Beta version of OS Roam now available

On 3rd October 2017, we released a Beta version of a new Roam mapping client for Digimap’s Ordnance Survey Collection.  OS Roam – Beta is available next to the existing version, simply log in to the Digimap service and select Ordnance Survey Collection to view the new beta version: Whilst the functionality remains the same, we hope you […]

UoE Information Security Awareness Week 2017: Keynotes Session

This afternoon I’m at the Keynote Session for Information Security Awareness Week 2017 where I’ll speaking about Managing Your Digital Footprint in the context of security. I’ll be liveblogging the other keynotes this afternoon.

The event has begun with a brief introduction from Alistair Fenemore, UoE’s Chief Information Security Officer, and from his colleague David Creighton Offord, the organiser for today’s event.

Talk by John Whitehouse, PWC Cyber Security Director Scotland covering the state of the nation and the changing face of Cyber Threat

I work at PWC, working with different firms who are dealing with information security and cyber security. In my previous life I was at Standard Life. I’ve seen all sorts of security issues so I’m going to talk about some of the things I’ve seen, trends, I’ll explain a few key concepts here.

So, what is cybersecurity… People imagine people in basements with balaclavas… But it’s not that at all…

I have a video here…

(this is a late night comedy segment on the Sony hack where they ask people for their passwords, to tell them if it’s strong enough… And how they construct them… And/or the personal information they use to construct that…)

We do a lot of introductions for boards… We talk about technical stuff… But they laugh at that video and then you point out that these could all be people working in their companies…

So, there is technical stuff here, but some of the security issues are simple.

We see huge growth due to technology, and that speaks to businesses. We are going to see 1 billion connected devices by 2020, and that could go really really wrongly…

There is real concern about cyber security, and they have concerns about areas including cloud computing. The Internet of Things is also a concern – there was a study that found that the average connected device has 25 security vulnerabilities. Dick Cheney had to have his pacemaker re programmed because it was vulnerable to hacking via Bluetooth. There was an NHS hospital in England that had to pause a heart surgery when the software restarted. We have hotel rooms accessible via phones – that will come to homes… There are vulnerabilities in connected pet feeders for instance.

Social media is used widely now… In the TalkTalk breach we found that news of the breach has been leaked via speculation just 20 seconds after the breach occurs – that’s a big challenge to business continuity planning where one used to plan that you’d perhaps have a day’s window.

Big data is coming with regulations, threats… Equifax lost over 140 million records – and executives dumped significant stock before the news went public which brings a different sort of scrutiny.

Morrisons were sued by their employees for data leaked by an annoyed member of staff – I predict that big data loss could be the new PPI as mass claims for data loss take place. So maybe £1000 per customer per data breach for each customer… We do a threat intelligence service by looking on the dark net for data breach. And we already see interest in that type of PPI class suit approach.

The cyber challenge extends beyond the enterprise – on shore, off shore; 1st through to 4th parties. We’ve done work digging into technology components and where they are from… It’s a nightmare to know who all your third parties are… It’s a nightmare and a challenge to address.

So, who should you be worried about? Threat actors vary…. We have accidental loss, Maware that is not targeted, and hacker hobbyists in the lowest level of sophistication, through to state sponsored attacks at the highest level of sophistication. Sony were allegedly breached by North Korea – that firm spends astronomical amounts on security and that still isn’t totally robust. Target lost 100 million credit card details through a third party air conditioner firm, which a hacker used to get into the network, and that’s how the loss occured. And when we talk organised crime we are talking about really organised crime… One of the Ukrainian organised crime groups were offering a Ferrari for their employee of the month prize for malware. We are talking seriously Organised. And serious financial gain. And it is extremely hard to trace that money once its gone. And we see breaches going on and on and on…

Equifax is a really interesting one. There are 23 class action suits already around that one and that’s the tip of the iceberg. There has been a lot of talk of big organisations going under because of cyber security, and when you see these numbers for different companies, that looks increasingly likely. Major attacks lead to real drops in share prices and real impacts on the economy. And there are tangible and intangible costs of any attack…. From investigation and remediation through to DEO and CTO’s losing their jobs or facing prison time – at that level you can personally liable in the event of an attack.

In terms of the trends… 99% of exploited vulnerabilities (in 2014) had been identified for more than a year, some as far back as 1999. Wannacry was one of these – firms had 2 months notice and the issues still weren’t addressed by many organisations.

