In This Issue
President Obama on Tuesday requested a dramatic boost in federal funding for cybersecurity.
As part of the annual White House budget proposal, the Obama administration asked for over $19 billion in cyber-spending, a 35 percent increase over last year’s allotment of roughly $14 billion.
Obama also used the budget as a platform to establish a new senior federal cybersecurity official and a commission on cybersecurity as part of a final push to bolster the government’s digital defenses before leaving office.
The federal government has taken heat this past year for relying on antiquated cyber protections that have let in hackers from China and Russia.
The big blow came over the summer, when the Office of Personnel Management (OPM) acknowledged a series of hacks that exposed roughly 20 million security clearance background checks, some of the most sensitive forms the government maintains.
The end of White House terms are often about trying to shape historic legacies, and President Obama is out to build his in the new area of cybersecurity.
Yesterday, he released a new Cybersecurity National Action Plan that argues it is “taking bold actions to protect Americans in today’s digital world.”
There are a lot of easy jokes to make about issuing such a plan after incidents that range from the breach of the Office of Personnel Management (OPM) to the Pentagon, as well as in every business sector, from banks to movie studios.
The new plan seeks to close a barn door that left open the personal records of some 22 million Americans, while programs that range from jet fighters to critical infrastructure have been repeatedly breached.
But in both the real world and cybersecurity, there is not much value in crying over hacked milk, other than to score cheap political points on a president who isn’t running for re-election.
Instead, three aspects are notable about the new plan.
First, it has a series of long, overdue elements that mirror many of the best practices from the private sector… Read More
Congress could soon vote on a bill that would require law enforcement agencies to get a search warrant from a judge to obtain emails, photographs, and other documents Americans have stored online.
This important legislation would update the law to reflect how people use the Internet today.
Under the Electronic Communications Privacy Act (ECPA) of 1986, government agents need a warrant if they want access to email stored on the servers of companies like Google and Yahoo, but only if the messages are less than 180 days old.
For older messages and other digital files, law enforcement officials can issue subpoenas to technology companies without going to a judge.
A bill introduced in the House by Kevin Yoder (R-KS) would require a warrant for all information stored online, regardless of how old it is and what kind of file it is.
The legislation includes a sensible exception that would allow civil enforcement agencies like the Securities and Exchange Commission (SEC) to subpoena messages sent by employees on a corporate computer system.
This week President Obama signed two executive orders and announced the new Cybersecurity National Action Plan (CNAP), an expansive program to improve public and private sector online security.
This follows his signing into law of the Cybersecurity Information Sharing Act (CISA) in December to bolster cooperation between government and industry.
The new plan aims to promote better security practices across the technology sector by encouraging multi-factor authentication, which requires more information than merely a password to access sensitive programs and data
Within the government, there will be a reduction in its use of Social Security numbers as unique identifiers for American citizens and the development of more advanced solutions.
As part of this initiative, the President also proposed to Congress a 2017 budget providing $19 billion for information technology (IT) upgrades of obsolete government computer systems.
In addition, the White House will create the new position of Chief Information Security Officer (CISO) to oversee a $3 billion Information Technology Modernization Fund.
Two new entities will be created, one to coordinate government cybersecurity efforts and one to propose future actions.
First, a Federal Privacy Council, that will integrate the work of chief privacy officers from 25 federal agencies in protecting consumer data collected and managed by the government.
Second, a bipartisan Commission on Enhancing National Cybersecurity comprised of business, technology, national security, and law enforcement leaders who will report recommendations for strengthening online security by December 1st.
The administration’s plan will also provide for training and shared resources, including 48 teams dedicated to cyber-attack response, along with scholarships and student-loan forgiveness to attract fresh technical talent.
The DCIA views the President’s stated intent of strengthening government partnerships with the private sector to deter, detect, and disrupt threats — including to the nation’s critical infrastructure — as one of the most promising aspects of the program.
A new cybersecurity Center of Excellence and national testing lab will bring together industry and government experts to research, develop, and test new cutting-edge technologies under simulated attacks.
