Annual Research Conference

I gave a presentation about Modbus attacks at our Computer Science department – Liverpool John Moores.  That was on March 2013 and was attended by all computer PhD students.It was a good gathering and It was a great opportunity to meet new students and get exposed to their topics. I also learned a lot about many topics in computer science. The conference is a great opportunity to learn  about how to do research like identifying research problems and being able to creatively reach a solution . You also learn how to present your work to the audience by gaining experience from the students’ slides. However the level of quality varies and I admit there were some issues regarding the ability to deliver a professional work or providing the novelty of work. Let me explain the later two points below.

The First pointPoor presentation: I believe this skill is taught and it has a lot to do with self-confidence and the experience of talking with a mass of people. Most academic students lack it because the majority are new to this skill. In business and leadership seminars ; presenters are normally well-trained in order to market their ideas.

The Second point Novelty of research: In academia this means contributing something new to research which means your are the original creator of such a contribution, that does not necessarily mean a Nobel price . I think most research students fall into this trap , why ?. I think it goes to many factors: one of the most important factors is simply not reading enough. I know its impossible to cover all materials in literature, but it’s still a vital responsibility for the research student to have covered what’s related to him. It’s sometimes a daunting task but it could be applied slowly and while doing PhD for 3-4 years.

I missed the IEEE conference in Paris this month due to some circumstance and not having a visa. It’s a good conference for my topic and related topics. Most of my readings and journals belong to the IEEE. Well, I always can access the conference papers online,but I might go there next year for networking purpose.

In the Next article I will write briefly about my presentation.

Tags: Annual research conference, Kuwaiti student LJMU, LJMU, MODBUS

Writing a Thesis

I have three books that I want to share with you about “writing a thesis”: They are (Please click to see them):

1. How to Write a Thesis
2. Writing Your Dissertation in Fifteen…

I have read them all plenty of times. Every time I learn something new or need some technique about a particular task.I  believe you should read them too if you are a student and need to write a dissertation. The skills in the books are for all levels and types , whether you are a Ph.d. , master or bachelor. They are still useful, however if you are writing a book or an academic paper. They are good for all sorts of writing.

From reading those books and from my experience as a student for a long time, the most common problems that writers face are:

1.  Writing block : This happens when you reach certain stage and you don’t know what to write. Your brain is simply blocked.
2. Difficulty in  Beginning to write : You simply don’t know how and what to start with, say  at  the beginning of a paragraph or a sentence for example.
3. Thinking too much while you are writing: focusing hard on what word, idea or style you should write.
4.  Structuring your writing : You have a first draft , and you are wondering how to organize the -for example- the flow of ideas.
5. Not knowing how much to write : how much is how much ?
6.  And many other obstacles and challenges that you face every time you want to write.

Those books will have the answers to the above problems. Read them carefully and start practising and find your own style and voice. Its all about finding what’s best and what works for you.

Happy writing

Tags: books, PHD, thesis, writing

How much Privacy is allowed ?

Lets talk about privacy or confidentiality (a very popular security concept) in the Internet ! Some people care about it and some don’t. You can not force neither side to change his/her opinion. So lets walk through a typical website and discover how privacy is working . Most hosting companies provide tools that log, analyze and sometimes track visitors. I’m only mentioning the basics that those tools can do. There are plenty of features that can do more than that such as Facebook and Google . They can in a simple term form a full profile and identity of visitors (location , activities , hobbies , friends etc..) . To some people this is too much of privacy exposure to companies like Google and Facebook and  to other strangers who are using the same services in the former two. There are also people who love those features because it help them find friends , colleagues and customers if they happen to be businesses. I must admit the web is becoming more intelligent ! But go and look at the courts and you will be amazed of how much privacy-complaints cases against those companies. The big problem is you are seeking your rights form courts that belong to governments who too support those companies and use them to get data about users !!!! So in another word we are being monitored 24 hours as long as we are using the Internet. I know there are other forms of surveillance like mobile phone lines , but this is not my topic. What I’m saying is you can not stop this technology for that reason . It’s the misuse of the technology that is the problem . Life is full of things that cold be used for good and bad. Your body needs food but too much food is bad for you. Mobile phone s are important for social and business communications ,on the other hand there are other bad uses such as using phones for crimes.

Privacy is an important concept in computer security . There are issues nowadays in industrial control systems (ICS) with privacy . Vulnerabilities in those systems allow attackers to break down the principle of privacy . To illustrate my point ,data and packets move in ICS networks via channels called protocols (e.g. MODBUS , DNP3 , ICCP , Profibus ..etc) . Most of the former protocols if not all allow data communication in plain text format which means the attacker  can see whats in those packets easily if has the right tools. That would lead to privacy issues which have a huge impact on the network  and its users. Figuring out the problem is one thing but finding a solution is really challenging for researchers right now. Existing  IT solutions such as encryption which is the core of security is not easy to implement in ICS networks because of technical and economic factors. ICS networks or SCADA systems were not built with a security in mind , most of these systems are not powerful enough to support IT solutions and all that will affect production , performance and money because the production is poor.

