Daily Tech Digest - February 26, 2017

Post-Quantum Crypto: Don't Do Anything

So far, however, the sky is not falling. "I wouldn't lose too much sleep over quantum computers," said Boneh's co-panelist, Israeli cryptographer Adi Shamir - the "S" in the RSA asymmetric cryptographic algorithm. "Quantum computers are not at the top of my list of worries," added Shamir, who's also the Borman Professor of Computer Science at Israel's Weizmann Institute. "I think there is a higher chance that RSA could be broken by a mathematical attack." Shamir also expects there to be plenty of warning if powerful quantum computers become a reality. "The big question everyone should be trying to answer is when we should start worrying," he said. "Is it something that's likely to happen in only one location, deep in a basement in Maryland?" he asked, in reference to the National Security Agency, which is known to be conducting related research.

Data Integrity in the Era of Fake News

An analysis of integrity - a core foundation of cybersecurity - in the era of fake news leads the latest edition of the ISMG Security Report. In this Security Report, you'll hear: DataBreachToday Editor Mathew Schwartz analyze comments by leading IT security experts on the threats posed to information integrity; Excerpts from HealthcareInfoSecurity Editor Marianne Kolbasuk McGee's interview, from the HIMSS17 health IT conference in Orlando with Medical Device Innovation, Safety and Security Consortium's Dale Nordenberg on a new initiative to help ensure the security of medical devices; and ISMG Security and Technology Editor Jeremy Kirk report on new cybersecurity regulations in New York state governing financial institutions.

RPA Proving Its Transformational Value At Deutsche Bank

“By teaching a machine that set of tasks—having that knowledge encoded through robotics and cognitive computing—that knowledge is available to humans to augment their skills and accelerate the onboarding process,” Mazboudi says. The automated system can guide employees through their day-to-day work. “We really look at it as augmenting our workforce by making this encoded intelligence available to them,” says Mazboudi. “I don’t think robots will ever replace humans. But robots will make humans more efficient and smarter.” They could make employees happier as well. Automating more of the monotonous tasks can increase employee satisfaction, Mazboudi says. But RPA is not a quick fix. It oftentimes requires rethinking existing business processes. “Very seldom can we take a process as it exists today and just automate it,” Mazboudi says.

Cyber Espionage Seen Expanding to Grasp Trump Policy Changes

Nations regularly spy on one another but with President Donald Trump espousing unconventional approaches to foreign policy, there is an heightened urgency to know what shifts may occur, according to John Hultquist, FireEye’s manager of cyber espionage analysis. “We can anticipate worldwide a surge in cyber espionage because of the changing administration, because of America’s rapidly changing foreign policy, military policy, diplomatic policy," Hultquist said in an interview in San Francisco. “We have created a lot of uncertainty that foreign countries or foreign adversaries are going to try to unravel with these tools.” Organizations under threat include the State Department, political parties and research institutes that provide insights on how the U.S. posture is developing, Hultquist said.

Connecting the Big Data Dots to Optimize Health and Manage Disease

As we enter 2017, we will begin to move from a "Quantified Self" era, where the data has generally remained siloed on the devices and apps of the individual and not integrated into clinical care, to the emergence of "Quantified Health,” where the data from common consumers' wearables, scales, BP cuffs, glucometers and even home lab data, will flow through consumer's smartphones (via Apple's HealthKit and more recently via Google Fit and Samsung's S-Health) and integrate into electronic medical records (EMRs) of the clinician. This will bring feedback loops which can communicate back to individual patients, engaging and empowering patients along the way.As of early 2016, with a single iPhone authorization, my HealthKit data could flow into my Stanford Hospital electronic medical record and MyStanford app to be tracked and visualized.

Storage-class memory supporters may heed lessons learned from the 1970s

Unfortunately, the available memory options at that time were not as advanced as today. The System/38 wound up using IBM's then-standard semiconductor memory, and it's best known in historical circles as one of the early systems to rely on object storage rather than straightforward files and blocks. This is a lesson for the modern IBM and other industry titans, such as Hewlett-Packard, Intel, and Microsoft, as they and others all try to figure out storage-class memory. "Essentially the applications were brand new and people rewrote them for that," Soltis said. It will happen again in the 2020s, he predicted. This was not insurmountable in the 1980s because of the limited number of applications and because many of the System/38's customers were new users in general, without much of a legacy systems burden.

Four ways banks are turning the tables on cybercriminals

They “can’t afford any more hacks to occur or for adversaries to spend months undetected in corporate networks, databases and applications … only to find out after a breach occurred and after data has been exposed or transactions have been meddled with or Social Security numbers have been stolen,” Schulze said. Still, banks cannot go on the attack — their own lawyers, regulators and law enforcement won’t allow it. In the U.S. and most other countries, it would be illegal to hack back at a cyberattacker. Witty compares this situation to being a Samurai warrior who may not fight. “You have beautiful armor and a beautiful helmet but you don’t have a sword, and if you do have a sword you can never use it,” he said. “You can only block, parry, duck, jump or run.” That said, banks are finding ways to block and parry more assertively. Here are four of them:

SHA-1 Has Fallen

The writing has been on the wall for SHA-1 for some time. In 2005, cryptographer Bruce Schneier, responding to the first-ever theoretical collision attack that was demonstrated against SHA-1 by three Chinese researchers, showing how SHA-1 might one day be cracked, said that "we need to get to work replacing SHA." There are two risks. "One-way hash functions are supposed to have two properties," Schneier wrote at the time. "One, they're one-way. This means that it is easy to take a message and compute the hash value, but it's impossible to take a hash value and recreate the original message. (By 'impossible' I mean 'can't be done in any reasonable amount of time.') Two, they're collision-free. This means that it is impossible to find two messages that hash to the same hash value."

Manage Today's IT Complexities with an Enterprise Architecture Practice

One solution is an enterprise architecture (EA). It's a relatively new practice in higher education IT, but one that continues to gain importance.3 An EA provides an overarching strategic and design perspective on IT activities, clarifying how systems, services, and data flows work together in support of business processes and institutional mission. It helps to integrate new technologies and services, and their data streams seamlessly into an institution's IT environment. But EA also serves as an important institutional planning tool, as a means for getting the right people involved in solving the right problem. "Quite often we start off by saying we need to buy a CRM for the campus rather than thinking about the problem we are trying to solve and who should be involved in the conversation," explained Jim Phelps

Eight essential enterprise architecture artifacts

Even though both TRMs and guidelines describe some implementation-level technical rules relevant to IT projects, they are complementary to each other because TRMs provide lists of technologies to be used, while guidelines define more narrow prescriptions regarding their usage. .... Business capability models (BCMs) (sometimes also called business capability maps) provide structured views (‘maps’) of all organisational business capabilities on a single page, sometimes together with other supporting information like business strategy, objectives, main customers, partners, etc. BCMs are typically developed collaboratively by architects and senior business leaders and then ‘heatmapped’ to identify best investment opportunities, prioritise future IT spending and ensure the alignment between IT investments and desirable business outcomes. BCMs are often considered as ‘entry points’ into IT for business executives.

Quote for the day:

"The size of your success is measured by the strength of your desire; the size of your dream; and how you handle disappointment along the way" -- @InspowerBooks