Sunday, January 24, 2021

Cyber: Cyber Security for Consumer Internet of Things (IoT)


Still olden but golden, when it comes to IoT Connected Devices

I have briefly touched upon IoT (Internet of Things) at my blog previously:

Fast moving wireless world

The Internet of Things (IoT)

The Rise of (IoT) Domestic Appliance Forensic Examiners

Smart Phones with Smart Homes

eSIM - Observing Possible Outcomes Part 1

I am adding update reference materials available on IoT and Cyber, if you haven't seen this info or weren't aware, which you might find useful.

ETSI in February 2019 released the first globally applicable standard for consumer IoT security:


This publicised event introduced the ETSI Stand ts_103645v010101 (2019)

CYBER; Cyber Security for Consumer Internet of Things


In 2020 ETSI updated the standard ts_103645v020102 with enhanced baseline requirements:

CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements


The object of these standards is to improve security and privacy. A common default password for all products are to be scrubbed with a unique default password per device applied instead. Moreover, it should not be possible to enable the password set at default in the first place once user changed. Apparently, many IoT (consumer) products on the market may still not (even today) meet this password objectives or other more basic requirements that have been stated in this newly released standard. 

Measures vendor companies should understake range from adopting simple installation and user guidance with good documentation in support; good hardware/software security engineering practice; for personal privacy the standard sets out protection objectives for all sensitive personal data required to be stored securely - that is both on devices, themselves, and in any related services e.g. in the cloud. Any personal data should be encrypted and should be protected against attack; and with clear instructions how consumers can easily delete their personal data.

Whilst this standard provides consumers with confidence in their IoT product, it equally has been designed to allow vendors companies sufficient flexibility to enable them to innovate and find the best solution for security and privacy for their particular IoT products. Password protection, encryption, and safe deletion are some solutions. Others could be block-off network ports; close-off software not being used; avoidance of exploited data (OOR) by adoption of a validation approach; secure-boot mechanisms (hardward-based); with ease and secure device software updates (e.g. use- menu selection or autonomic/automated (e.g. ZTP etc)). These are possible solutions.

I did like that ETSI had included specific demands about disclosure in this standard for vendor companies to identify, act upon and promptly report vulnerabilities.

However, from a cyber aspect, the ETSI Technical Committee on Cybersecurity (TC CYBER) has overseen and published over 50 cyber standards, some of which are referenced below:

ETSI TS 103 744 V1.1.1 (2020-12)Published

CYBER; Quantum-safe Hybrid Key Exchanges

ETSI TS 103 523-1 V1.1.1 (2020-12)Published

CYBER; Middlebox Security Protocol; Part 1: MSP Framework and Template Requirements

ETSI TS 103 718 V1.1.1 (2020-10)Published

CYBER; External encodings for the Advanced Encryption Standard

ETSI TR 103 644 V1.2.1 (2020-09)Published

CYBER; Observations from the SUCCESS project regarding smart meter security

ETSI TS 103 485 V1.1.1 (2020-08)Published

CYBER; Mechanisms for privacy assurance and verification

ETSI TR 103 619 V1.1.1 (2020-07)Published

CYBER; Migration strategies and recommendations to Quantum Safe schemes

ETSI EN 303 645 V2.1.1 (2020-06)Published

CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements

ETSI TS 103 645 V2.1.2 (2020-06)Published

CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements

ETSI TR 103 306 V1.4.1 (2020-03)Published

CYBER; Global Cyber Security Ecosystem

ETSI TR 103 644 V1.1.1 (2019-12)Published

CYBER; Increasing smart meter security

ETSI TR 103 618 V1.1.1 (2019-12)Published

CYBER; Quantum-Safe Identity-Based Encryption

ETSI TR 103 331 V1.2.1 (2019-09)Published

CYBER; Structured threat information sharing

ETSI TS 103 523-3 V1.3.1 (2019-08)Published

CYBER; Middlebox Security Protocol; Part 3: Enterprise Transport Security

ETSI TS 103 523-3 V1.2.1 (2019-03)Published

CYBER; Middlebox Security Protocol; Part 3: Enterprise Transport Security

ETSI TS 103 645 V1.1.1 (2019-02)Published

CYBER; Cyber Security for Consumer Internet of Things

ETSI TR 103 370 V1.1.1 (2019-01)Published

CYBER; Practical introductory guide to Technical Standards for Privacy

ETSI TS 103 457 V1.1.1 (2018-10)Published

CYBER; Trusted Cross-Domain Interface: Interface to offload sensitive functions to a trusted domain

ETSI TR 103 642 V1.1.1 (2018-10)Published

CYBER; Security techniques for protecting software in a white box model

ETSI TS 103 523-3 V1.1.1 (2018-10)Published

CYBER; Middlebox Security Protocol; Part 3: Profile for enterprise network and data centre access control

ETSI TR 103 617 V1.1.1 (2018-09)Published

CYBER; Quantum-Safe Virtual Private Networks

ETSI TR 103 305-1 V3.1.1 (2018-09)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 1: The Critical Security Controls

ETSI TR 103 305-2 V2.1.1 (2018-09)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 2: Measurement and auditing

ETSI TR 103 305-3 V2.1.1 (2018-09)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 3: Service Sector Implementations

ETSI TR 103 305-5 V1.1.1 (2018-09)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 5: Privacy enhancement

ETSI TR 103 305-4 V2.1.1 (2018-09)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 4: Facilitation Mechanisms

