The Attributer’s Blog – Threat Modelled

The Attributer has become aware that threat modelling is enjoying some popularity at the moment. However, most of what is written and said about it makes little sense. It’s not the role of this column to ‘name and shame’, but if you doubt what is said here, just type the words ‘threat modelling’ into your favourite search engine and read […]

The Attributer’s Blog – Fake Protected

Selling fake goods is nothing new. It dates back to the beginning of commerce.  Making fraudulent claims about patent medicines was very common in the 18th and 19th centuries. In the 20th and 21st centuries regulations and laws started to limit the possibilities. The emergence of a consumer society during the late 20th century led to a vigorous trade in […]

The Attributer’s Blog – Trustable Execution

The recent revelations of the Meltdown and Spectre attacks on hardware CPUs brings us back to something that The Attributer has addressed in previous articles: emergent properties of complex systems. (See IB2 in 2016: the attribute Emergent). For those readers who might have missed that article, highly complex systems exhibit unexpected and unwanted behaviours that are the result of component […]

The Attributer’s Blog – Cyber Secured

Two years ago, in the last article of 2015, The Attributer previously published this same title. So why choose the title again? That previous article examined the global geo-political threat landscape and the reasons to take it seriously. In the final paragraph of the article The Attributer wrote: We need to shift into a different gear in our thinking and […]

The Attributer’s Blog – Private

The introduction of GDPR (General Data Protection Regulation) in 2018 in the EU raises some new challenges for those involved in controlling and processing personal data, but it is also a great case study in risk ownership and governance. It demonstrates some concepts and principles that have long been central in the SABSA way of thinking. In this article we […]

The Attributer’s Blog – Tears-Free

You wanna cry? Been staring at a ransomware screen? The Attributer hopes not, but we all know it happened to a lot of people. So, what can we learn from this global incident and what should we do about protecting ourselves in the future? Three years ago The Attributer wrote an article named ‘Patched’. We shall re-examine some of the […]

The Attributer’s Blog – Capable

There have been numerous media reports in recent times about the cyber-attack capabilities of nation states hostile to Western political and business interests. That of course raises the debate about our cyber-defence capabilities and what they should be in this emerging threat landscape. In particular some commentators have raised the issue of the purpose and motive on the part of […]

The Attributer’s Blog – Traceably Owned

Today’s big buzzwords are ‘blockchain’ and Bitcoin, but the concept has been around since the 1990s. The Attributer himself in 1998 was consulting for one of the companies involved in the Bolero consortium, a project to digitise and dematerialise paper bills of lading (BoLs). A BoL is a negotiable financial instrument. Ownership of the bill means ownership of the cargo […]