34. Philip Huff - Computer Science Professor - Cybersecurity Within Your Organization

October 26, 2020 Robert Wagner, CPA, Advisory Partner

Philip Huff

Philip Huff is a Certified Information Systems Security Professional (CISSP) and an Assistant Professor of Computer Science at the University of Arkansas at Little Rock. He has spent nearly 20 years in the cybersecurity sector, working in IT security and critical infrastructure security. His areas of expertise include cybersecurity, internet of things, machine learning, and digital forensics.

In this episode, Philip tackles important topics in the cybersecurity space that affect your business. He discusses the necessity that is cybersecurity, data privacy and the advancements that came with GDPR, and how to budget for and measure the effectiveness of cybersecurity.

This episode is now on Apple Podcasts, Google Play, Spotify, Stitcher, or wherever you listen to podcasts. You can also listen via the podcast player embedded above.

Make sure to subscribe to “How That Happened” to receive our latest episodes, learn more about our guests, and collect resources on how to better run your business.

 

INTERVIEW TRANSCRIPT

Robert Wagner:

Our guest today is Philip Huff. Philip is an assistant professor and research fellow at Emerging Analytics Center at the University of Arkansas in Little Rock. Philip has had a distinguished career in both working and teaching in the IT and cybersecurity fields. Prior to his teaching and research career, he worked for the Arkansas Electric Cooperative Corporation, as director of critical infrastructure security.

And then in 2018, Philip began his teaching career first at Arkansas Tech, and now at the University of Arkansas Little Rock. So Philip, welcome to the How That Happened Podcast.

Philip Huff:

Thank you for having me.

Robert Wagner:

Yeah, very excited to have this conversation. And this is a part of our series of content that we've been publishing around cybersecurity in the month of October of 2020, which is Cybersecurity Awareness Month. So very happy to have you on and have your expertise for our listeners. So, Philip let's just start the beginning. You earned an undergraduate degree in math and computer science. So, were you just super smart at predicting one of the hottest future careers? Or were you a computer geek, or how did you get down that path?

Philip Huff:

No, I was a math geek. I guess if anything, I didn't really like computers all that much.

Robert Wagner:

Okay.

Philip Huff:

Which, is probably good to be in cybersecurity. No, so I wanted to do something with math. But I took computer science, because I also wanted to get paid. And I started out as a programmer, but I've always really liked cryptography. That was the funnest math to me where you could... I guess it was kind of a spy mentality, but I really enjoyed it. And it just came about I was in the electric industry. That was my first job out of college, and I just [inaudible 00:02:30] a great place. Great boss, and he had an opening in cybersecurity. And that's a very early on, I went over that direction. And the electric industry is, they started on cybersecurity well ahead of most other sectors. So it was just fortunate that I was able to get in before it got really hot.

Robert Wagner:

Right. Well, it is a great segue, because I wanted to spend some time talking to you about that experience. Because, I think there's uniqueness to it there. But let's just maybe define what an electrical co-op is for our listeners.

Philip Huff:

Well, they're a utility. So they provide utility service, but they're also a nonprofit. And so they rose out of a movement, I guess similar to what you would think of with internet right now as people really need internet to move ahead in life. And a lot of companies just aren't incentivized to build out in these rural remote areas. And so the Rural Electric Cooperative Movement grew up around the 1930s to provide that service. And so they have a really great service oriented mindset.

And they formed generation and transmission cooperatives to build infrastructure, so they could support their overall operation of the grid better. And so that's the organization that I became part of was at Arkansas Electric Generation Transmission Cooperative.

Robert Wagner:

Okay, gotcha. So, that's really good context. So I'm just imagining that in terms of security, and your title is around critical infrastructure security. So, I'm guessing this is a mix of cyber security, IT security type things, as well as physical security, right. You got things you can't hide in a bunker when you're producing electric. So [crosstalk 00:04:36] combination of those things like, I guess.

Philip Huff:

It was a lot of fun. So, it's more than cyber and physical security. You're also working with a lot of engineering problems. And so you have a lot of different people at the table and dealing with engineering and life safety constraints. And you're working in environments that are very harsh. Very difficult to get networks out to, sometimes just in the middle of a cow pasture. I mean, that's where generation and substation facilities are built.

