RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20162016
Collapse MayMay
ACLU to join Microsoft lawsuit against Justice Department over secret surveillance requests
Apple rehires crypto legend Jon Callas
Cyber-security: 10 ways to convince your people to take it seriously
Bank of America Penalty Thrown Out in Crisis-Era ‘Hustle’ Case
Facebook to Revamp ‘Trending Topics’ Feature to Reduce Bias Risk
Should You Be Allowed to Prevent Drones From Flying Over Your Property?
Here's Why China's Cyber Strategy Should Have America Worried
How Facebook Warps Our Worlds
Automation May Hamper Grid Recovery in Outage Caused by Cyberattack
Opinion: The case for launching a digital invasion against ISIS
New method of producing random numbers could improve cybersecurity
China Quietly Targets U.S. Tech Companies in Security Reviews
Ponemon: 89% of surveyed health care orgs breached in last two years
Hayden says private sector will lead cyber defense charge
Once Again, Thieves Enter Swift Financial Network and Steal
Healthcare Suffers Estimated $6.2 Billion In Data Breaches
Cyberbullying and the Implications for Insurers
Defining a Cyber Act of War
Your Cheat Sheet for Earthquakes and Other Disasters
Public 702 debate set to kick off on Capitol Hill
SANS Institute Pledges To Train Veterans For Cybersecurity Jobs At White House Joining Forces Event
Californian accounting breached tax and PII info exposed
Busting the 7 myths of cyber security
NSA and CIA Double Their Warrantless Searches on Americans in Two Years
Secret US spy court approved every surveillance request in 2015
Colorado Aspires to Establish National Cybersecurity Intelligence Center
Expand AprilApril
Expand MarchMarch
Expand FebruaryFebruary
Expand JanuaryJanuary
Expand 20152015

Risk News

5/27/2016
ACLU to join Microsoft lawsuit against Justice Department over secret surveillance requests

"The American Civil Liberties Union (ACLU) filed a motion today to join Microsoft’s lawsuit against the U.S. Justice Department. Microsoft filed the suit last month, claiming gag orders — which prevent the company from notifying customers when their data is seized by the government — are unconstitutional."

Annie's take:

Entirely appropriate move by the ACLU.

5/26/2016
Apple rehires crypto legend Jon Callas

"Cryptology executive Jon Callas returned to Apple this month, according to a Reuters report. The announcement follows the FBI/Apple showdown over the iPhone 5c used by Syed Rizwan Farook, one of the San Bernardino shooters."

Annie's take:

This rehire bodes well for privacy, and for the customer.

5/25/2016
Cyber-security: 10 ways to convince your people to take it seriously

"Despite popular myth, much cybercrime actually originates with an organisation’s’ weakest link, its employees."

Annie's take:

Another practical article on a timely topic.

5/24/2016
Bank of America Penalty Thrown Out in Crisis-Era ‘Hustle’ Case

"An appeals court dealt the Obama administration a major setback in its efforts to levy tough fines on corporations and executives, overturning a civil mortgage-fraud case against Bank of America Corp. tied to the financial crisis."

Annie's take:

"Breach of contract" is not the same as "fraud." It's not clear whether the government will appeal this ruling or not, but it certainly is a setback.

5/24/2016
Facebook to Revamp ‘Trending Topics’ Feature to Reduce Bias Risk

"Facebook Inc. told a U.S. senator that an internal investigation had found “no evidence of systematic political bias” against conservatives in its trending topics tool, but that it will revamp how the feature works to minimize the potential effects of individual biases."

Annie's take:

Placating those who believe there is inherent bias is never easy.

5/23/2016
Should You Be Allowed to Prevent Drones From Flying Over Your Property?

"Drone use across the U.S. is soaring, and the skies may soon get even more crowded, as the Federal Aviation Administration expects sales of these unmanned aerial vehicles to jump to seven million in 2020 from about 2.5 million this year."

Annie's take:

The first in a series of lively technology debates in a special section today of the Wall Street Journal. This one features the University of Washington's own Ryan Calo.

5/22/2016
Here's Why China's Cyber Strategy Should Have America Worried

"Chinese activities in cyberspace regularly garner a great deal of attention."

Annie's take:

Information censorship, practiced at a global level.

5/22/2016
How Facebook Warps Our Worlds

"Those who’ve been raising alarms about Facebook are right: Almost every minute that we spend on our smartphones and tablets and laptops, thumbing through favorite websites and scrolling through personalized feeds, we’re pointed toward foregone conclusions. We’re pressured to conform."

Annie's take:

Frank has a real point here: we tend to reinforce our beliefs and our biases by the friends we read on Facebook.

5/20/2016
Automation May Hamper Grid Recovery in Outage Caused by Cyberattack

"Efforts by some utilities to modernize the aging electrical grid may actually work against their abilities to quickly recover from a cyberattack, experts told lawmakers in Washington, D.C., Wednesday. Digital automation, intended to make the grid run more smoothly, may make it more difficult to get up and running after an outage."

Annie's take:

There are downsides to both manual controls and automated systems. This is a very good example.

5/19/2016
Opinion: The case for launching a digital invasion against ISIS

"While Defense Department officials said that the US began dropping "cyberbombs" on Islamic State last month, the online threat posed by the terrorists deserves an even more profound response: a global, coordinated assault on their entire digital apparatus."

Annie's take:

In the past, I have recommended that the NSA team up with Anonymous and go after ISIS; and that bankers form special teams and devote a small part of their work day to disrupting ISIS' flow of money. This recommendation, for a global response, makes even more sense.

5/18/2016
New method of producing random numbers could improve cybersecurity

"A new method for producing truly random numbers could be used to encrypt data, make electronic voting more secure, conduct statistically significant polls and more accurately simulate complex systems such as Earth's climate."