When we go in after a breach, typically the breach has been taking place for 200 days already – and that’s the breaches we find. That means the attacker has had access and has been able to explore the system for that long. This is very real and firms are dealing with this well and really badly – some real variance.

One example, the most successful bank robbery of all time, was the Bangladesh Central Bank was attacked in Feb 2016 through the SWIFT network .These instructions totalled over US $900 million, mostly laundered through casinos in Macau. The analysis identified that malware was tailored for the target organisation based on the printers they were using, which scrubbed all entry and exit points in the bank. The US Secret Service found that there were three groups – two inside the bank, one outside executing the attack.

Cyber security concerns are being raised, but how can we address this as organisations? How do we invest in the right ways? What risk is acceptable? One challenge for banks is that they are being asked to use Fintechs and SMEs working in technology… But some of these startups are very small and that’s a real concern for heads of securities in banks.

We do a global annual survey on security, across about 10,000 people. We ask about the source of compromise – current employees are the biggest by some distance. And current customer data, as well as IPR, tend to be the data that is at risk. We also see Health and Social Care adopting more technology, and having high concern, but spending very little to counter the risks. So, with Wannacry, the NHS were not well set up to cope and the press love the story… But they weren’t the target in any way.

A few Mythbusters for you…

Anti-Virus software… We create Malware to test our clients’ set up. We write malware that avoids AVs. Only 10-15% of malware will be caught with Anti-Virus software. There is an open source tool, Veil-Framework, that teaches you how to write that sort of Malware so that you can understand the risks. You should be using AV, but you have to be aware that malware goes beyond that (and impacts Macs too)… There is a malware SaaS business model on the darknet – as an attacker you’ll get a guarantee for your malware’s success and support to use it!

Myth 2: we still have time to react. Well, no, the lag from discovery to impacting you and your set up can be minutes.

Myth 3: well it must have been a zero day that got us! True Zero Day exploits are extremely rare/valuable. Attacker won’t use one unless target is very high value and they have no other option. They are hard to use. Even NSA admits that persistence is key to sucessful compromise, not zero day exploits. The NSA created EternalBlue – a zero day exploit – and that was breached and deployed out to these “good guys” as Wannacry.

Passwords… They are a thing of the past I think. 2-factor authentication is more where we are at. Passphrases and strength of passphrases is key. So complex strings with a number and a site name at the end is recommended these days. Changing every 30 days isn’t that useful – it’s so easy to bruteforce the password if lost – much better to have a really strong hash in the first place.

Phishing email is huge. We think about 80% of cyber attacks start that way. Beware spoofed addreses, or extremely small changes to email addresses.

We had a client that had an email from their “finance director” about urgently paying money to an account, which was only spotted because someone in finance noticed the phrasing… “the chief exec never says “Thanks”!”

Malware trends: our strong view is that you should never ever pay for a Ransomeware attack.

I have another video here…

(In this video we have people having their “mind read” for some TV show… It was uncanny… And included spending data… But it wasn’t psychic… It was data that they had looked up and discovered online… )

It’s not a nice video… This is absolutely real… This whole digital footprint. We do a service called Digital Footprinting for senior execs in companies, and you have to be careful about it as they can give so much away by what you and those around you post… It’s only getting worse and more pointed. There are threat groups going for higher value targets, they are looking for disruption. We think that the Internet of Things will open up the attack surface in whole new ways… And NACS – the Air Traffic people – they are thinking about drones and the issues there around fences and airspace… How do you prepare for this. Take the connected home… These fridges are insecure, you can detect if owner is opened or not and detect if they are at home or not… The nature of threats is changing so much…

In terms of trends the attacks are moving up the value chain… Retain bank clients aren’t interesting compared to banks finance systems, more to exchanges or clearing houses. It’s about value of data… Data is maybe $0.50 for email credentials; a driving license is maybe $25… and upwards the price goes depending on value to the attackers…

So, a checklist for you and your work: (missed this but delighted that digital footprint was item 1)

Finally, go have a look at your phone and how much data is being captured about you… Check your iPhone frequent locations. And on Android check Google Location History. The two biggest companies in the world, Google and Facebook, are free, and they are free because of all the data that they have about you… But the terms of service… Paypal’s are longer than Hamlet. If you have a voice control TV from Samsung and you sign those, you agree to always on and sharable with third parties…

So, that’s me… Hopefully that gave you something to ponder!


Q1) What does PWC think about Deloitte’s recent attack?