ETSI TR 103 306 V1.3.1 (2018-08)Published

CYBER; Global Cyber Security Ecosystem

ETSI TS 103 458 V1.1.1 (2018-06)Published

CYBER; Application of Attribute Based Encryption (ABE) for PII and personal data protection on IoT devices, WLAN, cloud and mobile services - High level requirements

ETSI TS 103 307 V1.3.1 (2018-04)Published

CYBER; Security Aspects for LI and RD Interfaces

ETSI TS 103 532 V1.1.1 (2018-03)Published

CYBER; Attribute Based Encryption for Attribute Based Access Control

ETSI TR 103 456 V1.1.1 (2017-10)Published

CYBER; Implementation of the Network and Information Security (NIS) Directive

ETSI TS 102 165-1 V5.2.3 (2017-10)Published

CYBER; Methods and protocols; Part 1: Method and pro forma for Threat, Vulnerability, Risk Analysis (TVRA)

ETSI TR 103 570 V1.1.1 (2017-10)Published

CYBER; Quantum-Safe Key Exchanges

ETSI TR 103 421 V1.1.1 (2017-04)Published

CYBER; Network Gateway Cyber Defence

ETSI TR 103 306 V1.2.1 (2017-03)Published

CYBER; Global Cyber Security Ecosystem

ETSI TS 103 307 V1.2.1 (2016-10)Published

CYBER; Security Aspects for LI and RD Interfaces

ETSI TR 103 305-2 V1.1.1 (2016-08)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 2: Measurement and auditing

ETSI TR 103 305-3 V1.1.1 (2016-08)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 3: Service Sector Implementations

ETSI TR 103 305-4 V1.1.1 (2016-08)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 4: Facilitation Mechanisms

ETSI TR 103 305-1 V2.1.1 (2016-08)Published

CYBER; Critical Security Controls for Effective Cyber Defence; Part 1: The Critical Security Controls

ETSI TR 103 331 V1.1.1 (2016-08)Published

CYBER; Structured threat information sharing

ETSI TR 103 304 V1.1.1 (2016-07)Published

CYBER; Personally Identifiable Information (PII) Protection in mobile and cloud services

ETSI TR 103 369 V1.1.1 (2016-07)Published

CYBER; Design requirements ecosystem

ETSI EG 203 310 V1.1.1 (2016-06)Published

CYBER; Quantum Computing Impact on security of ICT Systems; Recommendations on Business Continuity and Algorithm Selection

ETSI TS 103 307 V1.1.1 (2016-04)Published

CYBER; Security Aspects for LI and RD Interfaces

ETSI TR 103 303 V1.1.1 (2016-04)Published

CYBER; Protection measures for ICT in the context of Critical Infrastructure

ETSI TS 103 487 V1.1.1 (2016-04)Published

CYBER; Baseline security requirements regarding sensitive functions for NFV and related platforms

ETSI TR 103 308 V1.1.1 (2016-01)Published

CYBER; Security baseline regarding LI and RD for NFV and related platforms

ETSI TR 103 306 V1.1.1 (2015-11)Published

CYBER; Global Cyber Security Ecosystem

ETSI TR 103 309 V1.1.1 (2015-08)Published

CYBER; Secure by Default - platform security technology

ETSI TR 103 305 V1.1.1 (2015-05)Published

CYBER; Critical Security Controls for Effective Cyber Defence

Friday, January 01, 2021

CSA Location Determination Investigations - The continuing mission

Recalling that I have posted here at trewmte.blogspot and cellsiteanalysis.blospot over the years was to assist interpretation of data and testing for cell site anslysis and elements that can be used when conducting investigations, I have posted below a few of the weblinks to help this discussion along.

It is noteworthy the ITU in 2017 published a series of documents regarding call details record (CDR) and specified network data that could be captured in CDRs to assist a wide range of tasks to comprehend mobile phone movement caused by migration to determining trip travel and destination. These studies were conduct in Liberia, Sierra Leone and Republic of Guinea:

Liberia CDR reallocation D012A0000C93301PDFE.pdf

CDR Sierra Leone D012A0000CA3301PDFE.pdf

CDR Republic of Guinea D012A0000D03301PDFE.pdf

The reports identify how to obtain, collate, display overlay geodata/mapping and interpolation of the format specification that I rather think is highly useful to CSA investigations. The ITU source highlights CDRs capturing association with PoI, Trip Segmentation, Trajectory and Stay Points etc. I am simplifying in my summary what is undoubtedly more detailed discussion in these reports to show that 'time' and ‘location’ will be highly relevant. 

CSA has not been without the knowledge regarding peak-time call traffic, density of call traffic, tracking etc and these are used in call analysis and CSA. In these reports though the defining stay points captured in the call records add useful evidence such as travel, location, co-location (if relevant), association (if relevant), landmarks, so on and so forth.

Consideration of trip segmentation in the report states ""Trip segmentation: Extract stay points from anonymized CDR data, and divide move/stay segments. Figure 7.4 explains how stay points are extracted by applying parameters and thresholds to CDR data." In this regard the threshold parameters for stay points are specified as 'Minimum Time Duration 15 Minutes' and 'Maximum Distance 300 Meter'. To assist further here is a useful image with data from the ITU Liberia report:

To extrapolate such detail require Trip segmentation, Stay point reallocation, Route interpolation, Grid-based aggregation and Visualization and so on. To dig into the detail to assist interpretation:

"Stay point reallocation: Reallocate stay points (Trip OD) to surrounding points of interest (POIs) with a certain probability and fil gap between stay/move segments. POIs are regarded as surrounding a certain cell tower if they are closer to the cell tower location than to the others (Voronoi tessellation). The reallocation is necessary because CDR location data is based on cell tower location, which means that all users in the same area have the same location. Reallocation can make the distributing of people more realistic or likely because POIs can be considered places where people are likely to stay or visit, such as shopping areas, residential houses, villages, and to which people are reassigned rather than concentrating on cell tower locations. A new dataset of POIs was constructed for this process by collecting data from the distribution of buildings from open access Internet data (see Appendix 2). Figure 7.5 shows how POIs are distributed in a city. Areas in blue indicate building POIs with extracted stay points, where location information originally based on antenna location, are reallocated."

