Volume LIV, Issue 7

In This Issue


US Senate Passes Landmark Cybersecurity Bill

Excerpted from Senator Burr Press Announcement

In a vote of 74-21, the US Senate this week passed the Cybersecurity Information Sharing Act of 2015.

The bill, which is sponsored by Senate Select Committee on Intelligence (SSCI) Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-CA), helps protect Americans’ personal privacy by taking steps to stop future cyber-attacks before they happen.

This legislation creates an environment that encourages the sharing of information about cyber-threats, allowing all participants to get a better understanding of the current threats that may be used against them.

“This landmark bill finally better secures Americans private information from foreign hackers,” said Senator Burr.

“American businesses and government agencies face cyber-attacks on a daily basis.”

“We cannot sit idle while foreign agents and criminal gangs continue to steal Americans’ personal information as we saw in the Office of Personnel Management (OPM), Target, and Sony hacks.”

“This legislation gives the government and US companies new voluntary collaborative tools so that they can work together against hackers… Read More

Passage of Cybersecurity Information Sharing Bill

Excerpted from Washington Post Report by Andrea Peterson

The Senate on Tuesday passed a cybersecurity bill that would give companies legal immunity for sharing data with the federal government, over the protests of some lawmakers and consumer advocates who say that the legislation does not adequately protect Americans’ privacy.

The Cybersecurity Information Sharing Act, or CISA, must now be reconciled with legislation passed earlier this year by the House.

The Obama administration and lawmakers in both parties have been seeking for years to enact information-sharing legislation, and it now seems likely to become law.

The 74-to-21 vote comes as digital attacks against private industry and the government alike put pressure on lawmakers to address information security.

“For me this has been a six year effort, and it hasn’t been easy because what we tried to do was strike a balance and make the bill understandable so that there would be a cooperative effort to share between companies and the government,” Senator Dianne Feinstein (D-CA), Vice Chairman of the Intelligence Committee and co-author of the bill, said on the Senate floor… Read More

Approved Cybersecurity Bill Long in the Works

Excerpted from NY Times Report by David Sanger and Nicole Perlroth

After four years of false starts and strife over privacy protections, the Senate passed legislation by a vote of 74 to 21 on Tuesday that would help companies battle a daily onslaught of cyber-attacks.

But there is one problem with the legislation, the Cybersecurity Information Sharing Act, or CISA: in the years that Congress was debating it, computer attackers have grown so much more sophisticated — in many cases, backed by state sponsors from Shanghai to Tehran — that the central feature of the legislation, agreements allowing companies and the government to share information, seems almost quaint.

To many in the trenches of daily computer combat, it is a little like the insistence of some cavalry officers in the 1930s on sticking to horses, rather than investing in mechanized divisions.

The sponsors of the legislation concede that it would have done nothing to help Sony Pictures Entertainment, whose computers were melted down 11 months ago in a remarkably destructive attack for which the White House blamed North Korea.

That attack was not based on the kinds of previously seen malware that companies and the government could warn each other aboutRead More

Report from DCIA CEO Marty Lafferty

Click Here for Video

The DCIA encourages you to attend an upcoming conference with training sessions on a subject that event sponsors rightly characterize as one of today’s hottest global topics — cyber-crime.

Cyber-crime is certainly a major threat to national security, as well as an enormous concern for the private sector.

Plan to attend the US Cyber-Crime Conference and gain the tools and knowledge you need to combat the dangers we face.

The event takes place in National Harbor, MD with training sessions from November 14th through 17th, and the conference immediately to follow from November 18th through 20th.

An exemplary panel at the event is Cyber-Initiatives – Global/Interagency Cooperation for Incident Management; featuring Steven Kelly, Director of Cybersecurity Policy for the National Security Council at The White House; Peter Tseronis, Former Chief Technology Officer at the US Department of Energy; Ann Barron-DiCamillo, Director of the US Computer Emergency Readiness Team; and Gary Corn, Staff Judge Advocate at US Cyber-Command; moderated by Todd Tucker, Chief of Counterintelligence Cyber-Operations at the Defense Security Service.

There will be dynamic keynote addresses from cyber-leaders including Shawn Henry, President of CrowdStrike Services & CSO of CrowdStrike; David Remnitz, Fraud Investigation and Dispute Services Leader for Ernst & Young; Loren Hudziak, Public Sector Solutions Architect at Google; and Ron Layton, White House Technology Liaison for the Secret Service.

For the full agenda, please click here.

Also note pre-conference training taking place in two-to-four-day sessions on Advanced Infrastructure Hacking; Hands-On-How-To Incident Response & Endpoint Threat Detection Training; Wireless Hacking: Beginner through Intermediate RF Communications Using Offensive and Defensive Techniques; and BlackLight Tool – Authenticating, Analyzing, and Reporting Digital Evidence.

