Volume LIV, Issue 3

In This Issue


Obama and Xi Jinping of China Agree to Steps on Cyber-Theft

Excerpted from NY Times Report by Julie Hirschfeld Davis and David E. Sanger

President Obama and President Xi Jinping of China took their first concrete steps on Friday toward reining in the rising threat of cyber-attacks between the world’s two largest economies, pledging that their governments would refrain from computer-enabled theft of intellectual property for commercial gain even as Mr. Obama suggested that he might still impose sanctions if rampant Chinese hacking persisted.

With Mr. Xi standing beside him at a Rose Garden news conference, Mr. Obama said the two had reached a “common understanding” that neither the United States nor China should engage in state-sponsored cyber-intrusions to poach intellectual property, and that they would together seek “international rules of the road for appropriate conduct in cyberspace.”

But Mr. Obama said that he had told the Chinese president during two hours of meetings at the White House that the escalating cycle of cyber-attacks against American targets “has to stop,” warning Mr. Xi that the United States would go after and punish perpetrators of those offenses through traditional law enforcement tools and, potentially, with sanctions.

“The question now is, ‘Are words followed by actions?’ “Mr. Obama said of China’s commitments on cyber-threats. “And we will be watching carefully to make an assessment as to whether progress has been made in this area… Read More

Federal Watchdog Says Agencies Remain at High Risk to Cyber-Threats

Excerpted from Wall St. Journal Report by Angus Loten

Federal agencies are falling short on efforts to implement cybersecurity programs and prevent unwanted access to their computer networks, the Government Accountability Office (GAO) said this week.

The federal watchdog in part blamed unclear guidance by the White House to agency inspectors general for assessing security programs.

Based on its own research, as well as individual agency reports and IG assessments of information security controls, the GAO found security weaknesses during the 2014 fiscal year at nearly all of the 24 federal agencies it examined.

Those agencies included the Defense Department, the Office of Personnel Management and the Environmental Protection Agency, with a combined 9,906 computer systems.

Security challenges included deficiencies in access control measures, configuration management, contingency planning, security management, and segregation of duties — that is, policies, procedures, and organizational structures to prevent one individual from independently controlling all key aspects of a computer-related operation, the report said.

All told, 19 agencies were found to have a “material weakness” or a “significant deficiency” in their handling of information security controls… Read More

House Intel Chief Says Cyber-Sharing Bill Will Pass Overwhelmingly

Excerpted from The Hill Report by Katie Bo Williams

The Chairman of the House Intelligence committee is confident that a beleaguered cybersecurity information-sharing bill will eventually clear the Senate.

“I think it will pass overwhelmingly in the Senate once they get through all their amendments,” Chairman Devin Nunes (R-CA) told attendees at a Washington Post cybersecurity event in DC.

The House passed complementary legislation in April, but the Cybersecurity Information Sharing Act (CISA) has been stymied by privacy concerns in the Senate.

Observers say that leadership is working on a deal to cut down on a list of amendments scheduled for debate. A few contentious additions are apparently slowing negotiations.

Nunes, who sponsored the House legislation, is echoing widely held expectations for the bill.

Observers anticipate that if CISA gets to the floor, it will pass by a large margin.

Lawmakers have faced intense pressure to move on some kind of legislation to address the bombardment of cyber-intrusions… Read More

Report from DCIA CEO Marty Lafferty

Click Here for Video

With a US government shutdown averted, and following a September 14th Business Software Alliance (BSA) letter to Congressional leaders, Senate attention to passing cybersecurity legislation should now become a priority.

The BSA letter was signed by Adobe Systems, Altium, Apple, AutoDesk, CA Technologies, DataStax, IBM, Microsoft, MiniTab, Oracle, Salesforce, Siemens, and Symantec.

The US Chamber of Commerce also has been proactive in its support for the vitally important Cybersecurity Information Sharing Act of 2015 (S.754 or CISA).

The House of Representatives already passed companion legislation to enable information sharing among and between private enterprises and government agencies to strengthen cybersecurity.

The removal of potential liabilities for faster and deeper exchanges of data is critical to improved responsiveness in the rapidly changing cyber-threat environment.

To privacy advocates, who rightly raise concerns on behalf of individual users, the current draft of CISA contains extensive language that will ensure the protection of personally identifiable information (PII).

The risks to consumers will be far greater if this enabling legislation fails to pass the Senate and be signed into law.

The White House is on the record as encouraging Senate passage. Nearly all Senate Republicans are on board, and more than a dozen Democrats now support the measure.