Lastly, the reports published in 2017 discussed relevance to 2G, 3G and 4G.

DoDM 8570 Baseline Certification

Crikey! Whilst DoDM 8570 requires at least one base line certificate this roadmap suggests if you want to take all these certificates it would run to n-years of your life just taking certs. 

Realistically, useful to see what certs can be taken to meet the requirements. Image from

Security! It's a state of mind...


Tuesday, December 01, 2020

Metrics & CISO Series (2)

Following up on my earlier post on Metrics & CISO Series ( metrics-ciso-series ) and how Metrics has relevance to digital forensics I did refer to books, standards and the Forensic Science Regulator. To add more references where digital forensics Metrics has been recognised as important to understanding digital forensics contribution-value to the Criminal Justice Systems (CJS):

The UK Home Office, Association of Police and Crime Commisioners (APCC) and National Police Chiefs' Council (NPCC) circulated "Implementation Plan For the joint review of forensics provision (2018)" Published in April 2019. It states the purpose of the review:

"The Review was commissioned to evaluate the provision of forensic science to criminal investigations and criminal court proceedings in England and Wales, following Key Forensic Services’ entry into administration in January 2018 and persistent stakeholder concerns regarding quality.

The Review’s primary focus was the operation and management of the market, but Ministers and the Review team recognised that a broader set of issues have a significant impact on stakeholder’s confidence in the system’s ability to deliver high quality forensics into the CJS.

Given that there is a mixed model of provision in England and Wales, the Review considered both ‘in-house’ and commercial forensic services. It considered the quality, cost and delivery of all forms of forensic science including digital forensics and its impacts on outcomes for the criminal justice system. Investment in research and development incentives and structures, governance and accountabilities in the Home Office and policing were also in scope."

Later in the same document it identifies actions develop metrics:


13. The Home Office and the Transforming Forensics Programme will work with the Ministry of Justice and CJS partners to develop metrics to illustrate the impact of forensic science on police work, CJS outcomes, public confidence and costs – both to the CJS and the wider economy."

Digital Forensic Science Strategy July 2020 published by Transforming Forensics (TF), Forensic Capability Network (FCN), Association of Police and Crime Commisioners (APCC) and National Police Chiefs' Council (NPCC) 

"To measure and monitor the contribution DF science makes to investigations we need to implement a forensic information ecosystem, available to all DFUs. As outlined previously, this strategy proposes that TF develop the high-level design and roadmap for this system, in agreement with forces, the FCN and CJS partners. It will include appropriate performance measures, based on available data, which TF will work up in close collaboration with the Home Office as part of a wider initiative to develop suitable metrics for measuring DF science performance across the whole CJS."

Scottish Police Authority published Forensic Services Committee paper Digital Forensics Working Group Report on 20th April 2020

The purpose of this paper is to:- To present the Report of the Digital Forensics Working Group for Committee consideration, agreement of the Recommendations of the Report, and noting of the additional work required.

"Background to digital forensics and crime

4. Digital forensic science is the process of obtaining, analysing and using digital evidence in investigations or criminal proceedings. There is however a paucity of data in relation to the demand for digital forensics capabilities within UK police forces as the ubiquity of digital devices means that digital evidence may be present in almost every crime. However whilst metrics appear scarce, it is widely accepted that the proliferation of digital devices and technologies is increasing police investigative demand for digital forensic techniques.

LABELS: accuracy, C-Level Officers, Chief Information Security Officer, CISO, cybersecurity, Forensic Science Regulator, FSR, information security management, ISO standards, Metrics, quality, risk assessment

Wednesday, November 25, 2020

Metrics & CISO Series

How well are digital forensic laboratories coping and performing, whether accredited to ISO17025 or not, in a Covid-19 world? Is Metrics relevant to digital forensics? 

In the first instance it largely depends whether there is a need for Qualitative and Quantitative (Q&Q) process in place that requires measurement to understand Capex, RoI, the performance of people and systems (for test and measurement), security (detection and prevention), information security management and so on. Where labs are tax payer funded then of course they should be scrutinised irrespective whether they are law enforcement or not. This isn't a criticism about public funded labs, but there does need to be a distinction made where private labs use capital expenditure to drive their operation to gain a return on investment. For both public/private large organisation Metrics shines a spotlight on the operational performance of these organisations (successes/failures).

In the second instance the simple is Yes but subject to if (?) the requirement exists of course. The question mark arises as to whether any implementation has taken place. Talking about it is one thing. Acting upon it is another. If the second question is considered first, it may reveal what impact there has been since Covid-19 and where to target resources.

Back in 2013 when the rumblings about ISO17025 were gathering pace a book came out titled (ISBN: 978-1-59749-742-8)  David Watson & Andrew Jones Digital Forensics Processing and Procedures Meeting the Requirements of ISO17020, ISO17025, ISO27001 and Best Practice Requirements Copyright 2013 Elsevier, Inc. This book shed light on the processes and procedures to run an accredited laboratory under ISO17025 plus associated dependency standards ISO17020 and ISO27001.  

