For example, being safe online – from financial loss, identity misuse, harassment, privacy breaches; particularly for people in groups identified as especially vulnerable to such threats (seniors, people with low digital literacy etc.).

Develop the ability to detect scams/frauds by understanding reliable trust indicators and how to verify them. To detect/investigate/verify the trustworthiness of information found online. Support digital literacy and safety efforts.

This is part of the natural evolution of thoughts/concerns around Public Interest Technology, Science and Technology Studies (STS), Tech for Social Good, and niche ideas like Cyber GP clinics.

The Digital Safety Support volunteer role being proposed to COPE Galway could be considered an example of cyber social work.

The term ‘Cyber Social Work’ is also present in some discussions where it means ‘using digital tools to deliver social work’. But I’m imagining/meaning it as ‘social work for the digital/cyber health/welfare/wellbeing of people’.

The post Cyber Social Work first appeared on AravindJose.com.

Following that line of thought, Cyber GPs (Cyber General Practitioners, like Medical GPs/Doctors) – something like “Cyber Clinics” or “Cyber GP Clinics” or “Cyber Physician’s Clinics” make sense.

Especially for small enterprises. Because, a large percentage of small enterprises are participating in the digital transformation revolution with little to no guidance, understanding, or assurance.

They cannot stay on top of their IT/digital requirements on their own. They need someone to whom they can ask questions and get remedies to their cyber/tech/digital situations.

Currently, it is managed IT service providers (MSPs) or managed security service providers (MSSPs) who fulfil this requirement. This could be considered analogous to relying on pharmacies for your medical needs – where pharmacists are the only advisories and their recommendations (prescriptions) of various over-the-counter drugs/pharmaceutical products are what the SMEs can use.

This leaves a gap where some public/independent entity should take charge of establishing vendor-agnostic standards and suggestions, to ensure the community (tech/cyber)-health of small enterprises (or even individuals).

The post Imagining: Cyber GP Clinics first appeared on AravindJose.com.

The incident has rightly been described as “showing the fragility of the digitally connected world”.

Take the aviation sector, for instance. Aviation could be considered as one of the most safety-critical engineering/technology domain. The mechanical (and electronic and electrical) engineering involved in aviation is grounded in mature safety principles like redundancy, fail-safes, fail-overs, bypass, fault tolerance, fault isolation, and such. The internet-involved software-based computer technology (“the digital world”) is still a long way away from such levels of safety/security maturity.

The CrowdStrike+Windows incident juxtaposes the maturity of aviation engineering and the immaturity of digital engineering.

What’s the takeaway?

Firstly, it’s to be acknowledged that there are fundamental weaknesses in the “digital ecosystem”. It’s not a mature field like civil, mechanical, or electrical engineering.

It’s time to stop treating the digital revolution or digital transformation like a gold rush, and to instead invest in the maturing and careful understanding of the technology and systems involved.

The post Aeronautical engineering vs Software engineering: The maturity of the digitally transformed world first appeared on AravindJose.com.

What’s it?

An electronic, hardware-level element/module that sits on the circuitry of electronic devices – smartphones, computers – which ensures that those devices remain protected from being used unethically.

For example, in the case of training machine language models, and running recommendation, prediction, suggestion, decision models.

Think about Ethics on Chip (EoC) along the lines of Trusted Platform Module (TPM) by the Trusted Computing Group, and Application-specific integrated circuits (ASICs). It’s like an ASIC for ethics – an integrated circuit to embed ethics into electronic devices.

This idea/thought emerged while engaging with the topic of ethical AI and trustworthy AI, and the broader discussions about AI and society. It is also an example of Applied Public Interest Technology.

The post Ethics on Chip first appeared on AravindJose.com.

Like how toddlers need to be protected from “stranger danger”, digital systems need protection from “cyber stranger danger”. And both of them – toddlers and digital systems – need us for their protection, to watch out for them.

Like how toddlers are prone to physical injury from tumbles and falls, computers too are prone to technical accidents – data loss due to storage corruption, hardware failure and such. But there is also the other type of danger – stranger danger. Toddlers need to be protected from those with malicious intents, anti-social elements, and exposure to age-inappropriate situations. Following suit, digital systems need to be protected from cyberattackers operating with various intentions. While lollies, ice creams, toys, stories and impersonating a relative constitute some props and techniques used against toddlers, phishing emails and malicious-intention advertisements are used against the human users of digital systems. The goal of such emails and ads is to get the human user to run bad code on their machine or divulge sensitive account credentials or data.

