Government should collect Data or not?

Today the tutorial was divided into two sections and the tutor told us to debate whether the government should collect data or not?

This is a highly debatable topic but what I think is it was more in the favour of the people who were supporting that government should collect data. I was in the other side and collected few points which were as follows:

What if insider attacks happens with the the government data and I gave the example of one of countries whose data was made to public by few hackers.

A malicious can government can use this in a negative way and abuse the information.

if not the current government, another government can abuse the information kept inside.

We just need to make sure government systems are fully secured, and employees or the government itself should use it for the benefit of it’s people.

Points were raised by counterparts for the motion and they were highly justified too. Here is the sneak peak what the other group suggested.

- Can use more data to predict and prevent serious crime. - Can collect data on traffic flow, movement of diseases, etc. and learn from it to improve infrastructure and health - Government has more resources and responsibility which would help them keep data safer than corporations, won't sell it - Data could be used to perform better background checks which would minimise abuses of the data by employees - Government already have census data and others necessary to run elections, so there isn't much extra risk in sharing more data. They already know where you live.

I personally believe the data is there with all the big companies like google, Microsoft, amazon who are tracking us , know our interests and everything. But here we are the one exposing the data by connecting to them. US government has raised voice against it in the past and I think that is fair to do so.

Cyber War with World SuperPower

So, Today in the class we didn’t have much time to discuss because there was a lightning talk about ancient Greek attempts at information security and cryptography and then we discussed about the mid term exams.

Everyone discussed about the consequences of risk to go to the war and list of recommendation which can help.

For an example we just got to know about the drone attack at the oil ships in UAE. The Us is blaming Iran for it but no-one knows who actually did it. There can drone attacks even by hacking them. One can attack on the warships, infrastructure and industries. All the important military secrets and data of big companies can be used in a very negative way.

What can a nation to do protect itself?

Here comes the intelligence. Investment in this sector can be very helpful to a country. Everyone knows about CIA who have achieved a lot by stopping so many terror attacks. We discussed about having a background checks for everyone working in the industry whether it is a company or a military. There should be enough sources for the government for cyber war.

More notes by all the students: https://pastebin.com/raw/ftVxB1LD 

Electric Self Driving Car

Today, in the lab, we were divided into three different groups by the tutor. He gave us to think about the Electric self-driving car, but all the groups were given different organization such as a government or commercial. We had to think about the situation and answer in Yes, No or maybe whether one should invest in a self-driving car or not.

Our group was given to think as a commercial company. I answered Maybe because according to me, I would love my company to invest in the future dream project, but on the other hand, there are technically so many situations which are impossible to overcome.

Assets the company should focus on: Image and reputation of the company(employee safety) costs, finances, and infrastructure The stock price of the company and cash available Jobs and Growth

Risks Involved Insiders Attack Decision-making skills of the car in different situations(accidents) Hacking of the car controls Reputation risk if some severe accidents happen with the vehicle

Precautions to Overcome Risks: Remote communication over the network should be highly secured and reduced. Testing of all the hardware and software equipment for good quality control. Allow user override of controls to reduce the risk of bad AI.

Doors - Mid-flight aeroplane incidents

Discussed improvements which can be made for airplanes to reduce the incidents. The airplane can remotely be controlled from air control n case of emergency provided it shouldn't lose connection with the same. Have a properly secured system so that it cannot be hacked. Signals can be jammed should be taken into consideration. Physiological and mental training of pilots is necessary. They should all the issues, whether they are minor or significant. We can have a staff member of the airplane trained as co-pilot, so that if a pilot wants to rest. A staff member can take his position. Pilots should have all the amenities with them so that they don't leave the cockpit.

Harry Houdini

Today in the tutorial, we had an interesting case study about the security engineer Harry Houdini. Renowned stage magician Harry Houdini (1874-1926) was outraged by mediums after some of them attempted to con him during his despair at his mother's death. He became a passionate debunker of mediums, delighting in publicly exposing fakes and frauds.

I had to give my protocols being the Houdini and what I would have done if I would have been at his place. We discussed in the group and came with ideas. Few points which very interesting are mentioned here: There can be an external tool to verify the code to ensure it's Houdini. Authenticating: is the actual person talking Integrity: If medium changes then there can be a problem Share the knowledge: two parties combined with a random number generator. Numbers are randomized based on the day, or there can be mathematics behind the generator. A random number to generate from the book kept in the library and read from the book and decrypt the code. One person has to know a bunch of random words and both.

Physical Security

It protects employees, data, equipment in the company, systems, and assets of the company.

We discussed the Physical Security in our tutorial this week. So, every student did their research for two minutes on the given topic. Once completed, everyone discussed their views on how a company can be secured physically.

The question which may arise for the physical security of a company: Who has access to the building? Who has access to the critical sensitive areas? Who has access to Wifi Network? How do you store sensitive data? And many more......

Few points which I feel are essential for any company to be secured are: ->Surveillance ->Security modules for employees ->Security Guards, Security cards, face scanners, thumbprint scanner, gate card ->If Gates are open for a long time alarm goes off ->Cloud based control systems ->Cameras and sensor which track movements all day ->Glasses in the building ->Faraday cages to restrict wifis to a particular room ->Data needs to be protected and should be known only to the one who is responsible for it and needs to know in the company.

Something Awesome(Proposal)

I will be working on the website  "hackthissite.org" which contains lots of missions regarding the hacking. There are different types of missions: Basic , Realistic, Application and few more on which I will be working on for the next few weeks. I will completing missions online and writing blogs on each of them every week.

Deep Water Horizon

An industrial disaster caused by an explosion on the deepwater horizon oil rig in the Gulf of Mexico occurred due to the series of bad decisions, dangerous actions, and safety failures.

In our first tutorial, we discussed this case study by forming groups and came up with the causes that might have led to this great destruction and came up with possible solutions for the same.

The primary cause would have been the lack of communication between the ground level staff and the management. Engineering design flaws: Dodgy cement,  valve failure, pressure test misinterpreted, no battery for BOP were among the few flaws discussed in the class. They may have taken the acceptance of higher risk for the benefit of higher reward i.e., to reach on time, many testing and safety precaution was not taken into consideration as this type of incident never happened from the past seven years. The crew on board were divided into two shifts, twelve hours each. And there is a chance that everyone wasn't aware of all the alarms.

First and foremost, company culture should have been reshaped again. The team should work on solutions rather than blaming each other. The penalties on the employees should be reduced so that they can report the issue without any hesitation. There is a fair chance of government corruption involved as researched online.  External auditing can also play a vital role in this.