Tuesday, July 09, 2019


On 9/11, terrorists controlled relatively small machines. Imagine the takeover of a 1200 foot container ship carrying 13,000 containers…
U.S. Coast Guard Issues Cybersecurity Warnings for Commercial Vessels
The alert points to a February 2019 incident where a deep draft vessel bound for the Port of New York and New Jersey had its systems infected with a piece of malware that “significantly degraded the functionality of the onboard computer system.”
While the incident did not impact the ship’s essential control systems, it did highlight the lack of proper cybersecurity measures.
It is unknown whether this vessel is representative of the current state of cybersecurity aboard deep draft vessels. However, with engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship or performing routine maintenance on traditional machinery,” the Coast Guard said.




Be careful when buying problems.
The ICO is on a roll… now they’ve issued a statement about their intention to fine Marriott, although it appears that their statement may have been issued because Marriott first notified the SEC that it was going to be fined.
Here is the ICO’s statement:
Statement in response to Marriott International, Inc’s filing with the US Securities and Exchange Commission that the Information Commissioner’s Office (ICO) intends to fine it for breaches of data protection law.
Following an extensive investigation the ICO has issued a notice of its intention to fine Marriott International £99,200,396 for infringements of the General Data Protection Regulation (GDPR).
The proposed fine relates to a cyber incident which was notified to the ICO by Marriott in November 2018. A variety of personal data contained in approximately 339 million guest records globally were exposed by the incident, of which around 30 million related to residents of 31 countries in the European Economic Area (EEA). Seven million related to UK residents.
It is believed the vulnerability began when the systems of the Starwood hotels group were compromised in 2014. Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018. The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.
Information Commissioner Elizabeth Denham said:
The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.
Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
Marriott has co-operated with the ICO investigation and has made improvements to its security arrangements since these events came to light. The company will now have an opportunity to make representations to the ICO as to the proposed findings and sanction.
The ICO has been investigating this case as lead supervisory authority on behalf of other EU Member State data protection authorities. It has also liaised with other regulators. Under the GDPR ‘one stop shop’ provisions the data protection authorities in the EU whose residents have been affected will also have the chance to comment on the ICO’s findings.
The ICO will consider carefully the representations made by the company and the other concerned data protection authorities before it takes its final decision.




We’re discussing law in my Security Compliance class.
PA Court decision siding with plaintiff injured by dog leash purchased on Amazon
Axios: “A malfunctioning dog leash could end up creating billions of dollars of potential liabilities for online marketplaces, with Amazon front and center. Background: A dog leash sold and shipped by The Furry Gang, one of the millions of small sellers that operate on Amazon’s marketplace, snapped, permanently blinding the buyer in her left eye.
  • Amazon is responsible for the injury, according to a 2-1 decision from Philadelphia’s Third Circuit Court of Appeals.
  • Amazon’s involvement in transactions extends beyond a mere editorial function; it plays a large role in the actual sales process,” the opinion states.
  • Our thought bubble: This ruling challenges the company’s longtime practice of effectively outsourcing quality control to its customers and their reviews. Amazon could now be held liable for all the random things that get sold on its site.
  • What to watch: This isn’t just bad news for Amazon. The whole e-commerce sector — including companies like Walmart, eBay and Shopify — could come under fire.”




I must have missed this… (136 slides)
State of AI Report 2019




Adopting new technology is not without its perils.
IDC: For 1 in 4 companies, half of all AI projects fail
A recent study conducted by analysts at International Data Corporation (IDC) found that of the organizations already using AI, only 25% have developed an “enterprise-wide” AI strategy, and it found that among those in the process of deploying AI, a substantial number of projects are doomed to fail.
IDC’s Artificial Intelligence Global Adoption Trends & Strategies report, which was published today, summarizes the results of a May 2019 survey of 2,473 organizations that use AI solutions in their operations.




AI as a fortune teller?
… In the last few days, we started rolling out a new feature powered by AI that notifies people when their comment may be considered offensive before it’s posted.
We’ve heard from young people in our community that they’re reluctant to block, unfollow, or report their bully because it could escalate the situation, especially if they interact with their bully in real life. Some of these actions also make it difficult for a target to keep track of their bully’s behavior.
We wanted to create a feature that allows people to control their Instagram experience, without notifying someone who may be targeting them. Soon, we will begin testing a new way to protect your account from unwanted interactions called Restrict. Once you Restrict someone, comments on your posts from that person will only be visible to that person. You can choose to make a restricted person’s comments visible to others by approving their comments. Restricted people won’t be able to see when you’re active on Instagram or when you’ve read their direct messages.




Perspective. If nothing else, some interesting quotes.
How Data Analytics Is (Slowly) Transforming Private Equity
Data analytics is one of the hottest areas in business these days. Companies are increasingly adopting it to transform human resources, sales and marketing, business development, operations and other areas, across a wide spectrum of industries. The approach holds the promise of more objective decision-making and a stronger bottom line.
But when it comes to the world of private equity it’s a different story, according to Sajjad Jaffer, co-founder of the advisory and investment firm Two Six Capital. He said that when he and Ian Picache started their analytics-based firm in 2013, there had been “no technological innovation in private equity since the invention of the Excel spreadsheet.”
… “Using large-scale, cloud-based engineering we can handle very, very large data sets in very, very short timeframes. Billions of rows of data,” Picache said. He noted that their in-depth methods enable them to view “what is going on in a business in a minute-by-minute, day-to-day basis.”
… Regarding portfolio management, he said that a management team’s own attitude toward data tells you something about their company. “Those that actually resist [data analytics] should actually raise some alarm bells for you…. Is it a point of pride? Are they trying to get the highest valuation for their companies by not showing you the full transparency of data?”



No comments: