The SEC Hack Shows That Not Even Top Government Data Is Safe

A major computer hack at America’s top stock market regulator is the latest sign that data stored in the highest reaches of the U.S. government remains vulnerable to cyber attacks, despite efforts across multiple presidencies to limit high-profile breaches that are so frequent many consider them routine.

In recent years, nation-state and criminal hackers, as well as rogue employees, have stolen data from the Internal Revenue Service, the State Department and intelligence agencies, including millions of government employee files allegedly exfiltrated by the Chinese military, U.S. officials say.

The Sec urities and Exchange Commission ( SEC ), America’s chief stock market regulator, said on Wednesday that cyber criminals may have used data stolen last year to make money in the stock market, making it the latest federal agency to grab headlines for losing control of its data.

Related

JAPAN-US-IT-FINANCE-BITCOIN -COMPUTERS-HACKING-SERVICES-BANKING

At the same time, being only the latest major breach is not special, said Dan Guido, chief executive of Trail of Bits, which does cyber sec urity consulting for the U.S. government.

“It simply reflects the status quo of our digital sec urity,” said Guido, who is a former member of the cyber sec urity team at the Federal Reserve, America’s central bank.

Central bank officials have detected dozens of cases of cyber breaches, including several in 2012 that were described internally as “espionage.”

The U.S. federal government has sharply increased funding dedicated to protecting its own digital systems over the last several years, attempting to counter what is widely viewed as a worsening national sec urity liability.

But as one of the world’s largest collectors of sensitive information, America’s federal government is a major target for hackers from both the private sec tor and foreign governments.

“When you have one central repository for all this information – man, that’s a target,” said Republican Representative Bill Huizenga, chairman of the House subcommittee on Capital Markets, Sec urities, and Investment, which oversees the SEC .

Last year, U.S. federal, state and local government agencies ranked in last place in cyber sec urity when compared against 17 major private industries, including transportation, retail and healthcare, according to benchmarking firm Sec urityScorecard.

An update of the rankings in August showed the U.S. government had improved to third worst, ahead of only telecommunications and education.

“We also must recognize – in both the public and private sec tors, including the SEC – that there will be intrusions, and that a key component of cyber risk management is resilience and recovery,” said SEC Chairman Jay Clayton.

The federal government audits cyber sec urity measures every year at top agencies, producing reports that routinely expose shortfalls and sometimes major breaches. The Federal Bureau of Investigation also looks for hacking attempts and helped spot an alleged intrusion by Chinese military-backed hackers into a major banking regulator between 2010 and 2013.

Weekly scans of government systems by the Department of Homeland Sec urity showed in January that the SEC had critical cyber sec urity weaknesses but that vulnerabilities were worse at three agencies, including the Environmental Protection Agency, the Department of Health and Human Services and the General Services Administration.

Some agencies said they had improved their cyber sec urity posture since that report.

For more about cybersecurity, see Fortune’s video:

A GSA spokeswoman said the agency has not had any critical vulnerabilities in the past six months, and that the ones identified in January were patched in under 10 days.

A Department of Labor spokesman said all identified vulnerabilities had been fixed and that its systems were not compromised by the identified flaws.

But, he added, “addressing vulnerabilities associated with legacy systems can be challenging.”

Tech

Forrester: OpenStack, AWS are today’s cloud ‘safe bets’

Forrester Research’s newly issued report, “The State of Cloud Platform Standard, Q4 2016,” regards OpenStack and AWS as the de facto standards for compute and storage in the cloud.

That by itself isn’t news. OpenStack has been regarded as a standard by Forrester since 2014, and AWS has been the top measure since it was considered clever to pair up talk about cloud computing with clipart of the sky.

But Forrester is watching how standards-setting bodies are using the existing base of open source projects as a starting point for real standards. The analyst firm also notes that OpenStack and AWS are far from the last words on their respective subjects.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

Safe Harbor’s ending makes for a good start for Cloud28+

After two months of beta testing, European enterprise app and service store Cloud28+ is open for business, making it easier for companies wanting to host their applications or data in Europe to find a home for them.

A beta test is usually a shakedown, intended to remove any lingering bugs, but for Cloud28+ it was more of a shake-up.

The Cloud28+ catalog offers European businesses around 700 infrastructure-, platform- and software-as-a-service offerings from almost 150 partners. It allows them to choose services based on price, performance, and the location where the data is hosted, among other criteria.