A1) Every firm faces these threats, and we are attacked all the time… We get everything thrown at us… And we try to control those but we are all at risk…

Q2) What’s your opinion on cyber security insurance?

A2) I think there is a massive misunderstanding in the market about what it is… Some policies just cover recovery, getting a response firm in… When you look at Equifax, what would that cover… That will put insurers out of business. I think we’ll see government backed insurance for things like that, with clarity about what is included, and what is out of scope. So, if, say, SQL Injection is the cause, that’s probably negligence and out of scope…

Q3) What role should government have in protecting private industry?

A3) The national cyber security centre is making some excellent progress on this. Backing for that is pretty positive. All of my clients are engaging and engaged with them. It has to be at that level. It’s too difficult now at lower levels… We do work with GCHQ sharing information on upcoming threats… Some of those are state sponsored… They even follow working hours in their source location… Essentially there are attack firms…

Q4) (I’m afraid I missed this question)

A4) I think Microsoft in the last year have transformed their view… My honest view is that clients should be on Windows 10 its a gamechanger for security. Firms will do analysis on patches and service impacts… But they delayed that a bit long. I have worked at a firm with a massively complex infrastructure, and it sounds easy to patch but it can be quite difficult to do that in practice, and it can put big operational systems at risk. As a multinational bank for instance you might be rolling out to huge numbers of machines and applications.

Talk by Kami Vaniea (University of Edinburgh) covering common misconceptions around Information Security and to avoid them

My research is on the usability of security and why some failings are happening from the point of view of an average citizen. I do talks to community groups – so this presentation is a mixture of that sort of content and proper security discussion.

I wanted to start with misconceptions as system administrators… So I have a graph here of where there is value to improving your password; then the range in which having rate limits on password attempts; and the small area of benefit to the user. Without benefits you are in the deadzone.

OK, a quick question about URL construction… Is it Facebook’s website, Facebook’s mobile site, AT&T’s website, or Mobile’s website. It’s the last one by construction. It’s both of the last two if you know AT&T own But when you ask a big audience they mainly get it right. Only 8% can correctly differentiate vs Many users tend to just pick a big company name regardless of location in URLs. A few know how to to correctly read subdomain URLs. We did this study on Amazon Mechanical Turk – so that’s a skewed sample of more technical people. And that URL understanding has huge problematic implications for phishing email.

We also tried Most people could tell that was Twitter (not Facebook). But if I used “@” instead of “/” people didn’t understand, thought it was an email…

On the topic of email… Can we trust the “from” field? No. Can we trust a “this email has been checked for viruses…” box? No. Can you trust the information on the source URL for a link in the email, that is shown in the bottom of the browser? Yes.

What about this email – a Security alert for your linked Google account email? Well this is legitimate… Because it’s coming from But you knew this was a trick question… Phishing is really tricky…

So, a shocking percentage of my students think that “from” address is legitimate… Tell your less informed friends how easily that can be spoofed…

What about Google. Does Google know what you type as you type it and before you hit enter? Yes, it does… Most search engines send text to their servers as you write it. Which means you can do fun studies on what people commonly DON’T post to Facebook!

A very common misconception is that opening web pages, emails, pdfs, and docs is like reading physical paper… So why do they need patching?

Lets look at an email example… I don’t typically get emails with “To protect your privacy, Thunderbird has blocked remote content in this message” from a student… This showed me that a 1 pixel invisible image had come with the email… which pinged the server if I opened it. I returned the email and said he had a virus. He said “no, I used to work in marketing and forgot that I had that plugin set up”.

Websites are made of many elements from many sources. Mainly dynamically… And there are loads of trackers across those sites. There is a tool called Lightbeam that will help you track the sites you go to on purpose, and all the other sites that track you. That’s obviously a privacy issue. But it is also a security problem. The previous speaker spoke about supply chains at Target, this is the web version of this… That supply chain gets huge when you visit, say, six websites.

So, a quiz question… I got to Yahoo, I hit reload… Am I running the same code as a moment ago… ? Well, it’s complicated… I had a student run a study on this… And how much changes… In a week about half of the top 200 sites had changed their javascript in a week. I see trackers change between individual reloads… But it might change, it might not…

So we as users you access a first party website, then they access third party sites… So they access ad servers and that sells that user, and ad is returned, with an image (sometimes with code). Maybe I bid to a company, that bids out again… This is huge as a supply chain and tracking issue…

So the Washington Post, for instance, covering the malware attack showed that malicious payloads were being delivered to around 300k users per hour, but only about 9% (27k) users per hour were affected – they were the ones that hadn’t updated their systems. How did that attack take place? Well rather than attack, they just brought an ad and ran malware code.

