Volume LVIII, Issue 11

In This Issue

DDoS Caused Widespread Net Outage

Excerpted from LiveScience Report by Jesse Emspak

If you were trying to catch up on the latest news or check out what was trending on Twitter Friday morning, you might have received a message that said that your browser couldn’t connect to the server.

Twitter, Reddit, Spotify and even news sites such as CNN experienced a widespread outage early Friday due to a so-called distributed-denial-of-service (DDoS) cyberattack that affected many users on the East Coast of the United States, according to several news outlets.

How does this attack work, and what does it do?

The culprit behind the outage is what’s known as a DDoS, which was mounted against a company called Dyn DNS.

It’s one of the more common types of cyberattack, though Friday’s incident was a bit more widespread than usual, because most attacks focused on one site.

One of the largest DDoS attacks ever targeted the BBC sites and its on-demand media service, reported The Hacker News.

A DDoS attack works by essentially overloading the target server with requests to connect… Read More

How Your DVR Was Hacked

Excerpted from USA Today Report by Elizabeth Weise

Technology experts warned for years that the millions of Internet-connected “smart” devices we use every day are weak, easily hijacked and could be turned against us.

The massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic, shows those ominous predictions are now a reality.

An unknown attacker intermittently knocked many popular websites offline for hours Friday, from Amazon to Twitter and Netflix to Etsy.

How the breach occurred is a cautionary tale of the how the rush to make humdrum devices “smart” while sometimes leaving out crucial security can have major consequences.

Dyn, a provider of Internet management for multiple companies, was hit with a large-scale distributed denial of service attack (DDoS), in which its servers were flooded with millions of fake requests for information, so many that they could no longer respond to real ones and crashed under the weight.

Mirai insinuates itself into household devices without the owner’s knowledge, using them as platforms to send the sever-clogging messages… Read More

Hackers Used New Weapons

Excerpted from NY Times Report by Nicole Perlroth

Major websites were inaccessible to people across wide swaths of the United States on Friday after a company that manages crucial parts of the internet’s infrastructure said it was under attack.

Users reported sporadic problems reaching several websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud, and The New York Times.

The company, Dyn, whose servers monitor and reroute internet traffic, said it began experiencing what security experts called a distributed denial-of-service attack just after 7 a.m.

Reports that many sites were inaccessible started on the East Coast, but spread westward in three waves as the day wore on and into the evening.

And in a troubling development, the attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected – without their owners’ knowledge – with software that allows hackers to command them to flood a target with overwhelming traffic.

A spokeswoman said the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) were looking into the incident… Read More

Report from DCIA CEO Marty Lafferty

Click Here for Video.

Leading into Security of Things World USA this week in San Diego, CA, the DCIA is pleased to announce an extension and expansion of our partnership with the we.CONECT Group for 2017.

Since 2014, we.CONECT has grown to become a leader in private sector information, business-to-business (B2B) digital media, and trade events.

Its customers range from global market leaders to medium-sized enterprises to rising-star new players in Europe, Asia, and the USA.

We.CONECT’s core mission is to deliver high-quality, practice-oriented, timely, relevant, and forward-looking information to help its customers become more effective and successful in their daily work.

Our partnership with we.CONECT will focus on eight events in 2017, doubling our 2016 repertoire: Industry of Things World USA, Delivery of Things World, Security of Things World, Autonomous Systems World, Industry of Things World Asia, Industry of Things World Europe, Delivery of Things World USA, and Security of Things World USA.

For planning purposes, the first of these, Industry of Things World USA, which will provide attendees with a deep business and technical understanding of the industrial internet landscape, will take place on February 20th and 21st at the Hard Rock Hotel in San Diego, CA.

Delivery of Things World will take place April 24th and 25th at Kosmos Cinema in Berlin, Germany; Security of Things World on June 12th and 13th at the Titanic Chausse Hotel, also in Berlin; followed by the co-located Autonomous Systems World on June 14th and 15th,

Industry of Things World Asia will take place on July 3rd and 4th at the Marina Bay Sands in Singapore; and Industry of Things World Europe is scheduled for September 18th and 19th at the Berlin Congress Center.

Finally, Delivery of Things World USA and Security of Things World USA will both return to San Diego during December 2017, where we hope to see you later this week. Share wisely, and take care.

Cloud Computing Remains Secure

Excerpted from Wall St. Journal Report by Jay Greene

Amazon’s top cloud computing executive said that even with last week’s massive internet outages, the web remains the most secure place for companies to run their computing.

“You can’t pass go without it,” Mr. Jassy said during an appearance at The Wall Street Journal’s WSJDLive 2016 Global Technology Conference.

On Friday, attackers unleashed several massive attacks that rendered dozens of popular websites, including Twitter and Netflix, unreachable for parts of the day.

The attackers targeted domain-name-system services of web-technology provider Dynamic Network Services, known as Dyn.

Some customers of Mr. Jassy’s Amazon Web Services weren’t spared, since Dyn is among several providers of DNS services to the company.

Shortly after the attacks began, Amazon shut down its Dyn DNS use and rerouted it to alternative providers, restoring full service. Even so, it illustrated a vulnerability corporate tech managers fear… Read More

Good Cybersecurity Doesn’t Try to Prevent Every Attack

Excerpted from Harvard Business Review Report by Greg Bell

I discuss cybersecurity with hundreds of executives every year.

The biggest mistake I see is companies treating cybersecurity solely as a technology matter for IT departments to solve.

But it’s not. It’s an enterprise-wide opportunity that’s critically important.

If the end game is preventing something bad from happening, companies typically waste time and money on futile attempts to build an impenetrable wall of systems.

Even if it were possible to build a wall that’s 100% secure, it wouldn’t begin to protect the rapidly growing amount of sensitive data that flows outside the firewall through devices and systems beyond the company’s direct control.

It’s far more important to focus on two things: identifying and protecting the company’s strategically important cyber assets and figuring out in advance how to mitigate damage when attacks occur.

We live in a world where more and more products are connected to the internet – not just computers and phones, but home appliances, alarm systems, and garage door openers… Read More

Cloud Computing: Get With It or Get Left Behind

Excerpted from Stuff Report by Tao Lin

Consumer demand means businesses that are not on the cloud risk falling behind.

Kiwi businesses are at a tipping point in terms of cloud usage and those who hesitate could be left behind.

BDO head of advisory Adam Davy said businesses not in the cloud were unlikely to survive as consumers were already demanding everything instantly, on mobile devices and available around the clock.

“It’s that online anywhere, anytime, any device access you need or want for information and transactions, whether it’s to transfer money into the bank, to buy shares in the stock exchange or to change your flights.

The next wave of cloud technology was already here, with some companies already doing away with paper receipts because all the necessary information was available already on the cloud.

Businesses already doing this include Hallensteins and Glassons.

Amazon Web Services Asia Pacific vice president Shane Owenby said Amazon’s cloud computing services can help businesses innovate and grow, while keeping costs low… Read More

Special Issue — Cloud Security and Privacy

Excerpted from MDPI Report by Sye Loong Keoh and Khin Mi Mi Aung

Cloud computing has revolutionized the IT industry and become the core technology to provide continuous access to computational resources, storage and processing.

Many business organizations now have a huge dependency on cloud services for their daily operations, with critical data being stored remotely in the cloud.

However, the convenience brought by cloud services comes with a trade-off: there has been a significant increase in the number of data breaches in the cloud environment.

Hence, security and privacy in cloud environments must be high priorities, in order to protect the integrity and confidentiality of the data.

On the other hand, with the advent of big data analytics, data across different business domains is shared to discover new knowledge and to perform data mining; data privacy is also a serious concern in this field.

The open access journal Algorithms will host a special issue on Security and Privacy in Cloud Computing Environments… Read More

DoD Finalizes Cybersecurity & Cloud Rule

Excerpted from Holland & Knight Report by Mary Beth Bosco

On October 21st, the Department of Defense (DoD) issued a final rule following-up on the interim rules it had issued on August 26th and December 30th 2015, regarding safeguarding contractor networks and purchasing cloud computer services.

The final DoD clauses are DFARS 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls, and DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

While the final rule incorporates some significant changes from the interim rules, the requirement to report cyber incidents within 72 hours of their discovery is retained in the final rule.

DoD also declined to change its position on small businesses, which are not excepted from the rule’s coverage.

See our post on the interim rules: “DoD Grants Contractors a Reprieve: Cybersecurity Compliance is Delayed.”

The final rule does, however, make several important changes from the interim rules:

The final rule changes the definition of “covered defense information” to align it with the definition being used by the National Archives and Records Administration rule promulgated on September 14th (81 FR 63324)… Read More

DoT Vehicle Cybersecurity Guidance

Excerpted from ITS International Report

The US Department of Transportation’s (DoT) National Highway Traffic Safety Administration (NHTSA) is taking a proactive safety approach to protect vehicles from malicious cyberattacks and unauthorized access by releasing proposed guidance for improving motor vehicle cyber security.

The proposed cybersecurity guidance focuses on layered solutions to ensure vehicle systems are designed to take appropriate and safe actions, even when an attack is successful.

The guidance recommends risk-based prioritized identification and protection of critical vehicle controls and consumers’ personal data.

Further, it recommends that companies should consider the full life-cycle of their vehicles and facilitate rapid response and recovery from cybersecurity incidents.

This guidance also highlights the importance of making cybersecurity a top leadership priority for the automotive industry, and suggests that companies should demonstrate it by allocating appropriate and dedicated resources, and enabling seamless and direct communication channels though organizational ranks related to vehicle cybersecurity matters… Read More

FDIC Stalls Cyber-Breach Report

Excerpted from Federal Times Report by Carten Cordell

Following another cyber-breach at the Federal Deposit Insurance Corporation (FDIC), the House Science, Space and Technology Committee wants to know why it’s taking the agency so long to report the system attacks.

In an October 21st letter to FDIC Chairman Martin Gruenberg, Committee Chairman Lamar Smith (R-TX) and Oversight Subcommittee Chairman Barry Loudermilk (R-GA) demanded to know why a breach discovered in August was not reported to the committee until October 19th and had not classified it as a major breach.

“This recent incident, coupled with the agency’s slow-moving response, raises significant concerns about confusion at the FDIC on how to manage cybersecurity incidents, as well as a lack of leadership within the agency on cybersecurity issues,” the letter said.

The latest quarrel over FDIC’s cybersecurity centers on a breach of the agency’s “Search+” tool, a component of its Records and Information Management program.

The agency’s Computer Security Incident Response Team and later the Data Breach Management Team reportedly discovered on August 9th that the tool had given all employees and contractors improper permissions… Read More

Edge & IoT Challenge Centralized Data Centers

Excerpted from Data Center News Report by Sam Worthington

“Internet-connected sensors and devices, coupled with consumer demand to have access to information instantaneously have resulted in an increasing pressure to deliver distributed computing where it is needed.”

That’s according to Robert Linsdell, Managing Director of Emerson Network Power in Australia and New Zealand.

The company, soon to become Vertiv, has recently highlighted the need for converged infrastructures that provide scalable, agile and efficient support to critical networks amid the proliferation of internet-connected devices and edge computing architecture.

“With predictions estimating the number of internet connected devices to reach 4.5 billion by 2020, C-level executives and senior IT managers must invest in the right infrastructure to support this trend,” adds Linsdell.

According to Linsdell, the idea of edge computing is closely tied to the Internet of Things (IoT).

Therefore, by moving computing power away from the core towards the edges of the network, edge computing significantly reduces latency and improves the delivery of digital services to customers in different locations… Read More

Your Network, IoT, Cloud Computing, and the Future

Excerpted from NetworkWorld Report by Andrew Sullivan

My previous series of posts talked about a present problem for anyone deploying on the internet: what do you need to measure when deploying into the cloud and how do you measure cloud performance?

But planning and deployment issues are not restricted to just the immediate-term questions I was tackling there.