There are other books, but as starting point Digital Forensics Processing and Procedures Meeting the Requirements of ISO17020, ISO17025, ISO27001 and Best Practice Requirements has multiple landing points in the book dealing with the need for Metrics. Furthermore, ISO27001 concerning information security is a very important standard, as is ISO9001 regarding quality assurance. The detail in this book extended further to provide to the broadest extent possible various ISO standards having application to accredited laboratories.

In addition to the above International standards there are national standards to be considered and Guidance from authorised bodies to oversee compliance. In the UK the Forensic Science Regulator (FSR) over sees the requirement for accredited laboratories. The latest FSR publication titled 'Codes of Practice and Conduct for forensic science providers and practitioners in the Criminal Justice System FSR-C-100 Issue 5' can be downloaded using the weblink below : 

The Codes of Practice and Conduct identify standards etc the FSR considers fundamental to be able to use to assess compliance. Moreover, the Codes come with dependency obligations and one notable one is 'Information Legal Obligations FSR-I-400 Issue 7'. There is contained in this document the express requirement for production of 'Metric' results as a legal obligation which FSR-I-400 takes its direction from European Union Directive 80/181/EEC that sets out obligations on Member States to implement legal requirements with regard to the use of units of measurement. The FSR makes express use of these legal obligations that create implied terms that Metrics equally form part of the Codes assessment for compliance. The latest FSR-I-400 can be downloaded using the weblink below :

It is the above matters arising from earlier released documents from FSR and various digital forensic books that set my project path for the last 15-months to see how the Professionals in the information security management, cybersecurity, risk assessment etc sectors identify the indicators to be sampled and measured for Metrics and how quality and accuracy is defined in these sectors. I have slowly been publishing my findings in a series of discussion papers and these can be downloaded using the weblinks below :

Metrics papers for cyber security & CISO.pdf Colourful, glossy, high-quality imaged research publications can look really good, but ultimately it is the depth of knowledge that has been gained from researching is what pays off. Why? How do you know your Metrics criteria is relevant to your organisation if you weren't sure what questions to address at the get-go?!  

Importance of Metrics - The opening 'Foreward' in George Campbell's book "Measuring and Communicating Security’s Value A Compendium of Metrics for Enterprise Protection" (2015) [Elsevier - ISBN: 978-0-12-802841-4] is by Dave Komendat, Chief Security Officer The Boeing Company. Dave refers to why it is compelling how important Metrics are to a CSO.

Metrics, CPS & CISO - This is my third byte-size posting on Metrics. The pdf is only a scoping documents discussing in an understated conversational/readable way dealing with a subject-matter that is far more convoluted, complex and complicated.

Metrics - Quality, Accuracy & more and CISO Part1

This discussion will be updated with further discussion papers to download.

Sunday, May 17, 2020


When preparing this review use was made of trialling numerous AI (artificial intelligence) tools to assist in the collection of standard definition terms and the article's reference sources. The purpose in using AI tools is determine if the tools produce inaccuracies and, if it is found, such tools can accurately produce validated results this could assist Digital Forensics, Incident Response, Cyber Security, Law Enforcement and the Criminal Justice System etc.

Güvenlik Bilimleri Dergisi, Şubat 2020,UGK Özel Sayısı, 113-134

DOI:10.28956/ gbd.695956

  • Introduction:

     The advent of the Internet and its commercial applications have significantly changed the way the authors socialise, shop or communicate.
  • It is argued that the commercial application of the Internet has provided new opportunities for the commission of the traditional crime, but it has given rise to new forms of crimes (Wall, 2007b; Lee, Holt, Burruss, and Bossler, 2019).
  • Action Fraud reported that Internet users lost £34.6m as a result of cybercrime between April and September 2018, which indicates a %24 rise when compared to the previous 6 months (BBC, 2019)
  • Objectives:

     The aims of this research were two-fold: documenting the problems experienced by police officers working in cybercrime departments and discerning police officers’ perceptions related to the role of police in the wider policing assemblage.
  • Methods:

     In order to address this knowledge gap in the literature, ten semi-structured interviews were conducted with police officers working in cybercrime departments in the UK and three semi-structured interviews were done with experts working on IT departments of the local governments.
  • The research was conducted according to the Declaration of Helsinki (World Medical Association, 2001).
  • Interviewees were provided participant information sheets explaining interview and transcription processes prior to interviews.
  • Participants were asked to sign consent forms before the interviews.
  • Interviews were conducted face-to-face at police departments.
  • Interviews were recorded and transcribed verbatim by authors after the interviews
  • Results:

     Analysis of interviews conducted with police officers and cybercrime experts suggests that policing economic cybercrime is a multidimensional complex issue involving both national and international actors together with police forces.
  • Interviews with police officers revealed the lack of international cooperation as the key challenge to policing economic cybercrime.
  • Participants acknowledged that non-European countries were reluctant to share information related to online perpetrators.
  • “The companies sit in Luxemburg, Panama or Gibraltar are reluctant to share information.
  • It is difficult to catch them and bring to the jurisdiction crime happened.” (Participant 4)
  • Conclusion:

