Here we look at the new UK cybersecurity law that will ban device manufacturers from having weak, easily guessable default passwords, thereby providing extra protection against hacking and cyber-attacks.

The Problem 

With 99 per cent of UK adults owning at least one smart device and UK households owning an average of nine connected devices, but with a home’s smart devices potentially being exposed to more than 12,000 hacking attacks in a single week (Which?), the UK government has decided that protective, proactive action is needed. It’s long been known that easy-to-guess default passwords (like ‘admin’ or ‘12345) in new devices and IoT devices have provided access for cybercriminals. An example (from the US) is the 2016 Mirai attack which led to 300,000 smart products being compromised due to weak security features as well as major internet platforms and services being attacked and much of the US East Coast being left without internet.

The New Laws 

The UK government has introduced the new laws as part of the Product Security and Telecommunications Infrastructure (PSTI) regime. This regime is part of a £2.6 billion National Cyber Strategy, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.

The key security aspects of these new laws are that:

– Common or easily guessable passwords (e.g. ‘admin’ or ‘12345’) will be banned to prevent vulnerabilities and hacking.

– Device manufacturers will be required to publish contact details so bugs and issues can be reported and dealt with.

– Manufacturers and retailers must be open with consumers on the minimum time they can expect to receive important security updates.

– The government hopes that taking this action will increase consumers’ confidence in the security of the products they buy and use and help the government to deliver on one of its five priorities to grow the economy.

– The UK’s Data and Digital Infrastructure Minister, Julia Lopez, said of these new laws: “Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected.” 

The Major Role of Businesses 

NCSC Deputy Director for Economy and Society, Sarah Lyons, has highlighted the important role that businesses have to play in protecting the public by “ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyber-attacks”. She has also advised all businesses and consumers that they can read the NCSC’s point of sale leaflet for an explanation of how the new Product Security and Telecommunications Infrastructure (PSTI) regulation affects them and how smart devices can be used securely.

What Does This Mean For Your Business? 

The issue of weak default passwords in devices enabling cybercrime is not new and the news that the government is finally doing something about via legislation is likely to be well-received. The new laws will have implications for businesses, consumers, and the overall UK economy.

For example, for device makers (and importers), the requirement to eliminate default password vulnerabilities and to provide clear avenues for reporting security issues places a significant onus on manufacturers to enhance their security protocols. This may not only involve revising the initial security features but also maintaining transparency about the duration of support for security updates. Such changes could, however, require these businesses to invest in better security frameworks, thereby potentially increasing operational costs. That said, it should also improve the marketability and trustworthiness of their products.

UK businesses stand to gain considerably from these heightened security measures. By bolstering the security standards of connected devices, the new laws may ensure that businesses that rely heavily on such technology, from retail to critical infrastructure, are less susceptible to the disruptions and financial losses associated with cyber-attacks. This enhanced security environment should help maintain business continuity and safeguard sensitive data, thereby helping to foster a more resilient economic landscape.

The new laws may also mean that consumers, who are increasingly concerned about their digital privacy and the security of their data, may be able to make more informed choices about and experience greater confidence in the products they choose to integrate into their daily lives. With manufacturers required to adhere to stricter security measures and provide ongoing updates, consumers can expect a new level of protection for their connected devices, which translates into safer personal and financial data.

Economically, by setting a new cybersecurity standard, the UK appears to be positioning itself as a leader in the safe expansion of digital infrastructure. This leadership could boost innovation in cybersecurity measures, potentially leading to growth in the tech sector and creating new opportunities for employment and development. Also, by fostering a safer digital environment, the UK may attract more digital businesses and investments, further stimulating economic growth.

In a recent BBC World Service interview, Head of WhatsApp, Will Cathcart, claimed that tens of millions of people in countries where WhatsApp has been banned continue to use it.

Where Is WhatsApp Banned And Why? 

WhatsApp is banned Iran and North Korea, has been blocked at times in Syria, Senegal, and Guinea, and recently China banned iPhone users from downloading the app. Also, Qatar, Egypt, Jordan and the United Arab Emirates restrict certain features of the app.