Anyone in charge of a network has to think about how that network will evolve.

The next articles in this series will be about the internet of the future and will suggest ways in which the internet seems likely to develop.

One of the astonishing things about the internet is that it is voluntary.

With very little central organization, the internet emerges because it interconnects networks.

And because of network effects, interconnecting different networks makes those networks more valuable, particularly when the network merely provides interconnection for intelligent applications at the edges of the network.

This nature of the internet is what has allowed it to subsume other communications technologies… Read More

We May All Only Use One Computer in the Future

Excerpted from 702 Report by Colin Cullis

I think there is a world market for maybe five computers,” goes the famous quote attributed to IBM Chairman Thomas Watson.

IBM’s most advanced computer bears his name, so it does seem like a crazy prediction.

It is not true. Not only because there is no evidence he ever said it, but because the prediction may have overstated the need by four computers.

Cloud in computing terms got its name from the icon used by IT designers to draw the elements of their networks that connected to the internet or that they did not manage.

It stuck, even though many non-technical types might think it might actually have something to do with real clouds.

Cloud storage uses the more secure, vastly greater size and typically lower cost of storing anything on a remote storage device rather than on your local computer or phone.

If you have a Dropbox account, welcome to cloud storage… Read More

Computational Consistency and Why It Matters

Excerpted from Forbes Report by John Webster

The advance of Big Data analytics and the need for real time results in application environments such as IoT is driving the need for a new approach to storage.

Startups in this space have a particular goal in mind and that is to reduce the latency between the computational layer and the storage layer.

Storage must be persistent but long-term persistence commonly comes at a cost to computational performance that makes the delivery of real time analysis difficult at best.

To overcome this debilitating latency, a new approach is to fuse together the memory spaces within nodes in an analytics cluster to create a contiguous memory space across cluster nodes.

Direct access memory is indeed a fast way to real time results, but doing so isn’t easy.

One of the obstacles to overcome is data consistency across individual memory spaces during computation.

Lack of consistency can lead to erroneous results, data corruption and data loss — the impact of which results in angry customers… Read More

Telefonica’s Big Data Unit for Corporate Customers

Excerpted from Telecom Asia Report

Telefonica has launched LUCA, its new big data services unit, enabling its corporate clients to understand their data and encourage a transparent and responsible use of data.

The offering of the new unit, led by Elena Gil, will have a comprehensive portfolio of services to provide solutions for the big data requirements of Telefonica’s corporate clients.

This catalogue has three main lines of products and services which are supported by a wide range of solutions, some existing, some new and some to be developed within the company or in partnership with third parties.

The business insights area brings the value of anonymous and aggregated data on Telefonica’s networks for a wide range of clients.

This includes existing services, such as Smart Steps, which are focused on mobility analysis solutions for more efficient planning.

For example, to optimize transport networks and tourist management in cities, or in the case of a health emergency… Read More

Coming Events of Interest

Security of Things World USA — November 3rd-4th in San Diego, CA. SoTWUSA has been designed to help you find pragmatic solutions to the most common security threats facing the IoT.

Rethink! Cloudonomic Minds — November 21st-22nd in London, England. R!CM will cover how IoT is impacting cloud strategies and how to take advantage of these two key technology trends.

Government Video Expo — December 6th-8th in Washington, DC. GVE is the East Coast’s largest technology event for broadcast and video professionals, featuring a full exhibit floor, numerous training options, free seminars, keynotes, panel discussions, networking opportunities, and more.

CES 2017 — January 5th-8th in Las Vegas, NV. More than 3,800 exhibiting companies showcasing innovation across 2.4 million net square feet, representing 24 product categories.

Industry of Things World USA — February 20th-21st in San Diego, CA. Global leaders will gather to focus on monetization of the Internet of Things (IoT) in an industrial setting.

fintech:CODE — March 16th-17th in London, UK. A new international knowledge exchange platform bringing together all DevOps, IT, and IoT stakeholders who play an active role in the finance and tech scene. Key topics include software development, technical challenges for DevOps, DevOps security, cloud technologies and SaaS.

Posted in Newsletters