Saturday, July 11, 2015

OPM's version of events.
Information about OPM Cybersecurity Incidents
by Sabrina I. Pacifici on Jul 10, 2015

(Related) If OPM had a Board of Directors, would they fire all the senior managers?
Add Adam Shostack’s post to your must-read list. Here’s a snippet:
The National Journal published A Timeline of Government Data Breaches:
OPM Data Breach
I asked after the root cause, and Rich Bejtlich responded “The root cause is a focus on locking doors and windows while intruders are still in the house” with a pointer to his “Continuous Diagnostic Monitoring Does Not Detect Hackers.”
And while I agree with Richard’s point in that post, I don’t think that’s the root cause. When I think about root cause, I think about approaches like Five Whys or Ishikawa. If we apply this sort of approach then we can ask, “Why were foreigners able to download the OPM database?” There are numerous paths that we might take….
Keep reading on Emergent Chaos.

Julie Hirschfield Davis reports:
Katherine Archuleta, the director of the Office of Personnel Management, resigned under pressure on Friday, one day after the government revealed that two sweeping cyberintrusions at the agency had resulted in the theft of the personal information of more than 22 million people, including those who had applied for sensitive security clearances.
Ms. Archuleta went to the White House on Friday morning to inform President Obama that she was stepping down immediately. She said later in a statement that she felt new leadership was needed at the federal personnel agency to enable it to “move beyond the current challenges.”
Read more on The New York Times.

I can see a few holes in this procedure. Probably the FBI will ask for several months to check for records they should already have in their possession.
Background Check Flaw Let Dylann Roof Buy Gun, F.B.I. Says
The man accused of killing nine people in a historically black church in South Carolina last month should not have been able to buy the gun he used in the attack, the F.B.I. said Friday, in what was the latest acknowledgment of flaws in the national background check system.
A loophole in the system and an error by the F.B.I. allowed the man, Dylann Roof, to buy the .45-caliber handgun despite having previously admitted to drug possession, officials said.
Mr. Roof first tried to buy the gun on April 11, from a dealer in South Carolina. The F.B.I., which conducts background checks for gun sales, did not give the dealer approval to proceed with the purchase because the bureau needed to do more investigating about Mr. Roof’s s criminal history.
Under federal law, the F.B.I. has three days to determine whether there is sufficient evidence to deny the purchase. If the bureau cannot come up with an answer, the purchaser can return to the dealer and buy the gun.
In the case of Mr. Roof, the F.B.I. failed to gain access to a police report in which he admitted to having been in possession of a controlled substance, which would have disqualified him from purchasing the weapon. The F.B.I. said that confusion about where the arrest had occurred had prevented it from acquiring the arrest record in a timely fashion.
Mr. Roof’s application was not resolved within the three-day limit because the F.B.I. was still trying to get the arrest record, and he returned to store and was sold the gun.

Just another Thing on the Internet of Things? There's a lot of money flowing alongside the data.
Carmakers want to build a data business. So far they’re screwing it up.
In a move that will surprise no one, automakers want to become a platform and plan to do this by limiting the data they share with Apple and Google.
… The idea is that customers want to use their smart phones as navigation devices and as the link to their music and entertainment accounts–a battle carmakers lost by being slow to adopt new technology and by charging a pretty penny for things like upgraded map CDs—but auto companies still have detailed engine, braking and other highly useful and technical data they can share about the car’s performance and history. And that data is worth something
… The stakes are potentially huge: General Motors Co told investors earlier this year that it expects to realize an additional $350 million in revenue over three years from the high-speed data connections it is building into its cars.
Consultant AlixPartners estimates global revenues from digitally connected cars will grow in value to $40 billion a year worldwide by 2018, from $16 billion in 2013

(Related) So how can my students tap into that money?
Cutting through Internet of Things Hype
The Internet of Things topped Gartner's list of most-hyped technologies last summer. But compelling business cases for IoT are beginning to emerge.
… Dan Vesset, an analyst at International Data Corp., stressed the importance of data monetization for IoT, focusing on how it could be harnessed by media and other content-centric businesses to add value. Citing Clive Humby, who is credited with saying that data is the new oil, Vesset used an oil refinery example.
"Data is valuable like crude oil, but it is unrefined and has to be processed into valuable products," he said. "That means it has to be broken down, analyzed and reassembled."
… a company named Schneider Electric intends to literally build a better mousetrap. Unlike the refrigeration case, an IoT-enabled mousetrap offers significant business potential. By adding sensors to traps, it becomes possible to offer a rodent removal service rather than just selling traps. This switches the business model from a one-time sale to a monthly subscription fee.
… Schneider Electric it takings its realization that services are more important than devices to other aspects of its electronics business. Instead of selling thermostats, it’s now giving them away free to companies that will pay a monthly subscription fee. To make this work, they added sensors to the devices so they can detect sound, motion and temperature.
If the temperature drops or no sound and motion are detected, the system is programmed to conserve energy. The value proposition: The company guarantees a 20 percent energy reduction, which typically yields greater savings than the monthly charge.

Interesting. Backup power to the cellphone towers? Is 8 hours reasonable? After hurricane Katrina, didn't it take a few weeks?
FCC considers safeguards as landlines move to IP
As landline phones move toward operation over the Internet, the Federal Communications Commission wants to make sure those lines are still able to get a signal during a power outage.
FCC Chairman Tom Wheeler on Friday proposed new rules that would force phone providers to offer backup power for customers to buy as they transition away from copper lines.
"IP-based home voice services are more vulnerable to outages during emergencies than their copper predecessors," FCC Chairman Tom Wheeler said in a blog post.
… Phone companies would have to offer customers the chance to purchase eight hours of backup power for an emergency. That number would increase to 24 hours of backup power in three years.

Gee, it must be Saturday...
Hack Education Weekly News
Via The Chronicle of Higher Education: “The average amount that college students spend on course materials appears to be declining. But not necessarily because textbooks are cheaper. A growing number of students, surveys show, simply skip buying required course materials.”
A school district in Iowa will put body cameras on principals. “The district spent about $1,100 to purchase 13 cameras at about $85 each. They record with a date and time stamp, can be clipped onto ties or lanyards, and can be turned on and off as needed. For now, they won't be used to record all interactions with adults,” says The Atlantic. Body cameras on cops and body cameras on principals – go ahead and make the connection about what that makes schools…
… Carnegie Mellon University plans to install sensors all over its campus, thanks to $500,000 in funding from Google. According to The Chronicle of Higher Education, “campus could be wired with temperature sensors, cameras, microphones, humidity sensors, vibration sensors, and more in order to provide people with information about the physical world around them. Students could determine whether their professors were in their offices, or see what friends were available for lunch.” Gee, how did universities ever survive without this.