WhatsApp faces bans and restrictions in these countries mainly due to concerns regarding its end-to-end encryption, which prevents governments from monitoring or intercepting messages sent through the platform. The encryption feature undermines authorities’ abilities to surveil communications for security purposes, potentially allowing for the spread of dissent or undesirable information. Also, WhatsApp’s widespread popularity makes it a powerful tool for activities such as organising protests or disseminating information, posing challenges to governments seeking to control the flow of information and maintain societal order. Consequently, countries with authoritarian regimes or strict censorship laws are opting to ban or restrict WhatsApp to maintain control over communication channels and uphold state authority.

Evidence of Tens of Millions Still Using It 

Mr Cathcart says the fact that WhatsApp can see the registered phone numbers of users, plus anecdotal reports of people using WhatsApp, have enabled WhatsApp to: “look at some of the countries where we’re seeing blocking and still see tens of millions of people connecting to WhatsApp”.  

Apple 

In the interview, Mr Cathcart highlighted how China ordered Apple to block Chinese iPhone users from downloading WhatsApp from the AppStore in April was a “choice Apple has made” but stressed that Android users there can still download it without going through official shops.

China has also banned another end-to-end encrypted app, Telegram, and has asked Apple to remove microblogging app Threads from its app store due to political content that mentions the Chinese president.

VPNs 

Mr Cathcart also pointed the role that virtual private networks (VPNs) and WhatsApp’s proxy service have had in keeping WhatsApp accessible.

Free Internet Battle 

Mr Cathcart also highlighted how the UK government’s battle over several years to ban end-to-end encryption in apps like WhatsApp to allow police to read criminals’ messages, and the US forcing TikTok to be sold or banned (for national security reasons) are indicators of the growing battle for a free Internet.

What Does This Mean For Your Business? 

For businesses, the ongoing saga surrounding end-to-end encrypted apps like WhatsApp has implications for operations, security, and ethics. As highlighted by Will Cathcart, the widespread use of WhatsApp in countries with authoritarian regimes shows its critical role as a secure communication platform for individuals facing oppressive surveillance and censorship. In such environments, where privacy and freedom of expression are under constant threat, encrypted apps serve as a lifeline for both personal and professional interactions.

However, the bans and restrictions imposed by these governments highlight the tension between security and freedom in the digital age. By targeting encrypted platforms, governments essentially seek to exert control over information flow and suppress dissent, often at the expense of individual liberties and privacy rights. For businesses operating in (or collaborating with partners in) such regions, these restrictions pose significant challenges, potentially jeopardising the confidentiality of sensitive communications and data.

Also, the battle over end-to-end encryption extends beyond geopolitical borders, shaping the broader landscape of internet freedom and digital rights. Efforts by governments like the UK’s to undermine encryption in the name of law enforcement raise serious questions about the balance between security measures and civil liberties. Any compromise to encryption standards not only undermines the privacy and security of users but also sets a dangerous precedent that threatens the integrity of the digital ecosystem.

North Yorkshire council has said it’s having to drop apostrophes from its street signs to avoid problems with its computer database!

Must Meet BS7666 

The reason given for North Yorkshire council for dropping the apostrophes (e.g. in its street name signs), is that including apostrophes can affect geographical databases and that when street names and addresses are stored in its databases, they must meet the standards set out in BS7666.

Not The Only Council Doing It 

North Yorkshire Council has also said that it is one of many councils around the country with plans to “eliminate” the apostrophe from street signs. Other councils that have already opted to drop apostrophes from their signs include Cambridge City Council, and Mid Devon District Council.

How Does BS7666 Apply to This? 

The main part of BS7666 that North Yorkshire Council has identified as having an influence on its decision is the need for standardised data entry. For example, BS7666 encourages the use of standardised formats for addresses and street names to facilitate efficient data sharing and matching across different systems. Including apostrophes might be seen as introducing variability that can affect how data is entered, stored, and retrieved. Standardisation aims to minimise these discrepancies. Also, a council spokesperson has been reported as saying that BS7666 restricts the use of punctuation marks and special characters such as apostrophes, hyphens, and ampersands because these have specific meanings in computer systems and could, therefore, cause problems with those systems and databases if used.