And, so be very critical services to society. And it was just very high stakes constraints to solve some of the cybersecurity challenges, but you're right, there was physical security as well. Because they're remote, and just inherently out in the middle of nowhere. And so, a lot of challenges of how do you get visualization? How do you lock it down in a meaningful way, and still allow folks to get to that need to respond in emergency situation to get to? So, there's a lot going on?

Robert Wagner:

Yeah. And it seems like maybe not as big a high target as the main utility in an area. But it seems like a high target type facility, right. So I mean, we talk and we're going to talk about cybersecurity risk and your networks and all those things. But protecting those don't matter if there's no electricity doesn't seem like. So it seems like it's a big deal to try to protect these things.

Philip Huff:

Right, that's why the electric sector really started very soon on cybersecurity. One, because they have so many computing assets. Very early on they're just by nature, a distributed environment. And there's just the target from nation states, that's kind of the primary target is if you can take out electricity, that's the quickest way to damage a society. And so regardless of how big or small you are it's a distributed system, and everybody plays a part. So it's every organization that functions, and it's pretty critical.

Robert Wagner:

Yeah. So you went right where I was thinking about, in terms of the folks who might be targeting bad actors, you said state sponsored type folks. So are these systems being attacked all the time, like just all the time that you're having repeated attacks?

Philip Huff:

No, I mean they're difficult systems to get to, to begin with. And they require a lot of domain knowledge. So there is a threat. But there's also some inherent protection, so from a defensive perspective you have a lot going for you because it requires not just domain knowledge of the utility. But that specific operation maybe that specific generation plant, you couldn't be somewhere in Russia, and have learned what goes on in a generation plant and apply that same knowledge to the US in a way that would make a meaningful attack. So it takes quite a bit to come up with an attack that would actually work on these systems.

But at the same time, people were trying it's just that they are pretty deep within the networks. They're not on the just hanging right off the internet. So it wasn't a day to day another country's attacking. There's definitely some inherent protection in the system.

Robert Wagner:

Gotcha. Okay, that's very interesting to know, it's very interesting. So I appreciate that. Let's turn our attention now to cyber risk on a more personal level, organizational level.

Philip Huff:

Yeah.

Robert Wagner:

And just as a launching off point, I found a quote from you, a year or so ago it says, "The idea that you'll be completely secure, and your organization will not have to deal with cyber threats is totally false." This is a concept that we preach to our clients all the time, it doesn't matter what size you are, it doesn't matter what kind of organization you are, whether you're for profit, nonprofit, governmental, everyone is at risk. It seems that cyber is unique in that realm in terms of thinking about enterprise risk management, why is everyone at risk in the cyber world?

Philip Huff:

There's a lot of reasons for that. I mean, in physical security everybody's at risk to some extent, right. That's why we everybody has locks. So we're humans, and so there's something innately adversarial about us. That just creates an always on risk. With cyber is different, there's some characteristics about cyber, just the velocity at which attacks occur. The complexity, the ability to perform these anonymously, they provide a different adversarial component that we just don't face very often, in the physical realm, we can see our adversary. If, they want to do us harm, then there's probably some instrument that we can see. And they're coming at us and attacking us.

So, that's a lot more evident. But with cyber risk, you have that adversary out there. But the way in which they attack is, it's not in the same, it's not evident. It's not necessarily from across the room. And it's not somebody that you even know, so it the attacks happened at a speed and scale. And, complexity is that's just different than what we're used to in physical security risk.

Robert Wagner:

Yeah. It seems like the incremental cost of the bad guys doing more attacks more attempts is very, very small which makes it easy for them to just go after everyone. Is that accurate?

Philip Huff:

Yeah. Incremental costs of attacks and also their personal risk, it's not a fair game. Usually, if you're attacking somebody, you take great personal risk to do so. And you better be good, right? So people are trained to physically attack. But with cyber attacks, you don't necessarily have to have a lot of risk. And it may not cost very much.

In some cases, it costs a lot more for instance with terrorist organizations. They have a desire to harm the United States, and infrastructure of the United States. But they don't have the capability and resources to build that up. So it takes more than just the desire. And so it's not readily available to everyone. But if someone learns those skills, then it doesn't take maybe millions or billions of dollars to build a weapon. It just takes a lot of domain knowledge and expertise.

