Durham Constabulary chooses STORM Command and Control to deliver effective and efficient public safety services

Sopra Steria is proud to announce the recent signing of a three year contract to provide its STORM Command and Control system to Durham Constabulary. STORM enables Durham Constabulary to enhance public service delivery and provide more efficient scheduling of resources.

Sopra Steria and Durham Constabulary have a strong partnership and this contract extends that to a total of 16 years. During this time, Durham Constabulary have been instrumental in providing user feedback to inform product developments as part of the STORM User Group. The User Group, comprised of members from 26 forces, meets biannually to discuss product developments which feed into the Sopra Steria roadmap.

Chief Inspector Steve Long, Head of Force Control Room commented: ‘Durham Constabulary has worked with Sopra Steria for a significant period of time and we have established a good working relationship. It is essential that Durham Constabulary continue to deliver an efficient and effective service to the public and we will continue to build upon our partnership with Sopra Steria to achieve that aim.’

Muz Janoowalla, Head of Emergency Services at Sopra Steria, said: ‘We are proud of our long relationship with Durham Constabulary and delighted to continue working with the force to keep the people of County Durham and Darlington safe.’

Sopra Steria is proud to re-affirm its commitment to the Armed Forces Covenant

In 2013, Steria Ltd pledged to support the armed forces community through the signing of the covenant. It is a pledge that recognises the need to treat those who have served in the armed forces, and their families, with respect and fairness. In the five years since we signed this pledge, Steria went on to become Sopra Steria and it is with great pleasure we reconfirm our commitment to this covenant with a new signing by John Torrie, CEO of Sopra Steria UK and Asia.

Our pledge focuses on three key themes;

  • Employment opportunities for ex-service men and women, reservists and their families including assisting with transition from military to civilian employment
  • Fundraising for Armed Forces charities through a series of events throughout the year including our Community Matters week
  • Supporting local cadet and school outreach activities by providing speakers, facilitators and mentors to programmes

Sopra Steria is proud of the activity we already undertake towards these three themes and 2019 is no exception. We are exhibiting at a number of the Career Transition Partnership recruitment events as well as Security Cleared Expo. We are undergoing a resource transformation programme that looks specifically at this community and how we attract talent, support them through the process and then manage transition and career development.

We are also delighted to be sponsoring the category of ‘Innovator of the Year’ at the British Ex-Forces in Business Awards. Innovation is at the heart of what we do at Sopra Steria so we are delighted to be in a position to recognise that amongst this community.

A copy of our pledge can be found on the Armed Forces Covenant website.

Sopra Steria Launch Smart i3

This week Sopra Steria launched a new open source intelligence gathering platform, Smart i3, at the Internet Intelligence and Investigations Conference held by the National Police Chiefs Council. As platinum sponsors of the event, which brings together around 350 law enforcement and Government officials, the team hosted a workshop, delivered a key note speech and conducted live demonstrations on the exhibition stand.

Introducing Smart i3

Conducting online investigations in a fast-paced and ever-evolving digital landscape can be complex and time intensive. Smart i3 is a powerful and disruptive tool with the ability to fuse disparate data sets and present connections in a meaningful way to investigators. The platform’s advanced algorithms sift through vast amounts of open-source data in minutes, reducing the time-to-intelligence from hours to minutes. Securely hosted in the UK, this open-source tool minimises manual search activity and speeds up evidence-case creation, supporting intelligence-led searches across the range of authorised investigation levels.

Sopra Steria has a proud history as a service provider to police forces and law enforcement agencies, as well as wider criminal justice organisations. Smart i3 is a demonstration of its commitment to investing in technology and services that will transform our public sector.

Vern Davis, Managing Director of the Sopra Steria’s Aerospace, Defence and Security sector commented:

“Sopra Steria is a specialist in technology and digital transformation and is proud to be recognised as a strategic partner to Government and across the Public Sector. Transforming the way public services are delivered for the benefit of society is a vision in which we believe in. Bringing to market new and innovative technologies, such as Smart i3, is a demonstration of that commitment.”