Other ways that BS7666 could apply to the council’s decision include:

– Data interoperability. BS7666 is designed to ensure that spatial data can be shared effectively between different organisations and systems. Variations in how street names are recorded (including whether or not they use apostrophes) can lead to issues when exchanging data. This is particularly relevant when databases interface with other systems like emergency services, postal services, and mapping software, where consistent, accurate data is crucial.

– Database design and implementation. The standards set out in BS7666 guide local councils in designing and implementing their geographical databases. If the standard recommends excluding characters such as apostrophes for the sake of consistency and reliability, councils (like North Yorkshire’s) may decide to follow this guideline to ensure compliance and avoid potential technical issues.

Other Issues

The issue of including apostrophes in street names in the context of UK councils and their geographical databases primarily revolves around technical and administrative challenges. For example, in addition to the need for data consistency to enable the accurate matching and cross-referencing data across different systems or databases, and the possible technical limitations of older databases, and apostrophes in street names complicating search functions within databases, there’s also the issue of Geographic information systems (GIS) and interoperability. North Yorkshire Council referred to potential problems relating to apostrophes and geographic databases. GIS and other data-sharing platforms, for example, might not handle special characters consistently. If street names are shared between multiple organisations or systems (like postal services, emergency services, etc.), discrepancies in the use of apostrophes can lead to operational inefficiencies or errors in data exchange.

Criticism 

The decision by North Yorkshire Council to do away with street name apostrophes has attracted plenty of criticism and ridicule from members of the public in the North Yorkshire area. For example, it’s been reported that some people have highlighted how many people are irritated by poor grammar or punctuation, and others have suggested that losing apostrophes is a lowering of standards and could be a negative step considering how much time is spent teaching children the basics and importance of grammar.

Other Views 

Others, however, have been reported as pointing out that apostrophes were a relatively new invention in the English language, and they may make little difference in pronunciation for visitors from overseas.

What About The Legal Angle? 

Returning to the subject of BS7666’s aim of standardisation, that may also mean having to balance the historical and cultural significance of names. If, for example, the official and legal naming of a place includes an apostrophe, there may be legal argument that the standard might still need to accommodate such usage to ensure that official records match those used in geographical databases.

What Does This Mean For Your Business? 

The decision by North Yorkshire Council to drop apostrophes from street signs, aligning with the standards set out in BS7666, marks a shift that affects not just the council but also the local community and businesses – hence much of the criticism. This change aims to sidestep the technical and administrative hurdles associated with non-standard address entries in geographic databases, promoting consistency and reliability in digital records. For the council, the decision has proved to be a double-edged sword so far. While it may streamline data management and support seamless data sharing with vital services like emergency response and postal services, it has led to criticism for perceived erosion of grammatical standards and local character in street naming.

For businesses in the area, especially those reliant on local foot traffic and deliveries, these changes mean adapting to new address norms. While it might simplify database management and reduce errors in deliveries or service provisioning due to address inconsistencies, some businesses might need to update their information across multiple platforms and communication materials – or may simply feel they shouldn’t have to do so.

For residents of the area, many of whom have been vocal in their opposition to the council’s decision, the loss of traditional apostrophes may be seen as a decline in standards and cultural preservation, sparking debates about the balance between modern efficiency and historical legacy. That said, the standardisation may actually make it easier for services to locate addresses, potentially improving response times in emergencies.

As multiple councils across the country adopt similar changes, we may see a national shift towards more streamlined address systems in public records and databases. This might encourage software developers and GIS providers to further refine their systems to accommodate standardised data entry, potentially leading to broader improvements in data handling and service delivery across various sectors. However, widespread standardisation may also prompt a cultural re-evaluation of how we preserve our linguistic heritage within the digital age, and future discussions and policies might need to carefully consider not just the practical needs of the council’s systems and standards, but other points of view in the area.

Apple Inc’s Board has just approved a $110 Billion Stock buyback which will be the biggest buyback in US history. Apple is already responsible for the top six of the 10 largest share-repurchase announcements ever made in the US, and this announcement beats its own previous record for the largest buyback value from 2018 when it authorised $100 billion in share repurchases.