There is a tool called Ghostery… It’s brilliant and useful… But it’s run by the ad industry and all the trackers are set the wrong way. Untick those all and then it’s fascinating… They tell you about page load and all the components involved in loading a page…

To change topic…

Cookies! Yes, they can be used to track you across web sites. But they can’t give you malware as is. So… I will be tackling the misconception that cookies is evil… And I’m going to try to convince you otherwise. Tracking can be evil… But cookies is kind of an early example of privacy by design…

It is 1994. The internet cannot remember anyone between page loads. You have an interaction with a web server that has absolutely no memory. Cookies help something remember between page loads and web pages… Somehow a server has to know who you are… But back in 1994 you just open a page and look at it, that’s the interaction point…

But companies wanted shopping baskets, and memory between two page reloads. There is an obvious technical solution… You just give every browser a unique identifier… Great! The server remembers you. But the problem is a privacy issue across different servers… So, Netscape implemented cookies – small text strings the server could ask the browser to remember and give back to it later…

Cookies have some awesome properties: it is client visible; third party tracking is client visible too; it’s opt out (delete) option on a per-site basis; it’s only readable by the site that set it; and it allows for public discussion of tracking…

… Which is why Android/iOS both went with the unique ID option. And that’s how you can be tracked. As a design decision it’s very different…

Now to some of the research I work on… I believe in getting people to touch stuff, to interact with it… We can talk to each other, or mystify, but we need to actually have people understand this stuff. So we ran an outreach activity to build a website, create a cookie, and then read the cookie out… Then I give a second website… To let people try to understand how to change their names on one site, not the other… What happens when you view them in Incognito mode… And then exploring cookies across sites. And how that works…

Misconception: VPNs solve all privacy and security problems. Back at Indiana I taught students who couldn’t code… And that was interesting… They saw VPNs as magic fairy dust. And they had absorbed this idea that anyone can be hacked at any time… They got that… But that had resulted in “but what’s the point”. That worries me… In the general population we see media coverage of attacks on major companies… And the narrative that attacks are inevitable… So you end up with this problem…

So, I want to talk about encryption and why it’s broken and what that means by VPNs. I’m not an encryption specialist. I care about how it works for the user.

In encryption we want (1) communication between you and the other party is confidential and has not been changes, and no-one can read what you sent and no one can change what you sent; and (2) to know who we are talking about. And that second part is where things can be messed up. You can make what you think is the secure connection to the right person, but could be a secure connection to the wrong person – a man in the middle attack. A real world example… You go to a coffee shop and use wifi to request the BBC news site, but you get a wifi login page. That’s essentially a man in the middle attack. That’s not perhaps harmful, it’s normal operating procedure… VPNs basically work like this…

So, an example of what really happened to a student… I set up a page that just had them creating a very simple cookie page… I was expecting something simple… But one of them submitted a page with a bit of javascript… it is basically injecting code so if I connect to it, it will inject an ad to open in my VPN…. So in this case a student logged in to AnchorFree – magic fairy dust – and sees a website and injects code that is what I see when they submit the page in Blackboard Learn…

VPNs are not magic fairy dust. The University runs an excellent VPN – far better for coffee shops etc!

So, I like to end with some common advice:

  • Install anti virus scanner. Don’t turn off Windows 8+ automatically installed AV software… I ran a study where 50% of PhD students had switched off that software and firewalls…
  • Keep your software updated – best way to stay safe
  • Select strong passcode for important things you use all the time
  • For non-important stuff, use a password manager for less important things that you use rarely… Best to have different password between them…
  • Software I use:
    • Ad blockers – not just ads, reduce lots of extra content loading. The more websites you visit the more vulnerable you are
    • Ghostery and Privacy Badger
    • Lightbeam
    • Password Managers (LastPass, OnePassword and KeePass are most recommended
    • 2-factor like Yubikey – extra protection for e.g. Facebook.
    • If you are really serious: UMatrix and NoScript BUT it will break lots of pages…


Q1) It’s hard to get an average citizen to do everything… How do you get around that and just get the key stuff across…

A1) Probably it’s that common advice. The security community has gotten better at looking at 10 key stuff. Google did a study with Blackhats Infosec conference about what they would do… And asked on Amazon Mechanical Turj about what they would recommend to friends. About the only common answer amongst blackhats was “update your software”. But actually there is overlap… People know they should change passwords, and should use AV software… But AV software didn’t show on the Blackhat list… But 2-factor and password managers did…

Q2) What do you think about passwords… long or complex or?

