Polls

Is there an unsecured wireless network near you?
 
Hitting underground pipes and cables costs the UK £2.4bn a year. We need a data platform for that, says government
Wednesday, 20 October 2021 21:45

HTTP/2 200 date: Wed, 20 Oct 2021 13:00:09 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/bea9b94002d2e721422add584a7f2257d5de42ae/javascript/_.js>; rel=preload; as=script;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/scaffolding.css>; rel=preload; as=style;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Wed, 20 Oct 2021 13:00:09 GMT vary: Accept-Encoding x-reg-bofh: pfy03us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 6a126d6d280ffe89-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Atkins wins £23m National Underground Asset Register deal • The Register

Atkins wins £23m deal to build National Underground Asset Register


The UK government has awarded management consultancy Atkins a £23m contract to help it get to grips with accidental damage to underground pipes and cables, which is costing £2.4bn a year.

The Geospatial Commission, an independent expert committee within the Cabinet Office, has awarded the work to help it build "a secure data exchange platform providing a comprehensive, trusted and secure digital map of where buried assets are located."

Documents attached to a competitive tender notice point out that when digging up roads or attempting any other subterranean engineering, workers suffer the considerable difficulty of finding out what other human-made structures might be down there.

But there is no uniform process for "asset owners" – the gas, water, telecoms or electricity companies who dig up roads to lay pipes and cables – to share their data about where exactly they have put everything.

All of this "means prior to excavating a site, operators are required to contact all organisations who own or may have owned assets in the area, wait for each to respond, then compile information so it can be read and understood by workers," according to the tender documents.

"This process is slow, inefficient and makes inaccuracies leading to accidental damage more likely," they say.

In 2019 and 2020 the commission carried out two pilots, one led by the Greater London Authority and the other by Ordnance Survey in the North East of England, in the hope of proving a national data-sharing platform was a feasible idea. By April 2020, the pilot concluded it was. It was also "highly desirable by asset owners and their supply chains," it said.

The primary use case for the "National Underground Asset Register" (NUAR) is to avoid hitting pipes and cables already underground – "strike avoidance" in technical language – and increasing the efficiency of project planning and data exchange, according to the commission.

The core platform is the part of the system where the system data is ingested, stored and exposed to other subsystems via APIs, subject to security controls and role-based access constraints.

The Geospatial Commission has committed in the UK's first Geospatial Strategy to preparing for the rollout of NUAR, which is also included in the government's National Infrastructure Strategy [PDF] launched in November last year.

In the DevOps style, it also expects the first release of the data platform to be available within three months of the contract award. It expects Atkins to begin national rollout 19 months after the contract starts, officially 31 August.

The commission estimates the industry could save £350m a year by avoiding accidental asset strikes, improving the efficiency of works and better data sharing using the platform, according to an accompanying press release.

In a pre-canned statement, Nigel Clifford, deputy chair of the Geospatial Commission, said: "Our National Underground Asset Register will be a momentous step towards providing the UK with a shared national data asset of significant value." ®


Other stories you might like

The Brave browser will now default to the company's own search engine, claimed to preserve privacy, while a new Web Discovery Project aims to collect search data again with privacy protection.

The Brave web browser is based on the Google-sponsored Chromium engine but with features designed to prevent tracking, as well as an unusual reward system using its own cryptocurrency, the Basic Attention Token (BAT). Brave search will now be the default on new installs for desktop, Android, and iOS. Existing Brave users will keep their current default unless they choose to change it.

Brave Search was released in beta in June and uses technology called Tailcat, acquired from the failed German Cliqz project, which also sought to provide a Google-free index.

Continue readingNHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event It's like rai-iiiiiin on your wedding day

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.

The first email sent yesterday morning thanked participants for "registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."

Apparently Neil Bennett, CISO at NHS Digital, and Phil Huggins, National CISO at NHS X, "along with guest speakers, will have a conversation about the ongoing protection and how an increasingly digitised world means we must be super vigilant and cyber secure, where cyber hygiene is essential in protecting patients."