Apple has seen a slowdown in sales in recent years but with its quarterly post-market results and sales exceeding expectations, its quarterly dividend increased (for the twelfth year in a row), and growth predicted, the buyback announcement added to the momentum as shares rose as much as 7.9 per cent in post-market trading.

It’s predicted that the move could add more than $190 billion in market value, thereby making investors see Apple’s as a value rather than a growth stock. Buybacks tend to happen when a company has significant cash reserves (as in the case of Apple) and are primarily aimed at returning value to a company’s shareholders.

Popular San Francisco-based cloud storage provider Dropbox has confirmed that it suffered a data breach from a “threat actor” on April 24. The company says, in what it believes to be an isolated incident, the hacker “accessed Dropbox Sign customer information”. Dropbox says the data accessed included email addresses, usernames, phone numbers and hashed passwords, general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.

Dropbox says that it’s found no evidence of unauthorised access to the contents of customers’ accounts, i.e. their documents or agreements, or payment information.

The company says it has “reset users’ passwords, logged users out of any devices they had connected to Dropbox Sign, and is coordinating the rotation of all API keys and OAuth tokens.” Dropbox also says it has reported the event to data protection regulators and law enforcement.

Scientists at Edinburgh’s Heriot-Watt University have published details of the discovery of a new material that can absorb carbon faster than trees, giving hope to efforts to tackle the climate crisis.

Can Absorb The Most Potent Greenhouse Gasses 

Detailed in a paper published in the journal ‘Nature Synthesis,’ the scientists report how the new porous material they created has hollow, cage-like molecules with high storage capacities for greenhouse gases like carbon dioxide and sulphur hexafluoride. Although the new material can absorb carbon dioxide (the most well-known greenhouse gas), the scientist pointed out that sulphur hexafluoride is a more potent greenhouse gas than carbon dioxide and can last thousands of years in the atmosphere.

Used Computer Modelling To Design It 

The project to create the material was a collaboration between Heriot-Watt University, the University of Liverpool, Imperial College London, the University of Southampton, and East China University of Science and Technology in China, and the team used computer modelling to “accurately predict how molecules would assemble themselves into the new type of porous material.”

It was the computer modelling specialists at Imperial College London and the University of Southampton that created the simulations which enabled the team to understand and predict how their cage molecules would assemble into this new type of porous material.

Dr Marc Little (an Assistant Professor at Heriot-Watt University’s Institute of Chemical Sciences and an expert in porous materials) said: “Combining computational studies like ours with new AI technologies could create an unprecedented supply of new materials to solve the most pressing societal challenges, and this study is an important step in this direction.” 

In reference to the contribution of computer modelling to the discovery and could play (along with AI) to future similar discoveries, Dr Little added: “Combining computational studies like ours with new AI technologies could create an unprecedented supply of new materials to solve the most pressing societal challenges, and this study is an important step in this direction.” 

What Does This Mean For Your Organisation? 

As Dr Marc Little said: “This is an exciting discovery because we need new porous materials to help solve society’s biggest challenges, such as capturing and storing greenhouse gases.” As such, this groundbreaking discovery could represent a pivotal moment in our collective fight against the climate crisis.

At the heart of this discovery is a collaborative effort by experts in the UK and China and the ingenious use of computer modelling, a tool that played a pivotal role in unravelling the complexities of molecular assembly.

Through precise predictions facilitated by advanced computer modelling, researchers were able to engineer hollow, cage-like molecules capable of efficiently trapping greenhouse gases such as carbon dioxide and the highly potent sulphur hexafluoride. This strategic fusion of scientific expertise and computational prowess underscores the immense potential of technology in catalysing transformative breakthroughs.

As highlighted by Dr Little, by marrying computational studies with emerging AI technologies, we could have a chance to unlock many more innovative solutions to society’s most pressing challenges. This study, therefore, could be seen as an important step toward a future where computational ingenuity and scientific inquiry converge to address global challenges.

Also, the integration of computer modelling and AI for future projects holds a great deal of promise, e.g. in advancing material science, renewable energy and more.

This discovery and its methodology, therefore, shows how important embracing the transformative power of technology is and will be in helping us tackle our biggest challenges going forward.