Robert Wagner:

Yeah. Okay, Philip as we think about how we're protecting ourselves and where organizations are today. There's a huge movement to the cloud. We're not just moving our data to the cloud, we're moving our processing, we're moving the apps to the cloud. Is that helping or hurting us in terms of our ability to manage cyber risk?

Philip Huff:

It's different, and it's inevitable. I mean moving from a utility, which is very, very much out of the cloud for the most part. To the University, where there's a lot of hardware computing it's very expensive. I mean, a lot of people just aren't aware of how expensive a rack of equipment is. It could be a million dollars or more, to invest in that rack of equipment.

And then when you look at the cost of running this infrastructure and services online, I'll give you an example. The university provides labs for students to perform on the cloud. And they pay roughly three cents an hour to run these labs. So ultimately, it's perfect for the academic environment because they can run the labs, and student has this great experience hands on cybersecurity for like six cents. And we don't pay anything for the hardware and the maintenance.

And so there's an inevitable component, that the cloud is going to be a utility function for our society, it's inevitable. It's just a matter of when do we have enough trust in the cloud to fully make that transition? And right now, whether you've made a strategic decision or not, there's data, there are services from just about every organization in the cloud. And it's difficult.

The way you protect the cloud, the way you defend, and the way you react in cybersecurity in the cloud, it takes a different domain knowledge, and that's the challenge today is working in both of those environments and knowing where everything's on.

Robert Wagner:

Yeah. So just staying with that theme for a second. A lot of things go into the cloud. And then there's a lot of places you can go to the cloud, but a lot of things are getting concentrated with a few players, right. So you got Microsoft, you got Amazon, you got Google. What is the risk of? Or do you see it as a big risk that we're beginning to really concentrate a lot of... Really, globally. We will talk about the United States. Processing our apps or data in at least a few players. And I guess I'm wondering, are they partitioning that off so that if they have a problem in one area, they're not going to have problems in other areas? Or what about the risk, I guess?

Philip Huff:

Yeah, I mean the reason the cloud has grown so big is because I mean, data is the... That's the gold rush of our era. And so Facebook, Google, Microsoft has created these huge data centers. And so the cloud services are more of a byproduct of that. And I think that's what we have to contend with is base develop, because Big Data is the gold mine. But now it does need to be distributed, there's inherent risk in the public trust. We've seen that with cryptography, the more that you make that available to the public, the more trust you can have in those and really I don't know where we're going, per se, I would like to see, cloud become a utility function where you have cities that... To have that very low latency, we're going to we're going to offer the cloud utility and it doesn't have to be in the realm of just three or four players, right.

Robert Wagner:

Yeah.

Philip Huff:

I think that does reduce the risk significantly. However, they have demonstrated a lot in public trust and the services they're offering and the cryptographic services they're offering makes it a lot easier to trust those cloud services. But it's a different mindset. And it requires different skills to protect. So it's not a decision to take lightly.

Robert Wagner:

I guess we would have to get over the hurdle of the government knowing so much about our data. I guess they know it maybe anyway now. All right, but-

Philip Huff:

Right. Well, in what happened with Edward Snowden several years ago. I mean, that was kind of the... That has shaken the public trust for a long time, still probably does. But the services they've implemented since then, are demonstrably secure and encrypted. To the point that would not happen. You couldn't have a black government box sitting in the cloud doing what we saw happen, that was written with Edward Snowden.

So I think it's better than it is. But yeah, I mean I would definitely, there's so much efficiency, so much to be gained to go into cloud services. I do hope we move to a more distributed ownership model for that.

Robert Wagner:

Yeah, interesting. So, Philip you may not agree with or accept the premise of this question. But I want to try it on you. So this is to personal data.

Philip Huff:

Yeah.

Robert Wagner:

And, I'm almost kind of ripping from the headlines here. So, as late as last night on October 21, of 2020. We're recording the next day on the 22nd. A company called Trustwave, a global security company. They announced that they found a hacker selling personally identifying information on over 200 million Americans. There's huge amount of data is out there.

And so my question really, is that it seems like that as breaches continue to happen. As the dark web builds their databases, that our personal information is not going to be a secret anymore, they're eventually going to know all of our important numbers and statistics, is that accurate?

Philip Huff:

Right. I hope not, I think that some of that's been turned you're seeing more accountability. That the public is enforcing. I mean, the GDPR regulations with the European Union have turned the tide on some of that. I mean, they really put some of the personally identifiable information in check. I mean, if nothing else we click on more cookie signs on the web.

But, I think the pressure does mount there's some accountability. That increases when we have those huge attacks. Equifax is just one example that take advantage of that opportunity to say how well are you really protecting our data? And since that with GDPR, some of the changes that Google has made, that Facebook has made, have really benefited privacy to where you don't have the full life story that's been stored on these third party servers. So I think it's better than it used to be, but there's still a long way to go.

Robert Wagner:

Okay. Well, that's good. I mean, it seems there's a two pronged piece to it. And I'm glad you feel like that data is being protected better, maybe than it has been, or was initially. It seems like the other prong though, is that we're having to focus on making systems that make sure that when that data is being used, it's me it's using it, or me that's authorizing it to be used, right?

Because, again if my data is out there someone else could be trying to use it. But there's another phase too, you got to make sure that it's really me trying to access whatever, access my bank account or whatever, right.

Philip Huff:

Right. And, that's a challenging problem. But a lot of research is going into that. I again, I go back to the GDPR. They put regulations in place that was impossible to meet. And that, in turn has spurred a lot of innovation of ways to find better solutions. Unfortunately, with security and privacy it seems that the way we develop standards is it kind of spurs innovation in that area. Whereas, it should be the other way around standardization should follow innovation.

But with security, privacy it just takes a... This is what the public wants, and this is what the new regulation is. And say," Well, we can't meet that we've got to figure out a way to get this done." And so that cycle, there's kind of a lagging cycle of the technology goes out there before it's really either security or privacy protecting. And then we figure out how to do it.

Robert Wagner:

Yeah. Okay, that's kind of scary, but okay.

Philip Huff:

Hopefully, it gets better. Maybe this is just a really bad era in industry. And we'll figure this out in several decades down the road.

Robert Wagner:

Okay, so thinking about organizations, and those who are in charge of securing their data or at least at the leadership level worried about their data being secured. How do we know the person who's doing that, or the organization is doing that? So let's say they hire Hogan Taylor which you can do by the way, to secure your data, secure your networks. How do you measure whether that person, that organization is doing a good job?

Philip Huff:

Well it's complicated, understanding the effectiveness of security controls is extremely difficult, it takes a lot of investment. It takes a lot of investment just to install security controls in a way that makes them effective. But I mean, the exciting thing about cybersecurity and cyber security operations is it's a challenging problem and taking this technology and figuring out how do I not only implement this, but implement it in a way that somebody else can come and verify.

That's one of the things with our students, we teach trust. That's a foundational aspect of cyber security and computing is you have to build a basis, not just for people that trust the system. But there has to be a basis for people to trust the system. And that requires investment, and it requires strategy, it requires an environment in which that can take place. It doesn't happen overnight. And it's not something that you can simply invest in. It requires a good organizational environment for you to come up with a good answer to that question.

I always hated it going down the hall. And somebody asked me, "Hey, are we secure today?" How many hours do you have [inaudible 00:24:59] answer that question because, "No, we're probably not." But, that doesn't mean we just throw our hands up and give up. There's a strategic and valuable way to implement security, and in a way that your investment is paying off. And it can be demonstrated.

Robert Wagner:

Yeah. Do you have any guidelines? Maybe that you work with your students or organizations on how much they should spend as a percentage of revenues or something? Is there any rules of thumb in that they're developing?

Philip Huff:

Yeah, I don't like percentages, as much I know sometimes you have to just because it's on a timetable. And you really, you know you have to invest in security, you know you have to have something in the budget. But cybersecurity spending should be on the basis of risk to the extent that you're able to identify it. And it should be based on what you can measure and how much value. I mean, there are ways I think you can see metrics of the effectiveness of the security control, if it's even being measured at all. There's ways you can see how often are we seeing cyber attacks, how often we're not responding to them?

I'm not a big fan of any metrics, that measure success as the absence of a cybersecurity incident. Because, that's probably a false metric. And it incentivizes wrong thing, but if you can find metrics that look at firewalls are a great example. They're so expensive for one. And if you can identify how much time are we spending, maintaining the firewall, how effective is our firewall has an outside party, assess the rules and given us a clean bill of health. Or at least demonstrated that we are regularly maintaining that, and we noticed a firewall is a good thing to have. And if we can demonstrate that the investment we've made and every aspect of that firewall is providing value.

