Volume LX, Issue 7

In This Issue

Congress: Cybersecurity Aids for SMBs

Excerpted from the Financial Advisor Report by Ted Knutson

New cybersecurity aids for small business (SMBs) have been posted online this week by the House Small Business Committee.

The help, bit.ly/2n3rIzL, comes in the wake of a Committee hearing Wednesday that sounded the alarm about cyber-dangers small businesses face.

Nearly 60 percent of small companies go out of business following a hack and 71 percent of all cyber assaults occur at businesses with under 100 workers, the Committee emphasized.

The cybersecurity small business aids are divided into three parts.

In a section on data breach response, the Committee gives guidance from the Federal Trade Commission (FTC) on what steps a small business should take and who it should contact when hackers have stolen personal IDs and other information online.

For small vendors of Web-connected non-computer devices from light bulbs to lighting systems (the so-called “Internet of Things”), the Committee offers six pages of many time-proven tactics they can do to protect themselves and customers… Read More

AT&T and Akamai Renew Alliance

Excerpted from Fierce Telecom Report by Sean Buckley

AT&T has renewed its global alliance with Akamai through 2019, enhancing its cloud service lineup with additional media delivery and web security services for business customers.

By renewing this alliance, AT&T’s global business customers will continue to get access to Akamai services as part of a broader portfolio of cloud and network solutions.

“The use of AT&T IP networks and AT&T Security Services along with Akamai CDN and related web security services is a powerful one,” said Mo Katibeh, SVP of AT&T advanced solutions.

“Collectively, they form the underpinnings of the secure infrastructure that can help enterprises thrive in today’s massively connected and distributed world.”

Additionally, Akamai is expanding its global server footprint located at the edge of AT&T’s IP network.

Akamai says the expansion of the server footprint can help deliver higher-quality experiences to AT&T customers through more efficient content routing and improved delivery of digital content, video and Web applications… Read More

Boston Wins Amazon’s “City on a Cloud”

Excerpted from SAT PR News Report

Recognizing the City of Boston’s innovative approach to utilizing transportation data, Boston has won Amazon Web Services’ 2016 City on a Cloud Challenge.

The Amazon Web Services (AWS) awards highlight how government agencies and their partners are embracing innovation.

Boston was a winner in the “Dream Big” category, and will receive $50,000 in AWS credits to upgrade the City’s data processing and analysis capabilities for future projects.

“This win is a confirmation that the City of Boston is a national leader in innovation and data,” said Jascha Franklin-Hodge, the City’s Chief Information Officer.

“This award will allow Boston to continue its work on compiling transportation data at no cost to the City, taking advantage of the generous award stipend the City has received from Amazon Web Services.”

“The Boston Transportation Department is working hard to improve the reliability, accessibility and safety of our transportation network,” said Gina N. Fiandaca, Commissioner of the Boston Transportation Department… Read More

Report from DCIA CEO Marty Lafferty

Click Here for Video.

Following up on last week’s report, the Trump administration confirmed this week that it will require federal agencies to abide by the National Institute of Standards and Technology (NIST) cybersecurity framework and, on a timely basis, report back on their implementation of its recommendations.

Trump’s larger priorities on cybersecurity include controlling and protecting federal networks and their data, safeguarding critical infrastructure, and securing the nation generally from cyber-threats; and his shorter term goals include curtailing botnets and fostering private sector participation in cyber-initiatives – regardless of politics.

The administration has now reviewed fifteen current reports on cybersecurity – including those of the Commission on Enhancing National Cybersecurity and CSIS Cyber Policy Task Force — and 175 recommendations.

Homeland security and counterterrorism advisor Tom Bossert spoke about fine-tuning the pending executive order on cybersecurity Wednesday at the Center for Strategic and International Studies’ Cyber Disrupt Summit.

The White House will develop internal metrics to privately assess and rank NIST framework compliance by individual departments, and is also initiating a larger effort to treat the entire federal network as one entity and safeguard it from cyberattacks.

The cabinet will soon determine how to complete a cyber-deterrence policy as well, including how to share information with allies and deter adversaries.

But most encouraging to the DCIA, was Bossert’s confirmation that the new administration will focus on modernizing government IT infrastructure and ensuring that agencies are properly resourced to efficiently tackle cybersecurity.

