healthcare personal

A control monitor during a heart catheterization operation.
AI is already contributing to reducing deaths due to medical errors. After heart disease and cancer, medical errors are the third-leading cause of death. Take prescription drug errors. In the US, around 7,000 people die each year from being given the wrong drug, or the wrong dosage of the correct drug. To help solve the problem, Bainbridge Health has designed a system that uses AI to take the possibility of human error out of the process, ensuring that hospital patients get the right drug at the right dosage. The system tracks the entire process, step-by-step, from the prescription being written to the correct dosage being given to the patient. Health insurance company Humana is using AI to augment its human customer service. The system can send customer service agents real-time messages about how to improve their interaction with callers. It’s also able to identify those conversations that seem likely to escalate and alert a supervisor so that they’re ready to take the call, if necessary. This means the caller isn’t put on hold, improving the customer experience and helping to resolve issues faster.


Agile in Higher Education: Experiences from The Open University

Thinking about the enterprise agility theme, as described in great recent books by Sriram Narayan (Agile IT Organization Design) and Sunil Mundra (Enterprise Agility), I am afraid to say that universities in the UK are going in the opposite direction, by consolidating their academic schools and departments into bigger and bigger mega faculties, and everyone else into 'professional-services' mega units, so you see lots of large, functional, activity-oriented teams in silos with huge costs of communication and collaboration, slow decision making, and low levels of customer focus and staff empowerment. But universities are starting to wake up to the potential of agile, and some are using agility to transform their strategy and delivery at the organisational level. National University of Singaporeis a great example of this for the UK higher education sector. The Open University is the largest university in the UK, with 200,000 students. Each year we produce nearly 200 new online courses, and update 300 more.


AI: A new route for cyber-attacks or a way to prevent them?

AI: A new route for cyber-attacks or a way to prevent them? image
If deployed correctly, AI can collect intelligence about new threats, attempted attacks and successful breaches – and learn from it all, says Dan Panesar, VP EMEA, Certes Networks. “AI technology has the ability to pick up abnormalities within an organisation’s network and flag them more quickly than a member of the cyber security or IT team could,” he says. Indeed, current iterations of machine learning have proven to be more effective at finding correlations in large data sets than human analysts, says Sam Curry, chief security officer at Cybereason. “This gives companies an improved ability to block malicious behaviour and reduce the dwell time of active intrusions.” It is true that AI increases efficiency, but the technology isn’t intended to completely replace human security analysts. “It’s not to say we are replacing people – we are augmenting them,” says Neill Hart, head of productivity and programs at CSI. However, AI and machine learning also have a dark side: the technology is also being harnessed by criminals. It would be short-sighted to think that the technological advancements offered by AI will provide a complete barrier against the fallout of cyber-attacks, says Helen Davenport, director, Gowling WLG.


How Do You Know When A Cybersecurity Data Breach Is Over?

uncaptioned image
The answer is often a surprise. It isn’t over when you’ve removed a hacker or insider threat from your network environment, just as it doesn’t begin with the discovery of patient zero of a cyber attack. It ends when your organizational attitudes toward cybersecurity revert to what they were before the breach. The question is: "Is the return to 'business as usual' a good thing?" Usually not, especially when you think about how the breach began. Most organizations I've worked with assume a data breach begins when a hacker penetrates your network. But it actually starts long before — with the sum of bad security habits, mismanaged mergers and acquisitions, budget decisions that scrimp on security and bad choices like relying on outdated equipment or not deploying security patches. In this way, a breach can be a good thing because it wakes everyone up — it serves as the greatest security awareness exercise possible. When a breach occurs, everyone is interested in information security for a brief duration — from the incident response and mitigation teams to public relations.



Quote for the day:


"Leadership is a journey, not a destination. It is a marathon, not a sprint. It is a process, not an outcome." - John Donahoe


No comments:

Post a Comment