Friday, 5 June 2015

Cybersecurity Pact between China and Russia

This week I saw an interesting piece of news on cybersecurity pact between the two powerful countries, China and Russia. The two countries have promised not to launch any forms of cyberattacks against one another.

This, I have to say, is probably the first of its kind. I have never heard or seen such form of treaty before. We have all heard and seen treaties done be countries after major wars. Real wars, that is. This time, it is the treaty on cyber warfare!

What does this cybersecurity pact imply?

My first reaction was "hhmmm these two countries have signed a pact agreeing not to attack each other on cyber ground. This must mean that they have done such thing to each other before, and now have decided to be friends."

What about the US and other European countries? No questions. Looks like both China and Russia must have done and must be doing cyberattacks on them.

This cybersecurity treaty has opened a new ground and a new form of allies. China and Russia can probably be known as cyber allies from now on.

If the US and other major European countries have to same kind of cybersecurity pact, the Third World War may be on the cyberspace after all.

Friday, 15 May 2015

More and more data breaches ... I think the problem has been found!

We keep seeing news articles on data breaches these days. Big companies like eBay, LinkedIn and Twitter have all been victims of data breaches. Have you ever wondered why this happens all the time even though massive amount of money has been spent on improving security mechanisms?

Is it because hackers are better than security professionals? Is it because there is a lack of adquate security mechanisms? Maybe.

This article here has given us another reason. There are not enough IT security professionals. That's why.

Cybersecurity has been a buzz word for some time now. Even if this is the case, the latest report in the U.S. still suggests that "more than 209,000 cybersecurity jobs in the U.S. are unfilled." The number is also expected to grow by 58 per cent by 2018. 

Of course, the increase in the demands has led to better salaries for IT security professionals than other IT jobs. In my previous article, it was said that an initial salary for an IT job was around US$100,000 per year. That means a job in cybersecurity could earn you considerably more. 

These are the numbers in the U.S. However, I don't think the numbers (at least in proportion) in Thailand will be very different.

Still, there are just not enough cybersecurity professionals. Why?

Are universities and colleges not producing enough graduates in the security domain? 

Many leading universities in the U.S., the  U.K. and in Thailand provide degrees in computer science, information technology and data networking. All of them have courses in security. The problem is information security or network security are not compulsory courses at those universities. This implies that not all computer science and information technology students will take the security courses.

As suggested in my previous article, the trend in IT today tends to go towards machine learning and artificial intelligence. Cybersecurity is not even on the list even though the demands are greater.

I hope it does not take too long for this problem to be solved.

Maybe the Department of Data Communication and Networking at KMUTNB can lead other universities in Thailand to ease the problem. Just a thought.  ^_^ 

Tuesday, 12 May 2015

Demands for computer scientists are higher than ever.

Recently, I have read an article stating that the starting salaries for computer scientists graduating in 2015 are around US$100,000. That's over 3,000,000 Baht a year! And ... this is just an initial offer.

It looks like the demand for graduates with computer science background is higher than ever. The demand is not just from technology companies, but from all sectors.

The article also suggests that the strongest demands are for students specialised in robotics, machine learning and artificial intelligence. However, personally I think demands are for those specialised in security as well.

Moreover, students with strong software background are also sought after by companies.

The increase in the demand has led to more students wanting to study computer science in the past few years. The Computing Research Association says that the number of computer science degree awarded has gone up by 14% between 2013 and 2014.

As a computer science graduate and a lecturer in IT, it is interesting to see this situation. The problem is that in the past several years, the trend in Thailand appears to be the opposite with fewer and fewer students choosing to study computer-related degrees.

I wonder why? Is it the salaries of fresh graduates? Is it the younger people want to run their own companies rather than being hired? ... Maybe this is something we need to look into.



Wednesday, 22 April 2015

Why would someone need their Google Search History?

Have you ever wondered what you have used Google to search for over the years?

Now you can easily find out what you looked for in April 2013. Neat!

Google have now allowed you to do such that.

Recently, Google have made their new feature available to all their users. The feature allows users to download their search history. Downloading the history is as simple as logging into Google and going to the Google history page.

The page provides you with lots of information, including hourly search activity, daily search activity and monthly search activity. However, this is nothing compared to the detail below the dashboard.

Google shows all the terms and time you searched for. Now ... this is fun!

You can go back to whenever you want. Of course, you will be able to find many embarrassing things you looked for in the past. No no  no ... I am not only talking about your weird taste in porn. Haha! One of the funniest thing I found in my search history was I actually searched for Yahoo and Hotmail! That was years ago, though. Back when I never used the bookmark function.

Bear in mind that Google only record your search history when you have logged into your Google account. That means if you are logged on your mobile phone, whatever you look for is recorded. This, of course, includes the commands you issue to Google Now.

Furthermore, you are also allowed to download your entire search history. This will be sent to your email. You will also be able to delete your entire search history. However, Google warn that you may lose everything you have done over the years. (I have not tried deleting it, so I am not too sure what it means.)

This all sounds kinda fun. Beware that now you should not leave your computer logged on at anytime. This may go to your smartphone as well. It is now possible for anyone to look at your search history and, of course, download it, too. Watch out!

Anyway, this leads to my question "Why would someone need their Google Search History?"

Monday, 9 February 2015

Creativity and Innovation

Recently, I had a chance to read "inGenius", a book written by Tina Seelig, director of d.school at Stanford University, USA.



The first thing that struck me while reading the book was the fact that at d.school, there is a course called Creativity and Innovation. The aim of this course is to teach and train students to think creatively and out of the box through workshops, games and groupd assignments among other things.

Wow! A course that teaches people how to think creatively! I never knew that this kind of thing actually existed. I seriously thought that creativity was something that could not be taught. I thought that it was something you were born with.

Of course, the book told me that I was wrong.

Anyway, the minute I found out that Creativity and Innovation was avaiable to students at Standford, I looked back at the education in Thailand.

While students at d.school are involved in various exercises that encourage them to be imaginative, creative and think out of the box, students in Thailand are busy taking notes from what they hear in lectures. A lot of them struggle when being asked to solve problems beyond what they have learned in class.

Is it the teachers' fault that they only talk in front of the classroom? Is it the students' fault that all they want is to gain high marks in exams?

Whatever the answer, things need to change quickly. Other people are moving away from us further and further. 

Thinking creatively is considered a skill needed in the 21st century. Maybe I will put a similar course to Creativity and Innovation in my curriculum. hehe!

This is it for now.

I will tell you more about what I have learned from the book, "inGenius", next time.








Thursday, 29 January 2015

Thailand's Cybersecurity Bill - What's All the Fuss About?

In the past weeks, there have been many comments, complaints and fears about the draft of the National Cybersecurity Act or the Thailand's Cybersecurity Bill. The draft was approved by the cabinet on the 6th January 2015. Since then the press and "experts" have been having field days.

I, no expert by any means, have just had a chance to take a good look at the draft (28th January 2015). I think I do have some comments of my own.

The Bill consists of six chapters and forty-three sections. I will only discuss the sections that I think are interesting and may raise some eyebrow.

Personally, I think Section 5 in Chapter 1 sets the tone of the entire Bill to lead me to understand that this particular Bill is more concerned with national security rather than personal security. I think anyone who reads this draft must set their mind set in this direction before having negative thoughts on other sections of the Bill.

Section 6 in Chapter 2 states that a committee known as "The National Cybersecurity Committee" or "NCSC" shall be established. As a part of the committee seven "qualified members" shall be appointed. It will be interesting to see who will be appointed and, especially how they will be selected. I wonder what the criteria will be and how they will end up with seven members. Bear in mind that there are so many people who claim or are said to be "qualified" and "expert" in the field.

The duties and responsibilities of the NCSC are stated in Section 7. Things like making action plans, giving advice to relevant ministries and monitoring the execution of this Bill are all here. I don't think I have a problem with this.

