Volume LIV, Issue 10

In This Issue

Social Media Lights Up in Grief and Rage over Paris Attacks

Excerpted from CIO Report by Sharon Gaudin

In times of grief and fear, people from around the world turned to social networks to search for loved ones and to share feelings of support, anger, and sadness.

Within hours of the news on Friday that Paris had been hit with multiple terrorist attacks that killed at least 129 people and injured more than 350, Facebook News Feeds turned into a sea of the colors of the French flag and images of the Eiffel Tower.

Tweets on the social network Twitter were quickly filled with the hashtags #Paris and #PrayForParis.

While eyes were watching the news reports, social media users found comfort, support, and solidarity by using the social networks that they normally turn to when they want to share information about things far more benign — like children’s birthdays, vacations, and favorite restaurants.

Over the weekend, many of those happier posts were replaced with visceral reactions from around the globe.

Users talked not only about their outrage and heartbreak over the attacks but they reflected on times they had visited Paris, posting photos of themselves at landmarks like the Eiffel Tower, and offering prayers and words of support… Read More

Verizon Customers Connect with Friends & Family for Free

Excerpted from Verizon Press Announcement

Verizon and its more than 170,000 employees worldwide have extended their condolences and offered their support to all their friends in France in an exemplary way.

In the wake of the unprecedented Paris attacks, Verizon supported its customers by offering free calling from the United States to France through the weekend to help customers connect with family and friends.

Wireless customers incurred no charges for texts or international long distance calls originating from the US to France starting November 13th and continuing through November 15th.

Home telephone customers could make free calls to France from their US landlines from November 13th through November 15th.

Verizon Wireless operates America’s most reliable wireless network, with 109.5 million retail connections nationwide.

Verizon news releases, executive speeches and biographies, media contacts, and other information are available at Verizon’s Online News Center.

The news releases are available through an RSS feed. To subscribe, please click hereRead More

Online Tools Offered Help in Crisis

Excerpted from NY Times Report by Vindu Goel and Sydney Ember

As the attacks in Paris were still unfolding on Friday night, social media sites lit up as sources for information that went beyond the news.

Facebook activated its Safety Check tool, which allows users in an area affected by a crisis to mark themselves or others as safe.

Facebook created the tool to help in times of crisis, a spokeswoman, Anna Richardson White, said on Saturday, and it has activated it five times in the last year after natural disasters.

But this was the first time it was activated for something like this, she said.

“People turn to Facebook to check on loved ones and get updates, which is why we created Safety Check and why we have activated it for people in Paris,” Ms. White said.

She said she did not have numbers to show how many people had used the tool, and people were still using it on Saturday.

Twitter, at the same time, put its new Moments tool to use, highlighting top news tweets about the attacks… Read More

Report from DCIA CEO Marty Lafferty

Click Here for Video.

The question I’ve been asked most this week is what can we do as industry participants in response to the horrific attacks in Paris and Beirut.

First, each one of us personally can offer our deepest sympathies to the families of those who lost their lives and our prayers for swift recovery to those who were wounded.

Beyond that, there are ways we can contribute time, money, or talent to combat fanatical terrorism now threatening the civilian population everywhere on an unprecedented level.

We are confronting a problem primarily that stems from the deepest sense of despair among a small percentage of disenfranchised young people.

How in a relatively short time can a human being be induced to abandon any other future than one demanding the murder of innocent people and requiring the commission of suicide?

A core question for us, therefore, is what can we do to prevent vulnerability to such radicalization?

We can invest some of our time to advance one of at least two basic goals.

One, to prevent the perversion of tools our industry has created — including encrypted communications, social networking, and mobile cloud applications — for evil purposes.

And two, to advance the virtuous use of these tools including especially those which portray universal values that define our society in positive ways — freedom of expression, tolerance, mutual respect, and compassion.

Likewise, we can contribute money, again to one of at least two causes.

One, to entities and programs committed to attack terror strongholds directly using the full complement of cyber-weaponry, starting with account disruption and denial-of-service.

And two, to organizations and campaigns created to promote the benefits and advantages of participating in civilization rather than destroying it.

And finally, we can dedicate our talent in part to one of at least two missions.

One, to develop new ways to detect in advance patterns of behavior underlying terror plots using such industry capabilities as big data analytics.

And two, to invent new opportunities for young people to receive training and gain employment in our businesses so that they can envision a more hopeful life and a better future for themselves.

If a person can be radicalized in a matter of weeks, why can’t we come up with ways he or she can be turned around just as proficiently?

Join us by dedicating a portion of your time, money, or talent to this most important effort, and do so with unwavering determination.

Share wisely, and take care.

