Newsletter

Winter 2013 -14

News, customer information & key events from the team at Purple

Unravelling Cyber Security

The interconnectedness of the modern world provides an unprecedented opportunity for businesses and individuals. But it also provides an opportunity to criminals and terrorists, resulting in new threats to the defence and security of our countries. These threats, and the mitigation of them, are often talked about under the title cyber security. There is a lack of understanding of the considerable risks of operating in cyberspace and it is often considered risk-averse and operationally detrimental to target them. The benefits of investing in protection are often poorly understood and the potential for misspent investment significant. It is critical that awareness of the threats, services and markets involved is improved so that these risks can be mitigated intelligently. A recent report 1 splits the cyber security market into four sub-markets (see box below) according to online presence, the extent of exposure to potential threats, and the levels of technology maturity. Across these markets the main high level threats of operating online include: Criminal Behaviour, such as fraud and Hacktivisim, which incorporates disrupting government or corporate activities or damaging their reputation through denial of service; and espionage, the gathering of Government or corporate information illegally in order to gain a competitive advantage or damage national security. Within these sectors and threats, the main products and services aimed at offering protection include: 1. Information Assurance: Providing guidance and consultancy on how best an organisation can protect its information assets online and offline. 2. Service/Product Assurance: Providing services such as vulnerability hunting, penetration testing, and assessments of products against known criteria. 3. Product Development: Development of products such as anti-virus software, data diodes, and sandboxing tools.

Securing businesses and individuals online whilst minimising operational impact is a complex task. A thorough understanding of the threats and supply areas is critical and will enable targeted investment in protection mechanisms that will increase the effectiveness of cyber security spend. Currently there is a lack of engineers with the skills required. In light of this, Purple is investing in gaining these skills as we believe our expertise in secure systems development is underpinned by similar abilities. In fact, secure systems development is set to play an increasing role in producing a safer cyberspace for businesses and individuals of the future.
Peter Daunton, Systems Engineer, Purple Secure Systems

FOUR CYBER SECURITY SUB-MARKETS:

Defence and Intelligence, Other Government,

which covers all Government intelligence agencies and the MOD. which covers all other public sectors which are not Defence and Intelligence, e.g. the NHS.

Enterprises,

which covers all large commercial enterprises some of which are part of the nations critical national infrastructure.

SMEs and Consumers.

A study by Pierre Audoin Consultants (PAC) UK Ltd for the Department for Business, Innovation and Skills. (2013) Competitive analysis of the UK cyber security sector.

Purple News . . .
HELPING DEVELOP THE NEXT GENERATION OF SOFTWARE ENGINEERS Were pleased to be mentoring a group of seven 3rd year students at the University of Bristol. The computer scientists are competing in a six-month project to develop social gaming using smartphones. The result will be a full, commercial-quality game. Andy Martin, one of Purples software engineers and a Bristol University graduate himself, is providing project management and technical guidance. The best team will win a cash prize and Andy is confident that he has a winning team on his hands! Purple is committed to nurturing the next generation of talent through schemes such as this. Industry and academia need to work closely to give students an insight into real life applications of software and systems engineering. If your company would like to find out more about our experiences of mentoring, please contact our HR Manager, Katie Holtum.

About Purple Secure Systems . . .

Purple Secure Systems provides industry-leading Systems and Software Engineering expertise to support the Government and defence industry. We provide engineering support and delivery for our clients projects, either working alongside their internal teams or delivering a whole project to them. Our team of SC and DV-cleared engineers are able to deliver results on budget, to specification, and on time. We have significant experience working on highly complex engineering projects across different domains.

PURPLE SECURE SYSTEMS St. Georges Lodge, 33 Oldfield Road Bath BA2 3NE Tel: +44 (0)1225 827 380 Web: www.purplesecure.com

 Newsletter

The Implications of Changes in Government Procurement

Even in the seven years that Purple has existed, there have been significant changes in what Government and MOD departments procure from industry and how they do it. Over a significant period, the National Audit Office has regularly publicised cases of large IT or Systems projects that have failed to deliver on time and budget. This, combined with significant down pressure on public sector budgets, has driven a change in how taxes are spent in this area. As a result, there are far fewer large programmes (500+ million) and far more small, agile projects. Some projects have changed relatively little in nature, but are procured in an iterative way instead, sometimes through a more partnership-oriented relationship with an industry supplier. So what does this mean for industry? The first challenge is increased uncertainty; project planning and resource allocation become much more difficult. This impacts the overhead that industry suppliers are prepared to carry, thus larger players are thinning-out in any capability areas not considered completely core. It also means that industry is actively exploring new markets outside the UK, with some success. This comes with Government support, demonstrated by the amount of foreign trips that David Cameron has made recently. The UK Governments SME agenda has also gained momentum, with a target to spend 25% of its budget with small to mediumsized enterprises by April 2015. This is evidenced by the introduction of the G-Cloud and Government Digital Services Framework, both of which Purple is a part of. But the success of these initiatives relies not on the rhetoric around them or their processes, but on the willingness of individuals within Government Departments to adapt their mind-set and make a change in their supply base. Purples engagement with the Met Office highlights that it can bring enormous benefits.
David Harris, Managing Director, Purple Secure Systems

In the News . . .
INCOSES ASEC 2013: VIEWS AND LEARNING Purple continued its support for UK Systems Engineering by attending ASEC2013: the INCOSE annual conference in November. ASEC2013 provided a variety of stimulating presentations and thoughtprovoking tutorials on the theme of Effective Systems Engineering. Topics of particular relevance to Purple and our clients included the value of a model-based approach; how, and if, we should define systems of systems, and the concept of agile systems engineering. As Andy Medwell, Operations Manager at Purple commented, For us its clear that the concept of agile systems engineering needs to be considered afresh, unencumbered by the position on agile taken by the software engineering community; the presentations we attended at ASEC only reinforced that view. We also noted a positive trend in industrys interest to address the important area of security within systems engineering. This is encouraging for Purples developing Cyber capability. In addition to attending ASEC2013, Purple retains its position on the INCOSE UKs advisory board; allowing us to contribute directly to the development of professional Systems Engineering in the UK. PURPLE SECURES POSITION ON GOVERNMENT DIGITAL SERVICES FRAMEWORK Were delighted to have been awarded a place on the framework agreement of the Cabinet Offices new Government Digital Service team. The framework will support the Governments digital strategy to migrate existing transactional processes from paper-based to online services. Government departments can now tap into a pool of SMEs with an Agile capability, like Purple Secure Systems, so that these migrations can be done in an efficient and economical way.

PURPLE SECURE SYSTEMS - www.purplesecure.com

Purples Logic Puzzle

You have two strings of the same length whose only known property is that when you light one end of either string it takes exactly one hour to burn. The rate at which the strings burn is completely random and each string is different. How do you measure 45 minutes?
You can find the answer at: http://www.purplesecure.com/Logic-problem-solution