Archive for September, 2016

Hacking, Cryptography, and the Countdown to Quantum Computing

Sep 27th

From: The New Yorker

By Alex Hutchinson

Given the recent ubiquity of cyber-scandals—Colin Powell’s stolen e-mails, Simone Biles’s leaked medical records, half a billion plundered Yahoo accounts—you might get the impression that hackers can already break into just about any computer they want. But the situation could be a lot worse. The encryption methods that protect everything from online shopping to diplomatic communications remain effectively impregnable when properly implemented, even if, in practice, there are frequent breaches—whistle-blowers, careless clicks, and so on. This relatively happy state of affairs will not, however, endure. Scientists around the world are inching toward the development of a fully functioning quantum computer, a new type of machine that would, on its first day of operation, be capable of cracking the Internet’s most widely used codes. Precisely when that day will arrive is unclear, but it could be in as little as ten years. Experts call the countdown Y2Q: “years to quantum.”

One smart city standard to rule them all?

Sep 26th

Editor’s Note: For guidance on the use of standards, see An Updated Look at the Federal Policies Governing How Agencies Use Voluntary Consensus Standards in Regulatory, Procurement, and Science Documents.

From: American City & County

By Jesse Berst

***

Why do we need standards?
Standards development for smart cities is taking place all over the world by a variety of standards organizations and consortia. As Chris Greer, director for NIST’s Smart Grid and Cyber-Physical Systems Program, described the situation: “The growth of the smart cities market is currently hindered by ICT deployments that are customized and not fully interoperable or scalable, as well as by the lack of convergence around architectural design principles and a common language or taxonomy. We want to avoid potentially divergent outputs from emerging standards activities and, instead, come up with a framework that will enable smart city solutions that meet the needs of modern communities.”

New schedule for military EHR rollout is imminent

Sep 23rd

From: FCW

By Adam Mazmanian

The Department of Defense will decide on a new schedule for the rollout of its new, commercial electronic health record product in the next seven to 10 days, according to a spokesperson.

The new health record system, dubbed MHS Genesis, was scheduled to have an initial operating capability in the Pacific Northwest by Dec. 31, 2016, to comport with the date set in the 2013 National Defense Authorization Act.

NIST Awards Grants to 5 Nonprofit Groups to Establish Regional Cyber Education, Workforce Devt Partnerships

Sep 21st

From: ExecutiveGov

Jane Edwards

Five nonprofit organizations have received approximately $1 million in total grants from the National Institute of Standards and Technology to forge partnerships that seek to address the shortage of cybersecurity professionals in local communities.

NIST said Tuesday the Regional Alliances and Multistakeholder Partnerships to Stimulate grants are part of the Commerce Department’s Skills for Business initiative and will be administered by the National Initiative for Cybersecurity Education.

Pensions Regulator: Cyber security should be a key risk on risk registers

Sep 19th

From: Pensions Expert

By Tom Dines

Trustee boards should be assessing their risk of cyber attack and taking steps to protect member data and scheme assets, the chief executive of the Pensions Regulator has said.

Experts have been predicting an increased focus on cyber security for some time now, with warnings of major losses if a pension scheme is hit by hackers.

***

“Pension schemes are likely to be attractive targets to cyber criminals, because they hold a lot of personal employment and financial data,” she said.

Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor

Sep 16th

From: Slashdot

Xiaomi, the Chinese smartphone manufacturer many refer to as the “Apple of China,” can silently install any app on your device, according to a Computer Science student and security enthusiast from the Netherlands. Thijs Broenink started investigating a mysterious pre-installed app, dubbed AnalyticsCore.apk, that constantly runs in the background and reappears even if you try and delete it. The Hacker News reports:

Read Complete Post

How reducing information systems ‘clutter’ could reduce cyber risk

Sep 15th

From: FederalNewsRadio.com

By Jory Heckman

Moving federal information systems to the cloud could reduce a lot of the federal government’s IT “clutter,” but without the cybersecurity component, agencies won’t feel confident about migrating their data.

More than a year after massive data breach at the Office of Personnel Management, federal agencies remain on full alert when it comes to shoring up their cyber vulnerabilities.

UK government urged to adopt ‘new approach’ to data security

Sep 14th

From: Out-Law.com

The UK government has been urged to adopt a “new approach” to data security by the National Audit Office (NAO).

The spending watchdog found that “too many bodies” within government have “overlapping responsibilities” for information security matters and that insufficiently clear information is collected by the government on the way it performs in protecting data or the costs involved.

Feinstein office: Leaked document not new encryption bill

Sep 12th

From: The Hill

By Joe Uchill

On Friday, a well-esteemed security blog printed excerpts from what it said was a leaked copy of a rewritten Feinstein-Burr encryption bill. Sen. Dianne Feinstein’s (D-CA) office has since clarified that, while there was a document, it was not new draft legislation.

A source within Feinstein’s office familiar with the document says it was actually an internal brainstorming file being compiled by Feinstein’s staffers as they met with stakeholders in the encryption debate. It is not, the source stressed, legislation the office or any office is currently considering.