“Federal networks can no longer sustain themselves,” said Bossert. “We cannot tolerate indefensible, antiquated technology, hardware and software. Modernization is absolutely critical.”

The administration will boost cybersecurity funding in its forthcoming budget, although Bossert cautioned that the budget will not reflect an “overnight modernization.”

He said the government must ultimately develop a structural funding mechanism to address IT needs at a federal enterprise level as opposed to individual agency processes.

“That’s not a call for more money, it’s a call for efficiency,” he said.

It is a call that the DCIA strongly supports. Share wisely, and take care.

Trump Budget: $1.5 Billion for Cybersecurity

Excerpted from The Hill Report by Morgan Chalfant

President Trump’s first federal budget blueprint proposes $1.5 billion for the Department of Homeland Security (DHS) to protect federal networks and critical infrastructure from cyberattacks.

The budget request, which bolsters DHS funding by 6.8 percent while making deep cuts to other agencies and departments, also calls for heightened cooperation between the government and the private sector on cybersecurity.

The proposed budget “safeguards cyberspace with $1.5 billion for DHS activities that protect federal networks and critical infrastructure from an attack,” according to the blueprint, which was publicly released Thursday morning.

The request was crafted by Office of Management and Budget (OMB) Director Mick Mulvaney, who told reporters on Wednesday that the budget was based off of Trump’s promises on the campaign trail.

“Through a suite of advanced cybersecurity tools and more assertive defense of government networks, DHS would share more cybersecurity incident information with other federal agencies and the private sector, leading to faster response to cybersecurity attacks directed at federal networks and critical infrastructure,” the blueprint states.

Trump has said repeatedly that he aims to make cybersecurity a priority in his administration… Read More

Challenges for Cybersecurity Advisor

Excerpted from Forbes Report by Tony Bradley

It appears that President Trump is poised to select Rob Joyce, currently chief of the National Security Agency’s secretive Tailored Access Operations (TAO), as his cybersecurity czar.

If Joyce assumes that role, he will have some daunting challenges ahead.

There are multiple issues to consider with Joyce in that role. Since Edward Snowden pulled back the curtain and revealed some of the insidious inner-workings and questionable ethics of the NSA, there has been lingering concerns over privacy and trust between that organization and private industry and citizens.

Coming from a group that is considered mysterious even within the NSA itself makes Joyce more or less the poster child for that distrust.

“Throughout his presidential campaign, Trump made it clear he was no friend to industry or individual privacy rights.”

“Trump’s appointment of Joyce can go one of two ways,” suggests Ajay Arora, CEO of Vera.

“He can be used as a weapon for good or for evil. Bringing the chief hacker of the NSA into the White House is pretty scary”… Read More

Cyberattacks Boomed in 2016

Excerpted from Business Daily Report by Adam Uzialko

New research released by cybersecurity company Trend Micro shows that hackers stepped up their efforts to exploit commercial networks in 2016.

With a huge leap in the types of ransomware used and a flurry of business email compromise (BEC) attacks, cybersecurity is as important as ever.

Perhaps the most striking statistic is that the number of ransomware “families” spiked by more than 750 percent in 2016, meaning ransomware attacks – those in which a company’s data is held hostage and returned only in exchange for payment – are becoming more varied and sophisticated.

“Ransomware attacks became more tenacious than ever,” the February 28 report reads.

“Organizations should therefore stay vigilant to avoid losing data and money, and experiencing significant system downtime.”

“Multilayered security solutions that employ machine learning and cover gateways, endpoints, networks, and servers can help prevent ransomware infections.” According to the report, spam was the number one source of ransomware infections… Read More

Companies: Share Cybersecurity Threat Data

Excerpted from Bloomberg BNA Report by Daniel Stoller

US companies large and small feeling the burn in the aftermath of a data breach are struggling to find resources to bolster their security systems, cybersecurity industry panelists said at a March 9th House Homeland Security Cybersecurity and Infrastructure Subcommittee hearing.

Cybercriminals usually don’t discriminate based on a company’s size, going after valuable personal data no matter the target.

Companies of all sizes need to work with the government and private-sector partners to combat the growing cyberthreat in the US, even though many hesitate to share threat data, given the limited liability protection offered by the government.

