Archive for September, 2016
From: Scandinavian Oil Gas
Cybercrimes cost energy and utilities companies an average of USD 12.8 million each year in lost business and damaged equipment.* Platform operators need confidence that countermeasures can deal with bigger and more sophisticated cyber-attacks. DNV GL is now collaborating with Shell, Statoil, Lundin, Siemens, Honeywell, ABB, Emerson and Kongsberg Maritime to develop best practice in addressing this threat. Other companies are still welcome to join.
From: The New Yorker
Given the recent ubiquity of cyber-scandals—Colin Powell’s stolen e-mails, Simone Biles’s leaked medical records, half a billion plundered Yahoo accounts—you might get the impression that hackers can already break into just about any computer they want. But the situation could be a lot worse. The encryption methods that protect everything from online shopping to diplomatic communications remain effectively impregnable when properly implemented, even if, in practice, there are frequent breaches—whistle-blowers, careless clicks, and so on. This relatively happy state of affairs will not, however, endure. Scientists around the world are inching toward the development of a fully functioning quantum computer, a new type of machine that would, on its first day of operation, be capable of cracking the Internet’s most widely used codes. Precisely when that day will arrive is unclear, but it could be in as little as ten years. Experts call the countdown Y2Q: “years to quantum.”
Editor’s Note: For guidance on the use of standards, see An Updated Look at the Federal Policies Governing How Agencies Use Voluntary Consensus Standards in Regulatory, Procurement, and Science Documents.
From: American City & County
By Jesse Berst
Why do we need standards?
Standards development for smart cities is taking place all over the world by a variety of standards organizations and consortia. As Chris Greer, director for NIST’s Smart Grid and Cyber-Physical Systems Program, described the situation: “The growth of the smart cities market is currently hindered by ICT deployments that are customized and not fully interoperable or scalable, as well as by the lack of convergence around architectural design principles and a common language or taxonomy. We want to avoid potentially divergent outputs from emerging standards activities and, instead, come up with a framework that will enable smart city solutions that meet the needs of modern communities.”
By Adam Mazmanian
The Department of Defense will decide on a new schedule for the rollout of its new, commercial electronic health record product in the next seven to 10 days, according to a spokesperson.
The new health record system, dubbed MHS Genesis, was scheduled to have an initial operating capability in the Pacific Northwest by Dec. 31, 2016, to comport with the date set in the 2013 National Defense Authorization Act.
NIST Awards Grants to 5 Nonprofit Groups to Establish Regional Cyber Education, Workforce Devt Partnerships
Five nonprofit organizations have received approximately $1 million in total grants from the National Institute of Standards and Technology to forge partnerships that seek to address the shortage of cybersecurity professionals in local communities.
NIST said Tuesday the Regional Alliances and Multistakeholder Partnerships to Stimulate grants are part of the Commerce Department’s Skills for Business initiative and will be administered by the National Initiative for Cybersecurity Education.
From: Pensions Expert
By Tom Dines
Trustee boards should be assessing their risk of cyber attack and taking steps to protect member data and scheme assets, the chief executive of the Pensions Regulator has said.
Experts have been predicting an increased focus on cyber security for some time now, with warnings of major losses if a pension scheme is hit by hackers.
“Pension schemes are likely to be attractive targets to cyber criminals, because they hold a lot of personal employment and financial data,” she said.
Xiaomi, the Chinese smartphone manufacturer many refer to as the “Apple of China,” can silently install any app on your device, according to a Computer Science student and security enthusiast from the Netherlands. Thijs Broenink started investigating a mysterious pre-installed app, dubbed AnalyticsCore.apk, that constantly runs in the background and reappears even if you try and delete it. The Hacker News reports:
By Jory Heckman
Moving federal information systems to the cloud could reduce a lot of the federal government’s IT “clutter,” but without the cybersecurity component, agencies won’t feel confident about migrating their data.
More than a year after massive data breach at the Office of Personnel Management, federal agencies remain on full alert when it comes to shoring up their cyber vulnerabilities.
The UK government has been urged to adopt a “new approach” to data security by the National Audit Office (NAO).
The spending watchdog found that “too many bodies” within government have “overlapping responsibilities” for information security matters and that insufficiently clear information is collected by the government on the way it performs in protecting data or the costs involved.
From: The Hill
By Joe Uchill
On Friday, a well-esteemed security blog printed excerpts from what it said was a leaked copy of a rewritten Feinstein-Burr encryption bill. Sen. Dianne Feinstein’s (D-CA) office has since clarified that, while there was a document, it was not new draft legislation.
A source within Feinstein’s office familiar with the document says it was actually an internal brainstorming file being compiled by Feinstein’s staffers as they met with stakeholders in the encryption debate. It is not, the source stressed, legislation the office or any office is currently considering.