Annie's take:

More good news!

5/17/2016
China Quietly Targets U.S. Tech Companies in Security Reviews

"Chinese authorities are quietly scrutinizing technology products sold in China by Apple and other big foreign companies, focusing on whether they pose potential security threats to the country and its consumers and opening up a new front in an already tense relationship with Washington over digital security."

Annie's take:

China has made it progressively more difficult for American technology companies to do business in China, going back to the implementation of new policies last year. Will this be the straw that breaks the camels' back(s)?

5/16/2016
Ponemon: 89% of surveyed health care orgs breached in last two years

"For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers."

Annie's take:

I've not had time to review the report in detail yet, but am hoping the report will end up on the desks of C-suite executives.

5/14/2016
Hayden says private sector will lead cyber defense charge

"When Gen. Michael Hayden first heard President Obama publicly refer to the Sony breach as “cyber vandalism,” he thought the term was inadequate but quickly realized there was no real term to describe that type of activity in what he called “the largest ungoverned space in history,” the former director of the National Security Agency (NSA told an audience at Centrify Connect in New York Wednesday."

Annie's take:

We shall see. Hayden is getting a lot of attention these days, especially after publication of "Playing at the Edge."

5/13/2016
Once Again, Thieves Enter Swift Financial Network and Steal

"Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad online attack on global banking."

Annie's take:

Swift is quick to point out that each bank who uses its network is responsibile for its own security.

5/12/2016
Healthcare Suffers Estimated $6.2 Billion In Data Breaches

"The 911 call has come in loud and clear for the healthcare industry: nearly 90% of all healthcare organizations suffered at least one data breach in the past two years with an average cost of $2.2 million per hack."

Annie's take:

Estimates vary, from different sources. But this number should be enough for healthcare providers to make significant changes to protect patient data.

5/11/2016
Cyberbullying and the Implications for Insurers

"There can be no doubt that cyberbullying is a new and disturbing development that significantly impacts society these days."

Annie's take:

A new legal angle: suing the parents of the cyberbully.

5/10/2016
Defining a Cyber Act of War

"The federal government has a fundamental responsibility to provide for the nation’s defense. Until recently, the government has fulfilled that role almost exclusively through nuclear deterrence and conventional military forces. But a new type of warfare—in cyberspace—is emerging as a top threat to America."

Annie's take:

Congressman Rounds has identified a policy gap in national policy, and is intent upon rectifying the situation.

5/9/2016
Your Cheat Sheet for Earthquakes and Other Disasters

"Early next month, FEMA Region X, in cooperation with local, state and tribal entities in the Pacific Northwest, will lead on a three day emergency operations test scenario that includes a 9.0 magnitude earthquake along the Cascadia Subduction Zone (CSZ) with a resulting tsunami -- the most complex disaster scenario that emergency management and public safety officials in the Pacific Northwest could face in the future."

Annie's take:

Here's our May newsletter with a couple of useful lists, as well as an incisive research note by Ross Braine on dams as critical infrastructure.

5/8/2016
Public 702 debate set to kick off on Capitol Hill

"The Senate Judiciary Committee made plans Tuesday for the first open hearing in the long road toward potentially re-upping a major law on government surveillance of electronic communications. The hearing, booked for May 10, will examine renewal of Section 702 of the FISA Amendments Act, set to expire at the end of next year."

Annie's take:

Just a couple of days away, this public hearing should shed some light on the question of reauthorizing Section 702.

5/6/2016
SANS Institute Pledges To Train Veterans For Cybersecurity Jobs At White House Joining Forces Event

"SANS Institute, the world's leading provider of cybersecurity training and certification, has announced that the company will participate in the White House Joining Forces Initiative. Today at a White House ceremony, SANS pledged to train a minimum of 200 transitioning veterans over the next four years through its VetSuccess program."

Annie's take:

Congratulations to SANS, and to companies like Starbucks that have led the way here. Amazon has also stepped up, a source of pride for this Seattleite.

5/5/2016
Californian accounting breached tax and PII info exposed

"The accounting and tax firm Lafler, Moore, Connerty & Webb reported to the California Attorney General that the company's computer system was accessed by an unauthorized person resulting compromising its stored W-2 information."

Annie's take:

Lawyers and accountants have got to increase their controls around personally identifiable information (PII).

5/4/2016
Busting the 7 myths of cyber security

"One of the greatest challenges for organisations attempting to address cyber security risks is the number of fundamental security myths that cause organisations to incorrectly assess threats, misallocate resources and set inappropriate goals."

Annie's take:

A good solid article, very worthwhile for small to medium sized businesses.

5/4/2016
NSA and CIA Double Their Warrantless Searches on Americans in Two Years

"From 2013 to 2015, the NSA and CIA doubled the number of warrantless searches they conducted for Americans’ data in a massive NSA database ostensibly collected for foreign intelligence purposes, according to a new intelligence community transparency report. "

Annie's take:

This data is different than the FISA court approvals data that I published several days ago. Very discouraging.

5/3/2016
Secret US spy court approved every surveillance request in 2015

"The Foreign Intelligence Surveillance Court, the one that NSA whistleblower Edward Snowden revealed is allowing the government to obtain the metadata of every phone call to and from the United States, approved every surveillance request from US authorities in 2015."

Annie's take:

From the data gathered on 2014 and 2015, one would have to conclude that this is a rubber stamp court.

5/2/2016
Colorado Aspires to Establish National Cybersecurity Intelligence Center

"Cybercrimes are top of mind for everyone in this day and age where breaches of major government agencies and businesses seem to pop up in daily news stories."

Annie's take:

This is one to watch.