A2) We did a study maybe 8 years ago on mnemonic passwords… And found that “My name is Inigo Montoya, you killed my father, prepare to die” was by far the most common. The issue isn’t length… It’s entropy. I think we need to think server side about how many other users have used the same password (based on encrypted version), and you need something that less than 3 people use…

Q2) So more about inability to remember it…

A2) And it depends on threat type… If someone knows you, your dog, etc… Then it’s easier… But if I can pick a password for a long time I might invest in it – but if you force people to change passwords they have to remember it. There was a study that people using passwords a lot use some affirmations, such as “I love God”… And again, hard to know how you protect that.

Q3) What about magic semantic email links instead of passwords…

A3) There is some lovely work on just how much data is in your email… That’s a poor mans version of the OAuth idea of getting an identity provider to authenticate the user. It’s good for the user, but that is one bigger stake login then… And we see SMS also being a mixed bag and being subject to attack… Ask a user though… “there’s nothing important in my email”.

Q4) How do you deal with people saying “I don’t have anything to hide”?

A4) Well I start with it not being about hiding… It’s more, why do you want to know? When I went to go buy a car I didn’t dress like a professor, I dressed down… I wanted a good price… If I have a lot of time I will refer them to Daniel Salvo’s Nothing to Hide.

Talk by Nicola Osborne (EDINA) covering Digital Footprints and how you can take control of your online self

And that will be me… So keep an eye out for tweets from others on the event hashtag: #UoEInfoSec.


GIS in the Geography classroom? A personal review of Digimap for Schools

Below is a personal review of Digimap for Schools by Megan Roodt.  Megan is an NQT and has been very generous in sparing some time to write and share this review with us.  Thanks Megan.


The Geography National Curriculum for England states that students should be taught to “use Geographical Information Systems (GIS) to view, analyse and interpret places and data,” (DfE, 2013) however, whilst it can be agreed that proficiency in GIS is a valuable skill of Geographers, implementing its effective use in the classroom can be both ambitious and daunting to teachers and students. So firstly, why would the Department for Education signpost the use of GIS in the Geography National Curriculum? GIS has revolutionised the way in which we view land on Earth, (Heywood et al., 2011) and has been noted as one of the 25 most important developments for human impact in the 20th Century due to its powerful analytical abilities, (Fargher, 2013) thus students who are familiar with its uses not only have a better understanding of their environment but are better equipped to enter the technological business world, (Butt, 2002; Demirci, 2008). Traditionally, GIS software was quite complex with time-consuming downloads and processing; indeed, GIS was not initially created for use in the classroom but rather as a decision-making tool to be used by government and business. Unfortunately, such characteristics made the use of GIS unsuitable for the contemporary Geography classroom that is under increasing curriculum and timetabling pressures. So how do we then, as teaching practitioners, effectively implement GIS in our classrooms in a way that both fulfils the criteria of the National Curriculum and acts as a tool to promote learning among our students?

Digimap for Schools may very well offer the solution to this problem. As a collaborative venture between EDINA, JISC Collections and Ordnance Survey, Digimap for Schools offers an online mapping service to both students and teachers, (Digimap for Schools, 2017). The online nature of this service instantly makes it incredibly time-effective to implement in the classroom; there is no need for downloading software or mobile apps, maps can be accessed at any time and on various platforms (e.g. laptops, iPads or mobile phones) and all that students require is internet access. A far cry to the bulky and time-consuming GIS software that I became familiar with at university!

During a GIS club run by the Geography Department at The Mountbatten School, students were asked to create a proposal to identify the best locations for bins and recycling centres on the school grounds. Using Digimap for Schools, students collected raw data which was uploaded to their own maps. Students then used buffers and their personal understanding of various environmental and human factors to analyse and interpret the data to make justified decisions which would then better inform their proposal. Something that soon became apparent was that the way in which Digimap for Schools is set up can allow for a brilliant example of differentiation by outcome in that students had complete control over what went onto their maps and what functions they were going to use to make their decisions. The only premise was that their decision would need to be justified; both an important command word in the new GCSE specification and a skill to be used throughout personal and professional life.

