There's a tension between network neutrality - essentially the principle that a network should be a dumb pipe that treats every packet alike - and network security, which may require some packets to be dropped to protect either the network or its users. Some current attacks simply can't be dealt with by devices at the edge of the network: if a denial of service attack is filling your access link with junk then nothing you do at the far end of that link can help.
Since becoming involved in Jisc's work on learning analytics, I've been trying to work out the best place to fit the use of students' digital data to improve education into data protection law. I've now written up those thoughts as a paper, and submitted it to the Journal of Learning Analytics. As the abstract says:
After more than three years of discussion, all three components of the European law making process have now produced their proposed texts for a General Data Protection Regulation should look like.
Last week the European Commission published their proposed new Data Protection legislation. This will now be discussed and probably amended by the European Parliament and Council of Ministers before it becomes law, a process that most commentators expect to take at least two years. There's a lot in the proposal so this post will just cover the general themes.
Scott Roberts of Github gave an excellent talk on Crisis Communications for Incident Response. If you only follow up one talk from the FIRST conference, make it this one: the slides and blog post are both well worth the time. So this post is just the personal five point plan that I hope I'll remember to re-read whenever I’m involved in communicating around an incident:
At the FIRST conference this week I presented ideas on how effective incident response protects privacy. Indeed, since most common malware infects end user devices and hides itself, an external response team may be the only way the owner can learn that their private information is being read and copied by others. The information sources used by incident responders – logfiles, network flows, etc.
An interesting theme developing at this week’s FIRST conference is how we can make incident detection and response more efficient, making the best use of scarce human analysts. With lots of technologies able to generate alerts it's tempting to turn on all the options, thereby drowning analysts in false positives and alerts of minor incidents: "drinking from your own firehose". It was suggested that many analysts actually spend 80% of their time collecting contextual information just to determine which of the alerts are worth further investigation.