Cyber-threats clearly represent a major national priority that President Obama’s successor, regardless of party, will need to continue to address.
While the actions he has taken won’t resolve these challenges during his final year in office, we laud the President’s efforts to provide a foundation for the future.
Additional steps could include tax relief and reduction of regulatory requirements for companies engaged in cybersecurity innovation.
It’s our belief that the private sector is better positioned than the government to provide leadership in online security.
And within federal agencies themselves, much more emphasis needs to be placed on establishing proper security measures, providing adequate training, and requiring that people follow procedures.
Share wisely, and take care.
Some people who care about web security may have been aware that February 9th was proclaimed Safer Internet Day.
The observance, which was organized by the European public-awareness organization Insafe, centers on promoting safe and responsible use of online technology.
To celebrate Safer Internet Day, President Barack Obama on February 9th announced the Cybersecurity National Action Plan.
The plan, which includes the development of a cybersecurity commission, as well as new rules for how the government must safeguard against online attacks, is also focused on creating new ways for consumers and companies to enhance their online security.
To prove that he’s serious about improving the nation’s cybersecurity, Obama has earmarked $19 billion to fund the program in the $4.1 trillion federal budget proposal he sent Congress on February 9th.
President Obama argues in his Cybersecurity National Action Plan that implementing it is critical to national security.
The plans key components are intended to “ensure our prosperity and security online for the generations to come… Read More
In the latest cyber-attack targeting the federal government, an intruder gained access to information for thousands of employees at the Department of Justice (DoJ) and the Department of Homeland Security (DHS), but officials said Monday that there was no indication that sensitive information had been stolen.
Most of the information appeared to have been culled from internal government directories, including employees’ email addresses, phone numbers, and job titles.
Motherboard, a technology news site, reported on Sunday that it had been approached by a hacker who claimed to have obtained employee information on about 20,000 people at the FBI and 9,000 at DHS.
The hacker professed support for pro-Palestinian groups and vowed to make the information public in an apparent attempt to embarrass federal agencies that play a part in cybersecurity operations.
The hacker released the information on Sunday and Monday.
Officials at the DoJ and DHS said they were examining the breach.
“There is no indication at this time that there is any breach of personally identifiable information,” said Peter Carr… Read More
The source for the greatest volume of cyber-attacks is China, followed by the United States, Saudi Arabia, and Germany, according to the “Global Perspective” report from Norse, a provider of security solutions and attack intelligence.
Other countries high on the source-of-attacks list include the Russian Federation, the Netherlands, France, Brazil, Turkey, and Taiwan.
However, the most significant source of attacks, when population size in taken into account, is Iceland.
And the Netherlands and Saudi Arabia are the only two countries to make the top 10 source-of-attacks list by both volume and population size.
Meanwhile, the most significant attack targets by volume are the US, the United Arab Emirates, Saudi Arabia, and Germany.
This makes the US the second highest source of attacks by volume and also the highest target of attacks by volume.
There is a surprising part of the report in regard to the United States, according to Brian Contos… Read More
A group of broadband and technology trade associations including the National Cable & Telecommunications Association (NCTA), American Cable Association (ACA), and CTIA have gotten together to take a page from the Federal Trade Commission (FTC) if the courts uphold its ability to regulate broadband customer information privacy or Customer Proprietary Network Information (CPNI).
The FTC’s authority is essentially limited to enforcing existing rules against unfair and deceptive practices rather than writing new ones.
The FCC is asserting broadband privacy regulatory authority — once held by the FTC over broadband when it was classified as an information service — under its new Title II-based network neutrality rules, which classify Internet access as a common carrier, and which have been challenged in court by some of the same groups, including NCTA and ACA.
Activist groups last month urged the FCC to take a muscular approach to broadband CPNI regulation and to quickly open a proceeding on the issue.
The FTC’s time-tested framework has accomplished two important goals — it provides consumers with meaningful privacy protection… Read More
The Wyoming State Senate on Wednesday approved on first reading a bill that aims to restrict school districts’ access to student data, particularly online social media accounts or emails.
Senate File 14 is one of several bills drawn up by the Legislature’s Digital Information Privacy Task Force.
