In This Issue
- Banner Year for Cloud
- DVR for FiOS Mobile
- NetApp Hybrid Cloud
- Report from the CEO
- Pan-EU Cybersecurity
- Congress Cyber Bill
- WDC & Cybersecurity
- CFTC’s Tighter Rules
- Polymorphic Attacks
- IoT & Data Security
- Sen Ch: Encryption?
- NSA’s Hackers Hunt
- Oppose the RROTA
- Front Lines: Defense?
- FAA Drone Registry
- Cognitive Computing
- Coming DCIA Events
The cloud turned out to be the platform on which the most interesting enterprise tech was built this year.
Why not? After all, cloud is the new hardware — it makes sense that the most advanced tech would capitalize on the most advanced infrastructure.
We also saw some dramatic shifts among the major cloud players.
Without question, 2015 was a year to remember. Let’s have a look at the most significant developments:
Those are some awfully round numbers, but hey, they’re the best we have.
As InfoWorld’s Andrew Oliver says, “‘Cloud’ generally means Amazon Web Services. Real dominance is when the people assume by default.”
Cloud became the machine learning platform of choice. Many want the benefits of machine learning for their applications… Read More
Hitting a self-imposed deadline to have it rolled out to all FiOS TV subs by mid-December, Verizon said it has completed an update to its FiOS Mobile App for iOS and Android devices that lets customers access DVR-recorded shows and movies while they’re away from home.
Per Verizon, customers with both FiOS Quantum TV service and FiOS Internet service can stream “nearly all” of their DVR-recorded shows from outside the home anywhere they have a broadband connection.
Additionally, the new software update lets FiOS customers watch their full live TV lineup via the app when they are connected to the home network — something that
Comcast currently provides to X1 subs via its Xfinity TV app for smartphones and tablets and Web browsers.
Comcast also offers a cloud DVR that provides out-of-home streaming access to recorded shows and a download option.
Cablevision Systems’ network DVR is currently limited to the set-top box.
Verizon enables subs to record up to 12 shows at once by combining the functions of two six-tuner Arris-made Verizon Media Servers… Read More
Flash and hybrid-cloud plays are the main areas of investment for computer storage and data management company, NetApp.
According to the company’s Australia / New Zealand Channel Manager, Neville James, these technology areas present many opportunities for the channel and will be what the company looks to in 2016.
James indicated 2016 and beyond is about data in motion but the company will not be building clouds or competing with its partners on services.
“Unlike most of our competitors, we’ve stuck through on this. We see our channel partners as best placed to be the builder of clouds. So we have no desire and no plans whatsoever to build clouds and end up as quasi-competitors to them,” he said.
“And hardware sales doesn’t create much revenue — that was the world 10 years ago. So services is where our partners make money and we have to stand back and let our partners be providers of services for healthy margins.”
According to James, historically, the storage industry has been quite heavily skewed towards reducing cost… Read More
The DCIA this week underscores our support for HR 3869 – The State and Local Cyber Protection Act of 2015.
The bill was introduced in the US House of Representatives by Freshman Congressman Will Hurd (R-TX), who previously served as a CIA agent.
The legislation, which passed by a voice vote on December 10th, requires the Department of Homeland Security (DHS) to open the National Cybersecurity and Communications Integration Center (NCCIC) to state and local governments that request assistance, either in shoring up cybersecurity or helping to investigate specific incidents.
The Center also would be responsible for providing cybersecurity training to state and local analysts upon request.
We laud this measure because it adds several requirements to the Homeland Security Act, which established NHS in 2002, and effectively broadens its scope to include other government entities.
Importantly, the bill does not mandate the use of federal resources for state and local partners, but rather makes such assistance voluntary and upon request.
State and local governments store sensitive data about their constituents, but often lack the technical capabilities to adequately protect it from cyber-attacks.
Upon request, this bill would support identifying system vulnerabilities and provide information security protection that would address unauthorized access to files hosted by state or local governments or their contractors.
It will provide a new web portal for posting updated resources and guidelines related to information security.
It will coordinate through national associations the implementation of data security tools to ensure the resiliency of state and local information systems.
It will offer training on cybersecurity, privacy, and civil liberties.