Continue readingLunar rocks brought to Earth by China's Chang'e 5 show Moon's volcanoes were recently* active * Just a couple of billion years

The Moon remained volcanically active much later than previously thought, judging from fragments of rocks dating back two billion years that were collected by China's Chang’e 5 spacecraft.

The Middle Kingdom's space agency obtained about 1.72 kilograms (3.8 pounds) of lunar material from its probe that returned to Earth from the Moon in December. These samples gave scientists their first chance to get their hands on fresh Moon material in the 40 years since the Soviet Union's Luna 24 mission brought 170 grams (six ounces) of regolith to our home world in 1976.

The 47 shards of basalt rocks retrieved by Chang'e 5 were estimated to be around two billion years old using radiometric dating techniques. The relatively young age means that the Moon was still volcanically active up to 900 million years later than previous estimates, according to a team of researchers led by the Chinese Academy of Sciences (CAS).

Continue reading

Updated The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed.

The museum for computers and video games said it was notified that a unique email address used to book tickets via its website "has subsequently received a phishing email that looked like it came from HSBC."

"Our investigation has revealed that our online customer datafile has been compromised and the email addresses contained within are now in the hands of spammers," says the letter to visitors from Jason Fitzpatrick, CEO and trustee at CCH dated 19 October.

Continue readingAncient with a dash of modern: We joined the Royal Navy to find there's little new in naval navigation Following the Fleet Navigating Officers' course

Boatnotes II The art of not driving your warship into the coast or the seabed is a curious blend of the ancient and the very modern, as The Reg discovered while observing the Royal Navy's Fleet Navigating Officers' (FNO) course.

Held aboard HMS Severn, "sea week" of the FNO course involves taking students fresh from classroom training and putting them on the bridge of a real live ship – and then watching them navigate through progressively harder real-life challenges.

"It's about finding where the students' capacity limit is," FNO instructor Lieutenant Commander Mark Raeburn told The Register. Safety comes first: the Navy isn't interested in having navigators who can't keep up with the pressures and volume of information during pilotage close to shore – or near enemy minefields.

Continue readingDarmstadt, we have a problem – ESA reveals its INTEGRAL space telescope was three hours from likely death Gamma ray-spotting 'scope was spinning uncontrollably and unable to make 'leccy until dramatic rescue

The European Space Agency (ESA) revealed on Monday that its 19-year-old International Gamma-Ray Astrophysics Laboratory (INTEGRAL) had a near-death experience last month when failure of a small yet significant part caused it to spin uncontrollably and prevented its solar panels from generating power.

According to ESA's blog, one of the scope's three active 'reaction wheels' – flywheels that help to stabilise attitude – turned off without warning. Absent the reaction wheel's energy, INTEGRAL rotated dangerously.

The ESA activated Emergency Safe Attitude Mode, but that was ineffective because a July 2020 failure had left the geriatric satellite's thrusters inoperable.

Continue readingWhen it comes to ransomware, every second hurts Fortinet seeks to make EDR easy for non-specialists

Sponsored For the longest time it seemed that modern endpoint detection and response (EDR) was getting on top of the worst malware, only for that certainty to evaporate in a single day in June 2017 thanks to a strange malware event remembered as the NotPetya attack.

A lot of virtual ink has flowed on the origins of NotPetya but the most important aspect of its behaviour for anyone involved in endpoint defence EDR was the stunning speed with which it turned entire networks of computers into boxes uselessly pushing warm air. The word ‘fast’ gets bandied around a lot in malware incidents but for once this was no hyperbole, reportedly downing an entire Ukrainian bank in 45 seconds and a network running part of the country’s transit system in a third of that time.

That means the infection unfolded in roughly 15 seconds to less than a minute. As with the equally swift WannaCry infection which had encrypted at least 200,000 computers in 150 countries only weeks earlier, this was far faster than EDR systems of the time - and the teams fielding the alerts generated by them - could possibly react. Security Operations Centre (SoC) teams couldn’t even ask employees to turn their computers off.

Continue readingFacebook may soon reveal new name – we're sure Reg readers will be more creative than Zuck's marketroids We've kicked things off with the most splendidly evil fictional corporations, feel free to share your ideas

POLL Consumer tech outlet The Verge today reports that Facebook may soon reveal a new name.

