Browsed by
Author: MTC POV

Let the Data Talk

Let the Data Talk

“Let the Data Talk”

Nick Vass, J29 Inc.

 

 As companies continue to navigate through unchartered territories in remote work environments, it’s important for some of our teams to stay true to the countless acts that led our success to where it is. While the way we do business has been changed in the moment, the question of how we came to that decision-making process will stay true – by letting data have a seat at the table.

 

What does this mean? For our team at J29, we like to live by the phrase, “let the data talk.” While cliché at first, it’s important for us to stay true to our model of data driven decision making. From the time I first joined J29 to now, there are some key attributes that stand out:

  • Robust emphasis on collecting several fields of data
  • Consistent investment in improving our tools and skills to comprehend that data
  • Commitment to making data widely accessible
  • Office-wide willingness to listen to data-driven ideas that come through any level of our organization

Lastly, the continuous dedication to decisions being driven by data has always been an ongoing improvement. Simply put, our team strives to make sure that data silos are addressed and resolved before critical problems arise. Data silos can be cultural, technological, or even structural-based inadequacies in any department or organization. More times than not, a silo in place causes wasted resources and limited productivity to take care of a company’s most important asset – data.

 

Data silos prevent teams from seeing the bigger picture, and more importantly being able to have continued data-driven decision making. For J29, a data silo can prevent us from recognizing a security threats sooner and analyzing traffic for unusual patterns. By definition, a data silo is when only one team is able to access a certain data set or source of that data – creating inefficiencies when cross-collaboration and wide-spread project involvement is necessary.

 

Currently, J29 is supporting a state-of-the-art data consolidation project revolving around integrations to the State of Maryland’s new Total Human-service Integrated Network (MD THINK) platform. This revolutionary platform will be the first of its kind in the United States, thus solving a data silo issue of Maryland’s Social Service Administration, Family Investment Administration, and Child Support Administration not being able to cross reference data sets in dire times of need. Prior programs were buried deep in conflicting architectures, resulting in massive spending’s on maintenance and restrictions for modifications. Coming full circle with J29’s MD THINK works, the importance of having data drive your team is validly crucial to success. In the case of Maryland, a joint human-service decision to having data on a single, integrated platform will allow user groups access to a modernized cloud-based platform – eliminating duplicate data entry and creating a streamlined eligibility enrollment process.

 

When the final whistle sounds on developments and integrations, over 30,000 Marylanders will have access to more than 65 application environments and 30 AWS products – eliminating previously restricting data silos and allowing data-driven decision making to lead health and human services throughout Maryland.

 

In conclusion, for J29 we consider data to have a consistent seat at the “table” that allows for our team to deeply analyze where our decisions could, or could not carry us. Our company’s strong commitment to data-driven decision allows a deeper comprehension into what is truly going on and allowing our decisions to be targeted and fact-based, rather than theoretical and estimated.

Posted by
Nick Vass
Author Bio
Nick is responsible for overseeing J29's strategic development opportunities with partners serving in the government, and commercial sectors
A Fit Agile Framework

A Fit Agile Framework

A Fit Agile Framework

By Millie Paniccia

I’ve dedicated the last 18 years of my professional life to working in commercial software product development environments—from employee to executive. As the current Managing Partner of an advisory services firm, I have seen just about all there is to see in business, working with startups whose employees range from three to large organizations that have tens of thousands. Nowadays , I spend most of my time helping organizations with product delivery issues improve, scale or prepare for IPO.

I have learned that regardless of industry, organization size, or belief in an organization’s individuality, most of these environments actually have a lot in common—including teams comprised of good people with good intentions. Unfortunately, most of these teams are lacking a common framework in which to operate.

I believe that an Agile framework is much better than how we used to get work done. I have found that the application of Lean Agile principles with consistency, just like a good exercise regime, can transform how product is delivered to market.

How to Get Your Agile Principles In Shape

Extensive writing already exists defining Lean Agile principles and my intent is not to re-write these articles. The Scaled Agile Framework (SAFe ©) website and texts are an excellent resource on this topic. While all of the Lean Agile principles have value and importance, I have found organizations are most likely to get in shape and stay there, by staying mindful of the following.