Digital systems are not like independently capable adults. They are like toddlers. Like child protection laws, child safety and welfare policies, technical solutions and controls provide one arm/type of defence for digital systems. What’s the second arm of defence and protection? How do we manage to keep toddlers safe from stranger danger and other such dangers? How do we keep them safe, generally? By practising watchfulness. Security Education, Training, and Awareness is the cyber equivalent of that watchfulness.

But, such SETA efforts are often reported to be ineffective, and those who are the receivers of such training often find it painful, annoying, boring, and a nuisance. There is one single and simple thing that could help solve the effectiveness problem of security education, training, and awareness efforts. It is to acknowledge the fact that digital computer-based systems are inherently vulnerable systems. They are easily accessible and modifiable code-execution machines. They can run good code and bad code with equal ease.

Digital systems carry a wide variety of inherent vulnerabilities. They are not the all-knowing, all-powerful, perfect machines that they are typically portrayed to be. They require lots of care and attention to be kept safe. In the case of human development, through the process of maturation, adults develop the ability to keep themselves safe, make informed decisions, manage risks, and respond to situations with the faculties of intelligence, memory, perception etc. Digital computer systems have not yet reached such a state of maturity. Since their programmable surface is large and easily accessible, they remain highly exposed to attacks.

This situation is different from other technologies that can be considered more mature than computer systems. Such matured systems are tightly limited in their scope and accessibility. Examples would include mechanical engineering, electrical engineering, and traditional industrial control systems. They have an array of mature security, safety, and reliability standards and principles (fault tolerance, redundancy, bypass mechanisms, kill-switches, strict data transfer protocols etc.) in addition to them being generally much less ‘hackable’ because they are physical objects (factory switches, aircraft, microwave ovens and other kitchen appliances) that remain largely inaccessible.

The acknowledgement that digital systems are not the astonishingly perfect systems they are often touted to be, and that they need our care to remain safe, could be the one simple thing that will help the human users and the effectiveness of SETA efforts.

How might it help? To start with, it acknowledges and respects the dignity of human users, by telling them the truth about the systems they are asked to use to perform work. Human users have been consistently made to feel ‘less than’ compared to the ‘smart digital systems’. Human users have been repeatedly berated and shamed directly and indirectly for being unproductive in comparison to digital systems.

In many organisational settings, through the nature and tone of internal communications, humans users of computer systems are made to feel like they are a nuisance that the organisation has to manage. And that the organisation/leadership/management would rather eliminate humans entirely from their “systems” so that there will be no “human risk” and other loss-making things related to humans – while machines “will do things perfectly”, without the overheads of caring about well-being, health, dignity, respect, ethics and such.

Acknowledging the fallibility of digital systems puts an end to this false narrative. It restores dignity and respect to human users of digital systems. It is a welcome break from treating the human users of technology as the error-prone elements in an otherwise perfectly orchestrated, high-performance, productivity panacea.

Restoration of their dignity, respect, value, and agency could help the human users spend their attention to grasp the importance of the situation regarding cybersecurity, and contribute their energy and time towards keeping those systems secure. If you continue trying to manipulate them into behaviours that you want them to exhibit so that your risks remain managed, it’s not going to be a pleasant experience for anyone. Nor will the systems get secured.

Humans are not the weakest links in cybersecurity. It is the underlying systems themselves the weakest links. If anything, humans could be the guardians. It’s important to call things by their right names.

The post Computers are not microwaves, and humans are not the weakest links in cybersecurity. first appeared on AravindJose.com.

Original post:
Discovering new and various identity markers is something I have found useful. When you are interested in many things/areas, it’s sometimes difficult to answer the regular questions – what do you do, what are you interested in.

The broadest catch-all phrase that has been useful is “generalist”. I then made it “technical generalist” to add some detail. Recently, I read Speaking Tech to Power: Why technologists and policymakers need to work together, in which I discovered a perfect upgrade to my identity markers: “public-interest technologist“. Someone “working at the intersection of security, technology, and people” as detailed by the post’s author, Bruce Schneier.

And it makes perfect sense to me. Time to read more into it.

The post Identity Marker Upgrade: from (Technical) Generalist to Public-interest Technologist first appeared on AravindJose.com.