If adopted, it would prohibit school or district employees from compelling a student to provide their username and password for various digital media accounts, such as a Facebook page or an email account.
Administrators also could not require a student to log into such an account so that the contents could be read over the student’s shoulder.
Nor would a school be able to punish or expel a student for refusing to provide such access.
Senator Chris Rothfuss (D-Laramie) explained that any information the student makes publicly available would still be fair game, and school employees would still be able to conduct investigations into students where their online presence is relevant — they just can’t demand the username/password.
“You can’t ask that child or compel them to include the information, but you are entitled to ask their parents,” Rothfuss added… Read More
How could ordering a pizza take down a bank?
It’s frighteningly easy — and illustrates the need for faster, more-sophisticated technology to block the even more-pernicious cyber-security threats targeting big companies today.
In the pizza example, a bank employee orders a pizza online, using his company email address to complete the transaction.
And, like many people, he uses the same password for the pizza site as he does to log in to his bank’s workstation or intranet.
Bad move: clever hackers now automate cyber-attacks on some businesses with weaker security, like pizza parlors.
They can easily snare the employee’s information, then try those login credentials on the bank’s website or employee VPN — and, if they work, tap into the bank’s internal networks.
More sophisticated hackers automate this process, intercepting millions of individual logins until they find someone working at a prime corporate target, whose login unlocks the company network for them… Read More
As a leading data storage manufacturer, NetApp knows the value of data throughout its business.
NetApp set out to make every interaction more engaging and more valuable to customers by learning when, how, and why they visit the company’s digital channels.
Doing so helps feed the company’s sales pipeline by encouraging higher forms completion rates to capture customer information and by pinpointing when in the sales cycle customers are most likely to engage via their web or mobile devices.
“We didn’t just want our digital properties to broadcast information to customers,” says Zann Aeck, Director of Digital Experience at NetApp.
“They’re powerful tools for starting valuable conversations and keeping them going.”
“To have better conversations, we needed more visibility into the full journey… Read More
One of Mexico’s largest mobile operators, Telefonica Mexico, and mobile IT cloud solution provider ItsOn today announced the launch of a unique suite of personalized wireless services that will be marketed via Telefonica’s Movistar brand and channels.
This new service will empower customers to instantly buy and manage mobile plans directly from their smartphones, giving them total control over their wireless bills.
Telefonica Mexico will be the first Latin American mobile operator to offer ItsOn-powered, end-to-end digital services.
Telefonica Mexico is unveiling these new, innovative digital services under the “Movistar On” brand name and supporting the launch with a large consumer marketing campaign.
“Our customers want more control over their mobile plans and monthly bills, and the ability to purchase and manage services via their smartphones is extremely attractive to them,” said Hernan Ozon, Chief Marketing Officer for Telefonica Mexico.
“ItsOn is the leader in providing this type of digital experience that is so important when engaging with customers… Read More
Amazon Web Services (AWS), has been setting the standard for online e-commerce solutions for some time now.
But in its early adoption of cloud computing as a solution to scalability issues may just revolutionize how other companies approach the cloud as a resource.
In this post, learn six things AWS can teach any business about using cloud computing effectively.
Each and every day, Amazon adds to its existing server capacity.
They make this choice for two reasons: it is more cost-effective to add more server capacity than to add it bit by bit, and as Amazon’s overhead decreases they can pass those savings back to their customers in the form of lower prices.
By adding new server capacity continually, Amazon also works proactively to guard against outages and down-time (see next section for more on this).
With millions of fellow (albeit smaller) solopreneurs, elearning company operations, and small businesses relying on Amazon’s infrastructure, AWS also realizes profitability depends in significant part on ensuring reliable infrastructure and up-time for all… Read More
This new service, which is in Alpha, is available to select customers whose accounts are whitelisted by Google. Cloud Functions complements existing compute services such as App Engine, Compute Engine, and Container Engine.
In the recent past, serverless computing has gained industry attention mainly due to its simplicity and “NoOps” model.