  • Sometimes the only way to get into shape is to re-train teams, together
  • People really are doing their best 
  • Product and engineering need to be in the boat together

To read the full article click here https://www.tecveris.com/resources/getting-your-agile-framework-into-shape/

 

Posted by
Millie Paniccia
Author Bio
Millie has led PMO, Help Desk Operations, Software Development, QA and Product Development teams. Millie is a certified Scaled Agile Framework SAFe Agilist and strategic leader in Lean Agile adoption.
10 Ways to Protect Your Business Against Cyber Attack

10 Ways to Protect Your Business Against Cyber Attack

Best Practices for Fortifying Your Organization Against Cybercriminals

protect your business from cybercriminals

The connectivity of today’s employees has left executives unable to overlook the cybersecurity of their organization any longer. It’s no longer a question of if your business will be targeted by cybercriminals, it’s now a matter of if your cybersecurity precautions will fail you. Cybercriminals have reached a new level of sophistication – they can attack your infrastructure at all times of day, using automated algorithms, making it nearly impossible to keep them out all of the time. Staying current with your technology and processes is the only way to protect your business from harm.

To learn more about IT best practices for your organization, please click here!

Unsure of where to start? Begin by discussing our top 10 Cybersecurity Best Practices with your IT resource to ensure you have a solid foundation in place – and build up your defenses from there.

Top 10 Best Practices for Fortifying Your Organization Against Cyber Attack

  1. Backup, Backup, Backup!

Put in place a hybrid strategy for backing up your data – ensure that you have both a local backup and a cloud solution in place in case of disaster. Backups should be tested regularly, and should be performed no less than once per day. Ideally, your organization’s backup should be performed once every hour for premium recovery.

  1. Put a Strong Firewall in Place

With your employees accessing the web day in and day out, controlling the flow of internet traffic coming in and out of your business is crucial. A strong firewall is a vital asset in your suite of cybersecurity tools to have in place to protect your business.

  1. Install Antivirus Protection

Antivirus and Anti-Malware software is one of your organization’s most important lines of defense against cyber attack. Choosing the best program for your business, and monitoring the alerts as they come in will help you maintain a cyber secure environment for all users.

  1. Secure Your Email

Most attacks continue to come through via email. Ensure that your organization has an email service designed to halt email spam and phishing attempts in their tracks!

  1. Keep Your Technology Up to Date

All outdated technology can be a security vulnerability to your business. Keep your programs up to date on any patches or updates that are pushed out to keep your business as safe as possible. Additionally, refreshing your hardware on a regular basis will allow for greater protection as technology becomes more sophisticated.

  1. Monitor the Dark Web

monitor your business on the dark web

Did you know that your credentials (or the credentials of a team member!) could already be on the dark web? By adopting a dark web monitoring software, you can check the dark web regularly for instances of your organization’s credentials and take steps to mediate the issue before a cybercriminal uses those credentials to maliciously hack into your system!

  1. Secure All Mobile Devices

Today’s workforce is as mobile as ever. The first step towards protecting your team’s mobile devices is to establish password policies, encryption software, and to enable remote wiping on the device should you need it. A Mobile Device Management plan addresses each of these issues and more. Additionally, ask your team to be mindful of where they keep their devices – never leave a laptop in a locked car, for instance, as this is a prime opportunity for thieves.

  1. Assign a Resource to Monitor Your Infrastructure

Whether it’s your internal IT professional or a third party expert, it is critical to have a trusted resource to monitor all of your security software on an ongoing basis. Software protection is no good unless it’s working properly and each and every alert is dealt with in the proper manner. It only takes a small window of time to have huge consequences.

  1. Apply Password Policies Across Your Organization

Implementing strong passwords across your organization is one of the most effective policies to have in place to protect your infrastructure. Always avoid using personal data, common words spelled backwards, or any sequence of letters or numbers that are close together on the keyboard (12345, QWERTY). Also urge users to never, ever write down a password!

  1. Educate Your Employees!

Your employees are a cybercriminal’s best chance to breach your network. Educating your employees about the organization’s cybersecurity best practices is one of your best lines of defense against cyberattack. Users should be made of aware of the value of your data, how to spot a phishing attempt, and what your password policy entails. Revisit this tactic often, as a cyber-savvy workforce is a more effective strategy than anything else you can put in place.