     Despite the growing cyber threat and cybersecurity concerns among the public, there is a lack of empirical research on discerning the challenges of policing economic cybercrime.
  • This result which confirms the previous studies indicates that governments or international and transnational actors have failed to collaborate to combat cybercrime globally.National and international initiatives such as UK Cybercrime Strategy 2016/2021 place emphasis upon reducing disparities among national jurisdictions and creating strong coordination between policing bodies and other private and governmental actors of cybersecurity to alleviate policing problems of cybercrime (Ellis and Mohan, 2019)
  • Despite these efforts, there is lack of empirical studies on this issue.
  • ENISA or another agency should actively seek to collaborate with non-EU countries
  • Akhgar, B., Choras, M., Brewster, B., Bosco, F., Veermeersch, E., Luda, V., Puchalski, D., and Wells, D. (2016) 'Consolidated Taxonomy and Research Roadmap for Cybercrime and Cyberterrorism', pp. 295-322 in B. Akhgar and B. Brewster (eds) Combatting cybercrime and cyberterrorism: challenges, trends and priorities: Springer. 
  • Anderson, R., Barton, C., Böhme, R., Clayton, R., Van Eeten, M. J., Levi, M., Moore, T., and Savage, S. (2013) 'Measuring the Cost of Cybercrime', pp. 265300 in The economics of information security and privacy: Springer.
  • Barthelemy, J. (2003) 'The seven deadly sins of outsourcing', Academy of Management Perspectives 17(2): 87-98. 
  • Bayley, D. H., and Shearing, C. D. (1996) 'The future of policing', Law Society Review 30: 585. 
  • BBC (2019) UK cyber-crime victims lose £190,000 a day. Available at: (Accessed:14/09/2019.
  • Blanco Hache, A. C., and Ryder, N. (2011) '’Tis The Season to (be Jolly?) WiseUp to Online Fraudsters. Criminals on The Web Lurking to Scam Shoppers this Christmas: A Critical Analysis of the United Kingdom's Legislative Provisions and Policies to Tackle Online Fraud', Information & Communications Technology Law 20(1): 35-56.
  • Boes, S., and Leukfeldt, E. R. (2017) 'Fighting Cybercrime: A Joint Effort' in R. M. Clark and S. Hakim (eds) Cyber-physical security: protecting critical infrastructure at the state and local level: Springer. 
  • Bond, E., and Tyrrell, K. (2018) 'Understanding revenge pornography: A national survey of police officers and staff in England and Wales', Journal of interpersonal violence: 0886260518760011. 
  • Bossler, A. M., and Holt, T. J. (2012) 'Patrol officers' perceived role in responding to cybercrime', Policing: an international journal of police strategies & management 35(1): 165-181. 
  • Braun, V., and Clarke, V. (2006) 'Using thematic analysis in psychology', Qualitative research in psychology 3(2): 77-101. 
  • Brenner, S. W. (2001) 'Is There Such a Thing as' Virtual Crime'?'. 
  • ---. (2004) 'Cybercrime Metrics: Old Wine, New Bottles?', VA. JL & TECH. 9: 13. ---. (2007) 'The Council of Europe’s Convention on Cybercrime', pp. 207-221 in J. 
  • Balkin, J. Grimmelmann, E. Katz, N. Kozlovski, S. Wagman and T. Zarsky (eds) Cybercrime: digital cops in a networked environment: NYU Press.
  • Brenner, S. W. (2010) Cybercrime: Criminal Threats from Cyberspace: USA: Prager. 
  • Button, M. (2019) Private policing: Routledge. 
  • Casey, E. (2011) 'Language of Computer Crime Investigation', pp. 35-48 in E. Casey (ed.), Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. London: Elsevier. 
  • Clough, J. (2014) 'A World of Difference: The Budapest Convention of Cybercrime and the Challenges of Harmonisation', Monash UL Rev. 40: 698. 
  • Dolliver, D. S., and Poorman, K. (2018) 'Understanding Cybercrime', pp. 139-160 in P. L. Reichel and R. Randa (eds) Transnational Crime and Global Security [2 volumes]: ABC-CLIO. Ellis, R., and Mohan, V. (2019) Rewired: Cybersecurity Governance: John Wiley & Sons. European Commission (2007) Towards a General Policy on the Fight Against Cyber Crime Available at: COM:2007:0267:FIN:EN:PDF.--- (2019) The EU cybersecurity certification framework. Available at: (Accessed:17/08/2019. 
  • Finn, B. M. (2019) 'Recommendations for a hybridized public private law enforcement approach'. Garland, D. (1996) 'THE LIMITS OF THE SOVEREIGN STATEStrategies of Crime Control in Contemporary Society', The British journal of criminology 36(4): 445-471. 
  • Gercke, M. (2012) Understanding Cybercrimes: Phenomena, Challenges and Legal Response: International Telecommunication Union. 
  • Gordon, S., and Ford, R. (2006) 'On the Definition and Classification of Cybercrime', Journal in Computer Virology 2(1): 13-20. 
  • Grabosky, P., and Smith, R. (2001) 'Telecommunications Fraud in the Digital Age: the Convergence of Technologies', pp. 23-43 in D. Wall (ed.), Crime and the Internet. London: Routledge. 
  • Grabosky, P. N. (2001) 'Virtual criminality: Old wine in new bottles?', Social & Legal Studies 10(2): 243-249. 
  • Graham, L. (2017) Cybercrime costs the global economy $450 billion: CEO. Available at: (Accessed:06/08/2019 2019). 
  • Hadlington, L., Lumsden, K., Black, A., and Ferra, F. (2018) 'A qualitative exploration of police officers’ experiences, challenges, and perceptions of cybercrime', Policing: A Journal of Policy and Practice. 
  • Hayes, N. (1997) 'Theory-led thematic analysis: Social identification in small companies'. 
  • Holt, T. J., Bossler, A. M., and Fitzgerald, S. (2010) 'Examining state and local law enforcement perceptions of computer crime', Crime on-line: Correlates, causes, and context: 221-246. 
  • Holt, T. J., Burruss, G. W., and Bossler, A. M. (2018) 'An examination of English and Welsh constables’ perceptions of the seriousness and frequency of online incidents', Policing and Society: 1-16. 
  • Holt, T. J., Lee, J. R., Liggett, R., Holt, K. M., and Bossler, A. (2019) 'Examining perceptions of online harassment among constables in England and Wales', International Journal of Cybersecurity Intelligence & Cybercrime 2(1): 24-39. 
  • Home Office (2014) The Serious and Organised Crime Strategy, London. 
  • --- (2018) CONTEST: The United Kingdom’s Strategy for Countering Terrorism, London. 
  • James, J. I., and Gladyshev, P. (2015) A Survey of International Cooperation in Digital Investigations, International Conference on Digital Forensics and Cyber Crime (pp. 103-114): Springer. 
  • Joh, E. E. (2019) 'Policing the smart city', International Journal of Law in Context 15(2): 177-182. 
  • Koops, B.-J. (2010) 'The internet and its opportunities for cybercrime'. 
  • Kshetri, N. (2010a) 'The Global Cybercrime Industry and Its Structure: Relevant Actors, Motivations, Threats, and Countermeasures', pp. 1-34 in The Global Cybercrime Industry: Springer. 
  • ---. (2010b) 'Structure of Cybercrime in Developing Economies', pp. 165-188 in The Global Cybercrime Industry: Springer. 
  • ---. (2013) 'Cybercrime and cyber-security issues associated with China: some economic and institutional considerations', Electronic Commerce Research 13(1): 41-69.
  • Lam, P. T. (2019) 'Public–Private Partnerships for Fire, Police, and Ambulance Services', pp. 153-165 in Public Private Partnerships: Springer. 
  • Lee, J. R., Holt, T. J., Burruss, G. W., and Bossler, A. M. (2019) 'Examining English and Welsh Detectives’ Views of Online Crime', International Criminal Justice Review: 1057567719846224. 
  • Levi, M., Doig, A., Gundur, R., Wall, D., and Williams, M. L. (2015) The Implications of Economic Cybercrime for Policing: City of London Corporation. Available at: (Accessed:11 June 2017). 
  • Maguire, M., and Delahunt, B. (2017) 'Doing a thematic analysis: A practical, stepby-step guide for learning and teaching scholars', AISHE-J: The All Ireland Journal of Teaching and Learning in Higher Education 9(3). 
  • Malby, S., Mace, R., Holterhof, A., Brown, C., Kascherus, S., and Ignatuschtschenko, E. (2013) 'Comprehensive Study on Cybercrime', United Nations Office on Drugs and Crime, Tech. Rep. 
  • Nouh, M., Nurse, J. R., Webb, H., and Goldsmith, M. (2019) 'Cybercrime Investigators are Users Too! Understanding the Socio-Technical Challenges Faced by Law Enforcement', arXiv preprint arXiv:1902.06961. 
  • Pathak, P. (2016) 'The Review of Terms and Concepts Used to Understand Cybercrime to Safeguard Ourselves from Cybercriminals', International Journal of Advanced Research in Computer Science 7(1). 
  • Petee, T. A., Corzine, J., Huff-Corzine, L., Clifford, J., and Weaver, G. (2010) 'Defining” Cyber-crime”: Issues in Determining the Nature and Scope of Computer-related Offenses,”', Futures Working Group 5: 6-11. 
  • Reinhart, R. J. (2018) One in Four Americans Have Experienced Cybercrime. Available at: (Accessed:08/09/2019. 
  • Ruddell, R., Thomas, M. O., and Patten, R. (2011) 'Examining the roles of the police and private security officers in urban social control', International Journal of Police Science & Management 13(1): 54-69. 
  • Sandywell, B. (2013) 'On the Globalisation of Crime: the Internet and New Criminality', pp. 56-84 in Handbook of internet crime: Willan. 
  • Summerville, A. (2017) Protect against the fastest-growing crime: cyber attacks. Available at: (Accessed:06/08/2019 2019). ↩
  • Taylor, G. (2002) 'The Council of Europe Cybercrime Convention a Civil Liberties Perspective', Retrieved June 13: 2006. 
  • The Council of Europe Convention on Cybercrime. (2001) Convention on Cybercrime. In T. C. o. Europe (Ed.). Budapest: European Treaty Series - No. 185.
  • Thomas, D., and Loader, B. (2000) 'Cybercrime: Law Enforcement, Security and Surveillance in the Information Age' in D. Thomas and B. Loader (eds) Cybercrime: Law enforcement, security and surveillance in the information age. London: Routledge. 
  • UN Congress. (2000) Crimes Related to Computer Networks, 10th United Nations Congress on the Prevention of Crime and the Treatment of Offenders. Vienna: United Nations.
  • UN Manual (1994) United Nations Manual on the Prevention and Control of Computer-Related Crime. Available at: (Accessed:21/03/2017).
  • Wall, D. S. (2005) 'Digital Realism and the Governance of Spam as Cybercrime', European journal on criminal policy and research 10(4): 309-335. 
  • ---. (2007a) Cybercrime: The transformation of crime in the information age: Polity.
  • ---. (2007b) Cybercrime: The Transformation of Crime in the Information Age: Cambridge: Polity Press.
  • ---. (2008) 'Cybercrime, Media and Insecurity: The Shaping of Public Perceptions of Cybercrime', International Review of Law, Computers & Technology 22(12): 45-63.
  • ---. (2010) 'Policing Cybercrimes: Situating the Public Police in Networks of Security Within Cyberspace (Revised May 2010)', Police Practice and Research 8(2): 183-205.
  • ---. (2013a) 'Criminalising Cyberspace: The Rise of the Internet as a ‘Crime Problem’', pp. 106-121 in Handbook of Internet Crime: Willan.
  • ---. (2013b) 'Policing Identity Crimes', pp. 29-52 in D. S. Wall and M. L. Williams (eds) Policing cybercrime: networked and social media technologies and the challenges for policing: Taylor & Francis. 
  • Wall, D. S., and Williams, M. (2014) Policing cybercrime: networked and social media technologies and the challenges for policing: Routledge. 
  • Williams, M., and Levi, M. (2015) 'Perceptions of the ecrime Controllers: Modelling the Influence of Cooperation and Data Source Factors', Security Journal 28(3): 252-271. 
  • World Medical Association. (2001) 'World Medical Association Declaration of Helsinki. Ethical principles for medical research involving human subjects', Bulletin of the World Health Organization 79(4): 373.
  • Yar, M. (2005) 'The Novelty of 'Cybercrime’ an Assessment in Light of Routine Activity Theory', European Journal of Criminology 2(4): 407-427. 
  • ---. (2013a) Cybercrime and Society: Sage. ---. (2013b) 'The Private Policing of Internet Crime' in Y. Jewkes and M. Yar (eds) ↩

Thursday, January 09, 2020

eSIM - Observing Possible Outcomes Part 2.0

Welcome to 2020 and before us the start of the new year and, more importantly, the start of a new decade. So lets start out with a strong, confident approach and make sure we all understand this newish technology called eUICC, eSIM, and even iSIM.

This Part 2 of the discussion will refine and define observations that have been generally stated in Part 1 (R6); examine more closely eSIM and eUICC aspects. Due to the huge amount of material that needs to be condensed, as per the last post (Part 1) a heavy use of references will be given for further reading or in support of observations made in Part 2. Moreover, Part 2 will need to be posted in sections (Part 2.1, Part 2.2, etc.) so as not to blur the concepts being discussed and overloading the reader with excessive information in a blog post.

To foster the goal of seamless global connectivity GSMA has developed and published 'AA.35' (R7). In brief, this document defines the GSMA's policy and procedures for global vision for the creation and adoption of Industry specifications. It is an important document, and not just from a management perspective or GSMA's paternal role, but explains the how's and why's of how various aspects of operability, interoperability and interworking essential  in the telecommunications ecosystem requires to have a balanced approach. That means with respect to the GSMA membership (the participants):

"Industry Specifications are defined in AA.35 as "any specification for: (i) common adoption ; and (ii) repeated implementation, application and functioning ; and (iii) general use, operations and support in multiple segments of the telecommunication ecosystem ; or (iv) consistent testing, verification and certification; of technology that would directly and materially affect simultaneously mobile network operators and non-mobile network operator participants within the mobile industry ecosystem. Industry Specifications do not include specifications that: (i) only affect interoperability or interworking between mobile network operators ; or (ii) do not add additional specifications to technical solutions ." AA.35 section 3 .3." (R8)

Observation: In a nutshell interpretation of the above it seems to me might suggest those who voluntarily enter into creating or participating with Industry specification may, as a case in point, be making a form of Hippocratic Oath: "make a habit of two things - to help or at least to do no harm."** (R9). I have suggested 'Oath': as it is already international recognised; Antitrust seeks to prevent harmful restriction; GSMA is seeking international acceptance of AA.35; and participants undertake not to be the cause-bringer of harmful disruption.

A further glimpse into why AA.35 is an important document can be found in the DoJ response Wednesday, November 27, 2019 (R10) to the Business Letter Review. I think once I read the DoJ's release I could envisage eUICC, eSIM, and iSIM having more appeal to handset manufacturers to open up a technology-advantage over older handsets and create a competitive-advantage. Three pertinent paragraphs in the DoJ release that are supportive of that are:

"The GSMA expressed its intent to adopt the new procedures in a request for a business review letter from the Antitrust Division. After completing its investigation, the division is today issuing a business review letter that expresses concern about the past procedures and some of the resulting provisions in the standard. The letter concludes, however, that the proposed changes appear to adequately address those concerns. In light of these planned changes, the Antitrust Division has no present intention to bring an enforcement action against the GSMA or its mobile network operator members." (para 2)

So there is, at present, no barrier enforced/encumbent barrier deterring adoption.

" “I am pleased that the GSMA is ready to use its standard-setting process to create a more consumer-friendly eSIM standard,” said Assistant Attorney General Makan Delrahim. “The GSMA’s old procedures resulted in certain eSIMs rules that benefitted only its incumbent mobile network operators at the risk of innovation and American consumers. The new procedures proposed going forward significantly reduce that risk and should result in new innovative offerings for consumers.” " (para 3)

The principle of a level playing field (commonality) brought about by consumer-friendly eSIM standard will have a huge appeal to suppliers and consumers alike. I suppose (in an imaginative way) this might be thought about in terms similar to that when 'Java' first came out - hiding the complexities of a range of disparate devices/systems in order that they may communicate together.

" "The mobile communications industry has begun to migrate away from traditional SIM cards—a removable plastic card that is preprogrammed to connect to a single mobile network—and toward innovative eSIMs, which perform the same function as a SIM card but are soldered into the device and capable of being remotely programmed and re-programmed to connect to different operators’ mobile networks. The mobile industry refers to this process as Remote SIM Provisioning (RSP)." " (para 4)

And finally, acquisition of an approved profile using GSMA's development called Remote SIM Provisioning (RSP), what I would describe as being similar to a Passport Office. If you don't have a Passport, you can't travel.

In the next article (Part 2.1) I will define and refine further handling GSMA Documents  and Standards (3GPP/ETSI) that is discuss how we use standards and how Documents have influence.

(R7) Provisions for the Policy and Procedures for Official Document in relation to Industry Specifications - AA.35 Version 1.0.0 - 1 5th March 2019
(R8)CLIFFORD CHANCE US LLP Confidential Treatment Requested by Clifford Chance US LLP on Behalf of The GSM Association July 25, 2019 addressed to Assistant Attorney General Antitrust Division Department of Justice (document released by DoJ following its Antitrust review in Business Request Letter from the GSMA legal advisors).
(R9) **Epidemics I:XI. The commonly cited Jones translation follows Littre and goes: "make a habit of two things —to help, or at least do no harm" (Hippocrates [1923a]). Jonsen notes that the Greek text does not contain the words "at least." Jonsen AR. "Do No Harm." Ann Int Med 1978;88:827-32. I have used a later translation (Hippocrates [1950]).
(R10) Department of Justice Office of Public Affairs Justice Department Issues Business Review Letter to the GSMA Related to Innovative eSIMs Standard for Mobile Devices Wednesday, November 27, 2019

Friday, December 06, 2019

eSIM - Observing Possible Outcomes Part 1

Back in 2012 I wrote about the introduction of a new form factor for SIM Cards (4FF). The outline and a potted history of SIM Card form factors were illustrated and in a separate post the first ETSI standard defining this new form factor (4FF) - (R1) and (R2).

Seven years down the line in (2019) ARM Limited produced a useful graphics of where eSIM is placed in the evolutionary chain of form factors - (R3).

eSIM has already established a presence in the digital tech marketplace. SIMalliance published SIM Market Insights in June 2019 giving the following stats '2018 Shipment Volumes (SIM Units)'. Here again it is easier to show the graphics than simply record word-for-word the stats - (R4).

Recorded in in Arm's presentation are more stats 4.4 billion cellular devices by 2025 – Source: Machina 2017; $1.8 trillion operator revenue opportunity for LPWAN by 2026 – Source: GSMA 2017 to support the vision of eSIMs integration into future devices and market size - (R3).

There are, of course, numerous market reports predicting how eSIM will fair in the marketplace; this blog post is giving a potted history just to bring the discussion up to speed.

Specifications and standards for eSIM/eUICC are available from 3GPP, GSMA and SIMalliance. These will be discussed in another Part to this blog discussion. For now, what is required to know is how eSIM will actual operate in practice. The SIMalliance produced a helpful graphic (R4) showing eSIM profile (a package), delivered to a physical product (eUICC), when deployed in the field. So let us look at that first.
For the download (update) system architecture to work requires both network and device to operate and function according to the Remote SIM Provisioning Service (RSP) Architecture'. This has been designed into the RSP Architecture. The following graphics helpfully illustrate two important element: the network side and the device side (eUICC) - (R5).

Once the eUICC has been deployed in the field [it], when inserted into a compatible smartphone, will be able to download one or more mobile operator profiles and then subscribed services. An eSIM user can then switch between operator profiles or download profiles and services on the fly - time, place and location, and so on. This enables the eSIM/eUICC to excel in connectivity. This approach to connectivity is exciting and yet remarkable, for logically the SIM Card issued previously was issued and controlled by the subscriber's mobile operator. eSIM/eUICC in essence removes sovereignty which was jealously guarded by each operator prior to the intro of this technology handover. That is even to the extent where virtual mobile operators (VMOs) only functioned based upon piggy-backing off primary operators' core network but issued their own SIM Cards.

It should be understood that the envisaged usage for eSIM focussed on M2M, so candidates would be industry devices, automobiles, metering and so on. But the concept of eSIM has recently engaged operators and handset manufacturers to look at how 5G can help with profiling and service downloads. Recently, GSMA ran seminars with hands-on training for eSIM profiling and services download, which apparently was very successful.

Moreover, Samsung, Google and Apple have devices with eSIM capability.Android framework provides standard APIs for accessing eSIM and managing subscription profiles on the eSIM (Android 9). Importantly, Devices running Android 10 or higher can support devices with multiple eSIMs. So these factors alone are investigative elements for cyber security oversight, pentesters and forensic examiners to be aware.

In Part 2 the discussion will refine and define observations that have been generally stated in this post; examine more closely eSIM and eUICC aspects and then more in Parts 3 and 4 looking at potential implications for cyber security, law enforcement, forensic examiners and ICT specialists.

(R1) SIM Card new 4FF form factor size -
(R2) ETSI release details of new 4FF UICC  -
(R3) The Challenges Deploying IoT eSIM M2M enabling Secure Communications Scaled for 1 trillion devices. Jean-Philippe Betoin Marketing Director, Secure Identity Confidential © 2019 Arm Limited.
(R4) SIMs, eSIMs and Secure Elements: Providing a roadmap to dynamic security and flexible control for connected devices. Remy Cricco Chair of the Board, SIMalliance ETSI Security Week June 2019.
(R5) GSMA SGP.21 - RSP Architecture, V2.2, 1 Sep 2017