I think that's a better metric. It's a lot more complex than how many cybersecurity incidents we had this year. But it gets more to the heart of the question is our cybersecurity spending, effective in reducing and mitigating the risk unacceptable risk?

Robert Wagner:

Yeah, that's a really thoughtful answer. I appreciate that. I think it's very helpful to our listeners. Philip, it seems like that this is if you could classify this as a game. It's sort of a high stakes game, but, man, it seems like the bad guys are just right in our rear view camera, right. You'd see their teeth in our rear view camera, is there something coming? You know that from just a kind of a game changer in security, a magic bullet if you will. That will put the bad guys kind of back there quite a ways? Or is this what life's going to be for as far as you can see it?

Philip Huff:

That's a good question. There's a General Patton a great quote saying that, "We've seen the enemy and he is us." I think I'm butchering that quote. But that's really the truth the adversarial perspective of cybersecurity is human. And the adversary is very intelligent, and reactive. And so it's the way we've developed technology. I don't think there's a point in the future where we can say that said, "Okay, we have solved this problem."

It's just the technology's too complex. It's not something that we can comprehend with our brains. We're limited in that capacity until we have to do our best to model and understand what the threat is, but the threat is still always us. It's that same intelligent adversary. And that part of it is not going away. It's always an arms race.

Robert Wagner:

Yeah. Can you just put a little more meat on the bone there in terms of the adversary is us. I mean, I think I know what you're getting at, but go ahead.

Philip Huff:

Right. I mean, it's human behavior to attack. And every nation state is they have an offensive perspective of cybersecurity, that's one of the things teaching cybersecurity is a lot different. Because, in an organization I'm always on the defensive side. But the reality is there are two sides in cyber security, and you have to be prepared for both. I'm not saying like, you should hack back, or develop a cyber offensive strategy for an organization. But the reality is in our world you have an offensive cyber security, that has to be there for any amount, any type of military operation. And just expand that further. Any malicious or criminal behavior in humankind is going to be prevalent within our technology.

And so that's why I think it's not going away, because it is us. This is who we are, we still have criminals, we still have this adversarial behavior. I mean, I was pretty upset when the person cut me off. And was on their phone on the road. There's just that element. And some people will use technology to carry that out sometimes. And that's why I think that it's not something that is, that's going to get better with time. It's just it's the nature of who we are.

Robert Wagner:

Yeah. So you want the app that if somebody cuts you off, and they're on the phone, you want that app jams their signal, right.

Philip Huff:

Right, if only.

Robert Wagner:

Okay, that's a great explanation, I appreciate that. Certainly at the state level, you can see. And I should say nation level you can see there would be an offensive purpose to that.

Philip Huff:

You hope so, right.

Robert Wagner:

That's part of your defense, right-

Philip Huff:

[crosstalk 00:32:13] it's the best offense.

Robert Wagner:

Just like we want to have a strong... We say a strong defense, or a strong offense to really to protect ourselves is really in the same vein, I guess. So just kind of one more line of questions and thinking. I'm trying to follow along what's happening in outer space. So with the SpaceX venture, and the Starlink satellites, and I was reading recently that I think we're up to like 700, maybe 800 Starlink satellites, these are going up every two weeks they're putting up... This is a very distributed system.

They're putting up tons of these small satellites they're going to eventually provide the 5G connectivity across the country, right. And that's going to grow to 12,000, satellites, maybe even more. What is that going to look like in terms of security, is that going to change security for organizations? I'm sure it will at the nation state level. But what about organization?

Philip Huff:

Yeah, I think for organization definitely for organizations, it removes the boundaries of the internet in some sense. It certainly creates a different computing model. When, you have a term that's become a common to kind of look at what's going on with 5G with IoT. With these low orbit satellites, you have this ubiquitous computing, which means everything chips with a chip, everything ships with a network adapter, and everything has the potential to be connected, which in some sense is really exciting.

Because, what you can do with that. But it does change the way you protect things. Because right now, we do a lot of cybersecurity with checklists, Excel spreadsheets with manual reviews, and it's become even hard... I don't know probably before VMware came on the scene, and virtualization was a big goal. You used to be able to go into the data center, and see your servers and [inaudible 00:34:38] down. And then all of a sudden with virtualization overnight, your servers exploded to where it didn't take anything to build new ones.