Barely a week after the beta test began, the first shock came, as data sovereignty and hosting location unexpectedly took on new importance for many European cloud services businesses. The European Union’s top court, asked to clarify a point of law in a case concerning Facebook in Ireland, struck down the Safe Harbor Agreement that had previously allowed businesses to export EU citizens’ personal data — that of their customers or employees, for instance — to the U.S. for processing. Those that weren’t scrambling to make new arrangements were left wondering whether they complied with EU data protection law, which requires that personal data be afforded the same level of privacy protection wherever it is processed.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

IDG Contributor Network: Microsoft moves to answer those pesky Safe Harbor concerns

A few weeks ago when the news came out that Safe harbor provisions would no longer be a safe haven for U.S. vendors doing business in Europe, there was plenty of concern about what it would mean for the largest U.S. cloud vendors — Salesforce, Microsoft, Google and Amazon Web Services (AWS) all have massive business in Europe and relied on the Safe Harbor provisions to keep customers feeling secure.

It didn’t take long to see some reactions from the vendor side and just this week Microsoft announced a plan to offer many of its cloud services, including Azure, Office 365 and Dynamics CRM Online, served directly from data centers in Germany. But that in itself isn’t particularly innovative, and may not actually resolve the issues around jurisdiction. So Microsoft is moving beyond simply having in-country data centers and are delivering services in Germany via a third party. 

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Global Safe Cities Market to Exceed $226 Billion Between 2015-2020, Says a New Research Report from Homeland Security Research Corp.


Washington DC (PRWEB) June 19, 2015

It is an open secret that the economic prosperity and quality of life of communities, towns and cities depend on the mitigation of crime, terror, man-made and natural disasters. Maturing technologies and changing public opinion lead to major shifts in the Safe Cities Global Market during the forecast period.

According to the Global Safe City: Industry, Technologies & Market – 2015-2020 report, the market growth is boosted by the following drivers:

Cities, towns and communities population drive for quality of life and economic prosperity
Post 2008 meltdown governmental funding policy of modern infrastructure
Advancements in cost-performance of surveillance sensors and ICT technologies
Urbanization in Asia Pacific and Latin America
Worsening of radical Islamists terror threats
The growing rate and damage of natural disasters
The growing understanding that global warming entails growth in natural disasters
Growing aftersale revenues
The voting citizens expectations of safety from their local elected politicians
The report examines each dollar spent in the market via 2 orthogonal money trails: regional / national markets, and technology markets.

This “Global Safe City: Industry, Technologies & Market – 2015-2020” report is a resource for executives with interests in the industry. It has been explicitly customized for industry and urban decision makers to identify business opportunities, developing technologies, market trends and risks, as well as to benchmark business plans

Questions answered in this 2-volume 650-page report include:

1. What will the Safe City market size be in 2015-2020?

2. What are the main Safe City technology trends?

3. Where and what are the Safe City market opportunities?

4. What are the Safe City market drivers and inhibitors?

5. Who are the key Safe City vendors?

6. What are the challenges to the Safe City market penetration?

The “Global Safe City: Industry, Technologies & Market – 2015-2020” report presents in 650 pages, 97 tables and 145 figures, analysis of dozens of current and pipeline technologies and 78 leading vendors. The report is granulated into 150 vertical and horizontal submarkets, and presents for each submarket 2013-2014 data, analyses, and projects the 2015-2020 market and technologies from several perspectives, including:

Business opportunities and challenges

SWOT analysis

Market analysis (e.g., market dynamics, market drivers and inhibitors)

Physical Security Information Management (PSIM)

Public-Safety Answering Point (PSAP)

Distributed Sensors Systems, Sensor and Data Fusion Algorithms, Wireless Sensor Networks

Safe City Software as a Service (SaaS)

Social Media Emergency Response Software

Geo-Design

Geographic Information Systems (GIS)

Location Based Emergency Mass Notification Systems (EMNS), Safe City Cell Broadcast, Cell Broadcast Technologies

SCADA Systems

Managed Security Services (MSS), Safe City Consulting, Remote Management, Managed Security Monitoring

Safe City Communication, City-Wide Communication Interoperability

Video Surveillance, Analog Video Surveillance, Second-Generation Analog Video, Surveillance, Third-Generation Video Surveillance, Digital Video Surveillance, IP Surveillance Cameras, IP-Based Video, Surveillance Systems