It will provide requested assistance to deploy technology to continuously diagnose and mitigate cyber-threats and conduct vulnerability assessments.
It will ensure that state and local governments are aware of DHS resources to protect the security of federal civilian information systems.
And it will authorize vulnerability disclosures under standards developed by the National Institute of Standards and Technology (NIST).
The bill now moves on to the Senate, and we urge you to contact your Senators to request swift passage. Share wisely, and take care.
Legislators have agreed on the basis and principles upon which to fashion the European Union’s (EU) first cybersecurity law: the Network and Information Security Directive (NISP).
Remarkably, the accord came following a mere five-hour-long discussion between the European Parliament and the individual governments of the 28 member states of the EU – a rare event indeed and evidence of genuine political accord and just how seriously the EU now takes the ever-increasing threats and incidences of cyber-attacks and the resultant breaches of security and privacy and bringing down of vital commercial and governmental networks and Internet sites.
One of the central tenets of the new law is that ISPs such as Amazon. eBay, and Google will be legally bound to report all ‘serious breaches’ of their networks to the national governments of the EU member states and systems or face serious sanctions.
However, social networking sites such as Facebook and Yahoo will not be subject to the same requirements or penalties.
Andus Ansip, the former Prime Minister of Estonia, is now at the European Commission (EC) overseeing the development of Europe’s Digital Single Market with the remit to make Europe a world leader in ICT and to fight cybercrime… Read More
Congress is on the precipice of passing a major cyber security bill that has been years in the marking.
Lawmakers have been scrambling to merge three cyber bills that all encourage businesses to share more data on hackers with the government.
A series of round-the-clock negotiations produced a near-final text that is being reviewed by both House leadership and the White House.
House Intelligence Committee ranking member Adam Schiff (D-CA), who co-sponsored one of the bills, told The Hill on Thursday that a final deal could be reached at any point.
“We’re very close on it,” he said.
Unofficial discussions have been taking place since the Senate passed its Intelligence Committee-originated bill in October, and six months after the House passed two complementary bills: one from the Intelligence panel, another from Homeland Security.
Congress has been looking to pass some iteration of a cyber info-sharing bill for more than three years… Read More
Everywhere I go these days, people are talking about cybersecurity and its ability to drive economic growth in the greater Washington region.
While they agree on its potential, they often seem to disagree on how we are doing on taking advantage of this opportunity.
If you listen closely, some will say that our region is poised to, or has already become, the “Silicon Valley of cybersecurity.”
Others say, “This region has all the attributes, if only we did X” and that until X occurs our region is doomed to have second-class status as a technology innovation community.
Some cybersecurity start-ups lament that they need to look elsewhere for product and software development skills and yet others say we have an abundance of cybersecurity talent in the region.
Why is this picture so confusing, and what is the truth? How are we actually doing?
A big part of the answer is the nature of the software industry itself. It is maturing; very little software now is truly new.
The industry’s tools are commoditizing, and the value is in novelty in how tools are used… Read More
Cybersecurity has been in the focus of US financial regulators over the past several months.
In October this year, the National Futures Association (NFA) unveiled new cybersecurity rules for its members, including Forex brokers, and in November, the New York State Department of Financial Services (NYDFS) sent an official letter to Financial and Banking Information Infrastructure Committee (FBIIC) members, demanding enhancement of cybersecurity defenses within the financial sector.
Today brought one more piece of news in this respect, as the US Commodity Futures Trading Commission (CFTC) has voted unanimously to approve two proposals for amendments to existing regulations regarding cybersecurity testing and safeguards for the automated systems used by critical infrastructures it regulates.
The two proposals oblige all derivatives clearing organizations, designated contract markets, swap execution facilities, and swap data repositories to conduct five types of cybersecurity testing, with the frequency of these testing to be determined by appropriate risk analysis.
The five types of cybersecurity testing are: vulnerability testing, penetration testing, controls testing, security incident response plan testing… Read More
The growth of polymorphic attacks, which change over time or use one kind of attack to mask another, is forcing the telecom industry to reshape its view of cyber security to be broader in scope and based more on network intelligence and behavior patterns.
The move away from traditional solutions such as firewalls and signature-based detection is one part of the strategic shift among managed security services providers and their vendors.
The shift is an to attempt to try to keep up with innovation by the bad guys, who are constantly looking for new exploits.
In this first of three articles on evolving network security strategies, we’ll look at the threats themselves and how they are changing, according to experts on the front lines of protection.
One definite trend is the growth in polymorphic attacks, which either combine a so-called volumetric attack involving high volumes of traffic such as distributed denial of service (DDoS) attacks with a data breach, or morph over time from one type of attack to another.
For example, a DDoS can be used to distract attention away from another type of data breach… Read More
Internet of Things this, Internet of Things (IoT) that — it’s all anyone can talk about these days.
And rightfully so, when you consider the development and adoption of IoT products are driven by multiple factors, including an increase in broadband penetration worldwide, the development of wireless communication technologies, advances in ‘smart’ device capabilities and an increased demand for personalized, omnichannel customer experiences.
But transitioning to an IoT-dominated world is a delicate balancing act.
On the one hand, you have businesses benefiting in many ways.
For instance, connected devices allow them to better understand their customers’ needs and preferences by analyzing their behavioral patterns.
For consumers, on the other hand, it’s all about personalization, personalization, personalization — getting from point A to point B faster than ever before — in a more relevant and personal way.
Furthermore, most conversations around data protection solely focus on elaborate hacks… Read More
The Senate’s top homeland security lawmaker is pressing the Department of Justice (DoJ) to turn over any evidence that the San Bernardino, CA shooters used encryption to cover up their plans.
Senate Homeland Security Committee Chairman Ron Johnson (R-WI) on Friday opened an investigation into the incident with a fact-finding letter to Attorney General Loretta Lynch. The letter was released late Monday.
In the memo, Johnson poses 15 questions about how the suspected shooters — Syed Rizwan Farook and his wife Tashfeen Malik — came to be radicalized, what US authorities knew about the pair and how they acquired the guns used in the assault.
One of the questions directly addresses encrypted messages, a hot topic in the wake of the terror attacks in both Paris and San Bernardino.
“Please provide any evidence of encrypted communication retrieved from the electronic devices of Mr. Farook and Ms. Malik that may have masked specific plans and logistics regarding the December 2, 2015 attack,” the letter reads.
Several top intelligence and homeland security leaders on Capitol Hill believe it is likely encryption was employed… Read More
The government is losing ground in the effort to hire critical cyber talent—but our most secretive agency isn’t doing too badly.
When America’s premier federal security recruiters go fishing for new technical talent, they have plenty of lures to dangle.
There’s the patriotic mission; the promise of a government salary; the thrill of working under the hood on the country’s classified cyber-mechanics.
And then there’s the pile of free purple and orange pens.
At a recent job fair in this city’s cavernous convention center, the National Security Agency (NSA) set up an eight-foot-long folding table and covered it with a black cloth and assorted pieces of schwag, trying to rope in coders and tech experts.
“Push the limits of innovation,” read one of its posters. Brochures touted a mission producing results “that you might see on the nightly news,” like disrupting a terrorist attack, catching international drug traffickers, or preventing a crippling cyber-attack.
“We’re not as secret as everyone thinks,” said a woman working at the NSA table as she answered questions from the job hunters… Read More
We the undersigned human rights and civil liberties organizations and trade associations write to convey our significant concerns with the Requiring Reporting of Online Terrorist Activity Act (S. 2372).
The RROTA Act would require all providers of Internet communications services to report to government authorities when they obtain “actual knowledge” of apparent “terrorist activity” on their services — a broad term that could encompass both speech and conduct.
We sent a version of this letter on 4 August 2015 when this proposal took the form of a provision in the draft Intelligence Authorization Act of Fiscal Year 2016 (S. 1705).
Unfortunately, the RROTA Act would create strong incentives for providers to over-report on the activity and communications of their users, in order to avoid violating the law.
This proposal risks bringing wholly innocent people under the scrutiny of the US government in a procedure that includes no limits on the use of the reported information and no safeguards against abuse.
Such a reporting requirement would create a chilling effect on constitutionally protected speech… Read More
“We’ve been hacked.”
More than one company — in fact, more than one government — awoke to the reality of this unsettling statement in 2015.
Reports about hacks into accounts at eBay, Sony Pictures Entertainment, and the Central Intelligence Agency (CIA) may have been among the most publicized incidents, but weren’t the only serious breaches recorded.
If time has proven anything, it’s that cyber-related exposures are not diminishing, nor are they being stopped by security measures.
All indications are that data breaches and other cyber-related exposures are on the rise, and the situation may become worse before it gets better.
According to the Identity Theft Resource Center, there have been more than 620 data breaches in the United States in 2015, resulting in 176 million records being exposed (as recorded through October).
Some of the largest data breaches on record have occurred within the past year… Read More
The Federal Aviation Administration (FAA) on Monday announced new rules that will require nearly all owners of remote-controlled recreational drones to register the machines in a national database, an attempt by the agency to address safety fears.
Federal officials have rushed to issue new rules on drones before the holidays, when an estimated 700,000 new drones are expected to be bought. Drone owners will be required to submit their names, home addresses and email addresses to the FAA, disclosures meant to encourage users to be more responsible, officials said.
“Unmanned aircraft enthusiast are aviators, and with that title comes a great deal of responsibility,” Anthony Foxx, the secretary of the Transportation Department, said in a conference call. “Registration gives us an opportunity to work with these users to operate their unmanned aircraft safely.”
The federal rules are the first of their kind for users of recreational drones, also known as unmanned aircraft systems. The prices for the machines have fallen sharply in recent years, making them popular tools for aerial photography and videography, among other uses.
In recent months, though, drones have been flown more frequently over parks, sports stadiums and backyards… Read More
If Munich aspires to becoming the European capital of Internet of Things (IoT) — a nd I’m sure it does — its claim just got a lot stronger.
IBM has anointed the Bavarian city as the global headquarters for its ‘Watson Internet of Things’ unit and announced that it will also serve as the the first in a series of ‘Watson Innovation Centers’ around the world. And it joins many other IoT companies in Munich, including Intel.
The Munich campus environment, says IBM, will bring together 1000 IBM developers, consultants, researchers and designers to drive deeper engagement with clients and partners and will also serve as an innovation lab for data scientists, engineers and programmers building a new class of connected solution at the intersection of cognitive computing and the IoT… phew!
The effort is an important staging post for IBM’s IoT strategy, first outlined early this year with an announcement that company was going to channel $3 billion into an IoT unit over the coming years – and here’s an important part of it.
The IBM mission is to supervise and enable the analytics piece… Read More
CES — January 6th-9th in Las Vegas, NV. The world’s gathering place for all who thrive on the business of consumer technologies. CES has served as the proving ground for innovators and breakthrough technologies for more than 40 years.
ADRM Working Group Meeting — January 28th via Global Videoconference. Contact the DCIA for information about joining the group and attending the meeting that will focus on interoperability among DRM platforms and simplifying DRM implementation.
Industry of Things World USA — February 25th-26th in San Diego, CA. A new international information exchange forum featuring four concurrent tracks covering business model generation, technology and infrastructure, data management, and security.
Delivery of Things World — April 25th-26th in Berlin, Germany. DevOps specialists, continuous development strategists, architect newbies, development geeks, and cloud geniuses from across the spectrum of DevOps transformation come together at this stimulating and innovative event.
DataCloud Europe 2016 — June 8th-9th in Monte Carlo, Monaco. The 2016 conference will focus on cloud computing advances and changes in data management, with a stellar line-up of speakers including global infrastructure leaders and subject matter experts.
Cloud and DevOps World Forum 2016 — June 21st-22nd in London, England. Now in its eighth year, C&DWF is firmly established as the leading content-led exhibition for the European Cloud and DevOps community and the premiere meeting place for CIOs.
Security of Things World — June 27th-28th in Berlin, Germany. Topics include securing cyber physical systems for IoT, expanding IT security with intelligence-led ops, business continuity management considerations, data privacy in an interconnected world, and security strategies.
Industry of Things World Europe — September 19th-20th in Berlin, Germany. IoT business models, new IoT markets and strategies, product lifecycle management, next generation data handling and value assessment, IoT organizational impacts, and IoT security issues.