The ability of an organisation to minimise its downtime and the loss of information, following a hurricane or other disaster, can be critical to its long term survival. However, for organisations that offer essential services in particular – to help others in the aftermath of a disaster – it then becomes even more crucial that their services are restored, and available, within the shortest possible time.

Disaster Recovery as a Service (DRaaS) “is the replication and hosting of physical or virtual servers by a third-party to provide failover in the event of a man-made or natural catastrophe” (Source: Whatis.com). DRaaS covers not only the backing up the data; essentially the entire environment is cloned – on physically servers and/or in the cloud. Hence if an organisation’s entire system is lost, the identical saved environment can be easily reinstalled.

Interestingly, a leading DRaaS provider is based in the Caribbean. Columbus Business Solutions – which is now owned by Cable & Wireless Communications plc – was one of 14 companies included in the 2015 Gartner Magic Quadrant for DRaaS. The Gartner Magic Quadrant highlights the top firms for specific IT-related services, based on criteria developed by Gartner Inc., which is one of the top IT research and advisory firms globally.

Without a doubt, DRaaS can be like having insurance. You buy insurance in the event you need it, and if you do have to rely on it, you hope that it works as it should and without undue difficulty. Below are three things to consider before buying DRaaS.

1.  DRaaS should not be the only failsafe

It is important to consider DRaaS within the context of the organisations larger business continuity/recovery framework. Securing DRaaS, in and of itself, cannot be the only provision made. For example, for essential services and in the aftermath of a disaster, what provisions would need to be made for electricity and to access crucial manpower to restore operations?

2. Figure out with DRaaS is truly needed

The size and nature of your business ought to influence the DRaaS options purchased, and possibly the extent to which DRaaS is necessary. Having said this, it is often in retrospect – when great loss has been experienced – that there is regret about earlier choices. Hence this matter ought to be carefully considered, and should DraaS not be secured, alternative arrangements are comprehensively developed and implemented.

3.  Be rigorous with the SLAs

Finally, for organisations that could benefit from having DRaaS, the service level agreements (SLAs) tend to require rigorous scrutiny. It also means that the organisation ought to have detailed knowledge of its own systems, and be in a position to engage its providers competently on the intricacies of the service, all towards ensuring that should the firm need to rely upon DRaaS, it will work seamlessly and completely.

Image credit:  Wikipedia

___________

The debate on net neutrality has been protracted and acrimonious. The topic was among our earliest posts when we launched ICT Pulse, in January 2011, and it has not yet been resolved. The United States of America (US) has been the most prominent battleground, where lobbyists – both for and against net neutrality – members of the US Congress and the President, have all been weighing in on the subject.

The dawning of a new age?

Yesterday, 26 February, the Federal Communications Commission (FCC) issued an important ruling in favour net neutrality. With the purpose of maintaining an Open Internet, the organisation set out the following three rules in its decision:

Bright Line Rules: The first three rules ban practices that are known to harm the Open Internet:

• No Blocking: broadband providers may not block access to legal content, applications, services, or non-harmful devices.
• No Throttling: broadband providers may not impair or degrade lawful Internet traffic on the basis of content, applications, services, or non-harmful devices.
• No Paid Prioritization: broadband providers may not favor some lawful Internet traffic over other lawful traffic in exchange for consideration of any kind—in other words, no “fast lanes.” This rule also bans ISPs from prioritizing content and services of their affiliates.

(Source: FCC)

Essentially the ruling supports equal and fair access to the Internet. Internet Service providers (ISPs) are not allowed to offer preferential high-speed services to those prepared to pay, or degrade or block the service of others.

In the ruling, the FCC also classified the Internet as a utility. Hence it will subject to regulatory oversight, and Internet providers will no longer have unfettered control over their services.

What does this all mean for us in the Caribbean?

Although there might still be a sense of euphoria among net neutrality advocates since the FCC’s ruling, it is important to emphasise that the ruling was not a unanimous decision. It was split 3—2 along US political party lines, which highlights how deeply and closely contested the debate has been. Hence although the ruling will not be effective until later in the year, the major US ISPs are expected to contest the ruling, which could eventually end up in the US Supreme Court (for the final decision). Further, with US presidential elections due in 2016, a change in leadership could also have an impact on whether the FCC ruling is implemented, and the posture that is adopted moving forward.

Having said this, and since the FCC decision is to maintain the status quo, no real change is how the Internet is operated and managed should occur. The service contracts that were established earlier this week should still be effective into the foreseeable future. However, there is still a sense that yesterday’s victory might be short-lived as the battle continues.

