The government is facing questions over transparency after almost 2 million in aid and defence funding was given to security projects in Egypt, including support for policing, the criminal justice system and the treatment of juvenile detainees. The news comes with Egypt s security forces under fire1 from human rights groups for routine disappearances, the torture of detainees, and the jailing of political opponents and journalists. Documents obtained under the Freedom of Information Act reveal the cash was granted to the Egyptian authorities through the conflict, stability and security fund (CSSF), the operations, objectives and achievement of which were described as opaque by a parliamentary inquiry earlier this year.
MPs and Lords criticised the secrecy2 of the 1.1bn fund, claiming they could neither scrutinise it nor provide taxpayers with information about how it was spent . The avowed aim of the secretive CSSF, which is financed by the aid and defence budgets, is to build security and tackle conflict overseas. Human rights group Reprieve said it was concerned that 650,000 of the 1.85m security funding granted through the CSSF in 2015-16 appeared to involve direct engagement with the Egyptian police and criminal justice system , including programmes relating to juvenile detainees . Reprieve asked for further details from the Foreign and Commonwealth Office, but the request was refused on the grounds that it was not in the public interest. Maya Foa, Reprieve s director, said the FCO s lack of transparency was deeply disturbing .
Foa said: Ministers are well aware of rights abuses by Egyptian courts and prisons, including against juveniles like Ibrahim Halawa .
It is, therefore, deeply disturbing that the government refuses to release any information about its work with these serial human rights violators.
Transparency in the use of taxpayer money is crucial where there is a risk that the UK could be contributing to abuses as serious as torture and illegal executions . The Foreign Office should urgently explain what these projects involve, and demonstrate they are not exacerbating the terrible ordeals of people like Ibrahim. The case of Halawa, an Irish citizen who has been detained in Egypt for five years awaiting trial, provides a stark reminder of the nature of criminal justice in Egypt under President Abdel Fatah al-Sisi. Halawa, who faces the death penalty if convicted, was arrested with his three sisters during a protest against the ousting of Mohamed Morsi at a Cairo mosque in 20133 . He was then 17, and a juvenile under international law .
His sisters were released but he was charged, along with 493 others, with attending an illegal protest. Intense diplomatic efforts by the Irish government have failed to secure Halawa s release and his trial has been delayed more than 30 times, partly due to the complications inherent in organising a mass trial involving almost 500 defendants . Last year, he told the Guardian4 he had been stripped, beaten and left for dead after a hunger strike . On 29 June, Halawa s case was postponed again, to 2 October, according to the FCO. In a letter sent to Reprieve in response to its request for further information about the CSSF s support for security initiatives in Egypt, the FCO said that providing further detail about the projects could jeopardise the trust and confidence in us by the Egyptian government and therefore our ability to both protect and promote UK interests in the future .
The revelations expose wider concerns about the rising percentage of Britain s 13bn aid budget being spent by ministries other than the Department for International Development, and the implications of such spending for public scrutiny .
Some 36% of aid is spent through other departments who have direct responsibility for that portion of budget. Kate Osamor, the shadow international development secretary, called for all government departments to publish aid-related data . Osamor said: This alarming case raises yet more urgent questions about how the National Security Council is deploying the CSSF to spend aid money that should be earmarked to help the world s poorest.
The government needs to come clean on how they are spending aid money through other departments, and make sure these other departments quickly get themselves up to DfID s level of aid transparency . In this day and age, every government department should be publishing data for all aid-financed programmes, and not hiding behind the excuse of national security . The NSC should publish their country strategies, open up the CSSF to scrutiny, and tell the public whether or not our aid is being spent on detaining juveniles.
In a recent briefing, the FCO reported that the human rights situation in Egypt continues to deteriorate with reports of torture, police brutality and enforced disappearance5. In a statement, a spokesman for the FCO said: The UK is committed to working with Egypt to support political and economic reform, and we encourage the Egyptian government to deliver on its international and domestic human rights commitments . But it is not good enough to merely criticise other countries from the sidelines . We have to work with Egypt to encourage change .
All projects carried out by the UK government comply with the UK s domestic and international human rights obligations.
- ^ Egypt s security forces under fire (www.hrw.org)
- ^ criticised the secrecy (www.theguardian.com)
- ^ at a Cairo mosque in 2013 (www.theguardian.com)
- ^ he told the Guardian (www.theguardian.com)
- ^ reports of torture, police brutality and enforced disappearance (www.gov.uk)
- ^ Transparency (www.theguardian.com)
More posts by this contributor:
As the times change, the security community needs to adapt.