To learn more about IT best practices for your organization, please click the button below!

comprehensive it solutions for maryland business

Related Articles:

A Fully Managed IT Services Provider Can Revolutionize Your IT
Secure Your Company’s Data Anywhere With Mobile Device Management
Is Cloud Computing Right for Your Business?

Posted by
Olivia Bushong
Author Bio
Advance Business Systems is a people company with an intense passion for improving their customers’ businesses and enhancing their team members’ lives. Advance helps organizations become more efficient and more effective through technology, processes and services backed by industry leading support. Whether it’s proactively managing a customer’s IT infrastructure, providing multifunctional devices or an electronic document management software solution, Advance provides solutions for productivity so organizations can focus on their core business. Celebrating over 50 years of serving Maryland businesses, Advance has deep roots throughout the state. As an independent, family owned business, Advance is proud to partner with organizations such as the Baltimore Ravens, Maryland Zoo, Maryland Athletics, and the National Aquarium for office technology and to demonstrate its commitment to the local community.
Does Regulatory Compliance Apply to My Business? Yes.

Does Regulatory Compliance Apply to My Business? Yes.

Today, almost all businesses are affected by compliance. Whether you’re in the healthcare industry and are bound by HIPAA regulations, or you’re a manufacturer attempting to meet NIST standards before you lose your government contract, your business cannot afford to be in the dark about compliance regulations.

What Technologies Should be in Place to Remain Compliant?

Data Encryption – All regulatory programs require organizations to encrypt and control their sensitive data. When data is encrypted and controlled with data loss prevention policies, the information is illegible– unable to be read without a secret key and proper permissions.

Data Life Cycle Management – It is easy to lose track of information after it leaves its original source. Do you know what happens to your data after you hit send on an email? Most regulatory standards require that you track exactly who sees that data and what they do with it. Data Life Cycle Management software allows organizations to track the entire lifecycle of their documents– and revoke access to that sensitive information at any time.

Disaster Recovery – What is the first step your business would take in the event of a breach? How long would it take to get up and running if you suffered a natural disaster? Being compliant means having a disaster recovery plan in place, and testing that plan regularly to ensure its effectiveness.

Next Steps

Due to the complexity of the requirements and what is at risk if you don’t comply, an IT resource that understands the complexities of maintaining compliance in your industry is essential. Consider a third-party resource, so you can focus on your business while they handle the rest.

Posted by
Advance Business Systems
Author Bio
Advance Business Systems helps organizations focus on their core mission by providing technology that can increase efficiency and effectiveness and services that eliminate the distractions that many organizations face. The right resources and a plan are critical to an organization achieving and exceeding their goals. Advance provides services such as IT planning and support that will take IT off your plate, keep you from worrying about data security and position your business for the future. Having the right business technology solutions in place, such as multifunctional copiers, interactive white boards and document management software, can greatly improve the flow of information through an organization.
10 Regulatory Actions to Take Immediately If You’re a Manufacturer in the Greater D.C. or Maryland Area

10 Regulatory Actions to Take Immediately If You’re a Manufacturer in the Greater D.C. or Maryland Area

If you’re a manufacturer within 50 miles of Washington D.C., your organization is probably working with the United States government in some way, shape or form. Whether you have a contract directly with the government or you provide products or materials to someone who does, your company is now responsible for ensuring that you are compliant with NIST 800-171 standards.

Are you interested in how a comprehensive IT solution could benefit your business? Click here to browse our Managed IT homepage!

WHAT IS NIST 800-171?

As of December 31st 2017, the National Institute of Standards and Technology (NIST) has published a document stating that all manufacturers that work with the US government (Department of Defense, General Services Administration, and NASA), are now responsible for maintaining compliance with their cybersecurity standards, outlined in document NIST 800-171. The document spells out the strict data management guidelines that manufacturers must meet in order to work with the government.  And take note– just because you do not have a direct contract with the government does not mean you are not affected. Even if your organization does something as removed as supplying parts to a subcontractor of the government, it is required that your organization become compliant as well.