Separate from the hearing, Congressman Steve Chabot (R-OH), the House Small Business Committee chairman, told Bloomberg BNA March 9th that small businesses feel post-data breach fallout more strongly than large companies “such as Ford, General Motors, and General Electric.”

Unlike large companies, nearly 60 percent of small businesses have to close shop after a data breach, which costs, on average, about $32,000 per attack, he said.

That highlights the need for cybersecurity help at all levels of industry, Chabot said… Read More

WikiLeaks Releases CIA Spy Tool Files

Excerpted from Reuters Report by Dustin Volz and Warren Strobel

Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal Central Intelligence Agency (CIA) discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another US intelligence agency.

The discussion transcripts showed that CIA hackers could get into Apple iPhones, Google Android devices, and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

Cybersecurity experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.

Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.

A longtime intelligence contractor with expertise in US hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.

Among the WikiLeaks claims is that the CIA has been able to bypass the encryption on popular messaging apps… Read More

AWS Security Primer: What to Know

Excerpted from CloudTech Report by Avishai Wool

If you’re considering migrating your business applications to a public cloud, the chances are that you’ve looked into Amazon Web Services.

With its higher capacity and wide range of cloud services, AWS has become the most popular choice for businesses looking to take advantage of the scalability and cost-effective storage that cloud computing offers.

Security in AWS is based on a shared responsibility model: Amazon provides and secures the infrastructure, and you are responsible for securing what you run on it.

This model gives you greater control over your traffic and data, and encourages you to be proactive.

However, before migrating your applications to AWS, here are some tips on how to manage and enforce security for maximum protection across your AWS and on-premise environment.

Amazon offers a virtual firewall facility for filtering the traffic that crosses your cloud network segment; but the way that AWS firewalls are managed differs slightly from the approach used by traditional firewalls… Read More

Network for Cyber Risk Launches

Excerpted from Fortune Report by Jeff Roberts

Financial firms have long used rating agencies like Moody’s or S&P to judge the risk of bonds.

Now, companies that face risk from cyberattacks – which these days is almost everyone – have a tool to do the same.

On Wednesday, CyberGRX unveiled a platform that acts as a clearinghouse for cyber risk.

Developed by a group of blue chip security pros from companies like Blackstone and Aetna, CyberGRX promises to make the process of flagging cyber dangers from their vendors dramatically more efficient.

The risk posed by vendors has been top of mind for many companies ever since the infamous hack on Target in 2013, which saw attackers compromise the computer systems of Target’s HVAC supplier in order to steal credit card information from 40 million customers.

According to Jay Leek, the former chief security officer of Blackstone, the idea for a clearinghouse came about because companies spend enormous amounts of time filling out check-lists to assess the security risks posed by their vendors.

Many of Blackstone’s portfolio companies, for instance, were all conducting the same compliance tests… Read More

Online Cybersecurity Course for Biz Pros

Excerpted from CSO Online Report by Kacy Zurkus

A growing trend in the cybersecurity industry is rooted in educating everyone about the risks of a cyberattack.

Universities around the world are developing undergrad and graduate degree programs, professional mentors are engaging with high school students, girls are coding.

Everyone’s getting in on cybersecurity awareness, particularly as it relates to business risk.

That’s why MIT is launching a new online course for business professionals titled, Cybersecurity: Technology, Application and Policy.

MIT Professor Howard Shrobe, Director of Cybersecurity and a principal research scientist at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL), said, “We created this course to tackle the ever-important issue of cybersecurity.”

“Cyberattacks continue to occur and we are basically stuck in what I often refer to as “cyber hell,” paying this reactive game of catch-up in which bad actors always seem to have the advantage.”

MIT’s mission is to move organizations away from the current “patch and pray” approach toward security by default… Read More

New Google Cloud Clients

Excerpted from iCrunchData Report by Julie Love

Alphabet’s Google is making progress in taking on cloud computing leaders Amazon and Microsoft, executives said on Wednesday, as the search engine company stakes more of its future on the cloud as a new source of growth.

At a conference in San Francisco, CA, Google cloud computing chief Diane Greene ticked off a host of new clients, including HSBC, Colgate, Verizon and eBay.