Image credit: mdavidford (flickr)

__________

On Tuesday, 14 January, the United States (US) Court of Appeals of the District of Colombia struck down the rules established by the Federal Communications Commission (FCC) to safeguard Internet neutrality. The decision has reignited debate on the issue, and the FCC has stated that it is carefully considering whether to file an appeal. As discussed in one of our earliest articles, Net neutrality – both sides of the divide, there are camps that felt vindicated by this recent outcome. However, what might be some of the consequences generally, and specifically for the Caribbean, should this judgement not be successfully overturned?

The FCC’s Open Internet rules in a nutshell

The “Open Internet” principle established by the FCC, which is another term for Internet, network or “net” neutrality, aimed to preserve the equality of Internet use by maintaining a level playing field across all consumers. The FCC’s position has been captured in three basic rules:

1.  Transparency. Fixed and mobile broadband providers must disclose the network management practices, performance characteristics, and terms and conditions of their broadband services;

2.  No blocking. Fixed broadband providers may not block lawful content, applications, services, or non-harmful devices; mobile broadband providers may not block lawful websites, or block applications that compete with their voice or video telephony services; and

3.  No unreasonable discrimination. Fixed broadband providers may not unreasonably discriminate in transmitting lawful network traffic.

(Source:  FCC)

In adopting such as posture, the FCC hoped to preserve the Internet as a platform for “innovation, investment, job creation, economic growth, competition, and free expression”, which would also support the US’ National Broadband Plan (Source:  FCC).

Summary of the latest US decision on net neutrality

In its ruling for the case, Verizon Communications Inc. versus the FCC, the Court of Appeals of the District of Colombia circuit sided with the appellant. The crux of the decision centred on the classification systems used in the United States for different types for licensees or service providers and consequently the extent to which the FCC had the authority to regulate certain behaviour.

As observed in the excerpt above from the FCC’s Report and Order on Open Internet, the rules are geared primarily towards broadband providers. However, according to the Court of Appeals, the FCC is empowered to regulate ISPs and broadband providers (as “common carriers”), but it had not properly established or justified its authority in its Report and Order:

That said, even though the Commission has general authority to regulate in this arena, it may not impose requirements that contravene express statutory mandates. Given that the Commission has chosen to classify broadband providers in a manner that exempts them from treatment as common carriers, the Communications Act expressly prohibits the Commission from nonetheless regulating them as such. Because the Commission has failed to establish that the anti-discrimination and anti-blocking rules do not impose per se common carrier obligations, we vacate those portions of the Open Internet Order.

(Source:  United States Court of Appeals)

As a result, the court struck down the FCC’s no blocking and non-discrimination rules that would be directed at ISPs and broadband providers, whilst maintaining the rule on transparency.

Possible consequences of an equal Internet world

The principle behind net neutrality is that ISPs, broadband providers and governments should treat all data on the Internet equally. Further, they should not discriminate or charge differentially based on the user, content, site, platform, application, type of attached equipment, and modes of communication (Source: Wikipedia). In the US Court of Appeals rejecting the application of the FCC’s Open Internet rules to ISPs and broadband providers, essentially, it sets the stage for providers to introduce systems that discriminate and/or block Internet traffic based on self-imposed conditions.

Should those discriminatory systems come into effect, first, one of the key concerns would the introduction of different tiers of service. High speed and bandwidth services might be available only to those who are prepared to pay for them, whilst the average consumer may be relegated to much slower speeds and considerably poorer quality of service.

In that new paradigm, one of the likely focal points for tiered systems would be video content providers, such as YouTube, Netflix, TV stations, and perhaps even  Skype. Those providers might be “penalised” for the Internet resources they consume. However, end users might also be required to pay a premium to their local providers to access that content with sufficient bandwidth in order to have a reasonable viewing experience.

Second, and without a doubt, the Internet as managed (i.e. with net neutrality enforced), has created a level playing field, where in the age of Web 2.0, it is possible for an individual to have as much impact or mindshare online as a moneyed organisation. This environment has not only fostered innovation and competitiveness, it has also accelerated the growth and value of the Internet across all sectors, organisations and users.

In the Caribbean, the reasonable connectivity to Internet that our Small Island Developing States in particular have enjoyed, have allowed our micro, small and medium enterprises to “punch above their weight”, and to present their offerings to a global market. It has also allowed us to access services and resources that are not readily available in the region. Hence, although currently we might complain about Internet speeds and pricing in the Caribbean, and to varying degrees, lobby local providers to upgrade their networks, a shift to a “less equal Internet” might result in our telcos adopting a more laidback stance on the issue.

Finally, the Caribbean’s policy on net neutrality appears to be unclear.  The latest publicly available document on Internet Governance makes no mention of that principle. However and perhaps more importantly, there may not be any established systems through which net neutrality can be maintained in the region. Having said this, individual countries, through their governments or regulators might be able to engage their local telcos on the matter. However, local service providers could experience the knock-on effect of tiered pricing systems, should they be introduced in the US, and thus might need to adjust their business models accordingly.

In summary, as our closest neighbour and major link to the Internet, decisions in the US are likely to have an effect on the Caribbean. Although, at the time of writing, the FCC had not decided whether to appeal the decision, debate on net neutrality has been protracted and is likely to continue into the foreseeable future, regardless of the final outcome. In light of the latest development, it would be prudent for the Caribbean to (re)examine the issue carefully, and roll out a plan that would ensure that we are prepared for any eventuality.

Image credit:  Gabriel Pollard (flickr)

____________

Without a doubt, most of us take the Internet for granted – that it is available for us for us to use at any time. However, the (somewhat) cohesive network that is the Internet exists thanks to a cooperation and collaboration of international organisations, governments and other entities that manage and oversee the Internet and facilitate its continued evolution.

One of the contributors to that Internet Governance (IG) system is the Diplo Foundation, which aims to improve diplomacy and participation in international discussions, especially in the areas of climate change and IG. On Wednesday, 14 January, Dr. Jovan Kurbalija, Diplo’s Director, hosted a webinar, “Internet Governance in 2014: Between change and continuity”, in which he highlighted the seven major topics likely to feature prominently in IG in 2014. The predictions are summarised below. A video recording of the entire webinar is also available on YouTube.

 Predictions

1.  Global IG architecture. Currently, there are a number of organisations globally that contribute IG framework. It is anticipated that there will be more conversation on how those supporting structures are arranged and linked, as well as how they shape international law and policy on IG.

2.  Internet and human rights. Thanks to the revelations made by Edward Snowden, this topic (unexpectedly) was quite prominent last year, and is expected to continuewell into 2014. However, in addition to the debate on privacy, Diplo predicts that the link between human rights and the standard Internet business model, which is used by companies such as Facebook and Google, will be widely debated.

3.  Data protection and cloud regulation. Linked to the previous trend, especially the anticipated discussion on Internet business models is the handling of personal data, and the ownership of data, in particular.  Further, recognising the growing importance of cloud computing, it is expected that steps will be taken to begin to address, for example, how, or the extent to which clouds (cloud services) can be regulated, standards that can be employed, and systems facilitating better cooperation between countries.

4.  Anchoring IG into existing law.  Although the importance of and need for IG is widely acknowledged, in fact, there are few laws on the subject. This year, Diplo predicts greater focus is likely to be given to integrating key IG elements into international law, which would help to foster common, recognised policies and positions on key issues.

5. Cybersecurity.  Cybersecurity has reportedly been on the global agenda for at least the last 10 years. However, in 2014 and into the future, the scale, scope, and complexity of threats and attacks are expected to increase, which emphasises the need for continued national, regional and global engagement on this issue.

6.  ICANN and new domains. Although news from ICANN was relatively low key in 2013, the continued introduction of new generic Top Level Domains (gTLDs), which could total up to 1,400 from the current 22, is likely to revive debate on the issue. Some of the arguments previously made were that the expansion of gTLds was deeply flawed, costly, introduce undue complexity, and confuse consumers (Source: Wikipedia).

7.  Intellectual Property and IG.  Typically, Intellectual Property has been a perennial issue in the IG landscape, though, according to the Diplo, it did not feature prominently in 2013. However, topics such as innovation and linguistics, and how they affect Intellectual Property and by extension, IG, are expected to feature on the global agenda in 2014.

The caveat

… there are known knowns; there are things we know that we know.

There are known unknowns; that is to say, there are things that we now know we don’t know.

But there are also unknown unknowns – there are things we do not know we don’t know.

The above quote has been attributed to Donald Rumsfeld, former United States Secretary of Defense, and was highlighted by Diplo during the webinar. Essentially, during the year, issues might emerge that cannot be foreseen – the unknown unknowns – and these can change the direction of, or even overtake, the current thread of discussions. Hence, while there is some confidence that the above issues will be highly topical during 2014, there is a recognition that other topics that could never be foreseen might come to the fore and can turn everything on its head.

Image credit:  Stuart Miles (FreeDigitalPhotos.net)

________

Day before yesterday, 30 October, the Washington Post in the United States published an article alleging that the US’ National Security Agency (NSA) had been infiltrating links to Yahoo, Google data centers worldwide. According the publication, the details were revealed by former NSA contractor, Edwards Snowden, and “interviews with knowledgeable officials”. In summary, although the NSA can (and is authorised) to compel online service providers (such as Google and Yahoo) to furnish data via its programme known as PRISM, it is alleged that through a project called MUSCULAR, the organisation has also been harvesting large volumes data during transmission without permission. The image below is reportedly from a NSA presentation and highlights the vulnerability that the NSA allegedly has been exploiting.

As at the time of publication of this post, the NS has refuted the claims that have been made. However, the affected service providers are reportedly furious about the revelations, stating emphatically that they were unaware of this matter and are demanding answers from the US government. In light of the hot water the US is currently in for spying on its allies, this new allegation may remain unaddressed into the immediate future. However, outlined below are five initial takeaways that might be worth considering.

1.  US spying may still be deeper and more pervasive than we think

The earlier revelations, about the NSA collecting metadata from telephone calls in the US and collecting large volumes of information from online service providers via PRISM, pales in comparison to some of the most recent news  about the NSA tapping the phones of senior government officials in foreign  countries, and now the interception/infiltration allegations. However, we are still learning about the extent of the US’ spying capabilities and actions, and at this time we ought not to be surprised if additional scandals come to light.

2.  Private leased lines might not safe as we believe

Based on news reports, although the affected online companies had leased dedicated capacity on fibre optic cables networks to carry their data, the NSA was “copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants” (Source: Washington Post). The slide above from a NSA presentation suggests where in the routing the infiltration might have occurred. However, the key takeaway is that any sort of protection or safeguards that private leased lines inherently offer might not be enough to thwart the sophisticated interception/spying technology available to government intelligence agencies.

3.  Our fear of having our privacy breached by our service provider might be what we should be worrying about

Over the last few years, and especially among large online properties such as Google and Yahoo that offer free services to the public, there has been a trend away from sharing user information with third party companies. Generally, those properties use the information internally to further their own business efforts, or for advertising and promotional purposes. However the details of what purposes user information might be subject to are usually set out in the websites’ Terms of Use and Privacy Policies.

The result of this position by websites is that many users – individuals and organisations alike – are wary about using certain online properties. However, this recent allegation indicates that the interception might have been done unbeknownst to the affected online firms, and as a result we, as users, have no idea how our data is being used; who might be liable; and what recourse we might have.

4.  Organisations might become more wary of cloud services and remote storage than they already are

Cloud technology and cloud services have been huge buzzwords in recent years, and in the last two years, they have been gaining traction as cost effective means of accessing data and a broad range of services over the internet. More importantly, global analysts firms, such as Gartner, have projected that data centres, and cloud technology and services will become increasingly integral to businesses into the future. However, these new allegations might be setback in the shift to greater take up of cloud and remote storage services, but may also have the positive effect of prompting persons to ask more questions of their current and prospective service providers.

5.  Organisations and countries could benefit from re-examining their data protection policies and tools

Finally, when the above are considered, especially the latitude the US might have (or is prepare to take) regarding electronic data in their jurisdiction, it might be prudent for countries, and even organisations to re-examine their data protection policies and exactly how they being implemented and followed. For example, the data protection law in many countries worldwide require that personal data should only be transferred to countries that offer similar or better data protection as the home country.

In light of the US’ aggressive posture on intelligence and spying, which is supported in law, such as via the Patriot Act 2001, companies may need to seriously consider whether or not, or the extent to which they are okay with having their data access or intercepted by the US government and the alternatives they could to consider.

Salvatore Vuono / FreeDigitalPhotos.net

______________

Across all sizes of organisations there is generally clear evidence of ICT (Information and Communication Technology), be it through, for example, the telephone, mobile/cellular phone, network switch/router, PC, laptop or tablet computer. Invariably, these and many other devices are considered integral to a firm, as they assist employees to, among other things:

• communicate with customers, partners and each other
• prepare and transmit documents and files, and
• browse online and conduct a wide range of electronic transactions.

However, although such technology is considered integral to an organisation, frequently they are not harnessed to their fullest potential to improve its performance. Below four ways in which technology could be better applied are discussed.

1.  To improve service delivery to customers

Generally, today’s modern businesses pride themselves on being customer focussed and consumer oriented, and many have invested in ensuring that their frontline staff are versed in customer service. However, frequently, little emphasis is given to improving service delivery and efficiency.

From private sector to government, much can be done to improve the customer’s experience, and technology can be a major contributor to that transformation. Depending on the organisation and the services being provided, it is likely that a detailed list of improvements can be identified, but some likely to be on the list include: providing certain services online and introducing e-commerce facilities, which would, at the very least, offer customers a more convenient and efficient experience.

2.  To improve your organisation’s responsiveness to new developments

Although this point might seem most relevant to complex, goods-oriented businesses that operate in highly dynamic industries, this point is as applicable to small service-oriented organisations. With regard to organisational responsiveness, ICT/technology can be a major aid in:

• processing data generated from a diverse range of channels (e.g. sales, web analytics, inventory control, customer feedback, industry data, etc.), which, if handled correctly, can flag developing issues and be the impetus for important strategic decisions; and
• facilitating the implementation of the decisions that have been made, through innovative and (hopefully) cost-effective options, some of which it might be possible to build in-house.

3.  To change the basis of competition in your industry

Frequently in industry, a degree of complacency can occur when individual businesses no longer strive to distinguish themselves from their competitors. A certain equilibrium has been obtained and the businesses might be doing “okay”.  However, for organisations that aim to grow market share; improve visibility; or wish to become the preferred vendor or service provider, ICT/technology can help them achieve those goals. Again, ICT/technology can be instrumental in:

• streamlining, optimising and automating certain internal processes , which can reduce delays, human error, red tape, and the complexity of certain processes
• introducing operational efficiencies that can reduce costs and improve the bottom line
• implementing new measures that can ultimately add value to the customer and improve his or her experience with the organisation.

4.  To improve your organisation’s overall performance

Finally, and as a culmination of all earlier points, ICT can introduce a paradigm shift in organisations by helping them to re-evaluate, among other things, what might be possible, how they can raise the bar and perform better, and what new services and quality standards should be introduced.  This point may be particularly applicable to micro, small and medium sized businesses, many of which have limited resources, and might be looking for ways to take their operations to the next level.

One way of beginning the process of getting more out of the technology your organisation currently possesses, is not to focus on the devices themselves. Instead, the priority in the first instance should be to set the goals or desired outputs that you wish to realise, and to examine and understand current processes or project cycles in order to be in a position to determine how best they can be optimised with technology to achieve the desire outcomes.

In closing, ICT has long been touted as being able to introduce efficiencies into businesses, but too often the organisations themselves do not actively introducing such measures. Depending on the expertise resident in the firm, some external assistance may be necessary to get the most of the current equipment. However, as the corporate world becomes even more fixated on profits and savings, and competition increases across various sectors, a more considered investment to harness readily available ICT might be worth the inconvenience in the long term.

Image credit:  Stuart Miles (FreeDigitalPhotos.net)

__________

Wireless Hotspots – those places that offers wireless Internet access to the visitor or weary traveller. They are often found in coffee shops, bistros, restaurants, and well, almost anywhere. Some of those hotspots, you either have to pay to use, or patronise the establishment, but many are also free.

Hotspots are convenient: a way to get connected, when you aren’t already always connected. It offers a quick respite from the Facebook or Twitter cravings, and can be a life-saver when you need to send an email to your boss. It is also nice to have when you’re working from “home” but actually on the beach (hey, as long as the work is done!).

Many people can be seen pecking away at laptops, or have their faces buried in their tablets or mobile smartphones while connected to these hotspots. But, are wireless hotspots safe?

The simple answer is no. Wireless hotspots are not safe.

Don’t get me wrong, I’m not saying to not use hotspots; besides, I use them all the time. Hotspots are like public pools – it’s okay to have fun in it, just don’t drink the water. That is, take some time to understand the risks, and make some effort to protect yourself.

So what are the risks?

Most hotspots are open, that is, they are unprotected and unencrypted, and anyone can access them. Even hotspots that either require an access-code or username/password are open, but just have a gateway device in-between the wireless network and the Internet to regulate access. All the traffic between your device and the access-point (the wireless transmitter/receiver) is unencrypted. This means that anyone within the vicinity can “see” your traffic, and someone with some know-how can read it.

Another risk that’s gaining popularity is the Man-in-the-Middle attack (MITM). The attacker uses a device that presents itself as a wireless hotspot, but in reality, is an access-point engineered to capture all traffic that passes through it. MITM attacks have been around for years, but because of the power of mobile chips, those devices have become smaller and more portable. An attacker can leave the device hidden at a location and then return later to collect it with all the data stored on it.