This document outlines the standards to which all manufacturers must update their systems in order to maintain cybersecurity best practices. With hackers attempting to breach the infrastructure of government agencies and private organizations alike, this document strives to protect both Controlled Unclassified Information (CUI) and Covered Defensive Information (CDI). Even though this information is technically unclassified, it is still sensitive data. This document strives to control the dissemination of this information.

Failure to meet these standards could mean the loss of your contract altogether.

10 Data Security Actions Your Business Should Consider Today to Work towards Compliance with NIST 800-171

While the actual document lists over 100 points that your organization will need to address, we’ve outlined 10 impactful data security changes you can make to your infrastructure to get started immediately.

  1. Limit access to your internal systems to authorized users and devices
  2. Apply a limit to the number of unsuccessful log in attempts for each user
  3. Automatically log off of devices after a certain amount of inactivity
  4. Provide security-awareness training to employees
  5. Restrict employees from self-installing software on their devices
  6. Require users to sign in to all systems before accessing any internal systems
  7. Prohibit password reuse for a specified number of generations
  8. Enforce a minimum password complexity when creating new passwords
  9. Restrict the use of portable storage devices if they do not have an identifiable owner
  10. Only allow physical access to organizational systems and equipment to authorized individuals

How Can I Become Fully Compliant with NIST 800-171?

Clocking in at 110 standards that your organization must meet in order to maintain compliance, it is clear that you will need to seek the help of an expert to get these updates underway. Due to the complexity of some of the requirements and what is at risk you don’t comply, we recommend utilizing an internal IT team or partnering with a resource that you trust to apply these changes. Equally as important, is establishing a process or resource to ensure you remain compliant!

If you do not have the capacity or expertise to apply these updates internally, seek the help of a dedicated 3rd Party IT company that understands the complexities of maintaining compliance in the manufacturing industry. With a third-party resource, you can stick to running your business while your third party handles the rest.

Posted by
Olivia Bushong
Author Bio
As a business solutions provider, Advance helps organizations become more efficient and more effective through technology, processes and services backed by industry leading support. Whether it’s proactively managing a customer’s IT infrastructure, providing multifunctional devices or an electronic document management software solution, Advance provides solutions for productivity so organizations can focus on their core business. Celebrating over 50 years of serving Maryland businesses, Advance has deep roots throughout the state. As an independent, family owned business, Advance is proud to partner with organizations such as the Baltimore Ravens, Maryland Zoo, Maryland Athletics, and the National Aquarium for office efficiencies and to demonstrate its commitment to the local community.
MTC Partners with MD Association of Counties for 2018 Summer Conference Tech Show

MTC Partners with MD Association of Counties for 2018 Summer Conference Tech Show

The Maryland Tech Council is partnering with the Maryland Association of Counties (MACo) to co-host an exclusive deep-dive focusing on Maryland tech, biotech and cyber vendors. These sessions with feature over 50 tech exhibits and three intensive technology sessions, complete with demonstrations of the latest technology for county governments. Exhibitors will present everything from GIS to 3-D printing, body cameras, virtual reality and more, featuring cutting-edge technology that is revolutionizing sectors across Maryland.

Click here to learn more about #MACoCon

The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

Specter and Meltdown, names given to a recently discovered vulnerability that affects almost every computer chip manufactured in the last 20 years. If exploited, attackers could gain access to data previously considered completely protected. The Specter and Meltdown flaws work by exploiting two important techniques used to make CPU chips execute faster, called speculative execution and caching.

Speculative execution allows a CPU to attempt to predict the future to work faster. For example, if the chip determines that a program contains multiple logical branches, it will start calculating the values for all of the branches before the program decides which branch to take. When the correct branch is determined, the CPU has already produced the values for that branch. If the CPU sees that the same function is frequently used, it might use idle time to compute that function so it has what it thinks the answer will be ready if needed.

Caching is used to speed up memory access. Random access memory (RAM) is located on separate chips and it takes a relatively long time for the CPU to access data in the RAM. There is a special small amount of memory storage called CPU cache that is built on the CPU chip itself that can be accessed very quickly. This cache memory gets filled with data that the CPU will need soon or often. Data that is produced by such speculative execution is often stored in the cache, which contributes to making it a speed booster. The problem arises when caching and speculative execution start circumventing protected memory.

Protected memory is a foundational concept underlying computer security. It allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.

A privilege check can take a relatively long time. Due to speculative execution, while the CPU is waiting to find out if a process is allowed to access that data, it starts working with that data even before it receives permission to do so. The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. Because CPU cache memory can be accessed more quickly than regular memory and due to the long latency associated with privilege checks, the process can potentially access certain memory locations that it shouldn’t be allowed to access. As this problem exists in the hardware there is no direct way to correct it. Software patches have been offered to mitigate the exposure but have led to some degradation in performance of the CPU. In many cases, the software patch is targeted at a specific product and installing the wrong patch can severely impact system operation.

The most immediate action security teams and users can take to protect computer systems is to prevent execution of unauthorized software and avoid access to untrusted websites. Security policies must be are in place to prevent unauthorized access to systems and the introduction of unapproved software or software updates.

Posted by
Written by: Prof. Bill Pierce. Submitted by Ivana Shuck
Author Bio
Prof. Bill Pierce, the author of this article, is an Assistant Professor of computer science at the Department of Computer Science & Information Technology at Hood College in Frederick, Maryland. He teaches undergraduate and graduate courses in Computer Architecture, Digital Logic and Switching Theory, Digital Signal Processing and Musical Computing.*
We Digitized Our Lives, We Just Forgot to Secure Them

We Digitized Our Lives, We Just Forgot to Secure Them

We are a connected, digital society that depends heavily on networks, databases and other digital systems to operate. Almost every aspect of our lives, from the most basic tasks at the workplace to our personal communication and social interactions, to the way we shop and the tools we use to study and learn, depends on some form of electronic interaction or data exchange. These digital environments are practical, useful and fast, but in our excitement to use, leverage and widely deploy them, we have forgotten to secure them.

The spree continues

Last year, the national fast food restaurant chain, Arby’s, acknowledged that malware installed on payment systems inside specific corporate stores might have compromised more than 355,000 credit and debit card numbers. A few months later, personal information and the medical diagnoses of at least 7,000 patients at the Bronx Lebanon Hospital Center in New York had leaked. By the end of the summer, Kmart and Verizon had revealed malware infections and data leaks, all leading to the Equifax compromise, a breach potentially affecting up to 143 million customers. Even Uber suffered a data breach allegedly exposing personal information of 57 million users and drivers. Even companies in cybersecurity can be affected. Take Deloitte for example, a company once named by Gartner Research as the “best cybersecurity consultant in the world,” which had its email system hacked. The naive justification of all these compromises can be attributed to profit-driven “corporate irresponsibility”—companies and organizations minding their bottom lines rather than exercising care about securing their data.

Not my problem

Terms like breach, data leak, attack, hack, exploit and malware have become common in our vernacular, and they are immediately associated with malicious intent. For most individuals, cybersecurity incidents remain distant acts of socially awkward—but brilliant—teenagers or nefarious hackers in far-away countries. That’s until someone’s financial or health records become available on the Internet.

Companies on the other hand are aware of the impact of breaches, but for many, they are only identified as risks that are hedged against with the cost of actively protecting digital assets and that of inaction. For small businesses, a hacking attack may be detrimental, with 60 percent of small companies being unable to sustain more than six months after a compromise. For large organizations, cybersecurity insurance policies give a sense of safety from financial risk, yet there is no policy that could ever recover the reputational cost and loss of trust.

Cybersecurity compromises are not always the product of malicious intent and unauthorized access. Data breaches are also caused by unintentional omissions, software errors, poor maintenance of systems and software operator negligence or misplaced trust in careless third parties. In all cases and at all levels, dealing with cybersecurity incidents, whether malicious or inadvertent, will not be reduced until all stakeholders, from organizations to individuals, assume their share of responsibility.

The hunt for cybersecurity talent

The need for qualified cybersecurity staff has become a mainstay discussion. Cybersecurity professionals are expected to have specific, technical, specialized skills that match each organization’s technology mix. The result has been the springing up of an entire industry of cybersecurity certifications that existing information technology professionals flock to obtain. These are good options to meet current demand, but their value is often as short-lived as the product or technology they are based on.