And so your inventory grows significantly larger. I mean, that's still a challenge that we haven't really figured out how to contend with. But when you start developing this global ubiquitous computing environment, then we're far beyond the number of components that we can individually maintain. And that requires a system of cybersecurity that's very different, definitely very automated. But still orchestrated by humans, it's not something that we can go and patch this router. Because there's thousands, or potentially millions of them. Because the network's coming, and we know which networks the applications are going to come as well. And so that's a big challenge coming up, and how do we deal with that cloud two device security challenge? When it's not hands on?

It's crazy, a lot of my students they aren't even going to touch the server components that they're working on when they get out. It's just a completely different world out there even now. And I think, as that network grows out it really starts to change the nature of how you protect things.

Robert Wagner:

Yeah. So if you inspect the satellite thing for a second. I mean, it's distributed by definition. Does that make it more secure? Particularly, from the nation state I guess standpoint, does that make it more secure? Does that make it more risky? If you find a way you can take down, the whole network of 12,000 satellites? Is that even going to be possible?

Philip Huff:

Yeah. I mean, right because then you can start impacting the physical reality, if you can take out. I mean, even some of the things are wanting to do with autonomous driving with those low Earth orbit satellites, if you're able to take a significant area, then the idea is that we're going to become reliant upon that network functioning for a lot of this automation to occur. And that's the risk is we've kind of opened ourselves up to that vulnerability.

Robert Wagner:

Yeah, there's no question we will. I mean, that's just an inevitability. We want the things that it's going to give us so bad. And it's going make a lot of thing... Even from a business standpoint, it's going to make things a lot more efficient, as we figure out the applications for it. So there's no question, we'll be very, very reliant on it. Because, to your point in the very beginning. It becomes the electrical utility, right. So it has to be on all the time, or we're going to be in trouble, so.

Philip Huff:

Right.

Robert Wagner:

Well Philip we're coming to the end of our time. I want to just give you a second though, if you had any kind of words of wisdom for organizational leaders, and closing thoughts around kind of fighting the good fight for cyber threats.

Philip Huff:

Yeah I think, for organizational leaders especially a fundamental component of cybersecurity is to have the environment in which it can actually function. I mean, that is a key to... If you make an investment in cybersecurity, if there's not a leadership tome that this is important, the policies matter, and people aren't afraid to do their job.

And I'm not saying like, if you're the victim of a phishing attack, then you should be fired or shamed in some ways, but a tome of security where we're working on this as a whole. And this is an important component of everyone's job, this is an important component of our strategy. At the same time, one of the things we teach our students is, cybersecurity is not the reason organizations are in business. You're not the number one priority, because you're a cybersecurity professional, and organizations exist to perform their mission, and you need to find out what that is, and then figure out where cybersecurity fits in to that component.

So I'm hopefully we're doing our part in training our students that as they're going out. They are not the big show on the road, their [inaudible 00:39:32] find out what trade offs do we need to make as an organization to make the security investment valuable. And at the same time, your organization needs to have an environment in which that is valued, and that mindset can be part of the overall strategy.

Robert Wagner:

Yeah, that is great comments and great advice. I really liked just the sort of attitude about it, and how you fit into the company's mission and strategy. And there is a tension. There's always with everything there's a tension between how much does it cost? How much effort is it going to take? What's the benefit and those things are obviously present in cybersecurity as well. Most organizations cannot afford the full 100% shield, right. If, there even is one.

Philip Huff:

No, yeah.

Robert Wagner:

So I appreciate that advice. So Philip, thank you so much for your time.

Robert Wagner:

That's great. Well, I appreciate so much your time and again we've been focusing on cybersecurity here in October with a lot of content. And I think you have some really valuable insights for our listeners, and I really appreciate it. Thanks so much.

Philip Huff:

Yeah, I appreciate the discussion and your questions. And I really like what you are doing. So thanks for letting me be part of it.

Robert Wagner:

Yeah, thanks so much Phil.

That's all for this episode of How That Happened. Thank you for listening, be sure to visit howthathappened.com for show notes and additional episodes. You can also subscribe to our show on iTunes, Google Play, or Stitcher. This content is for informational purposes only, and does not constitute professional advice. Copyright 2020. Open Taylor LLP. All rights reserved. To view the Hogan Taylor general terms and conditions visit www.hogantaylor.com

Share This: