Thursday, December 29, 2016

Does this have a basis in the US Cyber Security strategy?  Apparently not.
Obama to Announce Retaliation Against Russia for Election Hacks
The Obama administration is thought to be finalizing its response to Russian interference in the 2016 election.  This could include any combination of economic sanctions, criminal indictments or a cyber response -- but the intention is to get something in place that cannot easily be rolled back by President-elect Donald Trump. [That seems rather petty.  Bob]  Details could be announced as early as this week.
Government agencies have concluded that Russia, likely with the personal direction of Vladimir Putin, were behind the DNC hacks earlier this year.  This is thought to be part of a wider 'disinformation' campaign designed to support Trump over Clinton.  Similar disinformation concerns have been raised in Germany over next year's German elections.
One of Obama's problems is that he has limited means to invoke retaliation at this stage of his presidency.  A 2015 executive order allows sanctions against people who harm computer systems that are part of the US critical infrastructure (CI) or seek to gain competitive advantage through the cybertheft of commercial information; but elections have not been considered part of the CI.

(Related).  On the other hand…
Video – How 60 ambiguous words gave the United States’ president unprecedented war power
by Sabrina I. Pacifici on Dec 28, 2016
‘The President is authorised to use all necessary and appropriate force against those nations, organisations, or persons he determines planned, authorised, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harboured such organisations or persons, in order to prevent any future act of international terrorism against the United States by such nations, organisations or persons.’
“Written in haste and passed by the US Congress in the days after 11 September 2001, the ambiguously worded Authorisation for the Use of Military Force (AUMF) greatly expanded the war powers of the executive branch, granting US presidents the choice to bomb, raid, detain and monitor nation states and organisations around the world as they see fit.  Centred around an interview with Representative Barbara Lee, the sole member of congress to vote against the AUMF, War Authority examines how the authorisation’s vague language – invoked at least 18 times by the former president George W Bush, and at least 19 times by President Barack Obama – has shaped modern US foreign policy and affected people around the world.” Director: Matthew Palmer.

(Related).  Release of the information would reduce speculation of a political rather than logical “conclusion.” 
Intel agencies sued for records on Russian election interference
by Sabrina I. Pacifici on Dec 28, 2016
Follow-up to previous posting – Unreleased CIA assessment concludes Russia aided Trump – via The Hill – Lydia Wheeler, December 27, 2016:  “A lawsuit has been filed against the CIA, the FBI, the Department of Homeland Security and the Office of the Director of National Intelligence seeking records pertaining to Russia’s interference in the presidential election.  Journalist Jason Leopold and Ryan Shapiro, a Ph.D. candidate at the Massachusetts Institute of Technology (MIT), filed a lawsuit in the U.S. District Court for the District of Columbia on Monday asserting that the agencies have failed to comply with their request for documents under the Freedom of Information Act (FOIA).  Earlier this month, the CIA reportedly concluded in a secret assessment that Russia had intervened in the presidential election to help President-elect Donald Trump defeat Democratic nominee Hillary Clinton.  That assistance, officials believe, included the hacking of Democratic email accounts…”


Russia is a member of the OSCE.  Did they think they were being lied to or that OSCE was withholding information?  
DW reports:
The Organization for Security and Cooperation in Europe (OSCE) confirmed on Wednesday that it has been the target of a “major security information incident.”
The international security and human rights watchdog became aware of the security breach in November.  According to an OSCE spokesperson, the systems are now safe.
“We were given entirely new security systems and passwords,” she added.
Read more on DW.  And yes, the Russians have been blamed for this, too, by an “unnamed Western intelligence agency.”  It would be nice if the “unnamed Western intelligence agency” would respond to FOIA requests made by others for you know, records providing actual proof….


Something I could ask my Computer Security students to use when analyzing security breaches?  Sounds like fun to me!
FDA Releases Guidance for Medical Device Cybersecurity
The U.S. Food and Drug Administration (FDA) has released guidance on the postmarket management of cybersecurity for medical devices, encouraging manufacturers to implement security controls that cover products throughout their entire life cycle.
In 2014, the FDA released guidance for the premarket management of cybersecurity.  The recommendations include limiting access to trusted users via various authentication methods, ensuring that only authorized firmware and software can be installed, and implementing features for cyber incident detection, response and recovery.
The new guidance issued by the FDA focuses on managing cybersecurity risks after the devices have been deployed on a hospital’s network, a patient’s home network, or in a patient’s body.