So what to do ?  Thats why there is a strong research going on at the moment funded by governments and that’s why I’m doing a Ph.d. on this topic . I will keep you updated with the latest !

Tags: DNP3, ICCP, ICS, MODBUS, network security, privacy, Profibus, protocol, security

Land Rover Garages in North Wales

This morning in the cold weather in Bangor I went looking for a garage to fix my discovery’s lack of power problem. I have a discovery 3 model 2004, which I bought from Liverpool last year from a guy. Its my first time to do an M.O.T. for this discovery. I stopped at the “Exhaust centre” in Bangor , an old guy came to inspect it  , I told him I’m finding it difficult to speed up while on Hills and the car lacks power, he looked at it and said that he cant find any problem with the exhaust (which afterward he was wrong). I thanked him , and the best thing he did was to guiding  me to another Land Rover garage in LLandegai Industrial Estate. That’s good news for me because I only know one Land Rover garage (Thnx to Rob) : “Mon 4×4” in Pentraeth Industrial Estate , and because Steve the owner was always busy and doesn’t have many helpers , I had to wait for weeks in order to find an appointment. The new garage that I found is “LAS” garage which is bigger than the former and has more employees.

The bad news was they found so many things that failed the M.O.T. It seemed that the old owner did not take a good care of the discovery and he lied to me by saying that the car was in good condition. Well that’s another lesson to learn when you buy a car without examining it , especially if its under-priced which my discovery was. I will be taking my car tomorrow for  a huge surgery and I hope it becomes a better car . They will also bring an electrician to fix my radio. If you know other garages who specializes in Land Rovers, please don’t forget to tell me so I can list it here.

From my experience in being a student and a full-time driver in UK for more than 3 years , I noticed that getting your car fixed is quite a struggle because of the appointment issues. I have dealt with many garages with different cars that I owned and still own. Most garages especially non-branded ones and freelancers are always busy and can put you for a long-waiting  appointment. This can tell that being a car mechanic is quite a good money job , on the other hand this is not good for consumers like me , when ever I had a break-down I had to wait days if not weeks in order to get my car fixed. So if you know how to fix cars , I urge you to open a garage in UK, forget about a university degree

Diary of a Kuwaiti student in Anglesey

Tags: Bangor university, Diary of a Kuwaiti student in UK, Discovery 3, Kuwaiti Blog, Land Rover Garage in Anglesey, Land Rover Garage in Gwynedd, M.O.T.

Migrating to Linux

Im not new to Linux , but its been a while since I had it in my hands. The last time I was a Linux user was in 2003 , I know it’s a long time and there had many changes since. In the last 2 weeks I was quite frustrated with Windows 7, after I ran an update from Microsoft something went wrong , my machine was so slow and laggy despite the fact that I have a quite powerful laptop (Intel i7) !  I could not do my research and other works because I had to wait for minutes for every click I made. Luckily I bought “BackBox Linux” few months back for security training. I installed it and everything was smooth. I updated my Linux with Ubunto software center because Backbox Linux is a version of Ubunto distribution dedicated for security tasks. To be honest I was quite sad for leaving some of my favorite applications like EndNote & Evernote  which I use heavily for my research and note-taking. The good news is I found many alternatives for EndNote like : Bibus , JabRef, Mendeley and referencer. I found them in that order and I had to experiment with them to see if they suit my work and my style. Mendeley for me is the best choice because its so easy and practical. It also updates my references automatically and I can view them in my Android too. For EverNote , I searched SouceForge and I found NixNote : its  an excellent tool that runs on Linux, Mac and Windows. Its syncs with my Evernote notes wonderfully.

I’m rally glad that Linux has reached this stage in desktop development. I remember back in the days when Linux desktop applications were few and missing many important tools for day-to-day tasks.  I really love the huge variety of security tools that are available in BackBox Linux “Its a hacker friendly”  and I will be using may of those in my Ph.D. I also Love the development tools like Python , they are way better  than Windows. My advice to you is to get an open source Unix like Linux if you fancy a challenge and programming.

Tags: BackBox Linux, Bibliography, EndNote alternative, EverNote alternative, GNU/Linux, Hacking, Open Source, Programming, Reference, Ubunto

Ahmad’s Birthday

My son Ahmad is now 7 years old. I remember when we came to North Wles in 2009 when he was almost 4 years old  , time passes by really fast.We went yesterday to CineWorld cinema in Llandudno Junction to celebrate his birthday. He invited many of his classmates and friends. The party program was :first watching the movie ” Madagascar 3: Europe’s Most Wanted ” and then followed by  a lunch meal at Pizza Hut. The movie was really funny , we all enjoyed it very much.