We live in an imperfect world, as Alex Stamos2, Chief Information Security Officer of Facebook pointed out in his recent BlackHat 2017 keynote address . Instead of trying to punish each other, hackers and innovators need to work closely to ensure a higher order.
Other security thought leaders have echoed similar sentiments.
Refreshingly, security thought leaders are driving cultural change from the top . Besides technological innovation, we are beginning to see changes in sales, diversity and culture . We are growing up, albeit slowly.
Product Innovation, Garbage and Lies
Ping Li, 5Partner at Accel Ventures reminded me that we are still in early innings of a long game . The security sector is evolving rapidly and we are still developing a common nomenclature, a lingua franca for our business . Visibility into systems, managing patches, vulnerabilities and security workflows are still being accomplished with rudimentary tools, Lu said.
Newcomers like Corelight6 (backed by Accel), Awake Networks7 (backed by Greylock Ventures) and EastWind Networks8 (backed by Signal Peak Ventures) are innovating on visibility of traffic and threats . In data security, ThinAir9 and Onapsis10 (securing ERP systems) have carved out an interesting niche in the market while Pwnie Express11 is positioning itself to win the IoT / ICS security market.
Empow Networks12, a Gartner Cool Vendor of 2017 wants to create a novel abstraction layer to manage all security tools effectively and Demisto13 (in which I am an investor) is bringing much needed automation to incident response. Nyotron14 just raised $21 million to redefine endpoint security . As drones grow from a mild nuisance to a significant headache, several security startups like Airspace15 and Dedrone16 have jumped in to protect the three dimensional perimeter.
Calling BS on the marketing hype, several presenters at BlackHat offer an unvarnished view of the state of technology .
In her talk, Garbage in Garbage out17 Hillary Sanders, a data scientist with Sophos18 pointed out that if ML models use sub-optimal training data, the reliability of the models will be questionable, possibly leading to catastrophic failures.
She trained models based on three separate data sources and found that if a model is tested on a different data set, the outcomes varied significantly (See 3 X 3 matrix) . Put it differently, if I was trained to recognize a cat in one school, and if I moved to a different school, my ability to identify a cat will drop dramatically.
Caveat Emptor: Do not believe the ML hype unless you have seen the results on your own data sets . Each vendor will train their models on different data sets, which may not be relevant to your environment . And then as new malware data is discovered, stuff gets stale . Chances are that the model may need to be trained or else could start to behave erratically . We live in an imperfect word indeed.
Feed me some garbage: ML Training and Test Data Variances (Image Courtesy: Hillary Sanders, Sophos Labs)
In another presentation aptly titled, Lies and Damn Lies19 Lidia Guiliano and Mike Spaulding presented an analysis of various endpoint marketing claims and debunked these systematically . They spent five months digging into various endpoint offerings and concluded that threat intelligence simply does not work . While endpoint solutions are better than signature based detection, they are no silver bullets.
When it came to drone security, Bishop Fox20, a security consulting firm took a Mythbusters approach to 21research 86 drone security products . Francis Brown, partner at Bishop Fox presented Game of Drones in which he concluded that the solutions are rife with marketing, but most of them are not yet available.
The study concluded that while the 1st generation drone defense solutions/products are being deployed, there are no best practices .
Everything from drone netting, shooting, confetti cannons, lasers and jammers was being used (including falcons) . The vendors have gone wild indeed . If lasers, missiles and falcons are being deployed, what s next?
BlackHat + DefCon may be the only conference in the world where the forces of creation and destruction operate at the same venue . The builders (Suits) show off their wares at briefings and the hackers (T-shirts) show off their arsenal of how they break stuff both mingle freely, challenge each other and do a thumbs-down / eyeroll at the other side . It s like a weird semi-drunk tribal war dance . And unless the elders of the tribe, like Stamos and Yoran, do not call BS on this childish behavior, we will never grow up.
Innovation in Go-To-Market tactics:
Ben Johnson, CTO of Obsidian Security22 recently raised $9.5 million from Greylock (and since the announcement, has been inundated with Series B interest) . In security, all revenues go to hire even more salespeople he says . Is that a healthy practice ? As co-founder of Carbon Black, Ben called upon over 600 enterprise customers and in his current role, is actively exploring more innovative ways to get the product out .