(Related).  For example…
Add Desert Care Family & Sports Medicine in Casa Grande, Arizona to the list of health facilities who suffered a ransomware attack.  But what happened to them has resulted in my updating my worst breaches of 2016 list.
On December 20, the center notified HHS that 500 patients were being notified that their server had been infected in August 2016.  Of note, not only were the data on the server encrypted – including patient records – but Desert Care took the server to several IT specialists who were all reportedly unable to break the encryption.
“As a result,” their patient notification letter explains, “the server remains locked and encrypted by the ransom ware, and patient records are unavailable.”
They do not explain whether they paid the ransom, and if they didn’t, why they hadn’t once they determined that they could no longer access patient records.  And for the center to write that three months after a ransomware attack, “patient records are unavailable” raises several additional questions, including whether there had been any backup, and if so, what happened to it (and if there was no backup, why not)?
Information on the server included patient’s “full name date of birth, home address, account number, diagnosis, types of treatment information, disability codes, etc.”
To add to their regulatory woes, not only was the center unable to recover access to their patient records, but they were also unable to determine if patient records were exposed or acquired.
“We have not received any indication that the information on the server has been accessed or used by an unauthorized individual, but Desert Care cannot be sure of this, so it is providing you with this notice out of an abundance of caution,” they write.
DataBreaches.net sent an inquiry to the center asking whether they were subsequently able to determine what type of ransomware was involved, and whether they had any backup of their patient records, as their statement seems to suggest that there may be no backup that they could use to recover patient information.
This post will be updated if a response is received.


Insider trading or AI trading.  Will the SEC believe me when I claim superior Watson made me do it?
Unusual trading activity in Kate Spade ahead of headlines about potential sale
Minutes before Dow Jones reported that Kate Spade is exploring a sale of its business, one options trader purchased nearly 2,000 calls in the accessories label — resulting in a quick $320,000 profit.
According to CNBC "Fast Money Halftime Report" trader Jon Najarian, thousands of Kate Spade's call options were purchased at 12:23 p.m. ET Wednesday — roughly 10 minutes before headlines of a potential sale hit.
   When options activity spikes ahead of an announcement, it can indicate that someone had inside information.  Kate Spade has been under pressure to sell its business, after activist firm Caerus Investors suggested the company do so last month.


It’s not SciFi, it’s just Amazon!  These could also replace the Goodyear blimps at some future Superbowl. 
Amazon files patent for flying warehouse
Amazon has filed a patent for massive flying warehouses equipped with fleets of drones that deliver goods to key locations.
Carried by an airship, the warehouses would visit places Amazon expects demand for certain goods to boom.
It says one use could be near sporting events or festivals where they would sell food or souvenirs to spectators.
The patent also envisages a series of support vehicles that would be used to restock the flying structures.
Amazon air force
The filing significantly expands on Amazon's plans to use drones to make deliveries.  Earlier this month it made the first commercial delivery using a drone via a test scheme running in Cambridge.
In the documents detailing the scheme, Amazon said the combination of drones and flying warehouses, or "airborne fulfilment centres", would deliver goods much more quickly than those stationed at its ground-based warehouses.
Also, it said, the drones descending from the AFCs - which would cruise and hover at altitudes up to 45,000ft (14,000m) - would use almost no power as they glided down to make deliveries.
Many firms working on drones are struggling with ways to extend their relatively short range, which is typically dependent on the size of the battery they carry.
The patent lays out a comprehensive scheme for running a fleet of AFCs and drones.  It suggests smaller airships could act as shuttles taking drones, supplies and even workers to and from the larger AFCs.
   Amazon's patent was filed in late 2014 but has only now come to light thanks to analyst Zoe Leavitt from CB Insights who unearthed the documents.


Students ask about this all the time.
Learning to program may seem like a daunting task. Luckily, it’s not nearly as difficult as it seems. With a bevy of resources available both on and offline, dedicated communities, and experts to follow on social media, learning programming is much simpler than it used to be.


I know it’s unlikely, but my geeks might have missed one.  On the other hand, they research movies much more intensely than they do my homework assignments.


I’ve got lots of gamers.  I’m not sure how many developers I have.  Let’s find out!
Do you have an idea for a game that’s been brewing in your mind for years?  What if I told you that you could make that idea come to life, even if you have no game development experience?  These days, anyone can make a video game with a bit of elbow grease and perseverance.
Of course, that doesn’t mean game development is easy.  Not by a long shot.  Even something as simplistic as Flappy Bird or Tetris can take a lot of time and effort to make it look and feel good.  But thanks to free game development software tools, a game that might’ve required one year can now be made in six months or faster — sometimes without any code!
Note that this list is ordered by least complex to most complex.  The simpler free game development tools are easier to pick up but have limitations.  As you go down the list, you gain more flexibility at the cost of a greater learning curve.

No comments: