What Boxe and Knife Sparring teach about ICT Security

Time and Space are two key factors in any strategy, whether offensive or defensive.  This is true regardless you are involved in large scale, symmetric conflict, in an ambush or in a direct attack. There are, though, serious differences among the possible reactive approaches according to the different factual circumstances.

An empty hand attack can be handled by taking into account to be hit as a way to “close the distance” and gain a tactical advantage. This is best exemplified by the way boxeurs manage the opponent: maybe they get partially hit by a jab, but in the meantime they set themselves in the right position and time to hit with a devastating cross.

Knife sparring – let alone actual “fighting” or self-defense – requires an entirely different approach. In such kind of training it is mandatory not to be hit because a hit actually means a “cut”. Therefore the training is focused on being as far as possible from the blade, and hitting the opponent’s hand with the defendant’s knife (this is called “defang the snake”.) In knife sparring everything is faster and the reaction’s options are very limited, as you don’t backstep and then hit back, or try to catch&parry a knife flying around your face or guts, as you would with just a bare fist.

This key difference matches a common underrated assessment when designing an ICT security model: is the infrastructure able to sustain a hit and remains operational while the “defense team” is summoned (as in the Boxing Sparring)? Or the infrastructure is not designed to act like that and, once hit, its operational capability is progressively hampered (as in the Knife Sparring)?

The answer to this questions is important because it helps the security manager to better define the structure, the roles and the budget of the incident management team.

An Australian Bill makes mandatory for IT companies to crack users’ encrypted messages

The Australian Parliament recently passed the  Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 that might have a disruptive effect on the whole IT business, by forcing companies into designing unsecure hardware and software and weakening users’ confidence. Continue reading “An Australian Bill makes mandatory for IT companies to crack users’ encrypted messages”

A contribution to the analysis of the legal status of cryptocurrencies

Summary
This paper advocates that cryptocurrencies such as Bitcoin or Ethereum don’t challenge the current legal system, since they fit comfortably enough into the immaterial asset legal definition. As such, while a blockchain-based cryptocurrency can’t be considered as legal tender or electronic money, it can be exchanged on a contractual basis as it happens with every other kind of good. Continue reading “A contribution to the analysis of the legal status of cryptocurrencies”

SOF on Trial. The Technical and Legal Value of Battlefield Digital Forensics in Court

The book Information Security Systems has been published in late 2017 by Springer as part of the  Lecture Notes in Computer Science book series.

Together with Prof. Luigi Mancini and dr. Agostino Panico of the Information Technology Department of the Sapienza University (Rome) I wrote the chapter titled “SOF on Trial. The Technical and Legal Value of Battlefield Digital Forensics in Court“.

Here is the abstract: Continue reading “SOF on Trial. The Technical and Legal Value of Battlefield Digital Forensics in Court”