Calls Grow for Government Back Doors to Encryption

Excerpted from CNBC Report by Anita Balakrishnan

The deadly terror attacks in Paris and Beirut have stirred up political tensions in an unlikely locale: Silicon Valley.

Terrorists may have taken advantage of encrypted messaging services to avoid surveillance, reports said, raising the stakes on an already tenuous issue between lawmakers and technologists.

Technology companies largely oppose creating government “back doors” in their end-to-end encryption, while regulators and law enforcement have pushed for power to monitor communications systems for potential threats to national security.

Just like 9/11 and whistleblower Edward Snowden shifted the debate over balancing individual liberty versus national security, experts are now wondering if Friday’s attacks will alter the balance again, forcing tech companies to re-examine the widespread attachment to end-to-end message encryption.

“Our sensibilities and souls should have been jarred once again,” CIA Director John Brennan said of the attacks Monday.

Brennan joined other policymakers in condemning new limits in the US and other countries on intelligence gathering amid privacy and civil liberties concerns.

Terrorists could be using Sony’s PlayStation 4 to send messages, for example, because decryption is very difficult… Read More

CIA Director Rekindles Debate over Surveillance

Excerpted from NY Times Report by Scott Shane

John O. Brennan, the CIA Director, said that the attacks in Paris showed a sophisticated operation and that surveillance internationally had become challenging.

A diabolical range of recent attacks claimed by the Islamic State — a Russian airliner blown up in Egypt, a double suicide bombing in Beirut and Friday’s ghastly assaults on Paris — has rekindled a debate over the proper limits of government surveillance in an age of terrorist mayhem.

On Monday, in unusually raw language, John Brennan, the CIA Director, denounced what he called “hand-wringing” over intrusive government spying and said leaks about intelligence programs had made it harder to identify the “murderous sociopaths” of the Islamic State.

Mr. Brennan appeared to be speaking mainly of the disclosures since 2013 of the National Security Agency’s mass surveillance of phone and Internet communications by Edward J. Snowden, which prompted sharp criticism, lawsuits and new restrictions on electronic spying in the United States and in Europe.

In the wake of the 129 deaths in Paris, Mr. Brennan and other officials sounded eager to reopen a clamorous argument over surveillance… Read More

Encrypted Messaging Apps Face New Scrutiny

Excerpted from NY Times Report by David Sanger and Nicole Perlroth

American and French officials say there is still no definitive evidence to back-up their presumption that the terrorists who massacred 129 people in Paris used new, difficult-to-crack encryption technologies to organize the plot.

But in interviews, Obama administration officials say the Islamic State has used a range of encryption technologies over the past year and a half, many of which defy cracking by the National Security Agency (NSA).

Other encryption technologies, the officials hint, are less secure than terrorist and criminal groups may believe, and clearly they want to keep those adversaries guessing which ones the NSA has pierced.

Some of the most powerful technologies are free, easily available encryption apps with names like Signal, Wickr, and Telegram, which encode mobile messages from cellphones.

Islamic State militants used Telegram two weeks ago to claim responsibility for the crash of the Russian jet in the Sinai Peninsula that killed 224 people, and used it again last week, in Arabic, English, and French, to broadcast responsibility for the Paris carnage.

It is not yet clear whether they also used Telegram’s secret-messaging service to encrypt their private conversations… Read More

False Report Points to PlayStation 4 in Paris Attacks

Excerpted from Variety Report by Jacob Bryant

Sony’s PlayStation 4 was falsely reported as a tool used by the terrorists who planned the Paris attacks.

The claim, which was reported by a Forbes reporter and picked-up by widely by other press outlets, pointed to a conference at which Belgian federal interior minister Jan Jambon spoke of ISIS’s preference for using the console for communication.

Outlets picked-up that statement and ran with it, along the way adding that a console was found at the attacker’s apartment.

The problem was that Jambon’s interview happened three days before the attacks and was in reference to Belgium’s security weaknesses in a broad sense.

And the news of the PS4 being found in an attacker’s apartment?

It was an editing error, according to the Forbes reporter who admitted to gaming publication Kotaku that his story was wrong.

While it turned out to be false, there have been cases in the past where games and gaming hardware have been used by terrorists… Read More

Anonymous Declares Cyber-War on ISIS

Excerpted from Fortune Report by Don Reisinger

After claiming responsibility for the Paris terrorist attacks last week, ISIS has a new foe.

Hacker collective Anonymous posted a video Saturday on YouTube in which it declared a cyber war on ISIS.

In the nearly two-and-a-half-minute video, a person wearing the group’s signature Guy Fawkes mask read a statement in French promising that the hacktivist organization would attack ISIS in cyberspace with the ultimate goal of weakening the terrorist organization.

“Expect massive cyber-attacks,” the person said.

