Daily Tech Digest - January 13, 2019

Experts Say Blockchain Has Yet To Become The Game-Changer Many Had Expected


Brent Jaciow, head of blockchain affairs at Utopia Music, a music data tracking platform, argues, though, that as with any software or technology, the user experience must make the end user's life easier. "Blockchain is still an emerging technology (even if it has been around in one form or another for 20 years), and developers must work hard to remove any roadblocks to firm's harnessing its capabilities," he added. "Given the current market environment, only those projects which clearly provide value to its end users in a compliant structure which investors understand will receive the funding necessary to bring their idea to fruition." Of course, while the authors of the McKinsey & Company report note that the "blockchain is a poorly understood (and somewhat clunky) solution in search of a problem," it's not all doom and gloom about the technology.



Blockchain and the reshaping of investment management

Blockchain offers no exception to the rule that new technologies involve some degree of risk and disruption. The road ahead is unlikely to be smooth, and the consequences will not be uniformly positive. Regulation may pose the greatest threat to blockchain’s widespread adoption in the short term. This was certainly the consensus among CCAF’s Global Blockchain Benchmarking Study respondents, who deemed extant legal frameworks “unclear”. The fact that distributed ledgers, by their very nature, have neither a specific location nor a centralized source of administration raises substantive hurdles in terms of jurisdiction and applicable law. Obtaining a framework that recognizes blockchains as genuinely tamperproof is likely to prove a contentious affair, as is the task of persuading multiple agencies to reach consensus on global standards


Self-driving cars will create 30,000 engineering jobs that the US can't fill

istock-921019596.jpg
Emerging mobility technologies like autonomous trucks and drones could mean even more engineers than predicted will be needed, the report found. While typical engineers today work on specific automotive components, like engines or electronics, in the future, they will need to have more cross-functional skills to work on interconnected automotive systems. This means they will need skills in math, physics, artificial intelligence (AI), machine learning, robotics, data science, and software, the report said. Because these skills remain in high demand and low supply, the talent gap will likely persist, it added. Along with engineers, the move toward connected vehicles will created more than 65,000 jobs for skilled trade workers, including autonomous vehicle and electric vehicle mechanics, and autonomous vehicle safety drivers, according to the report. Thousands more jobs for remote-support staff for self-driving vehicles and fleet maintenance will also be needed.


Serious cybersecurity enforcement is coming in 2019, but are advisers ready?

The good news is that the financial services industry has done a pretty good job of adapting to new cybersecurity requirements, at least in comparison to other industries like retail, said Robert Cattanach, partner at law firm Dorsey & Whitney. Where it's most often falling apart is with the smaller registered investment advisers and broker-dealers. "Modest-sized companies lack the resources to really make good on their paper policies," Mr.Cattanach said. "Someone can gin up the right-sounding IT governance policies and procedures. But it's a whole additional step to make sure they are followed." At smaller firms, there can be a sense of fatigue and helplessness when it comes to cybersecurity, because even the largest companies get hacked. "There is this general feeling of, 'Holy cow, how can I, this little RIA out here, protect [against a breach] if these large institutions can't?'" said Wes Stallman, provider of cloud-based cybersecurity for advisers. "I do think that causes some frustration."


A framework for auditing blockchain


In case of a private blockchain, the information is shared among all the participating nodes, but if competitors are present on the same blockchain, they may be able to discover the commercial-in-confidence information stored in the blockchain platform, thus putting sensitive data at risk. Lack of a governance model for blockchain, therefore, may lead to unresolved disputes over incorrect transactions or cross-border transaction flows. Other concerns remain with respect to ownership, governance, dispute resolution, security and privacy around smart contracts, and the blockchain-based platforms themselves. The risks are amplified due to the absence of a central regulator or governing body to deal with disputes when they arise. Traditional models of audit fail to take into consideration many of the risks associated with blockchain-enabled processes, and hence the need for understanding the specific set of unique risks and development of an evolved auditing approach specifically for blockchain-enabled solutions.


Fintech sector hurt by shutdown

The federal government’s influence on fintech is proving even more expansive than many expected, touching on the latest developments in banking, derivatives, securities, online lending and more. The halt of most agency operations is impacting a host of key issues concerning every fintech business, from the rate at which money can be raised to how (and even whether) business plans are finalized. However, not all pockets of the industry are impacted in the same way. Most visibly affected are companies issuing securities to raise capital. Large technology firms planning to do initial public offerings (IPOs) — think Lyft, Airbnb and Slack — could be affected with no one at the Securities and Exchange Commission to process registration statements of firms seeking to sell stock to the public. Planned IPOs would then have to be delayed, and if the stock market deteriorated, indefinitely postponed. In any event, when the SEC reopens, staff face a daunting backlog of filings.


Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught

Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught
Individuals and organizations would do well to treat the German personal data mega-leak as a cautionary tale. Here's the right question for all public figures, politicians or celebrities to be asking right now: "Could I fall victim to any attacker who used the same tactics, and how do I protect myself?" If so, the obvious next question is: "What should I do now to solve it?" Authorities in Germany say they're crafting guidelines for their country's politicians in the wake of last month's mega-leaks. Arguably, Germany's cybersecurity agency is already well behind the curve. "Why are standards agencies only now telling politicians and others how to protect their ID?" Woodward asks, noting that in the U.K., the National Cyber Security Center has long provided information security advice to lawmakers. On the other hand, "I'm not entirely sure politicians listen to that advice, or even read it," he says.


Bitcoin’s Revolution Is Only Just Beginning

It is interesting to note that countries, now recognizing that they are in competition with one another, are trying to make sure they win the bitcoin economy. The smartest of these are either allowing bitcoin to prosper or recognize that they need a light touch in regulating bitcoin to attract all the creativity, money and startups that are flooding into the field. The U.S. was wise to leave the internet unregulated and free because all the internet entrepreneurs created startups domestically and the economy around the internet blossomed. Keeping its regulatory hands light should help innovators stay in the U.S. There are many parallels between bitcoin now and the internet in 1994. In 1994, the internet was just for hobbyists and hackers. I remember when I first used the Internet, the only things I could do were to buy diamonds and try to break into NORAD. There were very few uses. It took many years for the internet to become mainstream, but when it did, it transformed industries.


Is GDPR Compliance Tougher Than HIPAA Compliance?

"U.S. healthcare entities that are subject to GDPR need to ensure that they undertake proper diligence when using third-party products and services to ensure that they do not cause them to be in violation of their GDPR obligations," she says. "The hospital in this case argued that it was using a system provided by the Portuguese healthcare authorities, but the regulators pushed back on this argument on the basis that the hospital could, and should, have known that its use was in violation of GDPR." Attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C., notes: "The findings that the security measures were so lax as to present a threat to the maintenance of integrity and confidentiality of the PHI itself - although no PHI was referred to as having been compromised from either a integrity or confidentiality perspective - would in my opinion be sufficient to trigger an investigation."


This campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success. We have been tracking this activity for several months, mapping and understanding the innovative tactics, techniques and procedures (TTPs) deployed by the attacker. We have also worked closely with victims, security organizations, and law enforcement agencies where possible to reduce the impact of the attacks and/or prevent further compromises. While this campaign employs some traditional tactics, it is differentiated from other Iranian activity we have seen by leveraging DNS hijacking at scale. The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways. In this blog post, we detail the three different ways we have seen DNS records be manipulated to enable victim compromises.



Quote for the day:


"If you are not willing to give a less experienced qualified professional a chance, don't complain you are charged double for a job worth half." -- Mark W. Boyer