Other training sessions include Cellebrite Advanced Smartphone Analysis (CASA); Collection and Analysis Network Generated Evidence Using Open Source Tools – Wireshark and Network Minor; Open Source Methods for Social Media Investigation and Analysis; Situational Response: Targeted Collection and Tactical Analysis; and more!

The 2015 US Cyber Crime Conference is raising its already high standards with a new and improved format.

The conference is leveraging successes from years past including subject matter experts, fun and engaging networking events, and direct access to industry leaders and buyers.

In addition, many new features are being added that will make the conference experience even more valuable to attendees.

Register now to attend this vitally important conference. Share wisely, and take care.

Federal Government Updates Cybersecurity Baselines

Excerpted from NextGov Report by Aliya Sternstein

The last time the federal government updated its IT strategy, the requirements dealt with protecting “dial-in access,” bulletin boards, and passwords. That was in 2000.

The plan — still in effect today and labeled Circular A-130 — makes no mention of contractor security, encryption, multistep ID authentication, or patching security holes — protections that could have lessened the blow of data breaches at the federal retirement Thrift Savings Plan, the military’s TRICARE health program, Office of Personnel Management and a background check provider.

Now, after a push from Congress, the White House is upgrading its information management principles.

Proposed changes reflect an age where teenagers reportedly can reverse look up the CIA director’s mobile phone number and use it to hack his personal webmail account.

The proposal, posted online Wednesday, also recognizes the existence of “insider threats.”

These are federal employees and contractors with legal access to US secrets who can compromise as much intelligence, if not more, than outsiders. The 2000 plan was issued almost a decade before former soldier Chelsea Manning transferred military files… Read More

Cybersecurity Start-Ups Raise $2.5 Billion a Year

Excerpted from Inc. Report by Will Yakowicz

The industry is on pace to equal last year’s staggering funding numbers, with US companies grabbing the majority of the money.

As long as individuals and businesses continue to get victimized by data breaches, huge money will keep flowing to private companies that take on hackers.

According to a report by CB Insights, a company that tracks venture capital and angel investment, cybersecurity start-ups raised a record $2.5 billion across 240 deals in 2014.

The industry is on pace to nearly match last year’s numbers, with $1.2 billion raised across 99 deals during the first half of 2015.

The last half-decade has seen rapid growth in the space. Companies raised less than $1 billion in 2010.

The second and third quarters of last year were especially active in terms of investment.

Notable deals during those quarters include Tanium’s $90 million round from Andreessen Horowitz and Lookout’s $150 million round… Read More

Cloud Security: Biggest Concern, Top Reason to Implement

Excerpted from Formtek Report by Dick Weisinger

A new study on cloud computing use by small and medium sized companies from Exact and Pb7 Research finds two surprising results.

The first has to do with security.

Typically, security is cited as the number one concern for why businesses avoid the cloud; but surprisingly, the Exact report found that security is also the number one reason cited by cloud adopters for choosing the cloud.

It seems like some sort of love/hate relationship.

The second interesting result is that, in general, businesses using the cloud are better off financially compared to peer businesses that aren’t using the cloud.

The top five reasons why businesses implement cloud software are as follows: 32 percent — security; 26 percent — lower IT costs; 23 percent — low maintenance requirements/no systems; 23 percent — easy mobile access; and 21 percent — more productivity/efficiency for end-users.

The Exact report found that businesses that move to the cloud often realize as much as 25 percent higher growth revenue… Read More

Government Cloud Policy for Innovation, Security

Excerpted from Microsoft Blog by Paul Nicholas

Around the world, organizations big and small are moving to the cloud to achieve more, faster.

Cloud computing is no longer considered solely a transformative new generation of technology but a platform to enable ever greater efficiencies, deliver big data analytics, and empower the Internet of Things (IoT).

As KPMG recently put it: “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?'”

While the first wave of cloud adopters has largely been from the private sector, in recent years, governments are increasingly and incrementally adopting a cloud-first approach — instructing their ministries, departments, and agencies to choose cloud services whenever possible.

Those countries have understood that cloud computing provides a secure, efficient, and cost-effective alternative to traditional on-premises systems.

In addition, they are recognizing the innovative potential that cloud computing brings, allowing them to work more closely with their citizens and deliver more intuitive e-government services… Read More

Cloud Makes Dream of Big Data Analytics a Reality

Excerpted from FierceGovernmentIT Report by Molly Walker

Cybersecurity analysts practically live in log files, but the deluge of data makes it difficult for cyber-pros to not only find the relevant data but also find it in the very moment it’s relevant.

