Wednesday, April 18, 2018
Good news for my Computer Security majors.
Closing the Enterprise Security Skills Gap
… The term "skills gap," in a nutshell, refers to specific challenges organizations have confronted over the past few years in finding and retaining competent, trained resources for security efforts. It is a measurable trend across the industry as a whole.
For example, it takes most organizations (54 percent) more than three months to fill open security positions, the recently released 2018 ISACA Global State of Cybersecurity Survey found. That figure is consistent with its prior year's findings.
(Related) Go where management is worried.
Security Pros at Energy Firms Concerned About 'Catastrophic' Attacks
Many cybersecurity professionals working in the energy sector are concerned that an attack on their organization’s industrial control systems (ICS) could have “catastrophic” consequences, according to a study conducted recently by Dimensional Research on behalf of security and compliance solutions provider Tripwire.
Of the more than 150 respondents, including IT and OT security professionals in energy and oil and gas companies, 91% say they are worried about the risk of attacks on ICS. Nearly all respondents are very concerned or somewhat concerned about an attack leading to operational shutdowns or downtime that impacts customers.
Other areas of major concern include physical damage to infrastructure, employee safety, impact on the organization’s reputation, and data theft.
… High-profile pieces of malware such as Trisis and Industroyer have had a significant impact on security investments, but incidents involving ransomware have had the same degree of impact, the study shows.
Stay current (better yet, stay ahead) with your security updates. Constantly remind your employees of the risks.
NSA: Hackers Weaponize Known Vulnerabilities Within 24 Hours
How do you break into the US military's defense networks? Apparently, hackers are trying to do so by leveraging every publicly-known vulnerability they can find.
The turnaround can be quick, said Dave Hogue, a technical director with the US National Security Agency. Once a security flaw goes public, it can be added into the arsenal of state-sponsored attackers in less than a day.
"Within 24 hours I would say now, whenever an exploit or a vulnerability is released, its weaponized and used against us," Hogue said in a talk at the RSA security conference on Tuesday.
… Hogue said the top attack method the agency is running into are phishing messages.
"We see 36 million emails per day, and we reject about 85 percent of those," he said.
It's also rare for the agency to encounter a "zero-day" exploit, or a cyber attack that leverages a previously unknown vulnerability. In fact, the NSA has not responded to an intrusion that uses a zero-day vulnerability in over 24 months, Hogue said.
My guess is that this was not a Russian hack.
IRS website unavailable for efiling most of tax day!
IRS electronic filing systems working again after agency’s Tax Day technology meltdown – “The Internal Revenue Service’s system for accepting online tax returns is working again after being inoperational for much of the day Tuesday [April 17, 2018]. IRS officials promised that people hampered by the technology failures would not be penalized for late returns, but they have not yet announced any specific exemptions to the deadline. This story will be updated. [ IRS gives taxpayers one more day to file after payment site crashes. ]
So much for the good fight? Not sure ‘resolved’ is the right word.
U.S. top court rules that Microsoft email privacy dispute is moot
The U.S. Supreme Court on Tuesday dropped Microsoft Corp’s privacy fight with the Justice Department over whether prosecutors can force technology companies to hand over data stored overseas after Congress passed legislation that resolved the dispute.
… President Donald Trump on March 22 signed legislation into law that makes clear that U.S. judges can issue warrants for such data while giving companies an avenue to object if the request conflicts with foreign law.
“Solutions” my software architecture students should consider. Is India the testing sandbox for new innovations?
Amazon made a lightweight browser for India, and it's fantastic
Amazon introduced the Kindle Lite app late last month, offering a similar experience as the full-fledged Kindle client for a fraction of the size. Now, the retailer has rolled out a lightweight web browser dubbed Internet, which comes in at just 2MB and takes up just 26MB of storage space on your phone.
One of the key highlights with Amazon's browser is a private mode, which is essentially the same thing as Chrome's incognito mode.
(Related) Perhaps my software architecture students could generalize this to address our ongoing self-driving car debate?
Algorithmic Impact Assessments: A Practical Framework for Public Agency Accountability
GCN: Algorithmic Impact Assessments: A Practical Framework for Public Agency Accountability, a report by the AI Now Institute, a partnership between New York University, the American Civil Liberties Union and the Partnership on AI. [h/t Pete Weiss]
Why: As public agencies increasingly turn to automated processes and algorithms to make decisions, they need frameworks for accountability that can address inevitable questions – from software bias to the system’s impact on the community. The AI Now Institute’s Algorithmic Impact Assessment gives public agencies a practical way to assess automated decision systems and to ensure public accountability.
Proposal: Just as an environmental impact statement can increase agencies’ sensitivity to environmental values and effectively inform the public of coming changes, an AIA aims to do the same for algorithms before governments put them to use. The process starts with a pre-acquisition review in which an agency, other public officials and the public at large are given a chance to review the proposed technology before the agency enters into any formal agreements. Part of this process would include defining what the agency considers an “automated decision system,” disclosing details about the technology and its use, evaluating the potential for bias and inaccuracy as well as planning for third-party researchers to study the system after it becomes operational…”
Talk about stroking an ego! Or are we looking to understand the often inexplicable?
Every top New York Times best-seller this year has been about Trump