HiveRank (551)

Basil Philipsz

Associate HiveMind Expert

Mantra

Don't Assume

In a nutshell

If protection of your crucial data and its access is important, I can architect new IT systems or review and improve existing deployments

Availability

Fully Available Immediately

Languages

English

Skills

cloud technologies

cyber security

Data Governance

digital transformation

Identity Assurance

Identity Platforms

IT Security Review

Remote Working

Risk Management

HM Expert since

Sunday October 27, 2019

About

I believe my personal traits include being open minded, pragmatic, perceptive, innovative and persuasive.

My PhD was in Pure Mathematics from University of Manchester and after a short spell as a Lecturer, I changed direction and enjoyed various roles both technical and managerial in major US computer companies.

I founded Distributed Management Systems as a software house and most recently have developed a consuming interest in Identity Assurance.

Our latest Technology has granted US and EU patents and is certified by UK NCSC as suitable for Secret. I most enjoy designing or adapting IT architectures to make the best use of appropriate, current Technologies.
The scope with flexible access provided by the Cloud allows Enterprises to scale and adapt at speed but brings concomitant risk of damaging data breaches.

We have accumulated deep knowledge on possible vulnerabilities and can architect resilient and robust solutions.

Current role details

I am the founder and CEO of Distributed Management Systems Ltd (DMS), we have invented and developed a radical approach to Mutual, Multi-factor Authentication, Key Management and Key Distribution called CASQUE. www.casque.co.uk.

I work with my colleague, Richard West on management consulting assignments through West & Company www.west-consulting.co.uk. We help early stage Technology companies to exploit their potential.

Basil's STAR Stories

How one type of Threat determines the complexity of the... (Reveal More OR View Full Page)
Situation

Dover Harbour Board wanted to secure physical access to the internal section of the Port that housed Police, Customs, Ferry Operators and Port employees.

Access was required 24/7 by accredited cars and pedestrians.

Task

Needed to devise a system that operated 24/7 and could also cope with temporary contractors with restricted access..

Of particular concern was to have a system that did not have easy hacks; for example, passback to a following person or cloning tokens.

Action

We devised a system based on writable magnetic stripes on credit card sized plastic. This could also have printed identification photos. The data on the Card was encrypted and we designed control computers that we housed in the manned kiosks controlling vehicle barriers and turnstiles.

The system also allowed temporary passes to be issued at a central reception area. The writable feature allowed the Card to be written on each access and so prevented pass-back hacks and cloning. The controllers sent data back to a central server to produce logging information that lead to a variety of intelligence uses.

One of benefit  from log analysis allowed preventive maintenance on the Omron Card readers because it listed the number of retries of write commands which was indicative of head wear.

Results

Value was delivered by;

  • Make more informed, data driven decisions
  • Improved Confidence in Role or function
  • Enable Better Business Agility
  • Reduce Risk of fines, theft and Reputation Damage
  • Lower Perception of Risk from Customers
  • Enhanced Reputation with Peers
  • Provide more Innovative Solutions to the Business
  • Fautless operation 24/7 for 11 years
Lessons in building a Secure Infrastructure (Reveal More OR View Full Page)
Situation

Airwave was established in 2000 by BT with a contract to provide secure wireless communications for the UK Police and other Blue Light Services. This involved setting up a network of masts to host the access to this secure communications network and a team of distributed engineers were employed in install and test the infrastructure.

Task

The task was to allow the engineers to securely access the central IT Servers at Airwave’s Rugby Headquarters using dialup land lines in order for them to commission and test the new deployments and also perform other administrative tasks.

The engineers were provided with locked down laptops with restricted privileges and the system provided secure remote access to the central servers.

Action

We designed the remote access system using our own multi-factor authentication solution based on our proprietary Challenge – Response Methodology..

We integrated our Authentication Server with the Gateway Firewall at the central facility and built bespoke Optical Tokens to respond to the login challenge.

The Optical token had photo diodes to detect, using pattern recognition, the coded challenge presented as flashing images on the Engineers laptop screen.

The use of these tokens meant that no software or hardware changes were needed on the client workstations and the pattern recognition was impervious to delays in transmission or variations in screen types or brightness.

Results

Value was delivered by;

  • Reduce Risk of fines, theft and Reputational Damage by having high grade Identity Assurance
  • Improved Confidence in management allowing pursuit of rapid installation of Nationwide infrastructure
  • Enable better Business Agility allowing Engineers in the field to build  Base Stations and test functionality in a secure manner
  • Provide more Innovative Solutions to the Business allowing independent, flexible working of distributed Engineers

The 2 year rollout was successful with no breaches or malfeasance. Despite plans to migrate to a 4G replacement, delays have resulted in essentially the same network being extended to 2022!

Secure Remote Access to Sensitive Resources (Reveal More OR View Full Page)
Situation

How can remote access to sensitive Defence Networks over public network be protected against intrusion.

Task

UK Ministry of Defence wanted to enable remote access over public data network to their existing sensitive networks.

Clearly there would be needed a high grade solution that could provably resist envisaged attacks. In particular, the problem of complicit Users denying access by alluding to possible compromise in access needed to be eliminated.

Obliterating the repudiation denial also resulted in a powerful deterrent. In order to eliminate vulnerabilities in existing authentication products, a radical approach to federated Identity Assurance was developed.

Action

The logical start is to critique the weakness in existing products. For example, Passwords, Out of Band and One Time Generators are regarded as having weak security and have proven failures; refer to NIST Digital Identity Guidelines. Software only techniques based on machine learning and artificial intelligence has intrinsic flaws. The most permissive usage – usually required by C level executives, become the easiest targets and you have to have a very busy administrative team on call to handle legitimate exceptions. Importantly, there is no detection of compromise.

FIDO and similar variants are designed to remove passwords as they are linked to the URL to be accessed not to the User. If stolen, they continue to work- making an excellent excuse for repudiation of access. Zero Knowledge methods work as long as the algorithm and data points have not be leaked by the Service provider; if they have been, compromise is undetectable.

In both FIDO and Zero Knowledge methods, since there is no link to specific user, they cannot be immediately suspended and personal usage analytics are not possible. We designed a system that did not depend on having fixed secrets so they was nothing for a hacker to target or for a complicit Insider to disclose.

Results

Value was delivered by:

  • Reduce Risk of fines and reputational damage as no vulnerability in the access method could allow repudiation of liability
  • Enable Better Business Agility remote users could access, from remote locations, legacy applications hosted in sensitive networks
  • Enhanced Reputation as overall risk to the Network was greatly diminished.
  • Make more informed, data driven decisions as data was timely updated

Services Basil Manages

Service Icon Accelerated Cyber Security Review (Reveal More OR View Full Page)
Summary

Accelerated Cyber Security review and recommendations

Services Basil Delivers

Service Icon HiveExec For Security & Risk Leaders (Reveal More OR View Full Page)
Summary

This service focuses on accelerating and amplifying success for leaders responsible for Information and Technology based Security & Risk

Industry Experience

Technology

Telecommunications

Government and Public Services

Healthcare

regional Experience

Europe