While the Senate has other important priorities, Senate Majority Leader Mitch McConnell (R-KY) and Minority Leader Harry Reid (D-NV) agreed in August on a framework for bringing the bill to the floor.

What’s left to do is for the leaders to establish limits on time for debate and the addition of amendments, but circumstances now augur well for a robust discussion of cybersecurity on the Senate floor for the first time in three years.

We urge you to contact your Senators and encourage their support of S.754. Share wisely, and take care.

Tech Group Petitions Obama to Oppose Backdoor Surveillance

Excerpted from The Hill Report by Cory Bennett

A coalition of tech companies and civil liberties groups are banding together to petition the White House to oppose guaranteed access to encrypted data.

“We petition the Obama Administration to: Publicly affirm your support for strong encryption. Reject any law, policy, or mandate that would undermine our security,” their petition reads.

The group behind the petition includes human rights organizations such as the American Civil Liberties Union (ACLU), tech trade groups such as the Computer and Communications Industry Association (CCIA), and various tech leaders such as Twitter and privacy-focused search engine DuckDuckGo.

The tech community has been clashing for months with the Obama administration over encryption standards.

Law enforcement and intelligence officials are pushing for some type of process that would ensure their access to encrypted digital communications.

But technologists and privacy advocates say any type of guaranteed pathway to this data would weaken encryption and expose individuals to hackers… Read More

Pentagon’s Lack of Cyber-Policy Illegal, McCain Says

Excerpted from National Journal Report by Kaveh Wadell

A week after President Obama announced an agreement with Chinese President Xi Jinping to limit corporate espionage — a tentative step toward setting up norms of state behavior on the Internet — a panel of Senators urged cybersecurity officials in the Defense Department to go further in establishing clear rules of war for cyber-attacks.

As members of the Senate Armed Forces Committee pushed Tuesday for a more clearly delineated cyber-policy — and better follow-through to make US intentions clear — the Committee’s Chairman, Senator John McCain of Arizona, suggested the lack of such a policy is illegal.

In a heated exchange, McCain pressed Deputy Defense Secretary Robert Work on his department’s progress in developing an “integrated policy” for cybersecurity, a task Congress assigned the department in the fiscal year 2014 Defense Reauthorization Bill.

“Suppose there’s an attack, a cyber-attack, like the one on OPM,” McCain said, referring to a pair of data breaches at the Office of Personnel Management that affected more than 22 million individuals.

“Do we have a policy as to what we do… Read More

Pentagon Hoping to Automate Cybersecurity

Excerpted from C4ISRNet Report by Amber Corrin

IT professionals in the Defense Department spend a lot of time running interference on the volumes of attempts to penetrate military networks every day.

But the DoD CIO wants to redirect some of that effort by lightening their load — and that would be done by automating some network activities dedicated to cybersecurity.

“What we have to get better, from a mission and cost standpoint, are tools that automate cyber-basics — patching or diagnostics where we might have a cyber-basics issue where the right data logging can identify…and say, ‘this is a problem,'” DoD CIO Terry Halvorsen told reporters.

“I think we’re closer to this than many others; I may be an optimist. But at a certain point we want to have some cyber [tools] completely automated, where certain conditions occur and the system responds. It’s the only way we will keep up.”

Much of that will center on big data analytics that can take in and sort through huge quantities of network data to identify anomalies or potentially nefarious activities.

To get there, Halvorsen, following the lead of Defense Secretary Ash Carter, said he’s looking to Silicon Valley for some help… Read More

Reducing the Cyber-Attack Surface

Excerpted from IT-Online Report

Most breaches and attacks do not happen quickly and violently.

They happen stealthily over time, with threat actors lurking inside your network for months at a time, performing reconnaissance and looking for your most valuable and sensitive information.

“In fact, the perimeter, although much security spend is focused on it, is no longer a single space.”

“The attack surface is wide and diverse, leaving many opportunities for hackers to find their way in,” says Lutz Blaeser, MD of Intact Software Distribution.

Bearing in mind the breadth and nature of the attack surface, Blaeser discusses some considerations that security professionals should think about going forward.

“Make sure you are securing the right boundary.

The fact is today, computing stacks are distributed, mobility is a huge trend, and cloud architectures are the norm.

This has made security practitioners rethink the basic elements of perimeter security… Read More

Is BYOK the Key to Secure Cloud Computing?

Excerpted from CIO Report by Mary Branscombe

Thanks to Edward Snowden’s revelations about the NSA, the comprehensive hacking of Sony, and on-going legal battles over whether email stored in the cloud belongs to the people sending it or the service hosting it, more and more cloud services have moved to encrypt data.

