Experts Share Their Cybersecurity Horror Stories

TECHREPUBLIC | October 28, 2016

The hooded hacker hunches over a clacking keyboard, face illuminated by the dim and flickering glow of a monitor. He punches a button and executes the code. He lurks in the dark. He’s a monster with the power to annihilate people, governments, and companies.

Discovering a Cure for Cyber Threats


Improving security for electronic health records will enhance trust and unlock their full potential.

A friend of mine recently had a frustrating experience trying to send his medical records to a major hospital. He wanted to email them, however the hospital said no, they only accept faxed records. They said there are simply too many security risks involved with electronic records.

Centralize Cybersecurity? Secretary Pritzker Doesn’t Think So

Last month, Secretary of Commerce Penny Pritzker appeared in front of the President’s Commission on Enhancing National Cybersecurity and the subsequent article in FedScoop caught my attention.

She is very concerned that the President’s Commission could mandate that all US Federal Government information technology be consolidated under one organization’s authority. According to Secretary Pritzker, a mandate like this would make it difficult for an agency’s leadership to enforce cyber security initiatives addressing their specific needs.

In other words, one size does not fit all.

Is she correct to be worried? It may be worthwhile to turn our eyes to our northern neighbor, Canada, where this consolidation is taking place right now. Canada frequently looks to our government before adopting a new practice. In this instance we can learn from their experience.

Currently, the Canadian government, including their equivalent of the Department of Defense and Intelligence community, is reorganizing and consolidating many small agencies into fewer larger agencies called Portfolios. This consolidation is not just on the cyber security front; the entire government is moving from 47 individual agencies to 28. This reorganization and consolidation is causing a lot of internal uproar since many former agency CIOs and CISOs now have to report to someone else. Former leaders no longer have a say in what they used to manage, with the authority moved to others higher up in the organizational chart. Additionally, the Canadian government is consolidating their 308 data centers into 40 to 80 super data centers. This will be a huge undertaking similar to our consolidation into Trusted Data centers. It is still too early to know if it will be worth the growing pains. But, I wonder if Canada’s governmental eye is being taken off the cyber ball.

Secretary Pritzker raises some interesting questions that we should fully consider:

  1. Is over- or under- centralization a root cause of the government’s less-than-perfect response to cybersecurity?
  1. Where should “authority, responsibility and capability” (and budget!) for improving cybersecurity lie? A White House cyber czar? The new federal CISO? The Cabinet Secretary level?
  1. Is a hybrid approach best? A mix of centralized cybersecurity services with agency specific toolsets?
  1. Should there be a united network like .mil? A unified email system for all fedciv employees?
  1. As the Canadians are doing, would it be better to reorganize cybersecurity efforts independently of the agencies they serve rather than doing everything all at once?

All in all, there are a lot of similarities between what is currently happening in Canada and the organizational recommendations that may come out of the President’s commission. I’m suggesting the US could learn a lot from our northern neighbor and ally.

Data Leaks Evolving into Weapons of Business Destruction

CSO and IT WORLD | October 3, 2016

Most of the recent data breaches involve customer information such as user names and passwords, credit card numbers, and medical histories. The companies hacked are hurt — they have to contact victims, pay for credit monitoring services and fines, and may lose customers, brand reputation, and market value — but that is collateral damage.

Or it has been.

Security Industry Reactions to the Yahoo! Breach

THE CYBER WIRE | September 28. 2016

Last week’s disclosure by Yahoo! that somewhat more than 500 million customers’ credentials had been compromised in a breach dating back to 2014 has prompted widespread reaction from industry experts. The incident has implications for Yahoo!’s consumer trust; it also is seen as likely to affect, adversely, the soft landing the company anticipated in Verizon’s proposed acquisition of Yahoo!’s core assets.