What’s more with the MITM attack is that the attacker has full control over the network, unlike the hotspot at a coffee shop. This means, he or she, can direct you anywhere they want. They can issue fake websites, or route you to infected ones, where they can phish your personal details or infect your computer. For example, when you type ‘google.com’ or ‘yourbank.com’, you can be sent to a website that looks like the real Google.com (or yourbank.com), but is really a fake site set up to look like it.

So, knowing some of these risks, how can I protect myself?

1. Use hotspots only when necessary. The less you use it, the less risky it becomes.
2. Don’t make assumptions about the availability of a hotspot at a site. Ask the store workers whether they indeed have a hotspot and what is the name. If you see more than one, ask if they do have more than one access-points (sometimes they do if the site is big); of the answer is no, do not connect.
3. Only visit secured sites, that is, sites that start with HTTPS. If your browser gives any warnings about the site certificate such as a name mismatch, or certificate expiration, disconnect immediately.
4. Avoid using native apps on phones or tablets, unless you are positive that the apps encrypt all their communications. Some apps do not encrypt all the data transmissions and can therefore be seen by third parties.
5. Use a VPN (Virtual Private Network). VPNs usually encrypt data so that they are securely transmitted, and safe from prying eyes. Your company may have VPN services, so ask your IT department about it. If you have a company that does not already have VPN services, then consider implementing it. You can also consider  trusted 3rd party VPN providers. These are usually paid services, but can be worth the investment to protect your data.
6. Use a personal firewall and an updated anti-virus software. This will help protect your device from unauthorised access and drive-by infections. Drive-by infections are where your computer can be compromised by simply visiting a malicious or infected site.
7. Configure your computer, tablet or phone to not automatically connect to an open network. Also, when you are done using a hotspot, delete the profile from your device to prevent it from remembering the connection and automatically connecting the next time.
8. And lastly, know that not all risks are high tech. That guy sitting next to you may be more than just a customer, and may be looking at everything that you are doing. Be aware of those around you and install a privacy screen on your laptops and tablets. Don’t forget those CCTV cameras as well; you never know who’s watching.

In conclusion

Wireless hotspots have allowed us to stay connected and get more done, and with some precautions you can use it safely. However, in a world where it is now easy to become engrossed in your virtual life, perhaps it might be nice to disconnect from the electronic devices and connect to the people around you instead.

Stay safe out there.

Image credit:  Salvatore Vuono (FreeDigitalPhotos.net)

_________________

Imagine putting your baby to sleep and leaving her room. Later you hear the voice of a strange man coming from inside, saying lewd and derogatory statements. Sounds like a movie doesn’t it? Only that is exactly what happened to a Texas couple a few days ago. And no, it wasn’t a ghost, but a man who had hacked into the Internet connected baby monitor and was speaking through it.

The hacked monitor was probably not made secure by the owners, but how many of us know how to do that? What researchers have found when investigating similar vulnerable devices is that many of those devices were running without any security enable, using default administration credentials, or running an old, insecure version of the device software.

As the Internet of Things becomes more prevalent, there are more and more everyday devices being connected to the internet, and more and more risks that people are just not aware of. Such risks and threats are not confined to baby monitors, but also to home automation systems, smart energy meters, smart TVs, and even medical devices.

Many manufacturers do not think about security when creating their products. And to be fair, the baby monitor manufacturer from above has been known to have equipment with similar vulnerabilities. These devices are meant to be created cheaply and quickly.

So what can the typical consumer do to protect themselves?

1. RTFM – Read the ‘Fine’ Manual. Ensure that you understand how the device works and how to configure it. Look particularly for security settings and how to get and install updated software for the device.
2. Give it a secure password. If you can supply a different administration username, do it. Make sure to use a strong, secure password.
3. Get and install the latest device software. Subscribe to updates from the manufacturer, if available, so that you can be alerted of any potential issues.
4. Install the device behind a firewall if you can. Even small consumer firewalls nowadays come with some pretty good security features.
5. Depending on how critical the device is, turn it off when not in use. Not only is the device most secure then, you also save energy.
6. Create a Google Alert for the product name and model, and use keywords such as “security”, “vulnerability” and “risk”.
7. Lastly, if you are unsure of anything, ask for help. Even the device manufacturers themselves may have support options available for you.

Internet connected devices are meant to provide convenience and make your lives easier. And they still can, once you take the appropriate steps to understand the risks of such technologies and protect yourself against them.