Some are going even further, offering Bring Your Own Key (BYOK) options, where the user holds the encryption keys for their own cloud data.

Google Compute Engine started offering a preview service for encrypting both data and compute with your own keys this summer, and Amazon offers both soft key management and the much pricier (and slower to set up) Cloud HSM service for EC2 and S3 instances, where your keys live in dedicated Hardware Security Modules in Amazon’s cloud.

Adobe Creative Cloud now supports customer-managed data encryption keys to protect content synced to Creative Cloud accounts.

Microsoft’s Key Vault is intended to be a single, audited, versioned, secure vault that integrates with Azure Active Directory for authentication. Key Vault allows you to store passwords, configuration details, API keys, certificates, connection strings… Read More

Looking Beyond Cloud and Mobile: What’s Next for IT?

Excerpted from CIO Insight Report

A panel of tech journalists weighs in on new research that provides a revealing look at the rapidly changing tech landscape and how decision-makers are navigating the ever-changing world of IT.

What once was disruptive is now considered mainstream, and new research from QuinStreet Enterprise casts a bright light on what’s next for business and IT leaders.

Cloud and mobile are standard fare for businesses today, and the focus is now moving to “smart” technologies propelled by big data analytics and increasingly connected environments.

Layered into these trends is the perennial concern over cybersecurity and how to take advantage of disruptive tech while mitigating security risks caused by these new technologies.

QuinStreet’s research also highlights business process management (BPM), which decision-makers are using to automate and standardize their organization’s processes.

In this video roundtable, veteran technology journalists discuss enterprise IT and today’s leading tech trends.

The research reveals that business and IT leaders found the focus is now moving to so-called “smart” technologies… Read More

Telefonica & China Unicom Strike Data Center Deal

Excerpted from Total Telecom Report by Nick Wood

Telefonica and China Unicom this week kicked-off a broad cloud collaboration deal by agreeing to share their data center capabilities.

Under the partnership, Telefonica will provide access to three of its data centers to China Unicom customers, while its own customers will gain access to three China Unicom data centers.

More specifically, the deal covers the Spanish incumbent’s facilities in Sao Paulo, Brazil; Miami in the US; and Madrid, Spain, and China Unicom’s facilities in Langfang, Shanghai, and Chongqing.

“Combining strong service capabilities and comprehensive data center facilities enables both organizations to fully address their respective markets in contrast to a standalone approach,” said Telefonica, on Monday.

“The benefits this delivers include more efficient aggregation, easier sharing of data, opportunities to develop common data platforms and foster global collaboration plus the ability to leverage economies of scale,” the telco said.

In addition, Telefonica said that pooling its cloud resources with China Unicom allows for the operators to draw from a larger well of expertise without having to recruit new technicians or provide additional training… Read More

Verizon Issues New Digital Transformation Report

Excerpted from Light Reading Report

As the world becomes more digital, enterprise networks are being stretched by more data traffic, a growing mobile workforce and cloud-based applications and tools that need to work reliably for customers and employees anywhere and anytime.

Traffic on Verizon’s public IP network grew nearly 300 percent over the past four years, a compound annual growth rate of 44 percent.

This digital transformation and how enterprises should approach it is the subject of a first-of-its kind report from Verizon called “Digital Transformation Powers Your Business.”

The report looks at issues facing enterprises as the digital evolution marches on, then outlines key drivers of digital transformation, encourages CIOs and leaders across organizations to rethink their network, in order to drive results.

“Customers and employees demand responsiveness and speed in every interaction, making it even more important for enterprises to reinvigorate their interest in building and maintaining flexible, robust and reliable networks or finding the right managed network services partner,” said Chris Formant, Global President, Verizon Enterprise Solutions… Read More

Cloud Adoption Advancing with AT&T NetBond

Excerpted from AT&T Newsroom Report

AT&T saw significant growth in 2015 with its cloud connectivity solution, AT&T NetBond, building a robust ecosystem of 13 leading cloud providers.

Many enterprises now count on NetBond to help manage their suite of cloud services.

“Businesses are embracing the economics and flexibility of cloud solutions,” said Jon Summers, Senior Vice President, AT&T Mobile & Business Solutions.

“NetBond is a large part of our strategy to deliver highly-secure cloud connections to leading providers. We provide our customers access from anywhere, at any time and on any device.”

82% of enterprises will have a multi-cloud strategy according to RightScale’s1 2015 State of the Cloud Survey.

“We move at a fast pace at Topgolf, offering nearly 8 million guests a year a unique interactive experience.”

“It’s essential to have our back-end systems running smoothly so we can provide the best experience possible,” said Andrew Macaulay, Chief Information Officer, Topgolf… Read More

Ipca Selects NetApp to Secure its Critical Medical Data

Excerpted from FirstPost Report

Ipca, an integrated Indian pharmaceutical company manufacturing over 350 formulations and 80 APIs for various therapeutic segments, has chosen NetApp to secure some of its most critical data.

The company has 14 manufacturing facilities across multiple cities in India.

Each of Ipca’s manufacturing units generates critical data, which require to be quickly accessed by multiple departments for multiple analyses.

Ipca selected NetApp’s FAS2500 Series for its benefit as unified architecture running Data ONTAP, NetApp’s data management platform that spans flash, disk and cloud resources.

According to the company, the unified FAS Series for SAN and NAS Gateways architecture have resolved Ipca’s storage requirement by having a single box for all types of workloads.

NetApp’s SnapMirror was used to perform de-duplication and compression on the data to drive down bandwidth usage.

NetApp’s 99.99% Reliability, Availability, and Serviceability (RAS) commitment has added more value and lowered TCO… Read More

Global Market Study on Healthcare Cloud Computing

Excerpted from Digital Journal Report

Healthcare cloud computing is used to share patient information between healthcare providers and pharmacists.

It also plays a vital role in patient billing and reduces capital expenditure which is associated with conventional mode of billing practices.

It increases the speed and flexibility of healthcare services such as telemedicine, electronic medical records, and image diagnostic techniques.

Mobile devices are gaining popularity in delivering healthcare services.

Various factors such as increasing demand for better healthcare facilities, rising government initiatives, and cost effectiveness are driving the global market for healthcare cloud computing.

In addition, rising investments from healthcare IT players and growing popularity of wireless and cloud technology are some of the major drivers for the global healthcare cloud computing market.

However, lack of experienced professionals is a key restraint for the global healthcare cloud computing market… Read More

India Replaces China as Next Big Frontier for US Tech Companies

Excerpted from NY Times Report by Vindu Goel

American technology companies desperately want to win over people like Rakesh Padachuri and his family.

Mr. Padachuri, who runs a construction business in this city, the center of India‘s technology industry, uses his smartphone to reserve movie seats through BookMyShow and to order pizzas from Domino’s. His wife, Vasavi, orders clothes from Myntra and Amazon.com, and downloads videos and games from YouTube and the Google Play store to entertain their 4-year-old daughter. His sister-in-law, Sonika, enjoys posting selfies on Facebook and follows the YouTube musings of Lilly Singh, an Indo-Canadian comedian.

They all stay in touch via a group chat they have set up on WhatsApp, a free messaging service owned by Facebook. “There’s no need to call each other,” Mr. Padachuri said last month during an interview at his home, which is next to a Best Western hotel.

There’s barely a need to leave the house — groceries, a birthday cake, even a hairdresser can be summoned via an app.

The Padachuri family’s love of technology helps explain why India and its 1.25 billion residents have become the hottest growth opportunity — the new China — for American Internet companies… Read More

Coming Events of Interest

New York Media Festival — October 6th-9th in New York, NY. NYME brings together 5,000 expected attendees including 1,500 senior digital, games, music, television, advertising and video leaders, brands, investors and start-ups. Networking, meetings and deal-making.

Digital Hollywood Fall — October 19th-22nd in Marina Del Rey, CA. The future of the entertainment industry. Digital Hollywood debuted in 1990 and has from its start been among the leading trade conferences in its field.

2015 US Cyber Crime Conference — November 14th-20th in National Harbor, MD. This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network.

Cloud Asia Forum — November 24th-25th in Hong Kong. Now in its sixth year, this major highlight of the Cloud World Series sponsored by Informa Telecoms & Media is the most comprehensive cloud computing event in Asia.

Government Video Expo — December 1st-3rd in Washington, DC. Sponsored by NewBay Media, GVE 2015 will be the East Coast’s largest technology event designed for video, broadcast, and audio-video professionals.

Internet of Things World Forum (IoTWF) — December 6th-8th in Dubai. IoTWF is an exclusive event that brings together the best and brightest thinkers, practitioners, and innovators from business, government, and academia to accelerate the market adoption of the Internet of Things.

CES — January 6th-9th in Las Vegas, NV. The world’s gathering place for all who thrive on the business of consumer technologies. CES has served as the proving ground for innovators and breakthrough technologies for more than 40 years.

ADRM Working Group Meeting — January 28th via Global Videoconference. Contact the DCIA for information about joining the group and attending the meeting that will focus on interoperability among DRM platforms and simplifying DRM implementation.

Posted in Newsletters