Shona Wright, Head of ADS Marketing said:

“The Internet Intelligence and Investigations Conference was the ideal place for us to formally launch Smart i3 and we thank the National Police Chiefs’ Council for inviting industry to take part in this flagship event.”

To find out more and request a demo, please visit www.soprasteria.co.uk/smart-i3

Three key levers to combat cyber crime

Sopra Steria’s vision for digital security is to improve people’s lives.  We’re aiming to do this by reducing cybercrime, protecting our customers’ digital assets, and by enabling organisations to engage with their customers and citizens in the most frictionless way possible.

To deliver the vision we are focussing on three key levers – collaboration, innovation and “Security by Design”.

Collaboration is key

If public agencies, private sector security providers, and in-house cyber teams can share security research and threat intelligence, we can maximise security budgets, avoid duplicated effort, and collectively detect and prevent criminal activity much earlier.

A recent report (Ponemon Institute: 2018 Cost of Data Breach Study) found that breaches that took over 100 days to identify, cost organisations nearly 40% more than those identified in under 100 days. And breaches that were contained in under 30 days saved organisations c. £1m per breach, compared to those that took more than 30 days to resolve.  There are certainly opportunities for quick wins by working together.

The size of the Cyber crime problem

The costs of cybercrime are now so vast, that if we only do what we think is necessary at our individual, business or national level we will fall short of the significant challenge facing us.

In  2014, the cost to the global economy of cyber crime was $400bn.  It is now running at $600bn per year – that’s greater than the GDP of 80% of all countries in the world.

In the UK, Cybercrime cost businesses over £30bn last year, yet the UK market spend on cyber services was around £3bn, barely 10% of the cost to the economy of cybercrime.

The threat to UK businesses is growing – A 2017 study by Beaming discovered that UK businesses each experienced an average of over 600 attempts a day to breach their corporate firewalls – 30% more than 2 years earlier.

And according to a 2018 report by Positive Technologies, cyber crime services can be purchased on the dark web at shockingly low rates – $40 for a hacking email; $50 for a Distributed Denial of Service attack; $750 for infecting an organisation with ransomware.

Gartner estimate that spending on security and risk management should be around 4-7% of an organisation’s overall IT budget.  Innovation can help this budget go further.


New cyber services are constantly being developed by thousands of security vendors worldwide. By working with resellers and outsource service providers who have their own horizon-scanning and integration capabilities, organisations can discover and test these developments.  They include applying capabilities like AI and machine learning to orchestrate and automate security operations; and establishing security roadmaps that maximise security investments.

The same Ponemon study saw organisations that deployed an AI security platform save an average of £130k (5%) against the average cost of a breach. Organisations that fully deployed security automation, including the use of AI and analytics, reduced the average cost of a breach by over £1m.  Yet in the UK, only 10% of the surveyed companies had fully deployed such security automation.

We also need to explore technologies like blockchain that have security built in to their core.  Sopra Steria has developed a number of Proof of Concepts that use the inherent trust, confidentiality and provenance of distributed ledger technologies to track assets, manage logistics and record transactions in a more efficient manner.

Security by Design

The security industry mantra is to design applications and services with security controls that are baked in, not bolted on – particularly relevant when developing solutions that incorporate third party IoT devices. Examples include testing application vulnerabilities at each stage of the development process; regularly assessing the value of organisation data; and understanding the relationships between that data and accompanying systems and business processes.

Should CIA grow up… to CIPPA?

Cyber attacks have typically targeted the Confidentiality, Integrity and Availability (CIA) of networks and data.  We should now add Privacy and Provenance as security considerations, following the recent Cambridge Analytica/Facebook scandal, new GDPR regulations,  and the ability for home hub devices to “accidentally” record private conversations; not to mention the rise in counterfeit goods, video mimicry and “fake news”.  CIA should now be CIPPA…   

Aiming to make tomorrow better than today

Sopra Steria’s digital security vision is to improve lives by reducing cyber crime and enabling organisations to create more reliable and secure digital services.  Please get in touch if you’d like to explore opportunities for collaboration or to share innovative ideas, so that together we are better able to tackle and reduce cyber crime.

