RSS subscription

Recent commentary
Skip Navigation Links.
Collapse 20162016
Collapse AugustAugust
Big data, Google and the end of free will
Deutsche Bank’s $10-Billion Scandal
The biggest threat facing connected autonomous vehicles is cybersecurity
Random hackers are taking NSA-linked cyber weapons for a test drive
Many hospitals transmit your health records unencrypted
Hints suggest an insider helped the NSA “Equation Group” hacking tools leak
'Imminent' terror attack on Britain stopped 'at the 11th hour'
NSA leak rattles cybersecurity industry
JPMorgan settles WaMu case against FDIC
Homeland Security Offering States Voting Cybersecurity Help
China Says Foreign Investors' Concern Over Its Cybersecurity Bill Is 'Unnecessary'
‘Shadow Brokers’ Leak Raises Alarming Question: Was the N.S.A. Hacked?
Trapwire surveillance system exposed in document leak
To curb radicalism, France targets foreign funding for mosques
Fractured Lands: How the Arab World Came Apart
Where in the world is my data and how secure is it?
Can the Centre Hold?
Delta Air Lines CEO Takes Responsibility for Outage
Political Cybersecurity Is Not a Partisan Issue
Security Screeners Cut Corners at Rio Games
Think Tank Scholar or Corporate Consultant? It Depends on the Day
Risks as Distractions
Researchers or Corporate Allies? Think Tanks Blur the Line
Apple Launches Bug Bounty with Maximum $200,000 Reward
Cyber-Protecting Critical Infrastructure Different than Protecting Data
How a Secretive Branch of ISIS Built a Global Network of Killers
Yahoo investigating claimed breach and data dump of 200 million users
How to attract a board-level cybersecurity expert
How vulnerable are our electronic voting systems to cyber attack?
Expand JulyJuly
Expand JuneJune
Expand MayMay
Expand AprilApril
Expand MarchMarch
Expand FebruaryFebruary

Risk News

8/28/2016
Big data, Google and the end of free will

"For thousands of years humans believed that authority came from the gods."

Annie's take:

A provocative and thought-provoking reflection that I plan to use in one of my classes this fall.

8/27/2016
Deutsche Bank’s $10-Billion Scandal

"Almost every weekday between the fall of 2011 and early 2015, a Russian broker named Igor Volkov called the equities desk of Deutsche Bank’s Moscow headquarters."

Annie's take:

Here's a detailed description of how mirroring works, along with an indepth look at conduct risk at Deutsche Bank.

8/26/2016
The biggest threat facing connected autonomous vehicles is cybersecurity

"Connected, autonomous vehicles are around the corner."

Annie's take:

Vendors are scrambling into place for this potential opportunity, but do manufacturers understand the risk properly?

8/25/2016
Random hackers are taking NSA-linked cyber weapons for a test drive

"Opportunistic hackers are copying code from a trove of leaked cyber weapons and testing them on a variety of targets across the globe, security companies and researchers tell FedScoop."

Annie's take:

The fallout continues....

8/24/2016
Many hospitals transmit your health records unencrypted

"About 32% of hospitals and 52% of non-acute providers -- such as outpatient clinics, rehabilitation facilities and physicians' offices -- are not encrypting data in transit, according to a new survey."

Annie's take:

The numbers are higher than one would think. Still, the regulations allow some latitude here, unfortunately.

8/23/2016
Hints suggest an insider helped the NSA “Equation Group” hacking tools leak

"A group called the Shadow Brokers made headlines this month by leaking a hacking tool belonging to the NSA's Tailored Access Operations (TAO) team. Now this week, several informed sources suggest an inside source may have been involved."

Annie's take:

Speculation has moved now to an insider at NSA.

8/22/2016
'Imminent' terror attack on Britain stopped 'at the 11th hour'

"Spies foiled the deadly attack in the nick of time after trawling through thousands of texts and social media in a major operation by snooping agency GCHQ"

Annie's take:

After this episode, I believe the prime minister will get her way.

8/22/2016
NSA leak rattles cybersecurity industry

"The National Security Agency stockpiled sophisticated tools designed to penetrate commonly used security software. Now that hackers have revealed some of those techniques, companies are left scrambling to secure their systems."

Annie's take:

There are a number of unhappy technology companies out there after this set of leaks.

8/20/2016
JPMorgan settles WaMu case against FDIC

"JPMorgan Chase has drawn a line under a dispute arising from its 2008 acquisition of Washington Mutual, agreeing to drop its case against the Federal Deposit Insurance Corporation in exchange for a payment of $645m."

Annie's take:

Getting closer to the end of the story.

8/19/2016
Homeland Security Offering States Voting Cybersecurity Help

"The U.S. Department of Homeland Security offered Monday to help state elections officials with the challenge of securing voting systems from the threat of cyber attacks."

Annie's take:

An auspicious offer.

8/18/2016
China Says Foreign Investors' Concern Over Its Cybersecurity Bill Is 'Unnecessary'

"China’s pending cybersecurity law will not create obstacles for foreign business, China’s Foreign Ministry said, responding to concerns by international business lobbies over the planned rules."

Annie's take:

The cost of doing business in China is about to rise even higher.

8/17/2016
‘Shadow Brokers’ Leak Raises Alarming Question: Was the N.S.A. Hacked?

"The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed."

Annie's take:

There will be a lot more analysis here, with everyone weighing in.

8/16/2016
Trapwire surveillance system exposed in document leak

"It sounds like something from the film Minority Report: a CCTV surveillance system that recognises people from their face or walk and analyses whether they might be about to commit a terrorist or criminal act."

Annie's take:

Not so far-fetched after all!

8/15/2016
To curb radicalism, France targets foreign funding for mosques

"After three major terrorist attacks in the last year and a half, public outrage has forced the French government to respond. But one particular proposal has generated significant controversy: the shutdown of certain mosques and the foreign funding behind them."

Annie's take:

Were these moves well thought out? Why offend most French Muslims so directly with the choice of a non-Muslum to run the new organization?

8/14/2016
Fractured Lands: How the Arab World Came Apart

"This is a story unlike any we have previously published. It is much longer than the typical New York Times Magazine feature story; in print, it occupies an entire issue. The product of some 18 months of reporting, it tells the story of the catastrophe that has fractured the Arab world since the invasion of Iraq 13 years ago, leading to the rise of ISIS and the global refugee crisis."

Annie's take:

This is a remarkable piece of reporting, occupying the entirety of this week's magazine, with 20 photographs and a single ad from the Pulitzer Report, which sponsored the project. Please take the time to read it.

8/13/2016
Where in the world is my data and how secure is it?

"When Max Schrems, an Austrian privacy activist, requested to see his personal data that Facebook stored on its servers, he was mailed a CD-ROM containing a 1,222-page document."

Annie's take:

A cautionary tale.

8/12/2016
Can the Centre Hold?
“Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;”
William Butler Yeats,
The Second Coming
(1919)

The first three lines of a poem that Yeats wrote after the first world war resonate with us today and have been referenced in American political debate -- and perhaps also around the Brexit vote as well.

Annie's take:

Latest riff on familiar set of issues.

8/11/2016
Delta Air Lines CEO Takes Responsibility for Outage

"The chief executive of Delta Air Lines Inc. on Wednesday took full responsibility for the computer failure that forced the airline to cancel more than 2,100 flights over three days, but he said it was a one-time event."

Annie's take:

How refreshing, on two counts -- a CEO who takes responsibility; and, at the same time, can say "we don't know."

8/10/2016
Political Cybersecurity Is Not a Partisan Issue

"Of all the ugly incidents occasioned by the 2016 U.S. presidential campaign, some of the most unsettling have unfolded invisibly -- specifically, online."

Annie's take:

Bloomberg is weighing in on whether or not the voting process should be protecteced as critical infrastructure.

8/9/2016
Security Screeners Cut Corners at Rio Games

"Security screeners posted outside some Olympics venues have taken to waving spectators through checkpoints without X-raying their bags in order to help reduce long lines, the latest breakdown in a process that has raised fears about lax security at the Rio Games."

Annie's take:

Quite troubling.

8/9/2016
Think Tank Scholar or Corporate Consultant? It Depends on the Day

"Over the many months that officials in Washington debated sweeping new regulations for internet providers, Jeffrey A. Eisenach, a scholar at the conservative American Enterprise Institute, was hard to miss."

Annie's take:

The second article to look at cozy relationships between corporations and think thanks. Can you say "conflict of interest?"

8/8/2016
Risks as Distractions

"Writing this column in the summer is a dicey proposition."

Annie's take:

This month's column surveys the risk landscape we are now living in. Courtney Harris' research note on the American dams infrastructure is a great read.

8/8/2016
Researchers or Corporate Allies? Think Tanks Blur the Line

"As Lennar Corporation, one of the nation’s largest home builders, pushed ahead with an $8 billion plan to revitalize a barren swath of San Francisco, it found a trusted voice to vouch for its work: the Brookings Institution, the most prestigious think tank in the world."

Annie's take:

A must read investigation for corporations and for university researchers in search of funding. I am relieved that I never called the ASA Institute for Risk and Innovation a "think tank."

8/6/2016
Apple Launches Bug Bounty with Maximum $200,000 Reward
"Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty."
Annie's take:

The bounty program is open to a small group of pre-selected developers.

8/5/2016
Cyber-Protecting Critical Infrastructure Different than Protecting Data

"Several years ago, the keyword being used by security pundits was “convergence.” "

Annie's take:

If you think it's just the roads and bridges, you're wrong. Critical infrastructure is in need of upgrades, not just on the public sector side, but also where the private sector is concerned, and where so much of it is owned.

8/4/2016
How a Secretive Branch of ISIS Built a Global Network of Killers

"Believing he was answering a holy call, Harry Sarfo left his home in the working-class city of Bremen last year and drove for four straight days to reach the territory controlled by the Islamic State in Syria."

Annie's take:

I believe this is the second in what I hope will be a series of articles on ISIS and its recruiting and training strategies. It is sure to be a nominee for a Pulitzer Prize. Please read it in its entirety to see just why it is so difficult to identify so called lone wolves in advance of an attack.

8/3/2016
Yahoo investigating claimed breach and data dump of 200 million users

"A notorious black hat says he has more than 200 million hacked Yahoo accounts for sale on the dark Web."

Annie's take:

It makes me glad I never had a Yahoo account.

8/2/2016
How to attract a board-level cybersecurity expert

"Suzanne Vautrinot’s impressive cybersecurity experience has been in high demand since she retired from the U.S. Air Force in October 2013. As a major general and commander, she helped create the Department of Defense's U.S. Cyber Command and led the Air Force's IT and online battle group."

Annie's take:

It is difficult to find people who can function at the board oversight level but with deep subject matter expertise as well.

8/1/2016
How vulnerable are our electronic voting systems to cyber attack?

"Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign."

Annie's take:

There is something to be said for the good, old-fashioned paper ballot.