Volume LXI, Issue 3

In This Issue

DHS Warns of Phone Security Threats

Excerpted from The Hill Report by Morgan Chalfant

The Department of Homeland Security (DHS) has sent Congress a study warning of security threats to mobile devices used by the federal government.

The study on mobile device security, mandated by a 2015 law, offered a series of recommendations for the US government to safeguard smartphones and tablet computers against threats from nation-states, criminal hackers, and others, DHS said on Thursday.

The study was produced by DHS’s Science and Technology Directorate in coordination with the National Institute of Standards and Technology (NIST), a government body that produces optional standards on information technology and cybersecurity.

“The study has found that threats to the mobile device ecosystem are growing, but also that the security of mobile computing is improving,” Dr. Robert Griffin, acting undersecretary for Science and Technology, said.

“It outlines several important recommendations to strengthen security that will help the Federal government keep pace with current and emerging threats… Read More

US & Japan Deepen Cyber Info Sharing

Excerpted from The Hill Report by Morgan Chalfant

Japan has inked an agreement with the US Department of Homeland Security (DHS) to deepen cyber information sharing between the governments of the two nations, officials said Thursday.

Tokyo has signed on to participate in the DHS’s Automated Indicator Sharing (AIS), a platform that allows two-way sharing of cyber threat indicators between the US government and the private sector as well as other organizations worldwide.

The development was announced by officials at an event hosted by the Center for Strategic and International Studies in Washington early Thursday afternoon.

“This morning, I was honored to receive the signed terms of use from Japan to join AIS, and this is indicative of the priority of both of our organizations place on information sharing,” Thomas McDermott, DHS Deputy Assistant Secretary for Cyber Policy, said.

McDermott said that Japan’s participation “dramatically increases the reach of AIS and the scope of the ecosystem that we are trying to build.”

“We are grateful to Japan for its commitment and look forward to working with them on next steps to implement the AIS program… Read More

Key Players for Trump on Cybersecurity

Excerpted from The Hill Report by Morgan Chalfant

The administration has put in place some key people who will have a major say on cybersecurity, cyber defense, and IT modernization.

Here are five key players for the Trump administration on cybersecurity.

President Trump has put Rob Joyce, the former leader of an elite hacking group at the National Security Agency, in charge of overseeing the federal government’s cybersecurity policy efforts at the White House.

With his background in hacking as the former chief of the NSA’s Tailored Access Operations (TAO), Joyce is widely revered among national security experts and seen as a solid choice for the job of Trump’s “cyber czar” — a position that was established by former President Obama in 2009.

“Rob is a certified cyber warrior,” Joel Brenner, a former NSA Inspector General and head of US counterintelligence in the Office of the Director of National Intelligence, told The Hill.

“He really knows what the nasty world looks like out there, and I’m pleased that he’s in this job… Read More

Report from DCIA CEO Marty Lafferty

Click Here for Video.

US President Donald Trump this week signed the Cybersecurity Executive Order, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, intended to increase efficiency and provide additional protections to government information technology (IT) systems.

The directive advances the administration’s efforts to modernize and secure federal networks that have been infiltrated by a variety of cyberattacks.

The Executive Order, as expected, charges the government with reviewing its cyber posture and assessing digital vulnerabilities, and assigns responsibility for cyber risk management to officials leading federal agencies, along with a means for monitoring and ensuring their accountability.

Agencies must provide reports based on compliance with the National Institute of Standards & Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity within three months, and on larger issues affecting critical infrastructure in six months.

The Executive Order also covers solving the botnet problem; protecting vital energy, financial, and health infrastructures; expanding a cyber-workforce strategy, and migrating to shared services, including cloud computing.

There is also a section focusing on improving the country’s ability to deter cyberattacks and working with international partners to build cyber norms.

In addition, it encourages enhanced information sharing and greater cross-industry collaboration.

Earlier this month, the President signed an Executive Order creating the American Technology Council, with Senior Trump Advisor Jared Kushner as Director, and it is expected that Kushner’s Office of American Innovation will also play a role in the federal IT modernization effort.

The DCIA is encouraged by the final version of this week’s directive, which is significantly improved from prior drafts, including input from key government policy specialists, and looks forward to supporting its objectives.