The user-friendly layout of Digimap for Schools meant that students quickly became not only familiar with the functions available but also confident in its uses. As such, students could complete complex GIS functions in a short period of time and view the results instantly which further motivated them to challenge their data by processing alternative solutions which only made for better informed decisions. Other features of Digimap for Schools that students really enjoyed included being able to upload their own images to maps, annotating their choices and using historical maps and aerial images to view their map area in different settings.

From a teacher’s perspective, the service is very simple to use and, as many classrooms and IT suites are now fitted with interactive whiteboards, it is easy to demonstrate to students how to perform functions on Digimap for Schools. Digimap for Schools offers a simple yet effective service that makes the use of GIS both effective and enjoyable in the classroom whilst fulfilling the requirement stated on the National Curriculum.

Overall, I would highly recommend the use of Digimap for Schools in the Geography classroom as I’ve experienced its value as an efficient tool in promoting geographical enquiry and independent decision-making; it has a layout that students quickly become familiar with, the outputs of functions are immediate which allow students time to process and manipulate data as they feel appropriate and it is a service that puts as much emphasis on the process as it does on the output which, in my opinion, provides an authentic learning experience for both students and teachers.



Butt, G., 2002. “Chapter 10: The Role of ICT in the Teaching and Learning of Geography” in Reflective Teaching of Geography 11 – 18: Meeting standards and applying research. Continuum: London.

Demirci, A., 2008. Evaluating the implementation and effectiveness of GIS-Based application in secondary school geography lessons. American Journal of Applied Sciences. 5(3): 169-178

Department for Education, 2013. The national curriculum in England. Available from: Accessed: 10/08/2017

Digimap for Schools, 2017. Digimap for Schools: About. Available from:

Fargher, M (2013) Geographic Information (GI) – how could it be used?’ ch 15 in Lambert, D & Jones, M (Eds) Debates in geography Education. Routledge: Oxon.

Heywood, I., Cornelius, S., Carver, S., 2011. An introduction to Geographical Information Systems. (4th ed.). Pearson Education Limited: Essex.

How much of Britain is built on?

We recently helped out the very talented Alasdair Rae from the Department of Urban Studies and Planning at the University of Sheffield with some research on the buildings of Great Britain. Here is his blog post which is a great work of GIS sleuthery: Buildings of Great Britain As mentioned in his post we assisted […]

SUNCAT updated

SUNCAT has been updated. Updates from the following libraries were loaded into the service over the past week. The dates displayed indicate when files were received by SUNCAT.

  • Aberystwyth University (01 Sep 17)
  • British Library (31 Aug 17)
  • CONSER (Not UK Holdings) (30 Aug 17)
  • Exeter University (01 Sep 17)
  • School of Oriental and African Studies (SOAS) (14 Aug 17)
  • Southampton University (26 Aug 17)

To check on the currency of other libraries on SUNCAT please check the updates page for further details.

Aerial Imagery in Digimap for Schools- Users Perspectives

In September 2016, Getmapping contributed their high-resolution aerial imagery data for free inclusion into the Digimap for Schools service.  This imagery has been hugely successful and has quickly attracted lots of attention and usage from our schools.  We asked some of our users to give us a little insight into how they are using this Aerial Imagery in their school activities.

We found that the aerial imagery was being used widely across Primary  schools in conjunction with the native functionality of Digimap for Schools e.g. adding photos and text to the maps and imagery to supplement and personalise it.

“Aerial photographs have been beneficial to compare Ordnance Survey maps with aerial images.  For example, we have used it when looking at river features in Year 5.  In the past, comparisons would have been made using Google maps but they haven’t been able to be annotated like you can on Digimaps.  We have also used it for Year 3 when looking at Stone Age features like Skara Brae Orkney Isles.  The children also enjoyed looking at aerial photos of the Jurassic Coast.”

Helen Kennedy
St. Katharine’s C.E. (V.A.) Primary School

Screen Shot 2017-09-04 at 16.16.48


The Secondary school students have also been finding that collating and overlaying images and text on the aerial imagery to be incredibly beneficial

“We use it for students in year 7 looking at school environments up to year 11 controlled assessments /new field work specs.  The aerial photography is useful for bringing a landscape to life from a map which many students find as a bewildering array of lines and colours.  Seeing the relief from a map takes some skill having an immediate photo makes this easier…same applies to land use. I use the annotation tools to highlight similar features on maps and then on a photos at the same scale. It stops students using google earth where there is too much temptation to go to street view !”

Robert Perry
Geography Teacher Chiltern Edge Community School

Many of those that responded cited it as incredibly beneficial in the delivery of GCSE and A-Level to those students at the higher age ranges, and an integral part of their fieldwork assessments.  We believe this usage can only increase with the new format of GCSE and A-Level Geography which now includes 2 independent field studies as part of the new curriculum.

“The Aerial Imagery function in Digimap for Schools has proved very useful for our GCSE and A-Level students in planning their fieldwork data collection.  Together with the ‘how to guides’ on land-use mapping, we are hoping for some excellent map based presentation this year.”

Mr S. Williams
Borden Grammar School

An example of how to Present data collected through a field study

An example of how to Present data collected through a field study

Below is a really nice testimonial of how teachers and pupils are using Digimap for Schools as a day to day resource in their teaching and learning.  Abingdon School is using the service and all of its features to enhance students understanding of the connections between the human and physical worlds. The service is dynamic enough to cater to all students within the school and unlike many textbooks is accessible to all students in the school.

“We are very pleased with the service and the aerial photography is an important part of how we can use Digimap for Schools in our lessons on a day to day basis.

Aerial Imagery has broadened the topics we can investigate with the students, from historical and modern land use mapping to investigating the course of a river, understanding coastal processes and the processes of glaciation within landscapes. 

The students find the sliding bar easy to use and like the option of choosing aerials with or without labels. They can now digitize and label geographical features from aerial photographs with ease. 

The ability to change transparency of aerial imagery and OS mapping to show both simultaneously, is an important tool, allowing students to better understand the connections between the human world and the physical landscape. 

All in all, Digimap for School is a vital tool for geographical study, we use all three mapping tools OS mapping, Historical Mapping and Aerial Mapping, with all ages from 11 to 17 year olds and they find using the service intuitive. In addition, this year will have our first batch of 6th Form students using the tool, in combination with a variety of other services, to aid and resource their independent investigations.”

Kimberly Briscoe
GIS Teaching Support Coordinator
Abingdon School



Coming soon: New Roam for Digimap

As mentioned at Geoforum earlier this year, we’re currently working hard on a new version of Digimap Roam. The new-look application will bring Digimap Roam, the online mapping tool in the Digimap family, bang up to date with the latest web technologies available. Whilst the functionality will remain the same, the look and feel of the […]

SUNCAT updated

SUNCAT has been updated. Updates from the following libraries were loaded into the service over the past week. The dates displayed indicate when files were received by SUNCAT.

  • Aberdeen University (03 Jul 17)
  • Bath University (01 Aug 17)
  • Brunel University London (09 Aug 17)
  • Dundee University (01 Aug 17)
  • Glasgow University (07 Aug 17)
  • London School of Economics and Political Science (01 Aug 17)
  • Queen’s University, Belfast (03 Aug 17)
  • Sheffield Hallam University (01 Aug 17)
  • Sheffield University (01 Aug 17)
  • Society of Antiquaries of London (04 Aug 17)
  • York University (01 Aug 17)

To check on the currency of other libraries on SUNCAT please check the updates page for further details.

SUNCAT updated

SUNCAT has been updated. Updates from the following libraries were loaded into the service over the past week and a half. The dates displayed indicate when files were received by SUNCAT.

  • Bristol University (03 Aug 17)
  • British Library (10 Aug 17)
  • CONSER (Not UK Holdings) (08 Aug 17)
  • Edinburgh Napier University (01 Aug 17)
  • Imperial College London (01 Aug 17)
  • King’s College London (01 Aug 17)
  • Kingston University (01 Aug 17)
  • Lancaster University (01 Aug 17)
  • London Library (02 Aug 17)
  • Manchester University (01 Aug 17)
  • National Archives (01 Aug 17)
  • National Library of Scotland (01 Aug 17)
  • National Library of Wales (01 Aug 17)
  • Natural History Museum (01 Aug 17)
  • Northumbria University (01 Aug 17)
  • Open University (01 Aug 17)
  • Southampton University (05 Aug 17)
  • Strathclyde University (01 Aug 17)
  • Sussex University (01 Aug 17)
  • Swansea University (01 Aug 17)
  • University of Wales Trinity Saint David (01 Aug 17)

To check on the currency of other libraries on SUNCAT please check the updates page for further details.