RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20162016
Collapse JulyJuly
SEC Prepares for More Cybersecurity Oversight
HSBC Foreign-Exchange Executive Charged With Fraudulent Trading
G.O.P. Joins Democrats Urging Glass-Steagall’s Revival. (Don’t Hold Your Breath.)
Will Linking Executive Pay to Cybersecurity be the Wake-Up Call CEOs Need?
Police Departments Shift Tactics After Recent Shootings to Protect Officers
Baton Rouge Shooting Leaves Three Police Officers Dead
Ponemon: More than Half of SMBs Have Suffered a Cyber-Attack in Last Year
U.S. Privacy and Civil Liberty Watchdog Faces Limits in Congress
Overnight Cybersecurity: Privacy Shield takes effect
How a modest contract for ‘applied research’ morphed into the CIA’s brutal interrogation program
Taser International Dominates the Police Body Camera Market
Feds to hire 3,500 cybersecurity pros by year's end
IoT Medical Devices: A Prescription for Disaster
Calculating the Risk and Cost to Our Society of Injustice
Despair is not the only response to the past week’s terrible events
Corporate social responsibility: balancing the risks and rewards
Landmark Cybersecurity Law Passed By European Union
DHS S&T funds efforts to make Internet of Things safer
A Closer Look At Microsoft's Proposed Norms For Cybersecurity
Cybersecurity forecast: Heavy smug
Bangladesh attack: Shock over 'elite' Holey Cafe suspects
Almost One-Third of Cyber Security Professionals Surveyed Admit to Compromising Ethics to Pass Audits
Why ISPs’ fight against net neutrality probably won’t reach Supreme Court
How China Took Center Stage in Bitcoin’s Civil War
Expand JuneJune
Expand MayMay
Expand AprilApril
Expand MarchMarch
Expand FebruaryFebruary
Expand JanuaryJanuary

Risk News

7/22/2016
SEC Prepares for More Cybersecurity Oversight

"This week, during a meeting of the Treasury Department's Financial and Banking Information Infrastructure Committee, leaders of the SEC and the Commodity Futures Trading Commission, which aims to protect consumers from fraud, shared updates about their agencies' approaches to cybersecurity, as well as an overview of their examination processes, rules and other actions."

Annie's take:

We're all waiting to see how this increased oversight will play out.

7/21/2016
HSBC Foreign-Exchange Executive Charged With Fraudulent Trading

"When a top executive at HSBC Holdings PLC was told a client had approved a huge currency exchange that stood to enrich the bank by millions, federal prosecutors say he couldn’t believe his luck."

Annie's take:

It's been a very long time since federal prosecutors have tried to convict bankers, so let's hope they've got an experienced team at work here.

7/20/2016
G.O.P. Joins Democrats Urging Glass-Steagall’s Revival. (Don’t Hold Your Breath.)

"Attacking big banks is as American as apple pie. But it’s a new entry on this year’s Republican menu."

Annie's take:

Despite either political party's platform, the banking lobby is the most powerful in the nation. It will be interesting to see if anything comes of this plank, which will evidently be in the Democratic platform as well.

7/19/2016
Will Linking Executive Pay to Cybersecurity be the Wake-Up Call CEOs Need?

"CEOs who don’t work in the telecoms or IT sectors may not have paid much attention to the Culture, Media and Sport Committee’s investigation into cybersecurity, which was triggered by last October’s cyber-attack on TalkTalk. That might be a mistake. "

Annie's take:

There are so many high level risks for CEOs these days that it is hard to know what will get their attention. Can their pay really be linked to strong cybersecurity?

7/18/2016
Police Departments Shift Tactics After Recent Shootings to Protect Officers

"Several of the country’s largest police departments made changes to the way their officers patrol their beats, a direct response to shootings that left eight law-enforcement officials dead in the past two weeks, including three in Baton Rouge, La., on Sunday."

Annie's take:

Definitely one of the hardest jobs in the world right now.

7/17/2016
Baton Rouge Shooting Leaves Three Police Officers Dead

"Three law enforcement officers were shot dead and at least three others wounded in Baton Rouge, La., on Sunday, the East Baton Rouge Parish Sheriff’s Office said in a statement."

Annie's take:

The facts of the situation are not yet clear, though some reports say the police responded to shots fired and got caught up in the crossfire. Violence has become so ordinary a part of our news that it's getting equal time today with coverage of the opening of the Republican convention. These deaths, like the others we've witnessed over the past several weeks, diminish us all.

7/16/2016
Ponemon: More than Half of SMBs Have Suffered a Cyber-Attack in Last Year

"No business is too small to evade a cyber-attack or data breach: That finding of a Ponemon Institute study focused on the cybersecurity threat to small and medium-sized companies (SMBs). "

Annie's take:

No surprises here, just data to support what we all thought.

7/15/2016
U.S. Privacy and Civil Liberty Watchdog Faces Limits in Congress

"A leading Democrat in Congress is pushing back against an effort to impose new constraints on a civil liberties watchdog agency that investigates the nation’s security programs."