Unlike other fields, specific technology skills are required in cybersecurity, but they are not sufficient to succeed. The field is highly technical and requires professionals to continuously cross the lines between computer science, information technology and mathematics. It also requires many important skills such as problem solving and critical thinking. These skills can’t be obtained by a weeklong vendor training or series or set of professional certifications. These are skills that are cultivated with formal education, enriched with technical training and further enhanced with on-the-job work experience.

For information on our cybersecurity program, click here.

Posted by
Written by:Dr George Dimitoglou, submitted by: Ivana Shuck
Author Bio
George Dimitoglou is an Associate Professor in the Department of Computer Science and Director of the Center for Computer Security and Information Assurance at Hood College, Frederick, MD. Before joining the faculty he spent time in the industry and government working in the areas of information systems, telecommunications, data archiving and space science. He holds a doctorate in Computer Science with concentration in Parallel and Distributed Systems from the School of Engineering & Applied Science of The George Washington University; a M.S. from the University of Maryland and a B.S. from Temple University. He is the recipient of a Mission Contribution Award from the European Space Agency, a NASA Goddard Space Flight Center National Resource Award, a Kobe City (Japan) Mayor's Award for Outstanding Performance (robotics competition) and a Faculty Advisor Award by the IEEE National Capital Area Section. He is a member of the the IEEE, the ACM, the Mathematical Association of America and the ϕKϕ Honor Society.
For Companies, Defense is Still the Best Defense

For Companies, Defense is Still the Best Defense

As a strategy, attacking one’s enemies as a way to protect oneself has been promoted  throughout history as the best kind of defense. This doctrine has been suggested by Machiavelli, Sun Tzu and even Abraham Lincoln when he referred to “…offensive operations, being the surest, if not the only means of defence…” [1].

The problem is this doctrine of counter-attack doesn’t work well in cyberspace. When a company’s assets are hacked, all a company can do is endure the reputation damage, attempt a quick recovery of compromised assets, address vulnerabilities, harden security and move forward.

Options such as attacking the hackers, “hacking back”, counter-hacking,  or the more eloquent “active defense” surely go through the minds of every person dealing with a compromise.

Doing so in the U.S. is illegal. The Computer Fraud and Abuse Act (CFAA) [2] makes most forms of counter-hacking unlawful. Also retaliation significantly increases the risk of putting the company in the cross-hairs of more hackers and becoming subject to more attacks.

The legal aspect and increased risk notwithstanding, the ability, effectiveness and value of hacking back is questionable.

A key factor is attribution, the ability to identify the attacker with a degree of confidence that doesn’t turn the victimized company into a reckless villain. Even during naive cyber attacks, hackers attempt to hide their tracks either by spoofing their IP addresses or using intermediate, often compromised systems of other organizations as staging platforms to launch their attacks. Counter-hacking the wrong network, IP or another innocent company’s systems would not accomplish anything.

The effectiveness of counter-hacking should be evaluated against the type and might of the adversary. Starting from the least to the most powerful, the first category are opportunistic hackers, individuals that hunt for technological vulnerabilities. Their motivations range from asserting bragging rights in subversive online forums to asking for ransom in bitcoin to return deleted data and restore defaced websites. Their methods are based on blunt attack instruments that scan thousands of networks and system for vulnerabilities, using code and instructions found on the internet. For a company attempting to retaliate against these hackers, it resembles an infinite game of whack-a-mole.  And typically the hackers have no assets to attack — launching a cyber attack doesn’t require more infrastructure than a computer and an internet connection.

The second category are professional hackers, or hired guns. These freelancers operate with surgical precision. Their targets are specific companies and their motivation can be industrial espionage or disrupting operations to reduce capability and provide competitive advantage for the hacker’s “employer”. Attribution in this case is very hard as a company attempting to retaliate must distinguish between the attack executioner and the party that paid them.

The third category is state-sponsored hackers. These are literal armies of hackers that deploy coordinated hacking campaigns on a variety of targets and may range from industrial espionage against a country’s entire business sector to the disruption of power plants and electrical grids. The asymmetry of power in this case is so pronounced that companies have little or no chance to accomplish anything by launching a counter-attack against a state ,other than becoming a prime target.

