Turning Science Fiction into Science Fact (When Vision, Strategy and Execution meet)

Over the Christmas period, I took the opportunity of some time-out to read Ashley Vance’s excellent biography of Elon Musk, the founder of Space X and Tesla motor vehicles.

It’s a riveting read for anyone with an interest in business, notably anyone starting out with a business idea. Mr. Musk made his first fortune thanks to his involvement with Paypal, and that in itself is a great story. Where his story becomes even more interesting is with Tesla and Space X.

Thanks to his divestment of his shareholding in Paypal, he enjoyed significant advantages over most business people. However, instead of investing his fortune and choosing to live a quiet life, he has bet the lot on his vision(s)- Cost-effective renewable energy in the form of electric cars and solar energy, and a Mars colony with 1 million people.

I’ll come to the visions later, for now, let’s consider the risks he has taken and continues to take. Most entrepreneurs start their business with nothing, or perhaps some hard-earned savings. Certainly, when they establish their business they are taking a risk – the percentages of first-year failures would make most people consider a career playing Las Vegas casinos rather than starting their own business. However, if you start the business with very little of your own funds, the only risk is your time and your reputation. If it fails you can always go and get a job or try again. Even if a business succeeds, most people can only dream of making the kind of fortune that Mr. Musk made at Paypal, and would be delighted and probably content if they did so.

Mr. Musk was not content. He bet his hard-won fortune on electric cars, solar panels, and building spaceships. Each of those industries represents an incredible challenge – and risk. He has ‘tripled down’.

Electric Cars

Electric cars have always suffered from a poor reputation. Batteries have always represented a significant constraint – electric vehicles can’t travel very far and as a result car designs have always been compromised so that the car is even less desirable. Elon Musk determined to:

• Develop battery technology to make electric cars comparable with fossil-fuelled cars for the distance they can cover.
• Develop fast-charging so ‘re-fuelling’ stops are not overnight, but a coffee-break
• Develop a car that would be desirable in its own right, not simply because of its environmental credentials

Against incredible odds, and verging on bankruptcy more than once, he has succeeded. The Tesla Model S has been voted – by every notable motoring journal – one of the best cars in the world. Even the flag-bearers of petrol-heads, Top Gear, said “Arguably the biggest step forward for EVs since the Prius, Tesla shows cylinders may have had their day“. The Tesla 3, an affordable saloon car, is on the verge of mass production.

Rather than being wiped out by existing car manufacturers and their economies of scale, Tesla is now leading in the key area of battery technology. They already have supply / licensing agreements for battery technology with several leading global manufacturers.

Solar Panels

US-based Solar City was founded by Elon Musk’s cousins and he is Chairman of the company. SolarCity was the leading residential solar installer in the U.S. Subsequently Tesla bought the business to realise the inherent synergies with Electric Cars.

At a time when solar panel manufacturing has been dominated by China, thanks to cheap manufacturing, the success of Solar City is also against the odds. Their focus on improving all aspects of solar panel technology has given them a huge lead over the competition.

Sound familiar? They now offer solar roof panels, which look like normal roof panels but are in fact solar. Coupled with their Powerwall electricity storage system, they are forecast to revolutionise de-centralised energy supply.

But where is the synergy with Tesla? Well, Powerwall has battery technology so there’s that. However, the real synergy became apparent with Tesla’s recent infrastructure announcement.

Critics of electric cars used to cite the short distances electric cars could travel between charges as a reason they would never become mainstream. Tesla has solved that problem. So now the critics say there aren’t enough charging points – you can’t drive from L.A. to New York. Not anymore. Tesla is building an infrastructure of charging stations across the USA. 45 minutes to charge your car, so stop and have a rest, coffee, lunch, pretty much the same as any other service station.

What about people who just want to ‘refuel’? Well, Tesla will offer a battery swap-out in the same time it would take to fill a conventional petroleum-fueled car, at around the same price. The choice is yours!

And the synergy? The charging stations will be powered by Solar Panels. No prizes for working out who will be supplying them.

Space X

This is where we really move into Science Fiction becoming Science Fact. The story of Space X and it’s development of space rockets is well worth a read of anybody’s time. As I write this piece, preparations are underway for the launch of the Falcon 9 rocket, which will be the largest in the world. Its payload includes Elon Musk’s own Tesla Roadster – one of the first Tesla’s ever built. If the launch is successful, the Tesla will be placed into orbit around Mars.

I’m not making this up! This is really happening, right now, 2018.

And the synergy? Well, when we get to Mars (not “if”) we’ll need power and transport. There are no oil refineries on Mars. What do you think we’ll be using for electricity and to get around?

In conclusion

I must confess I was a doubter for many years. I couldn’t see how a start-up company could build a mass-production electric car. Certainly not one based in the US with a high-cost base. Certainly not when all the major car manufacturers have huge economies of scale, vast development teams and unlimited budgets.

Similarly with solar. How to compete with the low-cost Chinese supply?

As for Space rockets, well that just seemed like a ‘do not pass go’ route to bankruptcy.