The rest of Chapter 2 is quite boring. Let us go on to Chapter 3 - The Office of National Cybersecurity Committee. At first glimpse, I thanked them for finally seeing the importance of cybersecurity and knowing the necessity for having an office dedicated to cybersecurity. As a part of this Office, the "National Computer Emergency Response Team" or "National CERT" will also be established. Wow! I like it a lot. Other developed countries such as the USA, Canada and many in Europe have had their own national CERT for a long time now. Finally, it looks like we will have one.

One of the duties of the Office of National Cybersecurity Committee that caught my eye is the one stated in Section 17 (8). They will have to "conduct studies and research on the information necessary for the maintenance of cybersecurity for the purpose of making recommendations on measures on cybersecurity." This is something I totally agree with. Nothing will come good without research. I just hope that the government will provide sufficient funding and, of course, research funds should be available to other sectors, too. I am looking forward to having some research grants in the future. haha!

There is one concern here in this Chapter 3. Section 21 states that "there shall be a secretary who is directly accountable to the chairperson of the NCSC as regards the operation of the Office and supervises the officials and employees of the Office." Why am I concerned? Well, from what I have seen in the draft, it looks like the secretary would have a lot of power even though the actions and performance would be judged by the Committee. At this moment, it sounds OK because we are being governed mainly by military. However, in the future, the people in power will be politicians. Will they pick their own people? Will the chosen secretary do things to serve the politicians? I will just leave this to your imagination, knowing what Thai politicians are like. haha! (At least it is good to see that no politicians will be allowed to take this position - see Section 23.)

Chapter 4 - Operation and Tackling of Cyber Threats - does not really leave me anything to comment, except if you are a sort of person who really thinks too much. Why do I say this? Take a look at Sections 33 and 34, which give the power to the Office of NCSC to order any agencies to perform any required actions if the Office see that a cyber threat affecting national security is occurring. In the draft, where everything is still vaguely define, these two sections appear to have no boundary or threshold of when the Office is allowed to use their power in Sections 33 and 34. I think this is something that needs to be clarified.

We now go to Chapter 5 - Officials. I think this is the chapter that has caused a lot of concerns and critiques. Section 35 is the main reason, especially (3) which states that the officials are allowed to gain access to information that is communicated via mail, telegram (which is now obsolete in Thailand), fax, phone, computing and other electronic devices for the benefit of national security.

What does it mean? Does it mean that any officials have the rights to access all information that belongs to other people without even asking for permission? Reading it word for word, I think it that it does. A lot of other people seem to think so, too. People have been saying that this section would violate human right and personal privacy. I have to say that they are right in saying this.

Do I care? Section 36 states that "officials are prohibited from disclosing or passing on the information obtained under Section 35 to any person." This actually makes Section 35 sound a little better. However, this does not really stop anyone from violating Section 36, knowing what Thai laws and law keepers are like.

Having said that, do not forget what the main objective of this Cybersecurity Bill is. Yes ... it is written for the purpose of national security. Without having access to information, how do you expect anyone to keep the nation secure?

The main problem with this section is, I think, when politicians come into power again. I have to go back to my earlier comment on our current military government. At the moment, I think I can trust them. However, when the power goes back to politicians, this is where the "fun" begins.

I am sure that they will definitely abuse their power. They will definitely try to access everyone's information. They will definitely try to gain access to anything that they are not really supposed to. All they have to do is they have to just say that it is allowed by this Act.

This does not sound good, does it?

From this, I don't think the Bill is the problem. The problem is the people/politicians (who will be) in power (after this government) are not trustworthy.

Maybe, we can stop thinking about changing the Bill for the sake of the nation's security, but start thinking about choosing the right people to come into power instead.

The rest of the Bill is just some formality, which is not worth commenting really.

On the whole, the draft Cybersecurity Bill has good intention in ensuring national security. With several changes, it would be even better. However, there must be a way of making sure that suitable and appropriate people are appointed to make this work. (Knowing Thai politicians, this will never happen. This is why people have expressed their concern on this Bill, especially Section 35.)