The company also announced it had acquired Kaggle, a popular platform for data scientists that could boost Google’s edge in the crowded field of artificial intelligence.

Despite the announcements, analysts said Google remains a distant third in the market for cloud computing, the increasingly popular practice of using remote internet servers to store, manage and process data.

“The big challenge Google faces is that, for all the names it announced today, it’s still miles behind Amazon and Microsoft in terms of scale,” said analyst Jan Dawson of Jackdaw Research.

“It has a long way to go, and a few more client announcements aren’t going to close the gap”… Read More

Google’s Secret Cloud Weapon: People

Excerpted from Computerworld Report by David Needle

Google had several big tech and service announcements at this week’s second annual Google Cloud Next conference here.

But the company is also leveraging a surprising resource to win enterprise customers – people.

It’s surprising because Google’s biggest successes have come from technology that pretty much sells itself, such as search and related advertising services like AdWords and AdSense.

But in those areas, Google succeeded because it was able to adroitly exploit its first mover advantage.

In cloud computing, it trails the clear leader Amazon Web Services (AWS) and second-place Microsoft Azure.

So at Cloud Next, the company did what smart competitors do: it unveiled new features and pricing designed to better position the Google Cloud Platform (GCP) as a worthy alternative.

Customers, in general, praised the announcements, but then also shared an overlooked aspect of Google’s enterprise marketing… Read More

Time to Use Cloud for Everything?

Excerpted from ZDNet Report by Mark Samuels

The cloud is already playing a key role in education — and that part will only grow in coming years.

On-demand IT has reached a tipping point and organizations of all sizes and sectors are using cloud computing services to run and develop their businesses.

The cloud is disrupting traditional operating models for IT departments and entire organizations.

But where does the cloud go next and what are some of the interesting use cases that will help take cloud to the next level?

Four business and tech leaders discuss what the cloud now means for their businesses.

Okta CIO Mark Settle runs his organization, an identity management specialist, using about 140 cloud-based applications.

“I have no data center to worry about,” he says.

“It makes the budgeting cycle so much easier.”

“You basically look at your list of SaaS subscription fees and project what the future costs will be like”… Read More

The Edge Will Eat the Cloud

Excerpted from Which-50 Report by Thomas Bittman

Today, cloud computing is eating enterprise data centers, as more and more workloads are born in the cloud, and some are transforming and moving to the cloud. But there’s another trend that will shift workloads and data and processing and business value significantly away from the cloud.

The edge will eat the cloud. And this is perhaps as important as the cloud computing trend ever was.

Several overlapping trends are colliding:

Cloud computing, centralizing IT for massive economies of scale and agile provisioning, volatility and growth,

The Internet of Things (IoT), where things are becoming connected and sending reams of data,

Machine learning, taking all of that data and improving processing and predictions,

Augmented and Mixed Reality (along with Virtual Reality), where people can interact with other people and things both in physical and virtual worlds, and

Digital Business and the Digital World, where connections are pushing us to more and more real-time interactions and decisions… Read More

Coming Events of Interest

Delivery of Things World — April 24th and 25th in Berlin, Germany. Over 400 IT executives will discuss what DevOps really means for business. This event brings together all stakeholders to share their experience and expertise.

Security of Things World — June 12th and 13th in Berlin, Germany. A world class event focused on the next information security revolution. Security concerns that preoccupy enterprise customers today and pragmatic solutions to threats.

Autonomous Systems World — June 14th and 15th in Berlin, Germany. An international knowledge exchange among top experts in the field, providing a unique glimpse into the fascinating world of autonomous robots, intelligent machines, and smart technologies.

INTRASECT — June 29th and 30th in Washington, DC. The first conference of its kind to engage key stakeholders in a comprehensive and engaging examination of existing and future regulatory policy governing the usage of commercial autonomous vehicles.

Industry of Things World Asia — July 3rd and 4th in Singapore. An international knowledge exchange platform bringing together more than 300 high-level executives who play an active role in the industrial internet of things (IoT).

Industry of Things World Europe — September 18th and 19th in Berlin, Germany. Join more than 1,000 high-level executives to rethink your technology and business strategy for scalable, secure, and efficient IoT.

Posted in Newsletters