It’s a challenge that Big Data and analytics have long promised to solve, but through more economical storage and rapid scalability, cloud computing is helping federal agencies finally realize that goal.

“The information has always been there, but it’s always been a matter of, how do you store it?

A common cry we hear in the Air Force is, ‘We can’t log everything. We can’t store everything,'” said Steve Pugh, Presidential Response Officer at the White House Communications Agency.

“But you need all of those logs to paint a picture if you’re asking those questions on really complex intrusion sets,” said Pugh during a panel discussion at the Splunk GovSummit in Washington, DC, October 22nd.

Eric Jeanmaire, Branch Chief for Cyber-Defense at the US Citizenship and Immigration Services, a Homeland Security Department component, said the ultimate goal is to search and keep all of its logs, and query them in near real-time.

Cloud computing makes that possible, he said… Read More

Clearly, the Cloud Is the Future of Computing

Excerpted from Westport News Report by Mark Mathias

One of the biggest terms in computing nowadays is “cloud computing.”

While the definition is still evolving, companies such as Amazon, Microsoft, and Google are reporting huge gains in their cloud computing businesses.

According to the most recent financial reporting and industry analysts, cloud computing for each company is well into the billions of dollars per year, if not per quarter.

So what is all of this cloud stuff and why should you care?

It’s really pretty simple.

Despite all of the massive computational horsepower you have on your computer at home or your smartphone, that’s nothing compared to the power that resides in large data centers.

These data centers are huge, sometimes measured in football fields.

They have processors and storage (typically disk) that goes on seemingly forever… Read More

Big Data Research & Development in the Cloud

Excerpted from Journal of Cloud Computing Report

With the advances of information communication technologies, it is critical to improve the efficiency and accuracy of modern data processing techniques.

The past decade has witnessed the tremendous technical advances in Sensor Networks, Internet/Web of Things, Cloud Computing, Mobile/Embedded Computing, Spatial/Temporal Data Processing, and Big Data, and these technologies have provided new opportunities and solutions to data processing techniques.

Big Data is an emerging paradigm applied to datasets whose size is beyond the ability of commonly used software tools to capture, manage, and process the data within a tolerable elapsed time.

Such datasets are often from various sources (Variety) yet unstructured such as social media, sensors, scientific applications, surveillance, video and image archives, Internet texts and documents, Internet search indexing, medical records, business transactions and web logs; and are of large size (Volume) with fast data in/out (Velocity).

More importantly, big data has to be of high value (Value) and establish trust in it for business decision making (Veracity).

Various technologies are being discussed to support the handling of big data such as massively parallel processing databases… Read More

Accelerating Cloud Storage and Reducing Latency

Excerpted from CloudTech Report by Graham Jarvis

Over a number of years there has been a long and hard fought battle to secure the ability to “accelerate anywhere” any data type to, from and across a cloud area network (ClAN) to allow fast access to applications, or to secure data as a part of a back-up and archiving strategy.

According to Claire Buchanan, Chief Commercial Officer at self-configuring infrastructure optimize networks (SCION) vendor Bridgeworks, this battle is still ongoing.

With the use of traditional WAN optimization techniques the long drawn out battle has still to be won.

“It may not long be the case as with the advent of machine intelligence and technologies such as SCION, the problem has been that of small pipes and the inability to accelerate data.”

“Therefore, the use of deduping and compression tools have been the only way to gain a perceived performance improvement,” she explains.

With this in mind Tony Lock, Program Director at analyst firm Freeform Dynamics, advises people to closely scrutinize the available WAN acceleration solutions against their business level requirements for WAN network performance… Read More

NetApp Announces Special Offer for Buyers

Excerpted from InfoTech Lead Report

NetApp on Thursday announced a special offer for buyers of select NetApp all-flash systems, with guaranteed 3X increase in enterprise database performance compared to that of traditional, non-flash disk-based systems.

When customers purchase a NetApp AFF8080 or NetApp EF560 system, the company guarantees that select Microsoft SQL Server and Oracle database applications can achieve 3X more IOPS at one-millisecond latency.

If customers do not see the 3X performance improvement, NetApp will provide them with up to two days of professional optimization services at no cost.

“Speed is now a clear differentiator for businesses of all types. Customers can add NetApp all-flash systems as a low-risk means to dramatically accelerate performance, with payback on their investment in as little as six months,” said Lee Caswell, Vice President, Product, Solutions and Services Marketing, NetApp.

“Our 3X Performance Guarantee is appealing to enterprises with competitive systems coming off warranty or those doing data center consolidation to prepare for hybrid cloud.”