For more, see National Security Advisor Tom Bossert’s press briefing on the Executive Order. Share wisely, and take care.

Less than Two Weeks until Creative Storage 2017

Excerpted from Industry Announcement by Tom Coughlin

Come to the DCIA co-sponsored Creative Storage Conference May 24th in Culver City, CA to make valuable connections and to participate in the latest trends and requirements for digital storage to serve creative minds and create new and growing markets.

Six sessions and four keynotes will cover: Storage Impact of 4K/HDR/VR on Storage Requirements from Capture to Studio Collaboration in the Clouds: Storing and Delivering Content Where it is needed Content on the Move: Delivering Storage Content When and Where it is Needed Preserving Digital Content-the Challenges, Needs, and Options Accelerating Workflows: Solid State Storage in Media and Entertainment Independent Panel-Protecting the Life of Content.

Don’t miss this 11th Annual conference on Creative Storage!

Hear how major media equipment suppliers and entertainment industry customers use digital storage technology in all aspects of content creation and distribution.

Find out the role that digital storage plays in new content distribution and marketing opportunities for a rapidly evolving market… Read More

Telefonica Virtualization Boosts Enterprise Offering

Excerpted from Telefonica Press Announcement

Telefonica is to deploy Nuage Networks’ SD-WAN solutions as it looks to broaden its enterprise offerings.

The Spain-based operator has picked the Nokia venture to grow its existing MPLS VPN and hybrid WAN solutions for cloud-ready enterprises.

Nokia said enterprises deploying SD-WAN would benefit from greater business agility, quicker deployment of services and lower running costs.

Enterprises will be provided with a self-service portal to dial-up fresh VPN services and customize their networks.

Spain will be the first market to benefit from the new SD-WAN offering, followed by Telefonica’s Business Services (International) arm and other subsidiaries.

Javier Gavilan, Technology Director at Telefonica Global CTO, said, “To meet rapidly emerging business requirements for agility and on-demand deployments, we firmly moved to build our business connectivity services around a new Telco cloud-based architecture… Read More

Microsoft Shifts to Intelligence in Cloud & Edge

Excerpted from ComputerWeekly Report by Cliff Saran

The Microsoft Build annual developer conference kicked off with a shift in the company from cloud and mobile to serverless computing and edge computing.

Computing for the internet of things (IoT), large-scale database scalability and greater support for artificial intelligence (AI) were among the developments showcased during the opening keynote on the first day of the event.

The company’s CEO, Satya Nadella, called on developers to use their skills to empower society but warned that the power to provide technology to help society comes with high responsibility.

“We should empower people with technology – inclusive design can be an instrument for inclusive growth,” he added.

As the world becomes more technology-driven, Nadella warned developers that building trusted technology is crucial. “It is up to us to take responsibility for the algorithms we create,” he said.

“The opportunity to have a broad impact of all parts of society has never been greater.”

“But there are unintended consequences of technology and we can’t just use technology to solve these problems… Read More

Rackspace & Dell EMC Revolutionize Private Cloud

Excerpted from Rackspace Press Announcement

Rackspace today announced from the OpenStack Summit in Boston that it has collaborated with Dell EMC to deliver OpenStack private clouds with leading compute and storage solutions from Dell EMC.

This offer combines Rackspace operational expertise with Dell EMC compute and storage solutions to create an easy-to-consume private cloud as-a-service offering.

It is the first step in an expanded relationship with Dell EMC in which both companies will help lower the barrier to entry for private clouds and deliver rapid private cloud elasticity through a revolutionary utility-based consumption model.

“Dell EMC is committed to providing customers with best in class solutions to simplify their OpenStack deployments while taking advantage of new innovations,” said Jay Snyder, Senior Vice President, Global Alliances, Industries and Service Providers at Dell EMC.

“One example of this commitment to OpenStack is our latest offering with Rackspace, one of a handful of our global Titanium partners which has unmatched experience in operating OpenStack clouds at scale.”

“The ability to consume Rackspace OpenStack Private Cloud as-a-Service coupled with Dell EMC compute… Read More

Tech’s Frightful Five: They’ve Got Us

Excerpted from NY Times Report by Farhad Manjoo

A few weeks ago, I bought a new television. When the whole process was over, I realized something incredible: To navigate all of the niggling details surrounding this one commercial transaction — figuring out what to buy, which accessories I needed, how and where to install it, and whom to hire to do so — I had dealt with only a single ubiquitous corporation: Amazon.

It wasn’t just the TV.

As I began combing through other recent household decisions, I found that in 2016, nearly 10 percent of my household’s commercial transactions flowed through the Seattle retailer, more by far than any other company my family dealt with.

What’s more, with its Echos, Fire TV devices, audiobooks, movies and TV shows, Amazon has become, for my family, more than a mere store.

It is my confessor, my keeper of lists, a provider of food and culture, an entertainer and educator and handmaiden to my children.

This may sound over the top… Read More

What Went Wrong at IBM? Master Plan Fail

Excerpted from ZDNet Report by Jack Schofield

When Warren Buffett started buying IBM shares towards the end of 2011 – a love affair that seems to have ended – the company already had a turnaround strategy that suggested a brighter future.

Its master plan was to sell off or down-scale traditional businesses with low margins and develop or acquire new “cognitive and cloud” businesses with high margins.

For example, IBM sold off its x86 server division and bought cloud companies such as SoftLayer, BlueBox. ClearLeap, and Ustream.

IBM called these new high-margin businesses “strategic imperatives”.

They were the budding shoots of future growth, and a return to financial success.

Unfortunately for IBM, its “strategic imperatives” have never made up for the declines in traditional businesses, and its turnover has now declined, on a year-on-year basis, for 20 quarters in a row.

That’s five years of failure… Read More

A Third of Federal Agencies Had 2016 Data Breaches

Excerpted from Dark Reading Report

One-third of federal government agencies reported experiencing a data breach in the last year, and 65% have experienced one in the past, according to the 2017 Thales Data Threat Report, Federal Edition.

Nearly all (96%) respondents consider themselves “vulnerable” to data breaches; about half (48%) state they are “very” or “extremely” vulnerable.

Researchers found 61% of US federal respondents are increasing their security spend this year, which is an increase from last year’s 58%, but still lower than healthcare (81%), retail (77%), and financial services (78%) industries.

Federal respondents claim their data insecurity is primarily due to budget constraints (53%) and lack of staff (53%).

Advanced technologies like cloud, big data, containers, and IoT are expected to worsen the problem as they are used without proper security measures in place.

Federal agencies must deal with critical needs for sensitive data in volume, the most challenging threat environments, the strictest regulations and the most difficult budget constraints – and it’s putting their data at risk… Read More

Bill Boosts State & Local Cybersecurity

Excerpted from CyberScoop Report by Shaun Waterman

Proposed legislation establishing a Department of Homeland Security (DHS) grant program that would bolster cybersecurity for state and local government IT networks faces a steep climb in Congress, but its backers say the need is urgent.

“There’s an acknowledgment that this is a real problem and that things could get worse. As former Defense Secretary Leon Panetta has observed, we’re at something of a pre-9/11 point in cyber,” said Congressman Derek Kilmer (D-WA)., a co-sponsor of the State Cyber Resiliency Act, HR 1344.

Cyber threats “aren’t aimed at red districts or blue districts – all of our communities are vulnerable. There is an obvious need and I hope that makes it more likely that this bill could move,” Kilmer told CyberScoop in an interview.

His GOP co-sponsor is Virginia Congresswoman Barbara Comstock.

An identical companion bill in the Senate, S 516, is sponsored by Senators Mark Warner (D-VA) and Cory Gardner (R-CO).

The proposed law, backed by a broad coalition of state and local leaders and tech vendors, would put the Federal Emergency Management Agency in charge of doling out the money, starting in fiscal 2018, which begins in October… Read More

Cybersecurity Tops 2017 Organization Risks

Excerpted from CIO Report by David Adler

Cybersecurity and privacy continue to make headlines.

Experts have more questions than answers addressing risk management concerns in the evolving cybersecurity market.

On March 7, 2017, the CIA got doxed by the anti-secrecy organization WikiLeaks.

Nearly 9,000 documents appeared online showing the CIA sought to observe conversations, online browsing habits and other activities by infiltrating the systems that contained them, such as Apple and Android smartphones, laptops, TVs and even cars.

The government is not alone.

Third-party vendors remain a growing source of concern.

Companies are well-advised to look beyond their own cybersecurity policies and standards to the potentially bigger risk that arises from giving third-party vendors direct access into their systems.

Indeed, low-tech threats like errors by vendors’ employees represent an often-overlooked danger to company data security… Read More

Businesses Must Fix Wrong Cybersecurity Mindset

Excerpted from TechRepublic Report by Conner Forrest

While businesses understand the importance of cybersecurity, they are relying on outdated strategies and misguided mindsets to protect themselves, according to a new report from CompTIA, released Tuesday.

The report, titled ” The Evolution of Security Skills,” claims that many businesses remain too defensively-focused in the way they address cyber-threats.

Instead, CompTIA calls on security pros to become more proactive by seeking out and mitigating vulnerabilities before they are exploited.

“Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” Seth Robinson, Senior Director of Technology Analysis for CompTIA, said in a press release.

“But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them.”

Business leaders tend to focus too heavily on threats they are familiar with – namely, malware and viruses, according to the report… Read More

How to Train Workers in Cybersecurity

Excerpted from Computerworld Report by Matt Hamblen

With workplace cyberattacks on the rise, industry experts are pressing businesses to train their workers to be more vigilant than ever to protect passwords and sensitive data and to recognize threats.

“It is imperative for organizations of all sizes to instill among employees the critical role they play in keeping their workplace safe and secure,” said Michael Kaiser, Executive Director of the National Cyber Security Alliance, a group that promotes education on the safe and secure use of the internet.

The group’s members include such major technology companies as Cisco, Facebook, Google, Intel and Microsoft.

Kaiser made his comments timed with last week’s release of a Dell End-User Security Survey that found that 72% of workers are willing to share confidential company information without regard for proper data security protocols.

The survey was conducted online in late February and early March with results from 2,608 professionals in companies with more than 250 workers.

Cybersecurity education needs to be an integral part of the workplace culture,” Kaiser added… Read More

WikiLeaks CIA Dump Most Damaging Yet

Excepted from TechCrunch Report by Eric O’Neill

It’s impossible to keep up with the nonstop news coverage and multiple storylines around the recent WikiLeaks CIA dump.

The initial Vault 7 data drop led to Assange’s press conference about “helping” private companies patch vulnerabilities, all while fear started to spread around the intelligence community listening in to our internet-connected Samsung TVs and Apple products at home, and Cisco disclosing that its routers and Internet switches had been hacked.

Most recently, CIA Director Mike Pompeo criticized WikiLeaks in his first public address since being confirmed, calling the organization a “non-state hostile intelligence service.”

Pompeo makes an undeniable point about the far-reaching consequences of a leak such as this one – which, speaking from an intelligence perspective, is likely the most frightening yet.

The truth of the matter is that the breach of the CIA’s attack tools not only placed the US at a deficit in our offensive cyber-capabilities, it has threatened the world’s most critical businesses, organizations, and national security peace of mind.

To echo Pompeo’s statements, we are now all more vulnerable… Read More

Coming Events of Interest

Security of Things World — June 12th and 13th in Berlin, Germany. A world class event focused on the next information security revolution. Security concerns that preoccupy enterprise customers today and pragmatic solutions to threats.

Autonomous Systems World — June 14th and 15th in Berlin, Germany. An international knowledge exchange among top experts in the field, providing a unique glimpse into the fascinating world of autonomous robots, intelligent machines, and smart technologies.

INTRASECT — June 29th and 30th in Washington, DC. The first conference of its kind to engage key stakeholders in a comprehensive and engaging examination of existing and future regulatory policy governing the usage of commercial autonomous vehicles.

Industry of Things World Asia — July 3rd and 4th in Singapore. An international knowledge exchange platform bringing together more than 300 high-level executives who play an active role in the industrial internet of things (IoT).

Industry of Things World Europe — September 18th and 19th in Berlin, Germany. Join more than 1,000 high-level executives to rethink your technology and business strategy for scalable, secure, and efficient IoT.

IoT Solutions World Congress — October 3rd through 5th in Barcelona, Spain. This event has grown enormously in no time and is an excellent barometer and source of information, inspiration, collaboration and transformation.

Posted in Newsletters