“War is declared. Get prepared. Anonymous from all over the world will hunt you down.”

“You should know that we will find you and we will not let you go.”

ISIS has claimed responsibility for the horrific attacks that killed nearly 140 people and left hundreds more injured on Friday.

The attacks prompted the French government to go on the offensive against the group… Read More

ISIS Plans Cyber-Attacks against Critical Infrastructure

Excerpted from International Business Times Report by David Gilbert

The UK government is worried that Islamic State hackers will target the country’s critical national infrastructure, including hospitals, airlines, and even nuclear power stations, and it will announce on Tuesday an investment in cybersecurity of 1.9 billion pounds over the next five years to combat their efforts.

The world is still coming to terms with the fallout from the unprecedented attack by the extremist group — known also as ISIS, ISIL and Daesh — on Friday which has left at least 129 people dead and dozens more fighting for their lives in Paris.

In a widely distributed speech to be delivered Tuesday at the Government Communications Headquarters (GCHQ) — the UK’s equivalent to the NSA — in Cheltenham, Chancellor George Osborne will say the potential impact of a cyber-attack by ISIS “could be measured not just in terms of economic damage but of lives lost.”

ISIS has used the Internet, and social media in particular, as a highly effective way of spreading propaganda but to date its hacking efforts have been ineffectual and unsophisticated.

While ISIS likes to proclaim that its Cyber Caliphate — and other similar pro-ISIS hacking groups — are waging cyber-war on the west, the truth is that, to date, it has had very limited success… Read More

Homeland Security Won’t Wait on Cybersecurity

Excerpted from Washington Examiner Report by Charlie Mitchell

Congress still might get around to completing action this year on cybersecurity information-sharing legislation, but in the meantime the private sector and even the ponderous Department of Homeland Security (DHS) are pressing ahead with their own initiatives.

Spies, thieves, and terrorists in cyberspace leave behind telltale “indicators” of their activities.

Cybersecurity experts envision a future in which information on threats is shared at “machine speed,” or in real time, allowing rapid responses that minimize the impact of attacks.

Sharing information manually “takes hours, if you’re lucky,” William Nelson, the President and CEO of the Financial Services Information Sharing and Analysis Center, said last week at an event sponsored by law firm Arent Fox.

Nelson’s group has collaborated with DHS on a project that brings that down to seconds.

Under this new process, “Our worst case is 10 minutes. One second is our best case.”

Homeland Security’s Gregory Touhill, a retired Air Force brigadier general, said the goal is to get it down to milliseconds… Read More

National Security versus Civil Liberties

Excerpted from Washington Outsider Report

The Paris Terrorist Attacks have once again galvanized the West against the Islamic State and the threat of globalized terrorism.

Unlike in the aftermath of the 9/11 terrorist attacks, the rhetoric recognizes the need to balance national security interests with civil liberties.

The problem is that people do not seem to understand what this means while we are still lacking the basic conversation needed to determine what balance might look like. Balance is needed, so we do not solve one problem by creating even more problems.

For civil liberties advocates, balance means preventing national security overreach by establishing boundaries.

For national security advocates, balance tends to mean removing barriers for investigators.

Unfortunately, a superficial understanding of balance allows advocates to disarm valid criticism by simply saying there is a need to for balance without taking any meaningful steps to find an actual balance.

The world must always remember that the imminent threat of globalized terrorism is not the only national security concern… Read More

Lawmakers Demand US Military Simulate Cyber-War

Excerpted from Defense One Report by Aliya Sternstein

It’s 2020 and Russian forces are seizing the Arctic, partly by hacking the FedEx networks that handle shipping orders for US troops.

Not a far cry from reality, if one’s been following Defense Department warnings that cyberspace will be a part of any future war.

And apparently, some US lawmakers want to project more power in the newest military domain.

In an unprecedented move, Congress just ordered US Cyber Command to carry out simulated “war games” against, specifically, Russia, along with China, Iran, and North Korea.

The drills are expected to run uniformed service members, civilians and contractors through the motions of staving off a cyber assault the likes of which each nation state will be equipped for — five to 10 years from now.

The Joint Chiefs of Staff will “conduct a series of war games” to gauge the “strategy, assumptions, and capabilities of the United States Cyber Command to prevent large-scale cyber-attacks, by foreign powers with cyber-attack capabilities comparable to the capabilities that China, Iran, North Korea, and Russia are expected to achieve in the years 2020 and 2025… Read More

Nadella Makes New Security Push with Cyber-War-Room

Excerpted from Wall Street Journal Report by Angus Loten

The cloud and mobile devices are forcing businesses to adopt a constant “operational security posture” aimed at protecting them from relentless online attacks, Microsoft CEO Satya Nadella said Tuesday.