Indeed, when fear drives sales, innovation is harder . As an industry, we need to look at a better way of selling security products . However there is dearth of intelligent tactics . Partnerships with System Integrators (SIs), Channel Partners, Value added Resellers (VARs) and Managed Security Service Providers (MSSPs) are variants to the theme . Margins and accountability get slimmed down as the number of partners grows. Virgil Security23 a data security company (for which I am an advisor) has built a developer-first platform offering tools to build encryption seamlessly . Virgil offers its security platform as a service and the GTM approach can become highly efficient in such scenarios.
Purple Rain, Culture and Diversity
In his BlackHat keynote, Alex Stamos touched upon the importance of diversity of thought, gender and culture . His call to action included behaving responsibly (and not childishly) within a societal framework.
A large number of people in emerging markets will be using $50 phone, not $800 iPhones how do we protect this new wave of digital citizens ? What is the role of a security professional in the context of law enforcement ? Can we learn to empathize with the product builders, the users, the government?
To the security nihilists, Stamos reminded them that not everyone is out to get you . At a more fundamental level, Caroline Wong, VP of Security Strategy at Cobalt24 presented the security professional s guide to hacking office politics .
Security teams need to know more about the business challenges, not just technology . We should be able to understand the flow of money, not just data she pointed out.
The debates have just started in an open honest fashion and IMHO, culture changes slowly . For now, we have added a new color there were Red Teams and Blue Teams . The offense and the defense . Like two sides of security at a perpetual war . At BlackHat 2017, the concept of Purple Teams was introduced by April Wright, who hopes the two warring factions should cooperate and work well together . And yes she also suggested that security should never be an afterthought to which we all say Amen!
Featured Image: Bryce Durbin/TechCrunch
- ^ Secure Octane (www.secureoctane.com)
- ^ Alex Stamos (www.facebook.com)
- ^ Amit Yoran (en.wikipedia.org)
- ^ Tenable Networks (www.tenable.com)
- ^ Ping Li, (www.accel.com)
- ^ Corelight (www.corelight.com)
- ^ Awake Networks (awakesecurity.com)
- ^ EastWind Networks (www.eastwindnetworks.com)
- ^ ThinAir (www.thinair.com)
- ^ Onapsis (www.onapsis.com)
- ^ Pwnie Express (www.pwnieexpress.com)
- ^ Empow Networks (www.empownetworks.com)
- ^ Demisto (www.demisto.com)
- ^ Nyotron (nyotron.com)
- ^ Airspace (airspace.co)
- ^ Dedrone (techcrunch.com)
- ^ Garbage in Garbage out (www.blackhat.com)
- ^ Sophos (www.sophos.com)
- ^ Lies and Damn Lies (www.blackhat.com)
- ^ Bishop Fox (www.bishopfox.com)
- ^ a Mythbusters approach to (www.bishopfox.com)
- ^ Obsidian Security (www.obsidiansecurity.com)
- ^ Virgil Security (virgilsecurity.com)
- ^ Cobalt (cobalt.io)
The chief information officer of America’s Department of Homeland Security has become the latest Trump administration appointee to resign. Richard Staropoli, the former US secret service agent who at one time vowed to run the department “like a hedge fund,” will be leaving at the end of the month . Staropoli had been appointed to the CIO position by the Trump White House in May of this year . Prior to that he had worked at hedge fund Fortress Investment group as the CISO and head of global security. Staropoli had also spent 25 years working in the US Secret Service .
According to his bio1, Staropoli’s duties included work with the Presidential Protective Division, the Counter Assault Team, and the Secret Service’s Hostage Rescue Unit. Staropoli’s most notable moment as CIO came in June, when he vowed to run2 the IT program at the DHS in the same way he ran the hedge fund’s . This came amidst a larger overhaul3 of a number of US departments and a cull of some of the more antiquated and unnecessary4 IT practices across the entire government.
The resignation will not be particularly welcome news to a Trump administration that is already trying to deal with around 500 vacant critical positions, and the turnover of key government officials. Most notably, the role of Staropoli’s would-be boss, the President’s Chief of Staff, has been passed from Reince Priebus to former Homeland Security supremo John Kelly5 . In the background to all this, Anthony Scaramucci was communications director for all of 11 days.
- ^ his bio (www.dhs.gov)
- ^ vowed to run (www.fedscoop.com)
- ^ larger overhaul (www.theregister.co.uk)
- ^ antiquated and unnecessary (www.theregister.co.uk)
- ^ John Kelly (www.theregister.co.uk)
- ^ The Hill (thehill.com)
- ^ M3: Machine Learning & AI conference brought to by The Register (go.theregister.com)