Developers follow the fire-and-forget paradigm where they upload individual code snippets that are hooked to a variety of events at runtime.
This model offers a low-touch, no-friction deployment mechanism without any administrative overhead.
Serverless computing and microservices are ushering a new form of web-scale computing.
According to the official documentation, Google Cloud Functions is a lightweight, event-based, asynchronous compute solution that allows developers to create small, single-purpose functions that respond to cloud events without the need to manage a server… Read More
Netflix has confirmed it has finally completed its cloud migration and shut down the last remaining data center bits used by its streaming service, having begun the process in August 2008, when it experienced a major database corruption and for three days could not ship DVDs to its members.
It suggests the development moves it nearer to its desired goal of four nines of service uptime.
According to Yury Izrailevsky, Vice President, Cloud and Platform Engineering, August 2008 was when Netflix realized that it had to move away from vertically scaled single points of failure, such as relational databases in its data center, towards highly reliable, horizontally scalable, distributed systems in the cloud.
Writing in the Company Blog, Izrailevsky says that Netflix chose Amazon Web Services (AWS) as cloud provider because it provided the greatest scale and the broadest set of services and features.
“The majority of our systems, including all customer-facing services, had been migrated to the cloud prior to 2015.”
“Since then, we’ve been taking the time necessary to figure out a secure and durable cloud path for our billing infrastructure as well as all aspects of our customer and employee data management… Read More
Efforts to reclaim funds for customers and creditors of defunct broker-dealer MF Global finally came to a close Tuesday when a judge supervising the four-year liquidation discharged the trustee, Hughes Hubbard & Reed corporate reorganization and bankruptcy group chair James Giddens.
US Bankruptcy Judge Martin Glenn in New York praised Giddens’ recovery effort.
Ultimately, MF Global’s customers have received all their money back, secured creditors have a 100 percent return on their claims and unsecured creditors have 95 percent, according to the trustee’s final report in December.
The now-defunct commodities broker, then led by former New Jersey governor and ex-Goldman Sachs CEO Jon Corzine, collapsed on Halloween in 2011 after the company posted a $1.6 billion shortfall on bad bets on European sovereign debt.
MF Global and its brokerage subsidiary began Chapter 11 proceedings shortly thereafter, although the company’s customers were unable to access some $7 billion held in MF Global accounts.
“This came out of the blue,” recalled Hughes Hubbard General Counsel James Kobak Jr., lead counsel to Giddens as trustee.
“It seemed like a complete nightmare. I didn’t think in my wildest dreams that we would ever get up to a 100 percent recovery… Read More
Industry of Things World USA — February 25th-26th in San Diego, CA. A new international information exchange forum featuring four concurrent tracks covering business model generation, technology and infrastructure, data management, and security.
IoT Asia 2016 — March 30th-31st in Singapore. IoT Asia returns in 2016 with fresh insights on Internet of Things (IoT) developments around the world. The 3rd edition aims to further advance conversations and ideas on IoT and how it will impact our lives by delving into the real issues.
Delivery of Things World — April 25th-26th in Berlin, Germany. DevOps specialists, continuous development strategists, architect newbies, development geeks, and cloud geniuses from across the spectrum of DevOps transformation come together at this stimulating and innovative event.
DataCloud Europe 2016 — June 8th-9th in Monte Carlo, Monaco. The 2016 conference will focus on cloud computing advances and changes in data management, with a stellar line-up of speakers including global infrastructure leaders and subject matter experts.
Cloud and DevOps World Forum 2016 — June 21st-22nd in London, England. Now in its eighth year, C&DWF is firmly established as the leading content-led exhibition for the European Cloud and DevOps community and the premiere meeting place for CIOs.
Security of Things World — June 27th-28th in Berlin, Germany. Topics include securing cyber physical systems for IoT, expanding IT security with intelligence-led ops, business continuity management considerations, data privacy in an interconnected world, and security strategies.
Industry of Things World Europe — September 19th-20th in Berlin, Germany. IoT business models, new IoT markets and strategies, product lifecycle management, next generation data handling and value assessment, IoT organizational impacts, and IoT security issues.