Google is trying its best to catch up to its competitors in the cloud computing industry, especially the current market leader Amazon Web Services (AWS). In a recent announcement, the search engine giant—and one of the top players in the cloud segment—revealed that it willlaunch a digital store offering a slew of white-label cloud-based software products for use by companies and organizations.
Google will launch the online store in ajoint venture with MobileIron, a company that offers cybersecurity tools for cell phones. Google also plans to bring Orbitera’s commerce platform to the deal while MobileIron will capitalize on its expertise in app distribution, analytics, and security to make the project work.
With the new online store in place, a company will be able to purchase cloud services for eventual distribution to its employees while, at the same time, keep its corporate data secure. The platform, which is expected to roll out later this year, will be accessed through mobile telecom providers.
In its online post, Google promised a host of advantages that the online cloud store could bring to resellers, enterprises, OEMs, and ISVs. For instance, customers can customize bundles, customize branding for both the marketplace and its customers, offer one centralize bill for various services, enjoy a more secure cloud access as well as analyze usage data to see when apps are being used.
In 2016, Orbitera was acquired by Google in a deal estimated to be worth around $100 million, a move that could help Google compete against cloud rivals AWS and Microsoft Azure. Orbitera created a buying and selling platform for cloud-based software.
News on MobileIron’s partnership with Google was positively received by the market. MobileIron shares climbed as high as 14 percent or a high of $4.60 during Tuesday’s trading until it eventually settled $4.62 by afternoon’s close.
As internet users are becoming more aware of online threats, cybersecurity is becoming a serious challenge for internet firms as they scramble for ways to dampen their users’ fears over online vulnerability. To take advantage of this need for more secure online systems, Alphabet, Google’s parent firm, has put up anew independent company with the goal of providing cybersecurity solutions to big businesses.
Alphabet’s new cybersecurity firm is called Chronicle, which will offer state-of-art technology to boost companies’ online security. In particular, the firm will be usingmachine learning technology to help firms in the detection, tracking and blocking cybersecurity attacks.
In apost, Chronicle CEO Stephen Gillett explains that it is the new company’s goal to help businesses address potential blind spots in their online security with its mix of technologies. He believes that Chronicle will give businesses the upper hand against cybercrime:
“Add in some machine learning and better search capabilities, and we think we’ll be able to help organizations see their full security picture in much higher fidelity than they currently can. We hope that by making this mix of technologies available to more companies at affordable prices, we can give ‘the good guys’ an advantage and help us all turn the tide against cybercrime.”
According to Gillett, Chronicle is in a unique position to help the security issues of other companies. First, the company will be running on “fast, powerful, highly-scalable infrastructure” giving it enormous processing power. This means that retrieval and analysis of a large amount of data can be done in mere minutes rather than days, a useful capability in detecting and blocking cyberattacks.
Another advantage Chronicle has is in storage. Due to its infrastructure advantage, Gillett promised that the firm can provide a massive amount of storage to companies that need it at a lower cost.
Gillett is confident that Chronicle can adequately meet any cybersecurity threat proactively. In his post, he wrote that “None of us have to settle for cybercrime being a fact of life, or for a reactive, expensive existence of cleanup and damage control.”
Cybersecurity will always remain a big issue that computing companies such as Amazon Web Services will have to address every time they court potential clients. After all, these clients will want assurance that their sensitive data will remain secure when stored off premises.
With the discovery of the decades-old system flaws like Spectre and Meltdown, assuring clients on the safety of their data is even more challenging for players in the cloud computing business. However, it appears that AWS has this issue already covered. The tech giant recently acquired Sqrrl, a cybersecurity firm with ties to the master of cybersecurity itself —the NSA.
Rumors of the deal started circulating a few months ago thatAmazon was reportedlyeyeing to the startup, which specializes in advanced computer threat prevention and detection. However, the acquisition has now been confirmed by Sqrrl CEO Mark Terenzoni in a post made on the company’s website.
“We’ve reached another milestone in our journey!,” Terenzoni announced in the post. “We’re thrilled to share that Sqrrl has been acquired by Amazon. We will be joining the Amazon Web Services family, and we’re looking forward to working together on customer offerings for the future.”
At the moment, details of the deal are not yet available to the public. However, previous reports place thedeal’s price tag to be around $40 million.
Of course, such a figure is not that much of a big deal to AWS who is still the leader in cloud computing. In the third quarter of 2017 alone, AWS posted a staggering $1.17 billion income from the $4.58 billion it generated in revenues.
Interestingly, the Sqrrl deal comes shortly after AWS announced plans to pick up more business from the U.S. intelligence agencies. In fact, the company revealed that it will be forming a “secret” region of data centers specifically to handle the cloud computing needs of these agencies.
Sqrrl already has ties with the NSA that date back to 2011. In 2012, it handled NSA’s open-source database software called Accumulo.
The numerous data breaches that occurred over the years clearly indicate that cybersecurity is still prone to failure. Every new security measure system defenders come up with is eventually thwarted by hackers.
The number of affected users is staggering. A minimum of 500 million Yahoo users were affected by the 2014 security breach that hit the company. The last US presidential election was rife with reports of hackers stealing sensitive emails. Meanwhile, the US Navy, the Internal Revenue Service, and the Justice Department were also targeted by hackers.
While there have been large-scale attacks on government agencies and the technology sector, hackers have also targeted businesses. As a matter of fact, 15% of international businesses have estimated that their sensitive data was potentially breached or compromised over a one-year period.
The Operation Aurora attack in 2009, saw companies increasing perimeter security using firewalls and VPNs. By that time, Google had already developed a new security architecture—Zero Trust. As the name implies, trust is removed from the system so everyone, whether outside or inside the firewall, is considered a suspect. Everything attempting to connect to a company’s systems must be verified before being given access.