“It’s a perimeter-less world, it’s a world that is constantly evolving, it’s dynamic, and you’re under constant attack.”

“That’s the environment that we have to deal with,” he said.

Speaking at the company’s government cloud conference in Washington, DC, Nadella laid out Microsoft’s plans to better defend businesses from phishing, malware and other online threats.

Nadella added that 2015 has been a “tough year” for cybersecurity.

At the center of Microsoft’s new security effort is the Cyber Defense Operations Center, a war room-like facility located at the company’s Redmond, WA headquarters staffed with security response experts trained to “protect, detect and respond to threats in real-time,” according to a post Tuesday on Microsoft’s official blog.

The center will be connected to a global network of “thousands” of security professionals, data analysts, engineers, developers… Read More

Will Big Data Lead to Big Brother?

Excerpted from BBC Report by Gordon Corera

Many countries are in the throes of a debate about the amount of surveillance a government should be allowed to carry out on its own people.

But in other countries, where there are few, if any, checks on the state’s powers, a potential dictatorship of data is already on the horizon.

The gray, drab former headquarters of the Stasi – East Germany’s Security Service – is famous for its miles of paper files.

Those files recorded the detailed information kept on the citizens of the former Communist state, drawn from a wealth of human informers and bugging devices.

Parts of the former office complex are now a museum open to the public, but in one corridor normally closed to the public there is a jumble of dated-looking equipment – a primitive computer looking more like a spin-dryer for clothes and old magnetic discs the size of a football, which held a fraction of what you can now fit on a USB stick.

This is all that remains of the Stasi’s dreams of what computers could do for them.

“I think they realized early on that without using technology their ambition of total surveillance could not be achieved… Read More

You Are Responsible and Accountable for Security

Excerpted from SecureSpeak Report by James LaPalme

It’s all about the data.

I have been involved in cloud computing since 1999 (although we called it multi-tenant hosting & ASP — application service provider) and for sixteen years security has consistently been the #1 concern when organizations are asked about their adoption of cloud models.

The concern does not reside with the use of a storage array they have no access to or the utilization of a virtual machine cluster in some unknown data center, it’s all about the data and sensitive information.

More so, it’s about the loss of control over this data that is the real concern.

Security is still your responsibility and you are accountable.

Transferring of existing or legacy control and security models to the cloud is not a complete strategy.

One size does NOT fit all — shared responsibility models vary from cloud provider to cloud provider and between cloud model utilized (example — IaaS or EFSS varies significantly from SaaS or DaaS)… Read More

Coming Events of Interest

Cloud Asia Forum — November 24th-25th in Hong Kong. Now in its sixth year, this major highlight of the Cloud World Series sponsored by Informa Telecoms & Media is the most comprehensive cloud computing event in Asia.

Government Video Expo — December 1st-3rd in Washington, DC. Sponsored by NewBay Media, GVE 2015 will be the East Coast’s largest technology event designed for video, broadcast, and audio-video professionals.

Internet of Things World Forum (IoTWF) — December 6th-8th in Dubai. IoTWF is an exclusive event that brings together the best and brightest thinkers, practitioners, and innovators from business, government, and academia to accelerate the market adoption of the Internet of Things.

CES — January 6th-9th in Las Vegas, NV. The world’s gathering place for all who thrive on the business of consumer technologies. CES has served as the proving ground for innovators and breakthrough technologies for more than 40 years.

ADRM Working Group Meeting — January 28th via Global Videoconference. Contact the DCIA for information about joining the group and attending the meeting that will focus on interoperability among DRM platforms and simplifying DRM implementation.

Industry of Things World USA — February 25th-26th in San Diego, CA. A new international information exchange forum featuring four concurrent tracks covering business model generation, technology and infrastructure, data management, and security.

Delivery of Things World — April 25th-26th in Berlin, Germany. DevOps specialists, continuous development strategists, architect newbies, development geeks, and cloud geniuses from across the spectrum of DevOps transformation come together at this stimulating and innovative event.

Cloud and DevOps World Forum 2016 — June 21st-22nd in London, England. Now in its eighth year, C&DWF is firmly established as the leading content-led exhibition for the European Cloud and DevOps community and the premiere meeting place for CIOs.

Security of Things World — June 27th-28th in Berlin, Germany. Topics include securing cyber physical systems for IoT, expanding IT security with intelligence-led ops, business continuity management considerations, data privacy in an interconnected world, and security strategies.

Industry of Things World Europe — September 19th-20th in Berlin, Germany. IoT business models, new IoT markets and strategies, product lifecycle management, next generation data handling and value assessment, IoT organizational impacts, and IoT security issues.

Posted in Newsletters