Public Good as the profit motive should energize governments and public administrations to innovate with information systems.

It should become possible and commonplace to consider increase in Public Good as Profit.

It’s not about simply “digitizing” or digitally transforming existing public administration policies and workflows as-is. Instead, it’s a potent opportunity to review public administration and organization from the ground up.

At this time, businesses are facing fundamental pressures to re-invent itself as a non-destructive juggernaut. The public realm actually has a chance to lead this turnaround from extractive, unjust practices in the name of profit to economics of care, justice, and sustainability. The power of information systems is waiting to be deployed for this cause.

The post When Public Good becomes the Profit first appeared on AravindJose.com.

New languages also sparked new media. New media took our intentions/thoughts/feelings farther, faster, and in richer detail.
The binary language now even handles non-binary language through sheer compute power.

Through all this, one thing is clear: the desire/drive to communicate seems to be a fundamental desire. Whatever state we are in, we seem to keep trying to communicate – communicate more, communicate better. Almost like we are driven by an inkling, a knowing, that communicating can take us to better places, that communicating can take us to harmony.

Driven by this desire/inkling, we keep finding new ways to communicate. And our story is far from over.

The post Languages, more languages: the drive to communicate first appeared on AravindJose.com.

Longer answer to “What is it that drives me to the Cybersecurity realm?”

Because I love to hold safe spaces where goodness can grow. I believe connections are a key attribute of life – not just human life, the life force as a whole. And communication is a form of connection. Using computer-based technologies to exchange information – to communicate using ‘digital technologies’ / ‘IT’ – is an evolutionary step in human beings’ journey of seeking and discovering connections. Therefore, to me, the use of Information Systems and Information Technology is a great indicator of human progress. The progress towards peace, joy, health, beauty. And I want to be part of ensuring that the Information Systems and Technology remain safe and reliable, so that humans can make the best of it.

To quote the pioneers of the modern three-point automobile seatbelts:

“When you feel safe, you can be truly free”.

Volvo

I am particularly drawn to the security of public information systems – information systems that are primarily aimed at the public good. E.g. use of information systems and technologies by governments, civic bodies and by entirely new kinds of collectives and organizations that IS and IT might bring up. I believe there is tremendous potential for human progress waiting to be discovered here.

Since it’s in business ‘where the money is’, business information systems have witnessed breakout growth and innovation over the past few decades. I am among those who strongly feel that the time is now ripe for all the learnings and experiences from the IT-enabled Business Era to have their counterparts in the realm of public good. Where public good is the profit motive. Hopefully, there will also be synergies with the growing desire for sustainability, justice and peace, that’s already making its impact visible in the ‘age-old’, ‘hard’ fields of economics, politics, and philosophy.

The post What is the larger significance that I see in Cybersecurity? first appeared on AravindJose.com.

Therefore, it follows that, if the capacity to communicate increases, the chances of incidence of the high-energy outburst events reduces.

Now, consider: communication is a flow of information.

Also consider: human beings are currently using information tools like never before in their history. Information technology tools powered by computer science and technology. This can be seen as the continued evolution of the tool-using legacy/nature of human beings.

All that to say: human beings are now capable of experiencing a flow of information at unprecedented scales.

Increased flow of information tends to increase the capacity to communicate (the more available bandwidth, the richer the media/signal can be). Increased capacity for communication leads to a reduction in communication gaps and misunderstandings (which are proven markers that predict conflict, aggression, and violence).

This says: human beings are becoming more and more capable of peace and harmony, despite all the perceived differences that divided and troubled them in the past.

This says: a peace-filled, beautiful world is a realistic plan, and that the plan is already in motion.

This also dissolves the long-held belief/assumption that “human beings are fundamentally war-loving” or that “[a] propensity for conflict is always active in human nature”.

The new understanding becomes: “Human beings are fundamentally desirous of communication/connection. When their capacity to communicate does not match their desire/need to communicate, untoward incidents happen. They are gaining more and more capacity to communicate. With this, they will discover more and more peace and harmony.”

“Ever-present propensity for conflict” becomes “ever-present desire to connect”. This desire remains active even while limited in communication tools/capacity. This desire continuously motivates and inspires human beings to explore avenues for increased communication and connection.

The post Thinking about wars and conflicts in relation to desire and capacity to communicate first appeared on AravindJose.com.