Understanding Zero Trust
The Zero Trust Architecture model was developed by John Kindervag in 2010. Thesecurity system’s concept revolved around the idea that institutions should not blindly trust anything or anyone outside or inside its perimeters.
Previous security paradigms worked on the idea of “trust but verify.” Organizations concentrated on protecting the perimeter under the assumption that everything inside has already been cleared for access and therefore didn’t pose a threat. This method is clearly dangerous now as more corporate data centers are being housed in the cloud, with users (ex. customers, employees) accessing it using applications from devices in multiple locations.
With Zero Trust, the idea is basically “trust no one.” According to Charlie Gero, Akamai Technologies’ CTO of Enterprise and Advanced Projects Group, Zero Trust doesn’t allow access to machines, IP addresses, etc. until it knows who the user is and whether or not they’re authorized.
Benefits of a Zero Trust Security Network
Thezero-trust model meets the security demands that companies need today. The rise of cloud technology, ubiquitousness of mobile devices, and the use of third-party sources have opened a lot of loopholes in security systems.
One major benefit of the zero trust architecture is how it enabled the system to take into account the changing nature of users and their devices. It does so by redefining the user’s corporate identity, along with their device at a given point in time. This provides the system with the context required to make trust decisions at the actual time.
It also diminishes the importance of static credentials, which is an element often used in an attack. Since each access request is individually authenticated and accredited, every credential required to start a secure session is given a limited scope depending on the user and device linked to a particular resource.
Challenges of Zero Trust
As with any security system, organizations that use zero-trust will face challenges. One major challenge is the fact that this is not an install-and-forget setup. Organizations that implement a zero-trust system have to comprehend access rights starting from the lowest level of the technology right up to the topmost level.
It’s often impractical for any corporation to have a complete, exact and detailed picture of all the resources used at each level through the whole enterprise architecture on an ongoing basis. Companies that do take on this daunting task will see their efforts rewarded.
Cost and employeeproductivity can also be an issue with a zero-trust network since there’s some tradeoff between productivity and security. For instance, an employee might be unable to start working while the system is verifying their credentials.
Fully employing a zero-trust system also demands the acquisition of expensive tools and a large amount of administrative manpower to get everything working smoothly. Luckily, sectors like IT support and employee productivity will see reduced spending once the system is running.
There are still a lot of questions and doubts about the zero-trust security system. Some sectors believe doing away with trust is virtually impossible. There’s also the issue of cost and implementation. But there’s also no denying that the principle of the system is a good and achievable goal.
If you value your internet browser’s speed and security, you might have to ditch your current one. There’s a new kid on the block, one that claims to be even faster and more secure than the world’s leading browser, Google Chrome.
Google Chrome slower, less secure and worse for battery life than Microsoft Edge, claims Microsoft https://t.co/LOUqKL7Zbi
Currently, the Chrome browser is a lot more popular than its rivals, controlling 58 percent market share. However, Microsoft plans to knock Chrome off its perch with a bold new claim for its Edge browser. The company started its assault on New Year’s Eve by releasing two new ads highlighting Windows 10 Edge’s superiority over Google Chrome in terms of speed, security, and battery efficiency.
The 30-second ads claimed that “Microsoft Edge is up to 48 percent faster than Google Chrome” and also “The faster way to get things done on the web.”
Microsoft also claims that its Edge browser is even safer than the Google Chrome. In the ad, the company points out that “Microsoft Edge blocks 18 percent more phishing sites than Google Chrome,” adding that using Edge is “The safer way to get things done on the web.”
Apparently, Edge is better on battery life too.
While Microsoft has not exactly explained how it arrived at these two conclusions, it is possible that it may have based its statements on tests done by cybersecurity firm NSS Labs back in October of 2017. Based on the result of NSS Labs’ tests, Microsoft Edge showed the strongest browsing security by blocking 92.3 percent of phishing sites. Meanwhile, Google Chrome managed to block only 74.5 of the sites while Mozilla Firefox had a 61.1 percent block rate.
At the moment, Google has not yet released a statement in response to Microsoft claims.
The year 2018 is poised to be an exciting time in the payments industry as new trends and technologies emerge.
The previous year actually witnessed some major changes in how payments were made. Consumers were introduced to new transfer methods and the PSD2 push as the demand for safer, smarter, and faster transactions reached critical mass.
It actually feels like 2017 was just laying the foundation for some significant changes in the payments process, and this year is when all the promised developments will finally come to fruition. To that end, here are three trends that could change how payments are made this year:
Improved Security and Enhanced Data Protection
Security is even more critical now that more channels have been opened for consumers to pay bills and receive money. Businesses will be paying more attention to cybersecurity, compliance, and fraud prevention in 2018 as any missteps in this area can seriously undermine their business and relationship with their customers.
Due to the massive data breaches that happened in previous years, it’s safe to assume that fraudsters will take advantage of any new personal information they receive about consumers. Because of this, payment tokenization and the rise of “omnichannel tokenization” is expected to become more mainstream this year.
Tokens are unique and their use can be restricted to a particular merchant, device or transaction. This enables merchants to isolate threats and prevent fraud. However, therise of tokenization would also mean that Token Service Providers will also gain greater importance in payment processes.
Rise in Demand for Chinese Wallets
China is slowly making its presence known in the realm of financial technology. Companies like WeChat have already made serious forays in the West in a bid to court more users. China’s social media icon has already rolled out the payment platform WeChat Pay in the UK since last year. It now has plans to put up a headquarters in the country as well. WeChat’s parent company, TenCent, has already established an office in the US as it works to expand its service in the country.
Despite a slow start, digital retail wallets are expected to have an upsurge in popularity this year. More and more consumers will use a merchant payment apps to ensure faster purchases while in brick-and-mortar stores. Digital wallets integrating scan-and-go technology will allow shoppers to scan products using their smartphones, checkout in-app and leave the store, thereby doing away with the frustration of dealing with the checkout line. In cases when checkouts are still required, digital wallets can support different payment technologies, like Bluetooth, NFC, or QR Codes.
Retailers can also use digital wallets to improve customer relationships and provide meaningful value-added services. The majority of consumers are motivated by VAS, but the challenges of redeeming points or activating coupons can be daunting, resulting in billions of reward currency remaining dormant or unclaimed. Offering simplified VAS in a retail wallet can help drive sales and improve consumer loyalty.
Consumers can expect a vastly different billing and payment experience in 2018. But whether these changes will come in the form of digital wallets or tokens, the theme will remain the same—being able to pay wherever and whenever you want.
The marketing industry generates billions of dollars every year. After all, every company needs ads and various marketing strategies in order to reach their target consumers.
Forrester, a leading market research company, even said that by 2021, digital marketing costs will reach $120 billion. Unfortunately, about half of ad traffic is created by bots. It’s a decidedly dishonest practice, especially when you consider how much money companies put out just to reach prospective clients. But this practice might soon come to an end once businesses have a greater capacity to focus on specific customers.
Graphic via Techspot.com
It’s a good thing then that digital marketing is very dynamic and open to change. It easily adapts to new technology and the shifting perceptions of customers. At the moment, there’s one tech advancement that has the potential to change digital marketing (and the world) like never before – the blockchain.
What is Blockchain?
Blockchain might seem too technical for most people to fully grasp, but it’s a fairly simple concept. The technology is essentially a public ledger that stores and distributes data. More importantly, everyone that uses blockchain can see and share all its data and by doing so, each user plays a role in keeping it updated and transparent.
The system works by keeping data stored in a chain-like pattern and the transaction history is stored in “blocks.” Information stored in a blockchain can only be added to. It can’t be changed or copied. If someone were to attempt to change the history or hack the system, the ledger would have to be updated on all the users’ computers. Considering the number of users in a blockchain, this would be almost impossible to do, making the service very secure.
How Will it Impact Digital Marketing?
Blockchain is often linked to cryptocurrency. It’s decentralized nature, the freedom it offers, and heightened cybersecurity features makes it perfect storage for virtual money. However, blockchain also has a major impact on digital marketing.
It Will Take Out the Middleman
There’s always a middleman in digital marketing which means businesses only get half the value of what they have paid. Blockchain can do away with these intermediaries and help create better value for marketing campaigns.
Graphic via Linkedin.com
With a blockchain, companies can forego the ad buy process and just target their prospective customers directly by paying them to view the ads. Businesses can use “microcurrencies” that customers can avail of once they’ve proven that they have watched the ad. The Brave browser has already started this, using their Basic Attention Token (BAT) to ensure that companies only pay for the ads that have been viewed by a real person.
Trust is Built With Transparency
One concern that companies have with online advertising is that it’s virtually impossible to know if the stats provided are accurate. There’s no way to check if the counted site clicks or followers are real customers, or even real people, for that matter. After all, ad companies can hire “clickers” or use bots to boost ad stats so distributors can charge higher fees.
Blockchain will definitely have a significant impact here. Since the system is encrypted and transparent, companies can easily check if those viewing their ads are part of their target audience or not.
Improves Accountability
There’s nothing more disheartening than spending your hard earned cash on a counterfeit product. Blockchain can lessen the odds of this happening by improving merchants’ accountability in every step of the supply chain.
Blockchain’s vaunted digital ledger system enables transparency that cannot be tampered with. Customers can check details like where the product came from, if it’s legit or fake, whether it’s bought from a physical store or an online action. Simply put, blockchain empowers the customer and improves their buying experience.
There’s no question that the idea behind blockchain is a powerful one. The technology has the potential to impact cryptocurrency, digital marketing, and customer experience. The system is still in its infancy but is expected to see significant growth in the coming year.
Google and Salesforce have come to an agreement, one that will see the former’s G Suites productivity apps directly integrated with the latter’s CRM service. The impressive partnership between the two companies was one of the highlights of this year’s Dreamforce event.
While the two companies have been associated with each other for more than a decade, the new arrangement will see Google Cloud becoming Saleforce’s prime choice of public cloud provider, as well as becoming its key cloud provider for the global expansion the company is said to be making.
Not only will thispartnership see the integration of Salesforce’s service with Google’s G Suite software, it will also give Salesforce’s clients a free G Suite subscription that will be good for a year. This means clients who run G Suite will have access and be able to share information from their accounts in Google Calendar, Gmail, Drive, Docs, and Hangouts. It will also feed data from the CRM platform’s Sales and Marketing Clouds into Google Analytics 360. It’s expected that Google Analytics 360 will already be embedded in Salesforce’s Sales and Marketing Clouds by the first six months of 2018.
The alliance between Google and Salesforce will also see Quip being integrated as a live app in both Google Calendar and Drive. This will permit users to work in those apps inside a Quip document. The feature will be available to Quip license holders by the first half of 2018 as well.
Salesforce CEO Marc Benioff described the partnership as a way for customers of both companies to have the best of both worlds. He explained that it will make it easier for companies tomanage their business in the cloud, whether its analytics and emails, sales, service and marketing apps, and even productivity apps. Benioff also promised that the deal between Salesforce and Google will assist in making clients work smarter and become more productive.
The integration of Salesforce’s data into the Calendar, Drive, and Gmail has already commenced, and other integrations are set to be released next year. What’s more, the tie-up with analytics is reportedly scheduled to be rolled out next year and will be offered for free.
Salesforce and Google do not have time to rest on their laurels though, as Microsoft has been determinedly targeting the two companies’ services through the Azure and Office 365 platforms. Luckily, Google and Salesforce’s new alliance means that they have their own means to counter Microsoft’s prime selling points.
Google has fittingly chosen October to make several security-related announcements. Dubbed as the Cybersecurity Awareness Month, the search giant announced that it will introduce a host of security enhancements to Chrome and Gmail for a more secure online browsing.
For instance, Google has improved Chrome’s Safe Browsing Technology to prevent unsuspecting users from unwittingly giving away their personal credentials also known as phishing. Chrome browsers will now enjoy an added layer of protection as Google deployed what it calls “predictive phishing protection.”
With predictive phishing protection in place, users will be warned that the website they are trying to access could be problematic. According to Google, the technology could detect that a site is used for phishing even if it has only been recently opened and has not yet existed long enough to be tagged as a phishing site as an analysis of potential risks will be done in real time.
At the moment though, the predictive phishing protection only covers Google account passwords. However, it is possible that its reach may expand in the future to include all passwords and login credentials saved in Chrome’s password manager.
In addition, Google has recently added some antivirus functions to Chrome for Windows, according to The Verge. The browser has a new option to detect possible tampering to its settings caused by rogue extensions. The browser’s built-in cleanup tool has also been improved to allows users to remove harmful software at the press of a button. While the cleanup tool is now touted to be more powerful thanks to Google’s partnership with IT security company ESET, the search giant warns that the revamped tool should not be considered a total replacement for regular antivirus software since it only guards against violations to Google’s Unwanted Software Policy.
Meanwhile, Gmail users who suspect they may be targeted online may now opt to use the recently rolled out Advance Protection Program. Basically, Gmail accounts enrolled on it will have another layer authentication protocol to prove to the system that anyone trying to access the mails is the legitimate owner. This is achieved with the use of a USB Secure Key for PC access while authenticating email access on mobile devices is done via a Bluetooth Security Key, which can be bought for $20.
Cybersecurity expert Symantec is looking to cut down on its data center costs by moving some of its workload to Microsoft Azure. The deal between the two companies, which was revealed on Monday, would see Symantec delivering its Norton product line to its customers from Azure.
Microsoft announced that Symantec has already moved “105 critical consumer digital safety capabilities” to its data centers to provide support for services like advanced threat protection, reputation scoring, and security telemetry. Thesecurity firm is alsoutilizing Azure to keep track of its financial, security and operational metrics.
However, this extensive cloud migration will take time and extensive planning before it’s finalized. Moving the selected apps and data to Microsoft’s cloud servers will take about 18 months from its commencement last year to its expected completion on March 2018.
This isn’t the first time that Microsoft and Symantec have worked together though. But this latest collaboration comes on the heels of Symantec’s view to adopt hybrid cloud policies to enhance performance and agility while lowering their operating costs.
Sheila Jordan, Symantec’s CIO and senior vice president, said that the cloud is crucial in their strategy to streamline operations, accelerate innovation and protect and empower their customers. She also added that Microsoft has been a reliable partner in ensuring their strategy’s success.
The Mountain View-based security software company’s decision to have Microsoft’s cloud facilitieshost its line of consumer security products is not only a major win for Azure but also a clear affirmation of the company’s data security capacities.
Symantec’s current plans will undoubtedly assist Microsoft and its partners to sell the cloud to large enterprises. A lot of companies are still laboring under the assumption that the cloud is less secure than in-house data centers. But having two major enterprises like Microsoft and Symantec standardizing their workloads on Azure would give other businesses the confidence to shift their own data and software over to the cloud.
Public cloud facilities like Azure or Amazon Web Services are composed of a large set of computer servers, networking apparatus and storage systems which are rented out to companies that do not want to run or expand their data centers. This is particularly useful to businesses with uneven workloads.
A lot of big companies, like Salesforce and Infor have already taken advantage of the cloud’s capabilities for about two years now. Hopefully, many more companies will follow them into the cloud.
Driverless vehicles have the ability to literally change the world by making driving safer, more energy efficient, more accessible, and many will be happy to hear… eliminate congestion and gridlock. The government today made an important first step in truly making this possible.
“Today is an important moment at the Department of Transportation,” announced Anthony Foxx, US Secretary of Transportation. “We have issue record recalls, we still have too many people dying on our roadways and we have too many Moms and Dads stuck in traffic losing productive time with their families. In the 50 years of the Department of Transportation there has never been a moment like this.”
He added, “A moment where we can build a culture of safety as new transportation technology emerges that harnesses the potential to save even more lives and that will improve the quality of life for so many Americans. Today, we put forward the first Federal policy on automated vehicles. The most comprehensive national automated vehicle policy that the world has ever seen. It is a first of its kind.”
“It is taking us from the horseless carriage to the driverless car,” says Foxx. The policy is effective today, but the agency welcomes ongoing dialogue and will make changes as time goes on. “The focus on this technology will always be safety.”
The New Driverless Vehicle Policies
The new policies by the National Highway Traffic Safety Administration (NHTSA) will also let those “drive” without a drivers license, just like they do currently with Uber, Lyft and taxis. The government differentiates rules and regulations for cars requiring a driver and those that don’t.
If you were wondering, driverless cars will not have to have steering wheels or brake pedals. The agency says they have been charged with creating a path toward fully autonomous vehicles.
The 15 point assessment is designed to recognize that driverless vehicles are a rapidly changing and emerging technology. It does however, let the industry see a roadmap for how the government will deal with the regulatory environment for autonomous vehicles. Their goal is to build a safety culture now around autonomous vehicles, instead of as an afterthought.
The bottom line is that the NHTSA is extending its rulemaking authority to driverless vehicles.
Autonomous Vehicles Will End Drunk Driving
Also speaking during the announcement was the National President of Mothers Against Drunk Driving (MADD), Colleen Sheehey-Church, saying “over ten thousand people continue to die each year needlessly due to drunk driving.” She added, “A fully autonomous vehicle would stop a drunk drive simply because they can’t physically drive the vehicle.”
“I would also like to point out the driverless cars can do much more than simply stop drunk driving, these vehicles could potentially stop most of the traffic deaths in our country,” says Sheehey-Church. “A driverless car is not distracted, it ensures that the occupants are traveling at appropriate speeds and it would avoid pedestrians and bicyclists.”
“While improving safety, a driverless car would also create new mobility opportunities,” she said. “Older drivers who may be shut in or unable to drive may be able to drive at night again. Members of the disabled community who may not be able to drive could now have new opportunities for transportation like never before.”
“To that end, MADD is proud to support the new proposal on autonomous vehicles,” she said.
Watch the HAV Press Conference here:
Overview of Federal Automated Vehicles Policy
The Obama Administration today has released the first set of guidelines for fully autonomous vehicles called the Federal Automated Vehicles Policy. The 8 page policy release predicts a driverless car future that will create safer roads and many more energy efficient transportation options. Although the main focus of the new policy is about highly automated vehicles (HAVs), there are portions that also apply to lesser levels of automation such as the driver assist systems found in Tesla’s and other high end cars.
“We’re envisioning a future where you can take your hands off the wheel and the wheel out of the car, and where your commute becomes productive and restful, rather than frustrating and exhausting,” said Jeff Zients, who is Director of the National Economic Council and Assistant to the President for Economic Policy, in announcing the new policy.
The government sees autonomous vehicles as a way to leap current hurdles for the 4 million Americans who are living with a disability as well as older people who have difficulty seeing at night. They also view it as a way to make our society more fair and just, where vehicles are made assessable for all. They even believe that blind people will eventually be able to use driverless cars to get around, with innovative technology that will be developed to assist.
The policy guidelines which were developed over several years are a work in progress and will be updated annually with the goal of keeping the regulations up-to-date with the rapidly evolving technology.
Components of the Policy
Vehicle Performance Guidance for Automated Vehicles: The guidance for manufacturers, developers and other organizations outlines a 15 point “Safety Assessment” for the safe design, development, testing and deployment of automated vehicles.
Model State Policy: This section presents a clear distinction between Federal and State responsibilities for regulation of HAVs, and suggests recommended policy areas for states to consider with a goal of generating a consistent national framework for the testing and deployment of highly automated vehicles.
Current Regulatory Tools: This discussion outlines DOT’s current regulatory tools that can be used to accelerate the safe development of HAVs, such as interpreting current rules to allow for greater flexibility in design and providing limited exemptions to allow for testing of nontraditional vehicle designs in a more timely fashion.
Modern Regulatory Tools: This discussion identifies potential new regulatory tools and statutory authorities that may aid the safe and efficient deployment of new lifesaving technologies.
Vehicle Performance Guidance
The policy creates a 15-point Safety Assessment which outlines objectives on how to achieve a robust design. It allows for varied methodologies as long as the objective is met:
Operational Design Domain: How and where the HAV is supposed to function and operate;
Object and Event Detection and Response: Perception and response functionality of the HAV system;
Fall Back (Minimal Risk Condition): Response and robustness of the HAV upon system
failure;
Validation Methods: Testing, validation, and verification of an HAV system;
Registration and Certification: Registration and certification to NHTSA of an HAV system;
Data Recording and Sharing: HAV system data recording for information sharing,
knowledge building and for crash reconstruction purposes;
Post-Crash Behavior: Process for how an HAV should perform after a crash and how
automation functions can be restored;
Privacy: Privacy considerations and protections for users;
System Safety: Engineering safety practices to support reasonable system safety;
Vehicle Cybersecurity: Approaches to guard against vehicle hacking risks;
Human Machine Interface: Approaches for communicating information to the driver,
occupant and other road users;
Crashworthiness: Protection of occupants in crash situations;
Consumer Education and Training: Education and training requirements for users of
HAVs;
Ethical Considerations: How vehicles are programmed to address conflict dilemmas on
the road; and
Federal, State and Local Laws: How vehicles are programmed to comply with all
applicable traffic laws.
Model State Policy
The policy emphasizes that states will continue with their traditional responsibilities for vehicle licensing and registration, traffic laws and enforcement, and motor vehicle insurance and liability regimes while also carving out a new Federal role for autonomous vehicles. The goal is to not have states stepping all over themselves with a hodgepodge of rules, making it impossible for self-driving cars to drive between states.
The Federal responsibilities include setting safety standards and enforcing them, investigating safety issues and managing recalls, public education on driverless safety and communicating future guidance to the public in order to achieve national safety goals.
The Feds also created a regulatory framework model for states to follow in order to create a consistent approach to governing autonomous vehicles:
Application by manufacturers or other entities to test HAVs on public roads;
Jurisdictional permission to test;
Testing by the manufacturer or other entities;
Drivers of deployed vehicles;
Registration and titling of deployed vehicles;
Law enforcement considerations; and
Liability and insurance.
Current Regulatory Tools
Especially interesting is the governments forward looking approach in trying to make existing laws work to allow the use of driverless vehicles. This will be done via government agency reinterpretation of existing laws, using Letters of Interpretation, basically stretching them as far as they can go without changing their intent.
The policy is also going to use its current power to provide limited exemptions to vehicle manufactures to test new designs of cars that are not currently allowed. For instance, all cars must have a steering wheel, except that you don’t need one in a driverless car and it could even add danger because people could bump into it. Exemptions will allow manufacturers to bypass “buggy whip” rules that aren’t applicable in a vehicle that nobody is driving.
They have also created a path to more permanent ways to bypass old safety and design rules using a petition for rulemaking. This allows manufactures to adopt new standards, modify existing standards, or repeal an existing standard.
Modern Regulatory Tools
The new policy identifies new tools that could be created under current law while also laying the foundation for new laws requiring Congressional action. Within this section the policy is a first step toward reinventing laws and regulations of the world’s likely driverless future revolving around safety issues, software updates, regulation processes, record keeping and data sharing.
Data sharing is an area the self driving industry may not be too happy about. They are likely to focus their army of lobbyist on Congress to make sure they aren’t giving up their proprietary data that they have spent millions obtaining.
Google recently conducted a roundtable of in-house experts discussing how Google uniquely provides a secure platform for businesses to store their data online. Google experts tell the story of how Google invented innovative technology allowing them to keep their customers information and data safe from digital intruders.
“Information security has become such a hot topic,” stated Eran Feigenbaum, Director of Security for Google Apps. “With the increase in cybercrime, the trends in privacy, the changes in regulations, it’s something that businesses can’t ignore. Enterprises all over the world are concerned about security.”
Companies around the world are rapidly moving toward cloud computing spurred on by the success of Amazon’s AWS platform. Google has been working hard to catch up especially in regards to large enterprise companies that require an extreme level of security.
“The move of businesses to cloud computing has really increased,” said Feigenbaum. “Companies see the benefits of lower cost, but also the ability to innovate faster for users to collaborate. But one of the big areas of hesitation is security, right? Companies are not comfortable putting their own data into the cloud.”
Should Companies be Concerned About Cloud Security?
“I think we’re seeing a real sea change right now with respect to people understanding that the cloud is more secure than on any on-premise solution,” says Suzanne Frey, Director of Security, Privacy, and Trust at Google. “If you just think about it, mathematically, you’ve
got all these different on-premise solutions and individual teams trying to do the right thing.”
Frey says that Google is extremely focused on putting their best talent and expertise on making sure that the Google Cloud solution is secure. “If you take a look at our customer base, we have some of the world’s largest banks. We have some of the most stringent government customers. We’re FedRAMP certified here in the US, and the fact that we can solve for security for all of those customers is a great testimony to our capabilities,” she adds.
She sees Google as different than other cloud providers. “In addition, we solve for something special,” said Frey. “In talking to our customers, it’s our ability to innovate and to bring new ideas to bear that help enable them to be competitive, productive, and truly novel, and focus on the things that matter to them. That’s part of our really special secret sauce.”
Frey adds, “I often say to people, at Google, security comes in two forms, it’s both traditional cybersecurity, but it’s also security against technological stagnation.
Innovation Vs. Security
Can a cloud provider be too secure at the expense of innovation? “Actually, I like the observation about being too focused on security to the exclusion of innovation,” says Adrian Ludwig, Director of Android Security, in reply to Frey’s observation. “I hadn’t seen that phrased that way. But I think one of the changes that we’ve seen in the mobile space over the last few years is companies have focused first and foremost on innovation–Android being a great example of that– but we’ve tied it to a security model that is how people actually consume applications and services.”
“So we thought about the web and sandboxing model that was used on the web, and we incorporated that in the way we built application sandboxing,” Ludwid added. “I think a consequence of that is cloud services are becoming more and more important. Most applications that are built for Android, or that are built for mobile, regardless of your mobile platform, are really cloud-based. So I think those two are tied together, because both of them, we’re thinking about innovation first and foremost, and the security has sort
of unlocked that innovation.”
The Cloud Has Security Advantages
“We have a complex set of systems that we’re dealing with today and they get more and more complex over time,” said Tim Willis, Technical Manager of Chrome Security. “We also have adversaries with increasing levels of sophistication. So you’ve got that on one side and on the other side, we’ve got IT managers having to defend their networks. The problem with defense is you need to defend everything incredibly well. Attackers only need to find one hole into your network.”
Willis adds, “I think that’s where an advantage of moving to the cloud is that you have dedicated teams with robust experience. Some of the people who I work with wrote my textbooks in university and it’s one of those things that I get to work with these experts and that’s all they do. They focus on security, and that’s one of the huge benefits, in my point of view, of moving to the cloud.”
Safety of the Data that’s Not at Google
Do cloud providers have a responsibility for data safety when the data leaves the cloud?
“Safe Browsing would be a good example of something that we can do at very, very large scale, where we actually believe that the right approach is make the entire internet safer.,” says Stephan Somogyi, a Product Manager in Google’s Security and Privacy Engineering Team. “So we build systems that hunt around and find malware and find phishing and then we go and report this.
“An individual consumer can benefit from this, because their web browser will let them know,” adds Somogyi. “In a cloud environment, enterprises can take advantage of this data as well and keep themselves protected. We take this approach through a number of different areas– certificate transparency being another example– where we’re taking a look at the internet as a whole and finding ways to keep it safe at scale.”
Google Cloud Security Innovations Moving the Needle
“For the longest time, we have been talking about sort of two-factor authentication is critically important for most organizations to implement,” said Frey. “Many customers use Google Authenticator and other apps like that to generate a one-time passcode, and those are great. They’re certainly better than nothing, right? However, a hardware-based security key is just quantum leaps ahead in terms of they’re not hackable and they really do protect our customers from phishing in a way that, basically, the one-time passwords do not.”
“One of those (not so glamorous) things is encryption for me,” said Willis. “It may not seem incredibly innovative, but we’re working really hard to make sure that all of our traffic is encrypted at rest and at transit. One example where we’re being open with that is our HTTPS Transparency Report. Now, you can go to that site and you can see our progress towards our goal of 100% encryption in transit through all of our products.”
