Home  |  Sarah  |  Services  |  Blog  Contact

Friday, 25 Sep , 2015

Period Cybersecurity Drama: Fear, Uncertainty & Downton

Share this article

An old fashioned tale of reporting lines impacting effective communication, missing due diligence, disgruntled insiders, social engineering, technical risk blinkers, political incident response and risk owners not being armed with the information they need.

12271759_lIt is a beautiful day on the Downton estate. Dappled sun beneath the majestic oak decorates the couple who have their heads together in urgent conversation:

“But Carson will never agree” argues Head of Marketing, Lady Mary “He will have little choice if your father can be persuaded” replies Matthew, the CIO and the CEO’s heir.

They set off back to the house with the Labrador they used as an excuse for the walk dancing around them. “Indeed” responds Mary “but if our Chairperson hears of this father may not stand a chance.” “I suppose we shall just have to see how it plays out” he replies as they reenter the house.

Later at lunch

“Darling, I have made enquiries about a telephone service for the house” opens the COO Lady Grantham. Conspiratorial looks are exchanged between the heads of Corporate Events, Communications and Marketing a.k.a her daughters Sybil, Edith and Mary.

“Really dear!” replies CEO Lord Grantham “Must we adopt every new fashion you hear of from your London crowd?” “But the girls are so keen to keep up with new friends they made during the season my love. It really wouldn’t do for them to lose touch and even the Callans have had one installed.” “Is the latest gossip such an urgent matter?” retorts the master of the house.

“Lord Grantham” Interjects Matthew “I do rather agree with her Ladyship. It is technology that is here to stay and I think you will wonder how you managed without it after only a short while” “Oh well” he sighs, then continues to the girls’ evident delight “I suppose we must move with the times and it would be useful to reach our lawyer and London housekeeper”

“I really don’t know what the world is coming to” the Dowager Countess and Chair of the Downton Board, laments “Your generation” she says, giving each girl in turn a withering look “have absolutely no patience.”

Unseen by the diners, Lady Grantham’s maid O’Brien retreats from the door behind which she was eavesdropping.


“…so it’s only a matter of time” finishes O’Brien.

“New fangled nonsense is what it is” proclaims Carson, Head of Business Operations “There is nothing wrong with the Royal Mail and if urgent a telegram. Do they feel I have failed to co-ordinate their yearly trips to their satisfaction? I think not! So what is the need?”

“My friend Mavis says they boil your brain” Daisy the admin assistant says “Not all at once…just a little bit at a time” “Your friend Mavis is lucky to get her smock on the right way round” chastises Mrs Hughes, Head of Security “so I don’t recommend seeing her as an authority on anything. It’s the operators that bother me. People seem to think they are above listening in to calls. I shall have a conversation with Mr Thomson to find out who works there and ask how they deal with eavesdropping. Do you think Lord Grantham has thought about that Mr Carson? Should I have a word?”

“Are you questioning Lord Grantham’s intelligence Mrs Hughes? I thought better of you! If anyone is to discuss concerns with his Lordship it will be Mr Crawley our CIO. I will mention it if an appropriate opportunity presents itself.”

“If you knew one end of a telephone from other it would help” says Branson, Head of IT Operations, under his breath “I beg your pardon!” Barks Carson “I’ll have none of your cheek young man. Just because you are obsessed with mechanics and electricals, don’t think you understand the running of this establishment!”
“My apologies Mr Carson” says Branson with little sincerity “I’m pleased to see us leaving the dark ages, but want to see it thought through properly.” “And it will be young man! By your elders and betters! Now get out of my sight”

As Branson leaves with a wearily frustrated glance at Mrs Hughes, Thomas chucks in his usual curt 6 pen’orth:

“About time!” says the supremely confident, cruel and at risk of redundancy Head of Sales “Bates can keep in touch with his doctor. See if they’ve found a cure for being a pious bore”

This prompts a cheerful sneer from O’Brien, which disappears when Carson treats her to a thunderous glare. As is typical, Thomas is unswayed. Leaning back in his chair he takes another puff on his cigarette and smiles lazily at the assembled staff.

Later that day at the telephone company

“Hello Miss Jarvis” says Thomas in his finest flirting tone “I must say, you look prettier every time I see you”. Blushing furiously Miss Jarvis shyly replies “Well aren’t you a one Thomas. We’ve known each other since we were tiny. Stop being daft”. “But that’s just it Tilly. I am daft. Daft about you. Didn’t you know?” “Oh do stop” Tilly responds. Obviously not wanting him to “What do you want? I know you didn’t come here just to play silly beggars”43554711_l“As a matter of fact I did have an official purpose” replies Thomas “The Earl is concerned that his daughters may get into mischief when this telephone is installed. He asked if you would keep a record of their conversations. I’ll pop in to collect what you’ve noted when I’m in the village.”

“I couldn’t do that!” Tilly cries “I would lose my job!” “Tilly, what do you take me for” Thomas soothes “This is all above board. Lord Grantham has spoken to the chairman of the local telephone company and has his express permission. He has daughters too and completely understands. You wouldn’t want to go against your most senior boss’s wishes would you?”

“I don’t know Thomas. This all seems very unusual” Tilly isn’t as daft as Thomas took her for “I’ll just check with Mr Thomson when he gets back from lunch.”
“Tilly Jarvis!” exclaims Thomas sounding utterly offended “You will cost me my job if you behave as if I am not trusted. What are you thinking?! Mr Thomson is not to be bothered with this. Mr Carlton, your chairman, has heard of your discretion and asked expressly that only you know of it”

“Really?” says Tilly, her pride and quiet ambition getting the better of her “He has heard of me? Well I do transfer some of his calls and he did compliment me on my telephone manner. If Mr Carlton has agreed this is appropriate, who am I to question it? Will you put a good word in for me with the Earl Thomas? I should hate for him to get the impression I questioned his request”

“Seeing as you’ve come to your senses and been so helpful Tilly, I shall certainly do that” says Thomas, all smiles now things are going his way “Who knows?” he goes on “If you are as diligent as they say, I may well take you to the fair next month” this last delivered with a wink “I like girls who are smart enough to know when to leave things lie”.

Two weeks later

The whole family silently encircle the four poster bed. Lord Grantham is holding his late mother’s hand. His head bowed and lips pressed against her rapidly cooling skin. “It was just too much for her” he chokes out “Who could be so cruel!?”

Matthew is holding a newspaper in his hand. In the drama he had picked it up when it fell from the Dowager Countess’s lap. On the front page the headline that destroyed the family’s reputation can just be seen.

“It appears it was the telephone operator” Matthew says quietly to a deathly pale Lady Mary “We had no reason not to trust her. None of our friends or acquaintances have had their confidence breached in this way and the Chairman of the local phone company is as reputable a man as you could wish to meet. I paid for advice from a foremost expert on the technology. He told me there are fears of spies tapping into telephone lines, but this was never mentioned and did not occur to me.”

“Did we not check her credentials?” asks Lady Mary gently “There was no time” replies Matthew “and it didn’t seem necessary. To make matters worse she is blaming someone in our household, saying they made her do it”

“Does this woman have no shame!?” weeps the distraught Lady Grantham who had obviously overheard. “No-one believes her” Matthew says, placing a comforting hand on the Countess’s shoulder “and really, it is not important right now. She will be silenced and discredited. We will protect the family name”

“But what about all the other people at risk?” Mrs Hughes says under her breath to Carson in the coridoor “We should warn them” “Don’t trouble yourself with that right now Mrs Hughes” he replies “The family has suffered a momentous loss. The important thing now is to limit impact on his Lordship and Lady Sybil. She may, in her drive for public approval, have done some desperately misguided things and shared information about Downton she had no right to share, but his Lordship, when he is somewhat recovered, will see that a kinder version of events is shared”

“If only we could have made them aware of the risks” laments Mrs Hughes “One doesn’t trouble the family with every little concern” replies Carson “They have more than enough to worry about keeping the estate in order” “That is a little ironic given the current situation is it not?” she responds, with an icy edge to her voice. “Perhaps” says Carson, with a note of finality “but least said soonest mended”

“Until the next time” Mrs Hughes cannot resist adding.

“That’s enough out of you” he replies with a hint of menace. “Remember your place!”

So there you have it. An old fashioned tale of reporting lines impacting effective communication, missing due diligence, disgruntled insiders, social engineering, technical risk blinkers, political incident response and risk owners not being armed with the information they need.

My sincere apologies to any avid Downton Abbey fans. I’ve no doubt deeply offended some of you. This is what can happen if an InfoSec pro, in desperate need of distraction, clicks on a random Amazon video and gets hooked.

For more non-period security drama, see a business near you today.

Opinion: Paying to play with our personal data – is it ok?

We’ve migrated from ‘Hot or Not?’ to being held virtually hostage by many of the digital platforms we rely on today. In the midst of that a new processing paradigm has emerged. Myriad startups want to pay to play with your personal data. Can this tackle on-going...

In AI we will blindly trust…

...and the architects, designers, data scientists, and developers will think we are nuts I've been driven back to the blog to talk about one very specific aspect of privacy, data protection and Artificial Intelligence (exchange for Machine Learning or Algorithms as...

Data Protection, Security, and the GDPR: Myths and misconceptions #2

Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...

Where and to whom does the GDPR apply?

Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...

GDPR – You’ve analysed the gaps, but can you close them?

  There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...

GDPR – The Compliance Conundrum

There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...

Opinion: The role of automated data discovery in a GDPR programme

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...

When Business Culture Eats Cybersecurity For Breakfast – Part One

A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...

Cyber Insurers Dictating Cybersecurity Standards?

A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...

There Is No Such Thing As Information Security Risk

Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...