I’m not a doubter anymore. For sure he’s been lucky. But determination, vision and focus have won out. The world needs people like this. If we can get some Elon Musk’s into other fields, notably the environment and healthcare (and I see Jeff Bezos and Warren Buffet are starting to for the latter), there is real hope for the future of planet Earth and humanity.

If not, well thanks to Elon Musk we may well all have a fall-back plan.

Life on Mars.

 

 

 

 

Advertisements

State of Application Security Report – Precis

We’ve extracted and summarised the salient points from the latest State of Application Security Report for Financial Services. If you wish to read and download the whole report from Arxan you can do so here.

Key Findings

Financial services organizations are among the top targets of hackers seeking high-value payment data, intellectual property, and other sensitive information.

• Forty-one percent of mobile finance app users expect their finance apps to be hacked within the next six months
• 50% of organizations have zero budget allocated for mobile app security
• Employee, customer, and “soft” IP data are the top three targets of cyber-attacks in the financial services market
• theft of “hard” intellectual property soared 183% in 2015

Vulnerabilities

Vulnerability assessments were conducted on 55 mobile finance apps in the US, UK, Germany, and Japan. The vulnerability assessments were based on the Open Web Application Security Project (OWASP) Top 10 Mobile Risks. Here is what they found:

• 92% of the mobile finance apps tested were not addressing at least two OWASP Mobile Top 10 Risks
• Lack of binary protection (98%) – this was the most prevalent vulnerability
• Insufficient transport layer protection (91%).

These vulnerabilities make applications susceptible to reverse-engineering and tampering, in addition to privacy violations and identity theft.

Recommendations

For financial service organisations:

• Strengthen the weakest links
• Make security a source of competitive advantage
• Align spending with risks

For customers:

• Get apps only from authorized app stores
• Don’t jailbreak or root mobile devices
• Demand more transparency about the security of the apps you are using

If you wish to read and download the whole report from Arxan you can do so here.

“DROWN” Security Vulnerability

IT Security Vulnerability – “DROWN”

Another website vulnerability has come to light, called the Drown attack.

It is a hacking technique that makes even (Supposedly secure) https:// websites vulnerable. Researchers in the US, Germany and Israel believe that one third of websites using the HTTPS protocol are vulnerable.

This means hackers can obtain passwords, credit card information, emails and sensitive documents. Therefore financial institutions and online retailers should pay particular attention to this latest threat.

The current recommendation is that Administrators of vulnerable servers and websites need to take action. There is nothing practical that browsers or end-users can do on their own to protect against this attack.

If you want to know if a website is vulnerable before you use it, you can do so with this free testing tool. Should you have any further concerns you should contact your network and website administrators to determine the actions to take to protect against the threat.

How to avoid online scams

Action Fraud (a cyber crime reporting organisation), report that individuals and businesses lost over $25m during the Christmas period 2014 through online fraud.

So what can you do to protect yourself? Well, be aware. In this piece I’ve set out a few examples of how criminals may attempt to steal from you online, and how to spot and avoid them.

---

Look out for fake websites

Criminals are making replicas of genuine websites, “selling” products that never turn up. Mobile phones are the most common product to be scammed in this way.

How to spot it: 

• Do they have an address and phone number? Google it and ring them up.
• Check the URL to be sure it is the correct name for the retailer. On the payment page it should be secure – check for a padlock in the search bar.

---

 

Beware of “Phishing” Emails

These are emails that appear to be from familiar companies (e.g. Amazon, Apple) or retailers you have accounts with. They can be very convincing – take a look at the picture below purported to be from Amazon.

 

Clicking on embedded links or attachments in emails like this can lead you to malicious websites that could track your online activity and access passwords. Alternatively you could end up on a fake website which asks for your details.

How to spot it: 

• Legitimate retailers won’t ask for your bank information or passwords in an email
• Generic way of addressing you (“Dear Customers” above)
• Strange email addresses, spelling mistakes, bad grammar

What to do:

• Mark it as spam or junk
• Do not click on any links, nor download any attachments
• If you were expecting something from the retailer but you’re not certain this is it, contact them independently through their website or by telephone

---

 

Does it seem too good to be true?

Have you just received a $250 voucher by email? Maybe there’s a free offer on Facebook – for example have you seen those Ray Ban Sunglasses “deals”?

And be on the lookout for pyramid schemes – they are still around believe it or not. Typically something like send $10 to a friend and receive dozens of gifts in return.

How to spot it: 

• It’s unlikely your real Facebook friends will want to get you a deal on Ray Ban sunglasses

What to do:

• Don’t click
• Check what Apps you’re subscribed to and remove all but the ones you know and trust

As in all things – if it seems too good to be true – IT IS!

Happy shopping…!

Technology leap frogging

I attended an excellent presentation at a BVI Chamber of Commerce luncheon recently. One of the topics addressed was the requirement to upgrade infrastructure in the British Virgin Islands, notably internet speeds.

During the Q&A session at the end, there were comments about the fact that the best internet download speeds achievable in the BVI are around 5Mbps, the average being typically less than 1MBps. Presently the fastest speeds are in South Korea, achieving an average of 22.2 Mbps. This was rightly cited as an area for immediate improvement in the BVI, and the need to catch up to retain competitiveness.