The Ticking Time Bomb: Quantum Computers and Encryption

It is now a question of when and not if quantum computers will break encryption. How can businesses be prepared?

Harnessing the power of quantum computers will catapult us into a new era of discovery. They will revolutionize our understanding of medicine, artificial intelligence, and chemistry. One day, they may even be powerful enough to map out our entire universe.

But there’s a catch. As quantum computers provide us with almost unthinkable processing power, they will threaten the systems that have protected our data for decades. Bank details, trade secrets and even state secrets will be left defenseless, able to be hacked, stolen or tampered with in the blink of an eye. So how can we prepare ourselves?

What is a quantum computer?

Unlike classical computers (the computers in operation today), quantum computers use the properties of quantum mechanics to process and store information. In practice, this means faster and more powerful processing power, as well as a different computational approach to solving problems.

So what makes quantum computers a threat to the security of our data? Many popular methods of cryptography used today (like RSA encryption) are based on complex mathematical problems known as factorisation; that is, breaking down extremely large numbers into their factors. While classical computers are technically capable of performing these feats, it is nearly impossible in practice- even today’s most advanced super computers would take years to crack just one piece of encryption.

The arrival of mainstream quantum computing will change this. Thanks to the development of a specialist algorithm by mathematician Peter Shor, quantum computers have been shown to be theoretically capable of solving complex factorisation problems in not years, but seconds- meaning that the defences we have built around our data will crumble. In the short term, the risk is minimal; the quantum computers that we have today are mostly consigned to laboratories, and simply don’t possess the stability or processing power to perform meaningful calculations. In the longer term, the consequences could be catastrophic. So what can be done?

Thinking outside the box

To face the quantum threat, we may not need to look beyond classical computers for answers. Researchers have identified a variety of potential alternatives to factorisation-based cryptography which are already available today; key contenders include lattice-based, code-based or multivariate cryptography. Unlike cryptographic methods such as RSA, these are based on different mathematical problems which quantum computers are (in theory) not equipped to solve- making them “quantum proof”.

However, these are not necessarily clean fixes. Alternatives are typically inefficient when compared with current methods of cryptography; they often have large key sizes and require more computational power to support. Few are currently appropriate for widespread adoption, and more research will be required to prepare them for the mass market. Additionally, adopting any of these forms of cryptography carries risk. While research currently indicates that they would be resistant to a quantum attack, this hypothesis may be wrong- future developments in quantum computing could mean that these cryptographic systems too become irrelevant.

Going quantum

One guaranteed quantum-proof cryptographic system is available to businesses: quantum key distribution. This method of cryptography capitalises on the properties of quantum physics to create a revolutionary method of securing data, hiding information in light particles and transmitting it between sender and receiver. Any hacker who attempts to access the information as it is in transit interferes with the quantum state of the particles, damaging the information stored within and alerting the receiver to the presence of the hacker. This makes quantum key distribution the first method of cryptography that is truly unbreakable.

So why aren’t businesses rushing to implement it? First, like any quantum technology, it is extremely unreliable and prone to fault; even small disturbances in the surrounding atmosphere can create errors in transmittance. Moreover, the infrastructure necessary to support quantum key distribution is currently lacking. End to end broadband fibre is required for transmittance, meaning that large areas of the UK (and the globe) are currently off the quantum grid.  These challenges make it an unviable commercial solution in the short term. Moreover, even if these problems can be overcome, quantum key distribution still faces some fundamental limitations; it tackles only a small part of the challenges faced in cryptography, and is unsuitable for certain processes that complex, modern technologies require (such as identity verification or access control).

