Daily Tech Digest - March 28, 2017

SDN Solves A Lot Of Network Problems But Security Isn't One Of Them

Generally, the main security risks come from poor or incorrect configuration of the devices. While this is not only true in SDN, De Gaspari said it is potentially even more important given how flexible, and therefore how easy it is to misconfigure the architecture.  Despite the gaps in security, though, SDN continues to be an emerging alternative solution to the problems of modern day networks. Gregory Pickett, cybersecurity operations at Hellfire Security, said that there is a lot of good that comes with SDN.  "It allows for operations that providers have wanted for decades, operations such as maintenance dry-out, customer egress selection, enhanced BGP security through reputation-based route selection, faster convergence of routes, and granular peering at the IXP. SDN renders these all these problems moot," Pickett wrote.


Security awareness relies on balance of technical, human-behavior skill sets

"Security awareness was initially started about 10 years ago with the advent of regulation and compliance requirements," Sedova said. "Unfortunately, they were designed with the wrong question in mind. They ask 'show me how many people have taken your training.' Instead they should have asked 'show me metrics that your program yields improvement in X behavior.' The companies leading the charge in the awareness space today are creating their programs around this question." This leads back to the discussion around the right balance of talent for creating these programs. According to the SANS 2016 report on security awareness, more than 80 percent of security awareness personnel have a technical background, but also need soft skills such as communications, change management, learning theory, and behavior modeling, in order to be most effective.


MIT researchers set out to create self-assembling chips

The research revolves around the self-assembly of wires on chips. The wires would handle the biggest challenge in chip making. Instead of etching fine features onto silicon using existing methods, materials called block copolymers would expand and self-assemble into predefined designs and structures. The implementation of such self-assembly technology will involve adding one step into existing chip manufacturing technologies, said Karen Gleason, a professor at the department of chemical engineering at MIT. Today's manufacturing technology involves burning circuit patterns on to silicon wafers via masks using long wavelengths of light. Chips are currently being manufactured at the 10nm process, and it's becoming difficult to cram in smaller transistors using the same wavelength.


Ohio Air Force Base Trains Cyber Army

President Trump has called for “crippling” cyber warfare offensive capabilities and asked for a cyber plan within 90 days since he assumed the presidency. The New York Times has reported a joint U.S.-Israeli effort under prior administrations to launch the Stuxnet worm virus into a nuclear processing plant in Iran out of concerns that country was developing an atomic weapon. Domestically, one of the biggest concerns is a cyber attack would target the nation’s electrical grid. “That may be wrong,” Lewis said. “It turns out the biggest target the Russians were interested in was the electoral system. But I think people worry about the electrical grid as being vulnerable and we really don’t know how vulnerable it is. Some (utility) companies do a good job, others don’t. You can’t predict.


5 Ways CISOs Could Work Better with Their Cyber Insurers

Engaging with the information security organization can lead to better premiums by allowing the company to display the security culture that exists in the organization. A top-three broker reported that two airlines with similar cybersecurity postures achieved a 30% differential in the cyber insurance pricing, attributed to the confidence projected by an engaged cybersecurity team in the purchase process and the "culture of security" presented by the CISO. CISOs are an important party in the insurer selection process. For example, a Fortune 2000 technology company was using a leading managed security services provider to oversee its cybersecurity. However, the vendor was not on the insurer's incident response panel. This meant that in the event of a breach, the company would not be reimbursed for the additional breach response costs incurred with the managed security provider.


IT Salary Survey 2017: Tech Pay Holds Tight (For Now)

Executives and analysts have wildly different forecasts for IT hiring and salaries going forward. Based on interviews with dozens of CIOs conducted before and after the 2016 presidential election, management consulting firm Janco Associates in December sharply raised its tech hiring forecast from 90,000 to 136,500 new domestic IT jobs to be created in 2017. “After the election, CIOs were much more optimistic,” says Janco CEO Victor Janulaitis, pointing to the Trump administration’s promises to increase infrastructure spending, revise the tax system, bring jobs back to the U.S. and revamp the H-1B visa program. If those changes are implemented, “there will be greater need for U.S.-based IT resources,” he says


Revealing Secrets with R and Factor Analysis

Factor analysis is a classical statistics technique that examines data that has several variables in order to see if some of the variables are closely connected in some way. One of the standard "Hello World" examples of factor analysis is an examination of user ratings of different films. The idea here is that behind the scenes there are latent, hidden variables, such as movie genre, that explain the observed ratings. ... Another way you could use factor analysis information is to combine the raw variables that correspond to a latent variable, in order to reduce the dimensionality of the source data. The best way to see where this article is headed is to take a look at the screenshot of a demo R script. The script is named FactorDemo.R and starts by setting up and displaying a small 20-item data set of film ratings as just described.


No Quick Fixes For Small Business Cybersecurity

“The average small business owner is what we call trapped in a whirlwind,” Charles Rowe, president of America’s Small Business Development Centers, a trade association, testified before the House Small Business Committee. “They’ve got 5,000 things to worry about, and sometimes this is not the wolf closest to the sled.” Rowe advocated during Wednesday’s hearing for an interagency committee designed to help companies adopt cybersecurity best practices, similar to the Trade Promotion Coordinating Committee, which was created to aid exporters. Jim Mooney, cybersecurity chair of the National Association of Federally-Insured Credit Unions, urged the government to develop national cybersecurity standards for companies similar to those currently required for banks and other financial firms under the Gramm Leach Bliley legislations.


Smart Forensics for the Internet of Things (IoT)

Digital forensics is slowly developing as a solution to this problem. At its core, this brand of forensics is the process of identifying, preserving, analyzing and presenting digital evidence to the court of law. It does so using well-defined principles and accredited tools. IoT forensics has more areas of interest than traditional forensics. In addition to the traditional type of networks — wired, Wi-Fi, wireless and mobile — IoT also has the RFID sensor network. Different IoTware such as appliances, tags and medical devices should be considered as sources of evidence during investigation as well. The main challenge in investigating an IoT crime is introduced by the dynamic nature of IoT solutions. IoT is a combination of many major technology areas, which includes cloud computing, mobile devices, computers and tablets, sensors and RFID technologies. As a result, forensics for IoT will encompass all of these aforementioned areas.


Get ready for 2018’s changes to data protection laws

The GDPR will apply to companies that fall into two broad definitions: ‘controllers’ and ‘processors’. The definitions are similar to those defined in the Data Protection Act 1998 (DPA) in that controllers say how and why personal data is processed, and processors act on the controller’s behalf. If you are a processor, the GDPR will place specific legal obligations and liabilities on you; for example, you will be required to maintain records of personal data and processing activities. If you are a controller, you are not relieved of your obligations where a processor is involved. The GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR. While the principles are similar to those in the DPA 1988, there are some additional requirements that UK companies need to be aware of. The most significant is accountability.



Quote for the day:


"What lies behind us and what lies in front of us pales in comparison to what lies within us." -- Ralph Waldo