It is clear from the above that hacking back is a lost cause. Yet companies are becoming increasingly frustrated and continue to discuss options for retaliation. If not active counter attacks, perhaps baiting hackers and planting software that operates either as a timebomb or a beacon in fake but sensitive-looking documents. In the first case, the planted software “explodes” after being stolen, infecting the hacker’s files and network similar to dye packs planted in bags of money in banks. In the second case, a beacon software generates location signals, revealing the location of the perpetrator.

While these methods may make potential hackers think twice about conducting operations, they will do very little to thwart their activities.

It is safe to say that a state-to-state adversarial engagement in cyberspace is a completely different matter. The balance of power is different and its resemblance to military combat lends itself to applying more traditional engagement doctrines such as the strategic offensive principle of war. The number of stories of clandestine sabotage as a counter or preemptive attack are increasing.

The unconfirmed release from US and Israel of Stuxnet [3-5], a virus released to impede Iran’s nuclear plants by destroying centrifuges is a case of a preemptive attack.   Another, borderline funny, retaliation example is the outing of a hacker by the country of Georgia. Frustrated by continuous Russian cyber attacks, they baited a hacker with software that once stolen by the hacker, took photos of him using his webcam.

While these and many other similar stories are newsworthy and often have political implications, vigilantism has no place in industry. Companies should focus on excelling in their domains of operation.  Organizations in all sectors, manufacturing, banking, health and technology should act legally and maintain an ethical advantage against hacking attacks, while acting to harden their cyber defenses and make it as hard as possible for hackers to profile, attack and profit from their crimes.

REFERENCES

  1. “From George Washington to John Trumbull, 25 June 1799,” Founders Online, National Archives, last modified February 1, 2018, http://founders.archives.gov/documents/Washington/06-04-02-0120. [Original source: The Papers of George Washington, Retirement Series, vol. 4, 20 April 1799 – 13 December 1799, ed. W. W. Abbot. Charlottesville: University Press of Virginia, 1999, pp. 156–159.]
  2. Computer Fraud and Abuse Act of 1986, U.S. Code, Title 18, Part I, Chapter 47, § 1030
  3. Ellen Nakashima, Greg Miller, and Julie Tate; June 19, 2012; “U.S. Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say;” The Washington Post; http://www.washingtonpost.com/world/national-security/us-israeldeveloped-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html.
  4. David E. Sanger, June 1, 2012, “Obama Order Sped Up Wave of Cyber Attacks Against Iran,” New York Times, http://www.nytimes.com/2012/06/01/world/middleeast/ obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=0
  5. Joby Warrick; February 16, 2011; “Iran’s Nuclear Natanz Facility Recovered Quickly From Stuxnet Cyber Attack;” The Washington Post Online; http://www.washingtonpost.com/wp-dyn/content/article/2011/02/15/AR2011021505395.html
Posted by
George Dimitoglou
Author Bio
George Dimitoglou, Ph.D., is an associate professor of computer science at Hood College and director of the Cybersecurity master’s program at the Hood College Graduate School. He is also the director of the Center of Computer Security and Information Assurance. Professor Dimitoglou earned a bachelor's degree in computer science from Temple University and a Ph.D. in computer science from The George Washington University.
POV From CEO, Tami Howie: Protecting Innovation Protects Patients and Our Economy

POV From CEO, Tami Howie: Protecting Innovation Protects Patients and Our Economy

Innovation is at the heart of Maryland’s economy and the wellbeing of patients in our state. New, groundbreaking cures and treatments save and extend the lives of patients, pushing the bounds of modern medicine, for the benefit of all. Innovative companies are able to leverage Maryland’s combination of technology know-how, business-friendly climate, and highly-educated, highly-skilled workforce to produce these cures and provide hundreds of thousands of Marylanders with well-paying jobs.

However, despite all this, the Maryland General Assembly is currently debating drug pricing legislation that would threaten the innovative potential that makes these benefits possible. New regulations, SB 1023/HB 1194, would create a government-controlled commission with broad leeway to influence drug prices and increase burdensome reporting requirements adding yet another layer of complexity to drug manufacturing.

Click here to read more >>