I would like to propose a reframing of this vision from catch-up to leap-frog, not least because the BVI is chasing a moving target. I was reminded of the several occasions I spent on business in East and West Africa around ten years ago.

African Leap-Frogs

Africa is a developing continent, but on my first visits to nations in the Eat and West I was filled with admiration with their telecommunications infrastructure. Whilst the major cities and towns enjoyed land-line telephone access (to an extent), once you travelled outside them into the bush almost no such infrastructure existed. This struck me as a major challenge, but I quickly realised that was not the case.

With the advent of mobile (cell) telephones, the infrastructure focus was simply on setting up relay stations with masts and independent power across the countries.

Solar-powered mobile base station in Niger

So all people needed was a mobile (cell) phone and they had communication in place. Furthermore, I was struck by the quality of the networks.

On an 8 hour drive from Dar es Salaam (Tanzania) due West into the interior I did not lose cell-phone coverage once. In fact there were only a couple of occasions where the signal dropped from 5 bars (and then only down to 4). At the time there were still large swathes of the United Kingdom that did not have mobile phone coverage. (My phone still dropped out on a section of the A1 motorway during a recent visit).

This was a perfect example of technology leap-frog. Instead of applying a traditional solution to the problem, African nations embraced the latest technology and deployed it to excellent effect. So-called developed nations would do well to follow this example.

UK leap-frogs (or not)

Opportunities abound. Take the High-Speed Two (HST) rail link in the UK; this has been a political football for twenty years and is still being debated and contested. Whilst the arguments continue, the existing rail infrastructure – some of which is built on lines opened in 1850 (yes 165 years ago) – is crumbling.

In my view the debate is moot; new rail links are required, so let’s get on with it. The real argument should be about what technology to deploy.

The UK has the slowest inter-city rail links in Western Europe. When HS2 commences in 2025 it will still be slowest.

The first HST link is due to open in 2025; the train designs are not confirmed but they will be a Eurostar/TGV/Shinkansen standard, achieving 250 kph (woohoo!). Is this better than what presently exists in Britain? Certainly. But 600 kph train technology exists today and is being implemented across the Far East. Imagine what will be available in ten years time (take a look at Elon Musk’s plans here). The UK is missing a huge opportunity to make a technology leap-frog in my view.

BVI Leap Frogs – the opportunity

Which brings me back to my start point – internet speeds in the BVI. The world record for internet speed is presently held by BT in the UK, who in January 2014 achieved a speed of 1.4 terabits per second (1,400,000 Mbps). Although this was an R&D test, what was notable was they achieved this on a standard optical fibre network – the same kind of fibre that is presently being laid in the BVI.

So in the not-to-distant future the UK and Europe will be able to easily achieve 1000Mbps speeds – 200 times faster than the present best speeds in the BVI.

So, the technology exists – let’s use it. Let’s set our sights on 1,000Mbps plus in the BVI and leap frog the Caribbean and the global offshore jurisdictions.

In fact, let’s leap frog the rest of the world.

Did he or didn’t he?

That’s the question exercising IT and cyber anaylsts over the claims by hacker Chris Roberts that he accessed in-flight entertainment and flight systems from his seat. The claims have been derided by Boeing and aviation experts.

Whatever the outcome, it highlights that this is a major security concern. This hacker claimed to have gained control from his passenger seat; but many airlines have now introduced wifi to their aircraft too, a service that is gradually rolling-out globally. So could someone hack into an airliner’s controls from the ground via wifi? Or on-board the aircraft as claimed by Mr Roberts?

I’ve worked in software all my life, and my view is that any system can be hacked. We tend to think of software-based systems as something operated by computers, electronic devices, microprocessors etc. Thinking this way can lead us to lose sight of the fundamental fact that all systems are designed and built by human beings, and therefore subject to human error and oversight. Airliners have proved all-too horrifically to be one of the terrorist’s weapons of choice.

New aircraft designs use TCP/IP technology for the main aircraft backbone, connecting flight-critical avionics and passenger information and entertainment systems in a manner that virtually makes the aircraft an airborne, interconnected network domain server.

There are and should be very real security concerns with this. One key to mitigating the threat will be ensuring that all systems related to flying the aircraft are an “island” – i.e. completely isolated from the non-essential flying systems.

Although Mr Robert’s claims have been dismissed, it seems he may have highlighted a very real achilles heal in the systems. If he is to believed, the IES was in fact connected to the avionics. If that is the case, then a way-in could be found.

PHISHING ALERT – BVI BEING TARGETED

There is presently a targeted E-Mail Phishing campaign against the British Virgin Islands with someone using LIME as the mechanism. They have cloned the Lime Email login site.

The actual website that users get sent to is hosted in Greece and they are harvesting email and password information from users that log in.

The picture below shows what the email looks like. If you receive an email like this DO NOT CLICK ANY LINKS! Delete it immediately.

The following pictures show the source code being used in the attack and the email script.

This is the Source Code:

As ever, remain vigilant. If you have even the slightest doubt over the veracity of an email, delete it and contact the company directly.