Looking forward

The quantum computers we have in operation today are little more than toys, prone to instability and with very little processing power. By contrast, the power required to perform the kind of complex calculations required to break modern day encryption is immense. Only a machine with 4000 qubits or more would be able crack a standard RSA encryption code; the largest we have today is 72 qubits. It is unlikely that we will see a quantum computer with this kind of power for at least 15 years.

However, those businesses who plan for this eventuality now will be well served in the future. There is no easy solution to the challenge that quantum computers pose to our security, and the road to secure cryptography is likely to be rocky. Many of the alternative, quantum-proof defenses are imperfect, inefficient and untested; they will likely require a significant investment of time, research and money to implement and perfect- entire systems may need to be rebuilt from the ground upwards to combat this threat. Without this investment, some may be caught by surprise- with potentially disastrous consequences.

Watch Alex Henneberg talk about Quantum Computing and the potential benefits and risks it brings with its application

Data, consumers and trust: the quiet crisis

Building trust-based relationships with clients has always been important for successful business practice.  As the global data pool grows and consumer fears over personal privacy increase, it may become make-or-break.  Digilab’s Olivia Green investigates.

In the last two years, we have created 90% of the total data in the world today. In a day, we spit out an average of 2.5 quintillion bytes – and counting. From smart watches that monitor our heartrates to chat-bot therapists who manage our anxiety, nearly every aspect of our lives can be digitized. This undoubtedly provides us with immense benefits – increased speed, convenience and personalisation to name a few. Yet it also gives rise to a challenge: how do we protect our right to privacy?

Anxieties over internet privacy are nothing new. As the data pool continues to expand however, they have been picking up steam. Hacks and other tech-related scare stories are now a daily occurrence on our newsfeeds – and they are increasingly hitting closer to home. Back in May, the credit card details and passwords of nearly 700,000 UK citizens were compromised when Equifax fell victim to a hack. Even our private conversations don’t feel safe, as it emerged last month that Google’s new Home Mini had been accidentally recording its users without their knowledge.

Corporations themselves are also a target of consumer fear, and they are beginning to pay the price. According to recent research, US organisations alone lost $756 billion last year to lack of trust and poor personalisation, as consumers sought out alternatives. UK consumers share similar anxieties; nearly 80% of cite lack of confidence in the way that companies to handle their information as an extreme source of concern, while just under half now view data sharing as a “necessary evil”- something they will do reluctantly if they deem the reward high enough.

These findings aren’t an anomaly. Statistics gathered last year by the ICO show that only 22% of UK consumers trust internet brands with their personal data; more shockingly, they highlight that while over 50% of consumers trust High Street banks, only 36% have confidence in Governmental bodies to manage their data properly.

The price of complacency

So far, companies have largely managed to side-step the more serious consequences for consumer mistrust and data mismanagement. Not all have been lucky though. The notorious Ashley Madison hack in 2015 is a prime example of just how damaging loss of trust can be. The website, which provided an online platform enabling married people to conduct affairs, fell victim to hackers who published a digital “name and shame” list of its clients. For a business whose model was so dependent on trust and confidentiality, this proved disastrous. Despite the organisation’s insistent claims otherwise, analysis by SimilarWeb revealed that monthly site traffic had plunged since the attack, dropping by nearly 140 million a mere four months after the attack.

For some, the fallout is less dramatic – but still worrying. Take Uber’s recent breach for example, which dragged its already battered corporate reputation through the mud once again after it was revealed that the ride-sharing company had tried to cover up a 2016 data hack affecting 57 million customers. The immediate furore that followed this has raised some immediate problems for the firm, including the threat of prosecution and impending investigations by multiple countries worldwide. Even more problematic for Uber are the wider-ranging consequences of this cover up. In combination with their potential loss of the London market and recent workplace scandals, this disastrous year has materialised into real financial impact; at the close of this quarter, Uber logged record losses of $1.5 billion, a $400 million increase on previous quarter and a far cry from their triumphant predictions of growth at the beginning of 2017. In a particularly telling sign, Uber’s investors also appear to be hedging their bets. Fidelity, who already have a significant stake in Uber, announced last week that they had participated in a funding round for Uber’s closest competitor, Lyft, pushing the latter’s valuation up to $11.5 billion.