Apparently Zuck wants to create an umbrella brand – a bit like Google did when it created Alphabet as its parent company. The Social Network™ is also keen to reflect its shift to "the metaverse", as signalled by its plan to hire 10,000 new workers to build some version of shared virtual reality.

Facebook has clammed up about its plans.

Continue readingSir Clive Sinclair inspired me and 'whole load of others' at Arm, says CEO Simon Segars But of course chief exec's first computer was an Acorn

Like so many of us in tech, Arm CEO Simon Segars has his own computing origins story, which he shared during a speech on Tuesday at the Arm DevSummit developer conference.

British-born Segars' interest in computing started at age 14, when he'd go to a shop that had a Sinclair ZX81 computer on display, on which he wrote simple programs, learning about concepts like variables and loops.

"It was expensive at £70, we weren't about to buy one … and [it was] primitive by today's standards. It had a 3Mhz, 8-bit microprocessor and a whole 1KB of memory," Segars said.

Continue readingCrims target telcos' Linux and Solaris boxes, which don't get enough infosec love CrowdStrike says 'LightBasin' gang avoids Windows, and knows that telco networks run on badly-secured *nix

A mysterious criminal gang is targeting telcos' Linux and Solaris boxes, because it perceives they aren't being watched by infosec teams that have focussed their efforts on securing Windows.

Security vendor CrowdStrike claims it's spotted the group and that it "has been consistently targeting the telecommunications sector at a global scale since at least 2016 … to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads.

CrowdStrike principal consultant Jamie Harries and senior security researcher Dan Mayer named the group "LightBasin", but it also goes by the handle "UNC1945".

Continue readingAcer servers cracked in India and Taiwan – including systems with customer data Gang says it grabbed internal info, could do the same to Acer elsewhere

Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data.

The miscreants who claimed to be behind the network breaches boasted they stole gigabytes of information from the servers, and suggested other Acer operations around the world are also vulnerable to information theft.

Acer issued the following statement this week about the affair:

Continue reading

HTTP/2 200 date: Wed, 20 Oct 2021 13:00:09 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/bea9b94002d2e721422add584a7f2257d5de42ae/javascript/_.js>; rel=preload; as=script;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/scaffolding.css>; rel=preload; as=style;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Wed, 20 Oct 2021 13:00:09 GMT vary: Accept-Encoding x-reg-bofh: pfy03us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 6a126d6d280ffe89-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Atkins wins £23m National Underground Asset Register deal • The Register

Atkins wins £23m deal to build National Underground Asset Register


The UK government has awarded management consultancy Atkins a £23m contract to help it get to grips with accidental damage to underground pipes and cables, which is costing £2.4bn a year.

The Geospatial Commission, an independent expert committee within the Cabinet Office, has awarded the work to help it build "a secure data exchange platform providing a comprehensive, trusted and secure digital map of where buried assets are located."

Documents attached to a competitive tender notice point out that when digging up roads or attempting any other subterranean engineering, workers suffer the considerable difficulty of finding out what other human-made structures might be down there.

But there is no uniform process for "asset owners" – the gas, water, telecoms or electricity companies who dig up roads to lay pipes and cables – to share their data about where exactly they have put everything.

All of this "means prior to excavating a site, operators are required to contact all organisations who own or may have owned assets in the area, wait for each to respond, then compile information so it can be read and understood by workers," according to the tender documents.

"This process is slow, inefficient and makes inaccuracies leading to accidental damage more likely," they say.

In 2019 and 2020 the commission carried out two pilots, one led by the Greater London Authority and the other by Ordnance Survey in the North East of England, in the hope of proving a national data-sharing platform was a feasible idea. By April 2020, the pilot concluded it was. It was also "highly desirable by asset owners and their supply chains," it said.

The primary use case for the "National Underground Asset Register" (NUAR) is to avoid hitting pipes and cables already underground – "strike avoidance" in technical language – and increasing the efficiency of project planning and data exchange, according to the commission.