Safe City Video Analytics Technologies, Cloud Platforms, Video Analytics Based Suspect Behavioral, Analysis, Video Surveillance as a Service (VSaaS), Video Surveillance as Service Solutions: Vendors, Real Time Automatic Alerts Software, Image Segmentation Software, Item Tracking Video Analytics Software, Object Sorting and ID, Item Identification and Recognition, Multi-Camera Intelligent Video Surveillance Systems, Video Content Analysis, Item Detection, Gaussian Mixture Based Software, Background Subtraction, Item Detection Using a Single-image Software, Item Tracking Software, Kalman Filtering Techniques, Region Segmentation, Kalman Filters Application to Track Moving Items, Partially Observable Markov Decision Process, Intelligent Video Surveillance Systems, “Splitting” Items Algorithms, Dimension Based Items Classifiers, Shape Based Item Classifiers, Event Detection Methods, Vision-based Human Action Recognition, Video Derived Egomotion, Path Reconstruction Software, Video Cameras Spatial Gap Mitigation Software, Networked Cameras Tag and Track Software, Visual Intelligence Technologies, Visual Processing, Fusion Engine, Video Analytics Challenges

Standoff Video Analytics Based Biometrics, Video Surveillance Based Behavioral Profiling, Video Based Biometric Recognition Technologies, Video Based Face Recognition, Remote Biometric Identification Technologies, Fused Intelligent Video Surveillance & Watch Lists, Crowd and Riot Surveillance, Wireless Video Analytics, Cloud Video Analytics, Online Video Analytics, Pulse Video Analytics, Smart Cameras

Physical Identity and Access Management (PIAM)

Safe City Natural Disasters Mitigation & Management, Emergency Management systems

Communication Interoperability, Perimeter Security, Public Events Emergency Services, WMD and Hazmat Detection

Cloud Computing, Data Mining & Analytics

Command & Control Systems

Gunshot Location Technologies, Optical Gunshot Location Technologies, Fused Optical and Acoustic Gunshot Detection, Detection of Gunshot Signature: Artificial Neural Networks

Emergency Transportation Management Systems, Intelligent Transport Technologies, License Plate Recognition (LPR), Inductive Loop Detection, Video Vehicle Detection, Smart Transportation Security, Emergency Vehicle Notification Systems

Companies operating in the market: 3I-MIND, 3VR, ABB, Accenture, ACTi Corporation, ADT Security Services, Agent Video Intelligence, AGT international, ALPHAOPEN, Anixter, Aralia System, AT&T Inc., Augusta Systems, Avigilon Corporation, Axis, AxxonSoft, BAE Systems, Bosch Security Systems, BT, Camero, Cassidian, CelPlan, China Security & Surveillance Inc., Cisco, Citilog, Computer Network Limited (CNL), Diebold, DVTel, Elsag Datamat, Emerson Electric, Ericsson, Firetide, GS, General Electric, Hexagon AB, Honeywell, IBM, IndigoVision, Intel Security, IntuVision Inc, iOmniscient, IPConfigure, IPS Intelligent Video Analytics, ISS, MACROSCOP, MDS, Mer group, Milestone Systems A/S, Mirasys, National Instruments, NICE Systems, Northrop Grumman Corporation, ObjectVideo, Orsus, Panasonic, Pelco, Pivot, Proximex, Raytheon Company, Salient Stills, Samsung Techwin, Schneider Electric, SeeTec, Siemens, Smart China (Holdings) Limited, Sony, Synectics Plc, Tandu Technologies & Security Systems Ltd, Thales Group, Total Recall, Unisys, Verint, Vialogy LLC, Vigilant Technology, xLOGIC, Zhejiang Dahua Technology

Explore more Homeland Security and Public Safety Reports at http://www.homelandsecurityresearch.com.

About Homeland Security Research Corp. (HSRC)

Homeland Security Research Corp. (HSRC) is an international market and technology research firm specializing in the Homeland Security (HLS) & Public Safety (PS) Industry. HSRC provides premium market reports on present and emerging technologies and industry expertise, enabling global clients to gain time-critical insight into business opportunities. HSRC’s clients include U.S. Congress, DHS, U.S. Army, U.S. Navy, NATO, DOD, DOT, GAO, and EU, among others; as well as HLS & PS government agencies in Japan, Korea, Taiwan, Israel, Canada, UK, Germany, Australia, Sweden, Finland, Singapore. With over 750 private sector clients (72% repeat customers), including major defense and security contractors, and Fortune 500 companies, HSRC earned the reputation as the industry’s Gold Standard for HLS & PS market reports.






Related Cloud Press Releases