“Again, another example would be working with TLS 1.3.,” added Willis. “That’s the next generation of Transport Layer Security. Now, it may not sound glamorous, but we’re not only
helping to implement that, we’re helping author the next version. That shows that we’re in the mix and we know what technologies are around the corner.”
Willis explained that a practical application of that would be Progressive Web Apps. “These are low friction web applications, which are designed to help increase engagement and have an app-like experience for customers and businesses,” he said. “We’ve seen studies how that increases engagement, and it’s fantastic, it’s easy across the board.”
“Why am I talking about it?” asks Willis. “TLS is actually a hard requirement for those apps. So it’s one of these things where not only are we innovating, we’re making sure that security is baked in from the get-go. I think that’s one huge advantage of Google.”
“There’s a couple of elements about that that are interesting to me,” said Ludwig. “One of them is it’s not so much that the security itself is innovative, it’s about using an innovative product to make security available.”
Ludwig says that what they did early on with Android is thinking about the platform stack. “We were like, OK, you need to have a verified boot, and you need to have encryption, and you need to have sandboxing,” he said. “Those are all sort of, I think at this point, almost commodities for an operating system. But one of the things that Google brought to bear was security services. It’s going to be a cloud-connected device and we’re going to make all of those services available, by default, on all of the devices.”
“We started thinking about, how do you bind services into the operating system itself? We added things like SafetyNet and Verify Apps, where there are effectively hooks in the operating system where we can make sure that we’re adding security dynamically over time.
And so we can innovate in security even more quickly than we can innovate in the operating system itself,” added Ludwig.
Interestingly, Ludwig says that most people don’t even realize this about the Google Cloud. “But that’s OK, because they’re safer and they’re happier as a result of it.”
The Hard Rock Hotel & Casino in Las Vegas discovered a major breach of their credit card processing data with card scraping malware placed on its payment-card system. Cardholders who purchased anything at Hard Rock Las Vegas including restaurant and retail outlets between October 27, 2015 and March 21, 2016, could have been affected. The popular Las Vegas party resort popular with celebrities first noticed irregularities in May.
“The investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the program only found payment card data that did not include cardholder name. No other customer information was involved.”
“Once again, we see another hotel being breached by what is suspected to be malware that was placed on a payment-card system,” stated John Christly, who is a Cybersecurity Evangelist at Netsurion. “Customers like this need to understand that they are in a digital war with the hackers that want this type of data.” Christly bluntly calls this “a a war that is being won, in many instances, by these hackers and that absolutely needs to change.”
Zach Forsyth, Director of Product Strategy at Comodo tells us why hospitality organization are targeted by hackers:
“Hospitality organizations are ideal targets for the cybercriminal today because they handle highly valuable personal and financial information—the proverbial goldmine for the cyberthief. Large, well-known chains are even more susceptible targets due to the sheer volume of data that they store and share.
Unfortunately, many of these companies have antiquated IT security technology in place, which is an easy workaround for the hackers. It’s a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left. By then, it’s too late. The focus for IT departments needs to be on protection, not detection, and installing modern secure Web gateways and advanced endpoint protection solutions that can stop malware and cyberattacks from compromising data and negatively impacting their businesses and customers.”
“We advise our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target, but it’s still no secret that large brand name companies like Hard Rock are unfortunate targets for hackers— enticing them with large quantities of valuable information such as credit card data for patrons, sensitive employee data for staff, and sometimes even medical data used by in-house care facilities, added Christly. “Many recent breaches have involved malware that, once installed, works to steal sensitive data.”
“There’s no silver bullet strategy to defend against every threat. However, a strong line of defense is making sure that data doesn’t leave the network without the admin’s knowledge and if data is sent out, it only goes to verified Internet addresses. This is where having a relationship with a managed security provider can help, since it is very difficult to defend against the emerging threats of today’s cybersecurity world on your own.”
According to the Wall Street Journal, “In the past year, Hyatt Hotels Inc., Starwood Hotels & Resorts Worldwide Inc. and Hilton Worldwide Holdings Inc. all reported data breaches of their credit and debit-card processing systems.”
We live in an uncertain age – trust is all important, yet online it is in short supply indeed – according to figures from Sophos, an amazing 30,000 websites are hacked every day to distribute malware to unsuspecting visitors. This vast figure can be attributed to the ease with which hackers can find and exploit vulnerable websites – both the Panama Papers Gate and Ashley Madison were compromised via insecure websites, and show that size is no defence. Gartner completes the concerning picture by pointing out that the vast majority (70%) of vulnerabilities exist at the application layer, not the network.
However, for companies attempting to mitigate web security threats, there has been no choice but to purchase very expensive manual penetration testing, or alternatively rely on automated software riddled with false-positives – according to a recent NCC research, even the best-rated vulnerability scanners return at least 50% false-positives (vulnerabilities that do not exist, but are erroneously reported by the scanner). However, the biggest risk of vulnerability scanners are false-negatives – real vulnerabilities that security software is unable to detect due to their complexity. Unfortunately, reliable and tailor-made penetration testing is simply not practical for small and medium companies – so what can web agencies and webmasters do to keep their websites secure? We’ve picked three simple areas to focus on to improve security:
Check web server security
Before looking at your web application, you should make sure that your web server is securely configured. A properly setup, secure web server configuration can prevent many vectors of such common attacks as Cross-Site Scripting (XSS) and also protect your website visitors’ privacy. High-Tech Bridge, an experienced web security company and Red Herring Europe 2016 winner, provides a free online web server security test for this purpose. The service will carefully examine your web server configuration, its HTTP headers and do some additional security and privacy tests such as probing your cookies.