Stay safe out there…

Image credit:  Nutdanai Apikhomboonwaroot (FreeDgitalPhotos.net)

_____________

The failure of the MAYA-1 cable, one of the two submarine cables that provide the Cayman Islands with international connectivity should have highlighted how vulnerable many Caribbean countries still are to technology failures. The MAYA-1 is a submarine cable system that connects seven countries: the United States, Mexico, Honduras, Cayman Islands, Costa Rica, Panama, and Colombia, and is owned by a consortium of telecoms companies that includes Cable & Wireless Communications (CWC), Verizon Business,  AT&T, Sprint (Source: TeleGeography).

Figure 1: MAYA-1 route map and select specifications (Sources: MAYA-1 & TeleGeography)

MAYA-1 failure in Cayman

On 28 July, LIME, the incumbent telecoms provider in the Cayman Islands, and the local operator of the MAYA-1 submarine cable, announced that a major failure had occurred along the cable:

LIME’s initial findings are that the Maya-1 Cable System has suffered a shunt fault at on Segment 6, which is located between Half Moon Bay (Cable station) and Repeater 1 (Line Amplifier) in Cayman.  The failure is preventing the local power feeding units from reaching their operating output levels and forcing them into shutdown mode despite numerous attempts to restore them.  This first repeater is some 47km out to sea, and at this stage there is no definitive information on the exact location of the impairment that is causing the shunt fault so LIME’s team is continuing to work with local resources, suppliers and the other MAYA landing stations on this matter.

(Source: Cayman 27)

In the two days until service on that cable was restored (30 July), the international traffic carried on the MAYA-1, which would have been originated from a number of local providers including LIME, was routed through the Cayman—Jamaica Fiber System, another submarine cable network also owned by CWC, LIME’s parent company.  Thereafter, the traffic from the Cayman Islands would leave Jamaica through up to three submarine cables that connect to the United States.

Although LIME/Cayman Islands was able to use the Cayman—Jamaica Fiber System as a back up to the MAYA-1, the transition was not especially smooth or transparent to consumers. LIME indicated that Internet and phone customers would experience some degradation, and even intermittent failure, of service during the period the MAYA-1 was down (Source: Caymanian Compass).

How does the Caribbean fare in comparison to the Cayman Islands?

In our post earlier this year, We are more connected than we think, we began to highlight the multiple submarine cable systems that currently operate in the Caribbean using Figure 2 below.

Figure 2: Excerpt from TeleGeography’s global submarine cable map showing the Caribbean region (Source: TeleGeography)

Although that map might seem impressive since every Caribbean/CARICOM country has at least one submarine cable system landing its jurisdiction, about two-thirds of them have fewer than three separate cables as shown in Table 1.

Table 1: Number of submarine cables or landing points in select Caribbean countries (Source: TeleGeography)

For countries with only one submarine cable, they do not have any redundancy or back up, should it fail. Further, should there be no comprehensive satellite or other wireless systems that can provide international connectivity, these countries inherently would be cut off from the international world.

On the other hand, for countries with two separate submarines cables systems, such as the Cayman Islands, some redundancy might be available. However, should one of those cable systems fail, factors such as: the amount of unused capacity available; the relationship between the submarine cable operators; and the existing physical connection between to the two cable systems, could have an impact on the extent to which traffic from one submarine cable system can be seamlessly transferred to another.

In that regard, the recent joint venture between CWC Wholesale and Columbus Networks could be especially beneficial, especially in countries where both companies operate separate submarine cable systems. In addition to expanding the wholesale bandwidth capacity available to clients through the merged networks, there will also be a broader range of routing options, which may include back up alternatives, should one of the connections fail.

Possible impact of “progress” on vulnerable infrastructure

Finally, the growing importance of the Internet in our daily and professional lives means that maintaining connectivity to the Internet is critical. In most Caribbean countries connecting via submarine cables is preferred. Wireless options, such as via satellite, might exits, but they tend to be used when connecting to a submarine cable network might not be possible.

Worldwide, submarine cable is the medium through which international and major backhaul traffic is carried. However, cables frequently get damaged primarily due to ships dropping anchor near cables and snagging and rupturing then, trawler fishing, and from natural disasters.

In the Caribbean, many countries are expecting significant benefits to their economies as logistics hubs and trans-shipment points, when the Panama Canal re-opens next year. However, the considerable seaborne traffic anticipated throughout the region, along with the larger shipping (post-Panamax) vessels that will be passing through the Canal, could cause our existing submarine cable networks to become even more vulnerable to damage than they currently are. It will be interesting to see how our countries, both individually and collectively, will address such challenges especially when economic benefits to be realised from maritime activities and those from ICT have to be considered.

