Finding The Hidden InfoSec Story

Attention All Shipping

I think everybody in the world probably knows the name Charles Darwin and most would be aware of The Beagle; the ship that carried him to Tierra del Fuego and the Galapagos Island where he studied finches in his work towards the now famous tome On the origin of species.  What you may not be aware of are the two other gentlemen on the ship who went on to greatness, namely Francis Beaufort (of the famous wind scale) and one Robert Fitzroy, the captain of the ship. On his return to the UK, the Admiralty asked Fitzroy to deal with the loss of shipping in the inshore waters of the UK.

The original solution was a series of lighthouses and weather stations around the coast would send a condition report for the water in that sea area by telegraph to London. This information was printed in The Times the following morning.  In this day and age we might consider this barring the stable door after the horse had bolted.  Initially there was some success but after one very bad storm, there was an even greater than normal loss of life and cargo.  A scapegoat had to be found and in this case it was Fitzroy.  He was vilified and pilloried in the press and eventually ended up taking his own life.

Cutting to the present day, what have we ended up with a hundred and fifty years later?  We are still a sea-faring nation and the shipping forecast still protects our coastal waters but these days by radio broadcast.   Four times a day a coded message which is 270 words long is broadcast across the UK beginning with the now immortal lines “Attention all shipping”.  This message gives details of wind speed, visibility and barometric pressure and predicts how things will change.  It is the experts guide to the weather over the next twenty four hours.

What has this got to do with compliance, security or risk?  Think about the ring of weather watch stations like a firewall.  They are one of the many ways in which your organisation or in fact personal data can be protected.  They are in reality protecting the transport layer.  The shipping forecast is a coded message rather like a CERT advisory telling you what the current climate is like and what risk is going to be prevalent for any use of the transport layer in the near future.  Your company policies will give you guidance as to how you should respond to a certain level of intrinsic threat.  But now we move into the reality.  The security professionals want you to listen to the shipping forecast every day, take it all in and act accordingly.  The average user wants to listen to the weather on Sky sponsored by Qatar Airways which is likening the weather conditions to cloudless skies over the Emirates.  To say this is dumbed down is an understatement.  What other sources of information does the user have?  Well there is the once a day forecast in the newspapers (sound familiar Mr Fitzroy?) which  is out of date before it is printed and generally inaccurate to start with.  This is the information about risk you get from the Metro in the morning or your average non-technical websites.  After enough times of the papers crying wolf about an approaching storm and the supermarket shelves being emptied, the public stop believing the threat. By the way, during the Great Storm of 1987, the Shipping Forecast saw it coming when Michael Fish did not.

How do you get the man in the street or the woman in your company to carry an umbrella or a raincoat, just in case? How do you prepare them for the storm that is brewing (excuse the pun)? There is also a challenge coming to the world of weather and it is akin to the challenge in IT risk and compliance.  The global warming phenomenon is real and is making three things happen.  The old and well established patterns of the past no longer hold true. The pace of change in these patterns is continuing to increase. Finally, weather and events from a long way away are now having a direct impact on you, for instance the Icelandic volcanoes or Hurricanes in the US.

In the world of commerce the old established patterns of doing business are also changing with organisations now having a semi-permeable membrane surrounding them as they make use of outsourced and offshore partnerships. The pace of these changes is also increasing at an almost exponential rate; the mobile technology boom exacerbates this further.  Finally, akin to the volcanoes and hurricanes, the bad guys do not need to break the door down any more; they are able to give you a very bad day from a long way away.

So next time you think about whether or not to click on that link in an email, think about Fitzroy.  Think about the protection he tried to put in place and the most important aspect of it being communication of threat levels to the man in the street, or afloat in a boat.  If you wonder how importantly we take his legacy, in 2004, sea area Finisterre was changed to sea area Fitzroy, the only part of the inshore waters named after a person.

Author: Dave Brooks

Share This Post On