The core platform is the part of the system where the system data is ingested, stored and exposed to other subsystems via APIs, subject to security controls and role-based access constraints.

The Geospatial Commission has committed in the UK's first Geospatial Strategy to preparing for the rollout of NUAR, which is also included in the government's National Infrastructure Strategy [PDF] launched in November last year.

In the DevOps style, it also expects the first release of the data platform to be available within three months of the contract award. It expects Atkins to begin national rollout 19 months after the contract starts, officially 31 August.

The commission estimates the industry could save £350m a year by avoiding accidental asset strikes, improving the efficiency of works and better data sharing using the platform, according to an accompanying press release.

In a pre-canned statement, Nigel Clifford, deputy chair of the Geospatial Commission, said: "Our National Underground Asset Register will be a momentous step towards providing the UK with a shared national data asset of significant value." ®


Other stories you might like

The Brave browser will now default to the company's own search engine, claimed to preserve privacy, while a new Web Discovery Project aims to collect search data again with privacy protection.

The Brave web browser is based on the Google-sponsored Chromium engine but with features designed to prevent tracking, as well as an unusual reward system using its own cryptocurrency, the Basic Attention Token (BAT). Brave search will now be the default on new installs for desktop, Android, and iOS. Existing Brave users will keep their current default unless they choose to change it.

Brave Search was released in beta in June and uses technology called Tailcat, acquired from the failed German Cliqz project, which also sought to provide a Google-free index.

Continue readingNHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event It's like rai-iiiiiin on your wedding day

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.

The first email sent yesterday morning thanked participants for "registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."

Apparently Neil Bennett, CISO at NHS Digital, and Phil Huggins, National CISO at NHS X, "along with guest speakers, will have a conversation about the ongoing protection and how an increasingly digitised world means we must be super vigilant and cyber secure, where cyber hygiene is essential in protecting patients."

Continue readingLunar rocks brought to Earth by China's Chang'e 5 show Moon's volcanoes were recently* active * Just a couple of billion years

The Moon remained volcanically active much later than previously thought, judging from fragments of rocks dating back two billion years that were collected by China's Chang’e 5 spacecraft.

The Middle Kingdom's space agency obtained about 1.72 kilograms (3.8 pounds) of lunar material from its probe that returned to Earth from the Moon in December. These samples gave scientists their first chance to get their hands on fresh Moon material in the 40 years since the Soviet Union's Luna 24 mission brought 170 grams (six ounces) of regolith to our home world in 1976.

The 47 shards of basalt rocks retrieved by Chang'e 5 were estimated to be around two billion years old using radiometric dating techniques. The relatively young age means that the Moon was still volcanically active up to 900 million years later than previous estimates, according to a team of researchers led by the Chinese Academy of Sciences (CAS).

Continue reading

Updated The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed.

The museum for computers and video games said it was notified that a unique email address used to book tickets via its website "has subsequently received a phishing email that looked like it came from HSBC."

"Our investigation has revealed that our online customer datafile has been compromised and the email addresses contained within are now in the hands of spammers," says the letter to visitors from Jason Fitzpatrick, CEO and trustee at CCH dated 19 October.

Continue readingAncient with a dash of modern: We joined the Royal Navy to find there's little new in naval navigation Following the Fleet Navigating Officers' course

Boatnotes II The art of not driving your warship into the coast or the seabed is a curious blend of the ancient and the very modern, as The Reg discovered while observing the Royal Navy's Fleet Navigating Officers' (FNO) course.

Held aboard HMS Severn, "sea week" of the FNO course involves taking students fresh from classroom training and putting them on the bridge of a real live ship – and then watching them navigate through progressively harder real-life challenges.

"It's about finding where the students' capacity limit is," FNO instructor Lieutenant Commander Mark Raeburn told The Register. Safety comes first: the Navy isn't interested in having navigators who can't keep up with the pressures and volume of information during pilotage close to shore – or near enemy minefields.