We had to drive 25 minutes to the theatre , because unfortunately there aren’t any cinemas in Bangor city for a reason I don’t know. Anglesey and Bangor is full of people plus the big population of students during academic years, Cineworld should move to Bangor. Not just cinemas , Bangor city needs many other facilities like proper restaurants, entertainment and shopping malls. The shops in Bangor to be honest are few and poor.

My daughter Amina was the star of the birthday party. She was moving all around looking for adventures I will leave you with the pictures.

Tags: Ahmad Alhasawi, Kuwaiti Blog, Kuwaiti students North Wales, kuwaiti students uk

Common SCADA vulnerabilities — An Introduction

This is my first topic about Cyber security in general and Industrial Control Systems’  (ICS) security in specific . The ” Department of Homeland security” (DHS) published a report about the assessment of ICS products and  they have published their findings about common vulnerabilities found in ICS. Those vulnerabilities/alerts are serious, crucial and must be  considered by organizations that rely on ICS  or SCADA  in particular . DHS-CSSP have used  an assessment tool they have developed: Cyber Security Evaluation Tool (CSET) for that purpose. Its available for download in their website. The vulnerabilities are categorized into 3 types(according to DHS)  based on their occurence:

1. vulnerabilities exist due to poor design of ICS products (inherited).
2. vulnerabilities exist from improper installation or configuration.
3. Vulnerabilities exist duo to poor network protection or bad security-configuration.

The information about ICS bugs also gets its data  beside the the CSET assessments from : other assessments about ICS cyber security and  the ICS-CERT activities. You should subscribe to ICS-CERT alert. The CSSP is a division of DHS that deals with ICS. However DHS has noted that one should not rely blindly on this report for many reasons like : not all ICS products were assessed using the same type of weakness or test. This field is still infant and the need for extra tests is obvious. CSET is a desktop software , its database (recommendations) was fed by the best cyber security practices  and ICS standards such as NIST ISO/IEC and NERC. I think the industry should use  similar tools as they are made specifically for ICS . The traditional IT-security tools dont recognize ICS protocols and ports. There is a paper that tests IT tools and urged developers to create ICS tools

This is a very brief intro about ICS vulnerabilities. I will keep posting in this blog as long as Im a PhD student  for learning purpose and to keep my writing muscle warmed up Keep in touch and any comments are more than welcomed.

Tags: CSET, cyber security, DHS, energy security, ICS, Industrial Control System, Liverpool John Moores, NERC, NIST, SCADA, Sulaiman Alhasawi, vulnerabilities

Research Student Induction

After 3 weeks of my enrollment in LJMU , I was asked to attend the “PGR induction” workshop yesterday as it is compulsory for all research postgraduates. I had to leave North Wales before 7 am in order for me to be there (Liverpool) before 9am which was the start time of the induction. Sadly I could not take the trains becuase of the recent rain-floods in many areas in UK. There were  quite a lot of atendees and all were research students. We were seated in round tables and my table I was with 5 other students. My table mates were friendly and we were properly introduced and had  friendly chat.  The induction was quite lengthy as it finished at 4 pm (thats almost 7 hours !). However they provided us with freshments and a lunch meal which was nice and a good source of energy.

We then had ( as a table group) to draw a poster of what characteristics a suvervisor or a student should have during the Ph.D. journey , only images are allowed . You can look at our poster below. The workshop was really good and they introduced plenty of  valuable information related to our course beside important research skills ( library skills , referencing … etc).

Tags: Kuwaiti computer science, Kuwaiti student Liverpool, Kuwaiti student LJMU, Liverpool John Moores, LJMU computer science, PGR induction, Research student induction

The path to P.hd.

Today I enrolled successfully in Liverpool John Moores University (LMJU) to study an MPHIL and Ph.D later on. My research topic will be on “Energy security”. I have met my supervisor and we discussed various issues concerning my research. He did a good job in introducing me to the field and explained to me how things work in a research degree. We had a nice and friendly conversation . I chose to study in Liverpool despite the fact that I live in North Wales  because I like the topic and I find it very interesting. I have always loved IT security and I can fit very well in that field . I like the university, the buildings and the atmosphere. Today our school coordinator gave me a short tour around the campus and showed me my office, that was cool. I will be posting in the future security topics in my blog , so I just wanted to warn you about the new geeky changes . Time to get busy ! The path to P.hd. begins today .

Tags: computer Science, energy security, Liverpool, LJMU, Mphil, P.hd., SCADA, جامعة ليفربول, كويتي في ليفربول

Eid Mubarak

Happy eid every one. I hope you enjoy it . I’m still in UK away from home. MY Kids now are getting ready , we are going to Chester zoo if the rain stops otherwise
we look for somewhere else . Im writing this post from my Android for the first time , normally I blog from my laptop. I’m using WordPress app.

Now I work with NUKS as a representor for Bangor city. Any question or help from new or old students is welcomed . Please don’t hesitate to contact me.

Tags: طلبة بانجور ، كويتيون ، اتحاد الطلبة ، بانجور