Image credit:  David Castillo Dominici / FreeDigitalPhotos.net

_____________

On February 26, the Caribbean Research and Education Network (C@ribNET) was formally launched in Port of Spain, Trinidad and Tobago. C@ribNET, which is a broadband fibre optic network constructed by regional telecoms carrier, LIME, and connects 21 Caribbean/CARICOM countries, is one of number of initiatives geared toward increasing the region’s connectivity or connectedness. As discussed in our recent post, We are more connected than we think, the Caribbean already has several submarine cable systems. Hence are C@ribNET and other similar but independent projects, such as CARCIP,just overkill?

What is C@ribNet?

According to the Caribbean Knowledge Learning Network (CKLN), which manages C@ribNET,

C@ribNET is a broadband fiber optic network, configured to connect tertiary institutions, hospitals, schools, and CARICOM and other institutions engaged in knowledge development and research, within the Caribbean, and then to connect these institutions to research and education institutions in the rest of the world. 

Access to C@ribNET will be via National Research and Education Networks (NRENs) established in each of the participating Caribbean/CARICOM countries. The NRENs will comprise academic (especially tertiary-level) and other institutions for the purposes of innovation, knowledge creation and sharing, and with the goals of reducing the digital divide and increasing social inclusion.

With funding from the European Union, C@ribNET comprises a dedicated broadband network that connects all of the participating countries, as shown in Figure 1. The main backbone connects the Dominican Republic, Florida, Jamaica and Trinidad and Tobago, whilst the rest of the countries are connected via “Caribbean Access Nodes”. The entire network is linked internationally to the Latin American academic networks, RedCLARA, in Costa Rica, and to its European counterpart, GÉANT, in Paris.

Figure 1: Topology of C@ibNET (Source: CKLN)

Although the C@ribNET infrastructure has been established, the in-country NRENs are still being developed, and application and services still being modified for use on that network. Hence it may be at least another year before any significant use of C@ribNET is evident.

What is CARCIP?

CARCIP, the Caribbean Regional Communications Infrastructure Program, is a recently launched World Bank-supported project that is being coordinated by the Caribbean Telecommunications Union (CTU) in Trinidad and Tobago. The project, which may be accessed by all CARICOM member countries, and is expected to run for more than 5 years, aims to achieve the following:

• increase access and affordability of broadband communications networks within region and countries

• contribute to the development of the regional IT industry

• contribute to improved Government efficiency and transparency through the delivery of e-services, including e-government and e-society applications. (Source: WorldBank)

Through those objectives, the goal is to address infrastructural gaps that still exist at the country level, and to further strengthen the enabling environment ICT for Development (ICT4D) activities. To that end, project activities will focus on the three key areas: connectivity infrastructure; ICT-led innovation and e-transformation. Table 1 highlights some of the activities that could be undertaken in those three action areas.

Table 1: Select CARCIP-approved action areas (Source: World Bank)

CARCIP is still in its early stages, and will start with projects in Grenada, Saint Lucia, and St Vincent and the Grenadines (Phase 1). Six Requests for Expressions of Interest were recently advertised, with deadline dates for submission from as early as next week.

Is there really too much excess connectivity or overlap?

In an earlier discussion on international connectivity in the region, we noted that there were at least 15 different submarine cables systems connecting Caribbean/CARICOM countries (see Figure 2), but well over half had no more than two cable systems or landing points.

Figure 2: Excerpt from TeleGeography’s global submarine cable map showing the Caribbean region (Source: TeleGeography)

Although Figure 2 might seem impressive, individual countries are frequently marked down in international assessments for having insufficient international connectivity, especially as it relates to redundancy. Should one of the submarine cables connecting a country develop a fault, there might be just one (or even no other) cable available to carry international traffic, which is still considered a high risk situation.

The establishment of C@ribNET might not have required the laying new cables (a truly expensive undertaking!), but rather the activating and configuring under-utilised capacity in existing cables across the region and internationally. However, having now been established, the challenge is likely to be ensuring that C@ribNET is used in the manner envisaged to achieve the goals specified.

On the other hand, CARCIP could offer countries a framework through which they can promote deployment of additional submarine cable systems, or connectivity to existing systems, especially when there might be limited redundancy. However, based on the recently published tenders, it appears that one of the initial areas of focus will be internal infrastructure, specifically, national broadband backbone networks. Deployment of these proposed networks could improve the availability of broadband infrastructure, facilitating better connectivity, which in turn can be a springboard for other initiatives.

Image credit: CKLN

__________