Continue readingDarmstadt, we have a problem – ESA reveals its INTEGRAL space telescope was three hours from likely death Gamma ray-spotting 'scope was spinning uncontrollably and unable to make 'leccy until dramatic rescue

The European Space Agency (ESA) revealed on Monday that its 19-year-old International Gamma-Ray Astrophysics Laboratory (INTEGRAL) had a near-death experience last month when failure of a small yet significant part caused it to spin uncontrollably and prevented its solar panels from generating power.

According to ESA's blog, one of the scope's three active 'reaction wheels' – flywheels that help to stabilise attitude – turned off without warning. Absent the reaction wheel's energy, INTEGRAL rotated dangerously.

The ESA activated Emergency Safe Attitude Mode, but that was ineffective because a July 2020 failure had left the geriatric satellite's thrusters inoperable.

Continue readingWhen it comes to ransomware, every second hurts Fortinet seeks to make EDR easy for non-specialists

Sponsored For the longest time it seemed that modern endpoint detection and response (EDR) was getting on top of the worst malware, only for that certainty to evaporate in a single day in June 2017 thanks to a strange malware event remembered as the NotPetya attack.

A lot of virtual ink has flowed on the origins of NotPetya but the most important aspect of its behaviour for anyone involved in endpoint defence EDR was the stunning speed with which it turned entire networks of computers into boxes uselessly pushing warm air. The word ‘fast’ gets bandied around a lot in malware incidents but for once this was no hyperbole, reportedly downing an entire Ukrainian bank in 45 seconds and a network running part of the country’s transit system in a third of that time.

That means the infection unfolded in roughly 15 seconds to less than a minute. As with the equally swift WannaCry infection which had encrypted at least 200,000 computers in 150 countries only weeks earlier, this was far faster than EDR systems of the time - and the teams fielding the alerts generated by them - could possibly react. Security Operations Centre (SoC) teams couldn’t even ask employees to turn their computers off.

Continue readingFacebook may soon reveal new name – we're sure Reg readers will be more creative than Zuck's marketroids We've kicked things off with the most splendidly evil fictional corporations, feel free to share your ideas

POLL Consumer tech outlet The Verge today reports that Facebook may soon reveal a new name.

Apparently Zuck wants to create an umbrella brand – a bit like Google did when it created Alphabet as its parent company. The Social Network™ is also keen to reflect its shift to "the metaverse", as signalled by its plan to hire 10,000 new workers to build some version of shared virtual reality.

Facebook has clammed up about its plans.

Continue readingSir Clive Sinclair inspired me and 'whole load of others' at Arm, says CEO Simon Segars But of course chief exec's first computer was an Acorn

Like so many of us in tech, Arm CEO Simon Segars has his own computing origins story, which he shared during a speech on Tuesday at the Arm DevSummit developer conference.

British-born Segars' interest in computing started at age 14, when he'd go to a shop that had a Sinclair ZX81 computer on display, on which he wrote simple programs, learning about concepts like variables and loops.

"It was expensive at £70, we weren't about to buy one … and [it was] primitive by today's standards. It had a 3Mhz, 8-bit microprocessor and a whole 1KB of memory," Segars said.

Continue readingCrims target telcos' Linux and Solaris boxes, which don't get enough infosec love CrowdStrike says 'LightBasin' gang avoids Windows, and knows that telco networks run on badly-secured *nix

A mysterious criminal gang is targeting telcos' Linux and Solaris boxes, because it perceives they aren't being watched by infosec teams that have focussed their efforts on securing Windows.

Security vendor CrowdStrike claims it's spotted the group and that it "has been consistently targeting the telecommunications sector at a global scale since at least 2016 … to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads.

CrowdStrike principal consultant Jamie Harries and senior security researcher Dan Mayer named the group "LightBasin", but it also goes by the handle "UNC1945".

Continue readingAcer servers cracked in India and Taiwan – including systems with customer data Gang says it grabbed internal info, could do the same to Acer elsewhere

Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data.

The miscreants who claimed to be behind the network breaches boasted they stole gigabytes of information from the servers, and suggested other Acer operations around the world are also vulnerable to information theft.

Acer issued the following statement this week about the affair:

Continue reading

Source: https://bit.ly/3vsfwZY