The offer is available in the United States and Canada now. NetApp expects the program to be rolled out in APAC, EMEA, and LATAM… Read More

Library of Congress Grants Limited DRM Exceptions

Excerpted from BoingBoing Blog by Cory Doctorow

Every three years, the Librarian of Congress allows the public to request exemptions to a law that makes it a felony to break a digital lock, even on a device that you own, and which you are breaking for a lawful purpose.

For the past year, public interest groups have been spending their scarce money and resources writing petitions to the Copyright Office, arguing that people who own devices with computers in them should have the same property rights as they do in their non-computerized devices.

These include the right to open, change, and improve the things they own in lawful ways.

Section 1201 of the Digital Millennium Copyright Act (DMCA) prohibits tampering with, weakening, or removing digital locks, even when you’re doing so for a lawful purpose.

But every three years, the Copyright Office lets individuals and nonprofits square off against some of the best-funded companies in the world in order to argue that you should be able to do lawful things with your lawful property.

It’s an inversion of the presumption of innocence: in Section 1201-land, everything you do is prohibited unless you out-gun your devices’ manufacturers in an obscure, highly technical government hearing… Read More

DRM Market Worth $2,899 Million by 2020

Excerpted from MarketWatch Press Announcement

According to a new market research report Digital Rights Management Market by Application (Mobile Content, Video on Demand, Mobile Gaming, eBook, others), by End User (SME and Large Enterprises), by Deployment (On-Premise and On Cloud) by Industry, and by Region – Global Forecast to 2020, published by MarketsandMarkets, which defines and segments the DRM market, the market is estimated to grow from $1,066.3 Million in 2015 to $2,898.9 Million by 2020, at a CAGR of 22.1% from 2015 to 2020.

The recent developments in technology have given rise to different kinds of concerns pertaining to the Internet.

With downloading speeds becoming faster, more files are distributed over the Internet; it could, for example, be music, books, pictures, movies, or basically anything that comes in the digital form.

Not all of these files are currently shared legally.

Usually a person, who has a license for a product, can easily copy and sell/give it all over the world, within minutes.

It is hard to detect and stop these transactions.

In order to manage and control the distribution of digital files, a new concept has been developed, called Digital Rights Management (DRM)… Read More

OpenStack Foundation Certification Program

Excerpted from TechCrunch Report by Frederic Lardinois

The OpenStack Foundation, the nonprofit behind the increasingly popular open-source cloud computing project, today announced the launch of a certification program for OpenStack cloud admins during its bi-annual developer conference.

Given the complexity of OpenStack, which consists of a large number of sub-projects, it’s typically hard for businesses that want to adopt the technology for their cloud computing solutions to find qualified administrators.

A few years ago, the foundation launched a training marketplace that lists courses from major OpenStack vendors like RedHat and Mirantis, as well as organizations like the Linux Foundation.

As OpenStack Executive Director Jonathan Bryce noted in his keynote today, this project has been very successful, but he acknowledged that there is still a clear talent gap.

This new certification process, which the foundation developed with the help of representatives from over a dozen companies (including Canonical, Cisco, HP, Mirantis, Rackspace and SuSE), is meant to establish a baseline for the OpenStack admins.

Admins who want to be certified will have to take a virtual certification test that will be available globally… Read More

Coming Events of Interest

2015 US Cyber Crime Conference — November 14th-20th in National Harbor, MD. This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network.

Cloud Asia Forum — November 24th-25th in Hong Kong. Now in its sixth year, this major highlight of the Cloud World Series sponsored by Informa Telecoms & Media is the most comprehensive cloud computing event in Asia.

Government Video Expo — December 1st-3rd in Washington, DC. Sponsored by NewBay Media, GVE 2015 will be the East Coast’s largest technology event designed for video, broadcast, and audio-video professionals.

Internet of Things World Forum (IoTWF) — December 6th-8th in Dubai. IoTWF is an exclusive event that brings together the best and brightest thinkers, practitioners, and innovators from business, government, and academia to accelerate the market adoption of the Internet of Things.

CES — January 6th-9th in Las Vegas, NV. The world’s gathering place for all who thrive on the business of consumer technologies. CES has served as the proving ground for innovators and breakthrough technologies for more than 40 years.

ADRM Working Group Meeting — January 28th via Global Videoconference. Contact the DCIA for information about joining the group and attending the meeting that will focus on interoperability among DRM platforms and simplifying DRM implementation.

Cloud and DevOps World Forum 2016 — June 21st-22nd in London, England. Now in its eighth year, C&DWF is firmly established as the leading content-led exhibition for the European Cloud and DevOps community and the premiere meeting place for CIOs.

Posted in Newsletters