Unlike Ashley Madison, Uber’s problems arose not so much from the hack itself, but from their attempt to cover it up. But despite the evident lesson here, this is a scenario we could see again. Over 2/3 of UK boards currently have no training to deal with a cyber-incident and estimates suggest that only 20% of companies have appropriate response plans in place. For Uber, the ultimate consequences of its misconduct remain to be seen; for the moment, they are protected by their largely unique offering, which gives consumers limited alternatives. Should it happen to a business without Uber’s dominance, it could prove fatal.

Monetising trust

How can organisations move forward from here? In the current climate, it is unlikely that consumers will ever wholly withhold their data, as they place value on the services that giving away that data provide- as much has been shown by the fact that risky “data trade-offs” like Uber manage to survive.  However, as awareness of the risks and the stakes of losing data to a hacker increase, they are looking increasingly selective about who they choose to share their information with. As more and more information shifts from physical to digital, businesses must be prepared for change. We may be heading towards a future where access to data is no longer a handout but a privilege, hard won by effective risk management and transparent, secure systems that hand back sovereignty to the customer.

Yet it is this data that may ultimately decide who wins and who loses in our future digital economy. Consumer data is the life blood of capabilities like AI and predictive analytics, and is essential for providing the personalised services such as smart home devices that are becoming increasingly popular. Businesses that are cut off from this valuable information source will inevitably find themselves undercut by better-placed competitors.

To protect themselves against this eventuality, businesses in crowded markets should make effective data strategies an utmost priority. Companies like Uber may be shielded for the time being; nevertheless, even they can’t afford to breathe easy. As the surging interest in Lyft is demonstrating, rivals are never far behind.

Look out for my next blog about how GDPR can help your business build a future-proof data strategy.

What do you think? Leave a response below or contact me by email.

Biometrics: the death of the password?

by James Holt, Senior Consultant, Financial Services

Passwords… passwords have been around since the dawn of computing, and used even before then to allow or prevent access. The concept of a password is simple but the more our personal data is moved online, the more value this shared secret protects. In the early days of the internet, a password might have granted you access to a simple message board, but now passwords protect vast databases of your personal information: from family photos to medical records, via bank accounts and cloud storage.

Passwords… upon reading that word your brain probably jumped to fussy sign-up screens asking for an inane combination of special characters, numbers and letters, with requirements differing from website to website. You probably thought back to countless password resets and security questions which could be bypassed with a quick Google search. We have been told we shouldn’t use the same password for multiple sites, but we do. Companies mandate a password change for employees every few months, with the same stringent requirements each time.

So what do we do? We make patterns, we reuse or – whisper it – we write down. All behaviours which might make life easier for us but which circumvent the very thing complicated password requirements are trying to create – security.

In their current form, passwords give the illusion of security; it is something we know, something we are familiar with. The starred out field cloaking our favourite sports team, the asterisks covering our last holiday destination. But what else is that field hiding… it is hiding an uncomfortable truth – passwords are hard for us to remember, but easy for computers to guess.

Hackers can attempt to crack passwords using dictionary words and previously leaked passwords to speed up the process. To make matters worse, most passwords are not unique – from a survey by SplashData in 2015 the most popular were “123456” and “password”.

Even if a strong password is chosen, advances in computing power mean they can be cracked in a diminishing period of time. We are playing into the hands of the hackers. But there is another way, a better way…

Biometric authentication is the process of controlling access using something you are: something you always carry with you and something that is unique to you. This could be your face, your voice or your fingerprint, or a combination of these.

Signing in using a biometric identifier is quick, taking a second or two. This is especially relevant in a mobile environment, where typing out a password on a small or virtual phone keyboard can often be slow and inaccurate. Biometrics also offer flexibility to the user – different identifiers can be used in different situations. You wouldn’t want to use voice recognition on a crowded train, and you wouldn’t be able to use face recognition in a darkened room, so by offering multi-modal biometrics, the user can stay secure without any inconvenience.

Multifactor authentication is the process of using more than one identifier to log-in. This is often implemented as a password plus a one-time code sent to your device. This approach significantly improves security and is increasingly being adopted by online services and corporations. Biometrics can integrate perfectly into this multi-factor approach – with a biometric being either the primary or secondary authentication factor. In addition, thanks to the speed of the biometric authentication process, customers could be asked to ‘step-up’ security to perform certain functionality. For example, a customer could log-in to online banking using a 4 digit PIN, which would provide only simple functionalities: the account balance and last transactions. However, to make a payment or set up a new payee, the customer could be prompted for a fingerprint, voice or face sample to provide the required additional security.

A customer’s biometric can also be combined with behavioural analytics to further strengthen security. Behavioural analytics takes user metadata like location and typical log-in times to determine the likelihood that an action is genuine. But more on that in another post…

Biometric authentication has applications beyond simple integration into a mobile application. A voice recognition function could be introduced in a call centre environment to verify customers before they are put through to an advisor, removing the need for lengthy security questions. This technology is smart too: analysing different aspects of a customer’s voice – pitch, emphasis, pronunciation, even throat and mouth shape. In addition, this technology can detect if the caller is speaking under duress or panic. It can be implemented in a passive and non-intrusive way – a customer is authenticated in the background whilst having their conversation with an advisor.

Biometric technology also has a significant use-case for authorising online payments. Currently, just knowing the card details can be enough to defraud a consumer, with a ‘3D Secure’ password prompt like SecureCode (MasterCard) and Verified by Visa only happening in certain situations. According to a MasterCard survey of 10,000 people, 53 percent of shoppers forget crucial passwords more than once a week, losing more than 10 minutes while they reset their accounts. As a result, more than a third of people abandon an online purchase, while 60% said that having to reset a password led to missing a time-sensitive transaction like buying concert tickets. More than half of people want to see passwords replaced by something more convenient, but which still delivers the same levels of protection and peace of mind.

As verifying your identity using a biometric is so quick, it is a natural fit for online transactions. Furthermore, with many modern phones featuring biometric hardware such as a fingerprint sensor, consumers are already comfortable with the process. MasterCard has recently announced their ‘IdentityCheck’ app which authenticates payments using either facial or fingerprint biometrics. Pilots in August last year proved successful with a global rollout happening early 2017.

When new technology reaches consumers, is it often adopted by the young, tech-savvy demographic who are more accustomed to learning abstract interfaces and complex operations. However, with biometrics, the process is intuitive and simple, making life easier whatever your age group or background. There is also the equality and accessibility angle – biometric identifiers provide options for those who are unable to remember passwords or struggle to type on their mobile devices.

If the user experience is slick and easy, customers are more likely to use a service and access it more frequently. With registration/signup commonplace on many websites, users have lots of passwords to remember: this represents a substantial opportunity for a biometric authentication solution.

At the end of 2014, USAA – a Fortune 500 company – offered biometric authentication to 1.4 million customers and by October of the following year, over 1 million had registered to use it. Their headline statistic shows how popular the option has become – 80% of customers have now chosen to authenticate using a biometric identifier over a PIN.

User expectations of banking are changing. Consumers expect functionality to be available using mobile apps, without the need for traditional, face-to-face banking. Security guards and vaults provide peace of mind in the physical world, but maintaining security in the digital world is more challenging. Biometrics provide the means, the assurances and the simplicity for better authentication, safeguarding our future.

What do you think?  Leave a reply below or contact James by email.

Read more about Sopra Steria’s Biometrics offering.