Annie's take:

When you look at the important work that this board has done since it was created as part of the 9/11 Commission's recommendations, it's easy to see why Senator Leahy is pushing back on proposed limits to its authority.

7/14/2016
Overnight Cybersecurity: Privacy Shield takes effect

"European officials on Tuesday gave the final stamp of approval to a long-awaited data transfer deal between the U.S. and the European Union, allowing the agreement to go into effect after more than eight months of negotiations."

Annie's take:

Deep sighs of relief can be heard on both sides of the Atlantic.

7/14/2016
How a modest contract for ‘applied research’ morphed into the CIA’s brutal interrogation program

"The architect of the CIA’s brutal interrogation program was hired for the job through a secret contract in late 2001 that outlined the assignment with Orwellian euphemism."

Annie's take:

Here's how things spiral out of hand on wartime work, when the government and third party contractors are concerned.

7/14/2016
Taser International Dominates the Police Body Camera Market

"When Micah Johnson went on a deadly shooting rampage in Dallas last week, body cameras worn by police officers were rolling, capturing at least 170 hours of video of the mayhem."

Annie's take:

There's no doubt that body cameras work on behalf of law enforcement and the public as well. This story focuses more on the monopoly that Taser has built.

7/13/2016
Feds to hire 3,500 cybersecurity pros by year's end

"Last October, the U.S. government began hiring 6,500 new cybersecurity IT professionals. It has hired 3,000 so far, and plans to hire another 3,500 by January 2017, the White House said Tuesday."

Annie's take:

It seems to me the recruiting campaign should be centered around experience and public service.

7/12/2016
IoT Medical Devices: A Prescription for Disaster
"If you’re sick and sitting in a drab hospital room hooked-up to a dialysis pump, the last thing you want to worry about is hackers."
Annie's take:

Here's a specific, concrete and genuinely frightening example of the risk around the Internet of Things (IoT).

7/11/2016
Calculating the Risk and Cost to Our Society of Injustice

"Justice is a moral concept and a political one as well."

Annie's take:

This month's column, as well as a remarkable research note from Adam Lewis.

7/10/2016
Despair is not the only response to the past week’s terrible events

"After a week like the past one, it’s easy to let despair seep in."

Annie's take:

Look for the barely perceptible differences.

7/9/2016
Corporate social responsibility: balancing the risks and rewards

"In this article, we intend to offer a realistic perspective on corporate social responsibility."

Annie's take:

A well-laid out argument for corporate social responsibility.

7/8/2016
Landmark Cybersecurity Law Passed By European Union

 

"The European Union (EU) now has its first cybersecurity law as members of the 28-nation EU Parliament passed legislation that requires service operators, search engines, and online market portals and other businesses to improve their network defense measures and report cyber incidents, Bloomberg reports."

Annie's take:

It's at important points like this that England will regret the vote to leave the European Union.

7/7/2016
DHS S&T funds efforts to make Internet of Things safer

"DHS S&T the other day awarded $119,000 to Ionic Security, Inc. based in Atlanta, Georgia, to advance detection and monitoring for Internet of Things (IoT) systems security."

Annie's take:

It's a start.

7/6/2016
A Closer Look At Microsoft's Proposed Norms For Cybersecurity

"Microsoft has a clear view on cybersecurity norms: global information and communications technology (ICT) companies, like nation-states, must also adhere to some agreed-upon norms. "

Annie's take:

We have to start somewhere, and Microsoft's proposed norms are a good beginning.

7/5/2016
Cybersecurity forecast: Heavy smug

"When you think of rockstar hackers and infosec pundits, I'm sure it's easy to imagine people who are humble, kind and patient, and never look down on anyone who would reuse a password."

Annie's take:

Proposals like this are what give academics a bad name.

7/4/2016
Bangladesh attack: Shock over 'elite' Holey Cafe suspects

"They include the son of a government politician, along with university and elite public school students."

Annie's take:

The question again is, what took these well-educated young men down this path?

7/3/2016
Almost One-Third of Cyber Security Professionals Surveyed Admit to Compromising Ethics to Pass Audits

"A study carried out by security management vendor FireMon at this month's Infosecurity Europe in London has given brutally honest insight into the immense pressure cyber security professionals are under to carry out their jobs and meet outside regulations."

Annie's take:

I'm not sure that installing a product that regulators have specified compromises professional ethics.

7/2/2016
Why ISPs’ fight against net neutrality probably won’t reach Supreme Court

"The US appeals court decision upholding the Federal Communications Commission's net neutrality rules wasn't quite the final word on the matter, as ISPs immediately vowed to appeal the ruling, with AT&T saying it "expect[s] this issue to be decided by the Supreme Court." "

Annie's take:

I agree, it's extremely unlikely that the Supreme Court would agree to hear the case.

7/1/2016
How China Took Center Stage in Bitcoin’s Civil War

"A delegation of American executives flew to Beijing in April for a secret meeting just blocks from Tiananmen Square. They had come to court the new kingmakers in one of the strangest experiments in money the world has seen: the virtual currency known as Bitcoin."

Annie's take:

I admit that this information came as a large surprise.