Configure SSL/TLS encryption
How many users do you think access your website via public or insecure wireless networks? Probably at least half, according to our figures, which is why it’s essential to test how good your SSL/TLS encryption is. High-Tech Bridge also provides a free SSL security test that can tell you if your HTTPS encryption is compliant with PCI DSS requirements, NIST guidelines and multiple industry best-practices. Once you’re happy with your web traffic encryption, you can also check SSL of your email server – as High-Tech Bridge’s free service supports any protocols, not only HTTPS.
Don’t be caught out by phishing and cybersquatting
High-Tech Bridge completes its portfolio of free web security services with domain security radar. The new service reveals various unethical, malicious or illegal activities with domain names, such as identity theft, brand and trade mark forgery, domain squatting, typosquatting and phishing.
Test the known unknowns
Now we come to the most interesting, and the most complex part – security of your website or web application. SQL injections and XSS have become the main reasons for the vast majority of data breaches these days. However, detecting vulnerabilities in the complex systems we have today requires vast manpower and computing resources, and each on its own isn’t very effective.
A recent study from MIT discovered that neither human nor machine alone was overwhelmingly successful at maintaining cybersecurity on their own, but became effective when combined. This hybrid thinking has guided the development of High-Tech Bridge’s Web Security Platform ImmuniWeb® for years, bringing the best of both worlds to the table. ImmuniWeb web security assessment is based on the award-winning hybrid technology that combines managed web vulnerability scanning with manual penetration testing in real-time, bringing together the strengths of the human brain and machine-learning algorithms in one fell swoop.
ImmuniWeb web security assessment detects the most complicated web application vulnerabilities that all other solutions miss, provides personalized solutions for each security flaw, and guarantees zero false-positives. If you are running a website based on WordPress, Joomla, Drupal or any other popular CMS, the ImmuniWeb Express package will perform a holistic and comprehensive security audit for as little as $299 – cheaper than you would pay for SSL EV certificate, and much cheaper than a simple automated scanner detecting much more security vulnerabilities.
About High-Tech Bridge
High-Tech Bridge is a strategic partner of PricewaterhouseCoopers (PwC) for web application security testing, and a globally recognized leader in the web security auditing market. Their customer base includes some of the largest financial institutions, insurance companies, and banks, as well as small and medium companies and NGOs. High-Tech Bridge has won numerous awards for technological innovation and excellence. More information: https://www.htbridge.com/
Nearly half (43%) of organizations spanning 18 business sectors throughout North America, EMEA, Asia/Pacific and Latin America, are already using or plan to use the Internet of Things (IoT) in 2016. This comes from a November poll by technology research firm Gartner of 465 IT and business professionals in these regions.
29% of respondents say their organizations are currently using IoT. An additional 14% say they plan to implement IoT this year while another 21% said they plan to after 2016.
“In other words, the number of organizations adopting IoT will grow 50 percent in 2016, reaching 43 percent of organizations overall,” Gartner says. “In aggregate, the majority of organizations (64 percent) plan to eventually implement IoT. However, it is also important to note that another 38 percent have no plans to implement IoT, including 9 percent that see no relevance whatsoever in the technologies.
“While there is near universal acceptance of the importance of the IoT, less than a third of organizations surveyed were actively exploiting it,” said Gartner Research Director Chet Geschickter. “This is largely because of two reasons. The first set of hurdles are business-related. Many organizations have yet to establish a clear picture of what benefits the IoT can deliver, or have not yet invested the time to develop ideas for how to apply IoT to their business. The second set of hurdles are the organizations themselves. Many of the survey participants have insufficient expertise and staffing for IoT and lack clear leadership.”
The firm estimates that more than half (56%) of businesses in asset-intensive industries will have implemented IoT by the end of 2016, and that a third (36%) of service-oriented “light” businesses will.
So far, for businesses who have already implemented IoT, the primary business case, according to Gartner, is internally focused, such as improved efficiencies, cost savings, and enhanced asset utilization, as opposed to external-facing IoT implementations for enhancing customer experiences or increasing revenue.
Cybersecurity, integration and management of business requirements are considered to be the biggest challenges associated with the IoT. Still, 2016 is poised to be a “very big year” for IoT adoption, according to Gartner.
It’s official – Google Fiber’s next stop is San Antonio.
This will be the biggest city to which Google’s brought its high-speed internet.
According to Google, the Fiber installation will require over 4,000 miles of cable.
“From starting Bexar BiblioTech, the first all-digital public library in the U.S., to being named a leading city in cybersecurity, San Antonio has developed a thriving tech landscape. Hundreds of startups have found their home in the Alamo City through collaborative workspaces and accelerators like Geekdom and Cafe Commerce. Moreover, San Antonio’s recent selection for President Obama’s Tech Hire and Connect Home initiatives will help create a pipeline of tech jobs and narrow the digital divide. With speeds up to 1,000Mbps, compared to the U.S. average of just 12Mbps (Akamai, Q1 2015), Google Fiber will further fuel the city’s growth,” says Texas Google Fiber head Mark Strama.
In January, Google announced Atlanta, Charlotte, Raleigh-Durham, and Nashville as next stops for Fiber. In March, Salt Lake City got the nod.
As of today, Fiber is up and running in Kansas City, Provo, Utah, and Austin.
“Kansas City, Provo, and fellow Texas tech-hub Austin have already shown what’s possible when growing cities and businesses have access to gigabit internet. In the homes of those using Google Fiber, families spend less time arguing over bandwidth, and more time surfing the web,” he said.
Katherine Archuleta, Director of the Office of Personnel Management, has stepped down from her position in the wake of two major security breaches last year. According to some estimates, the two security breaches exposed the personal information of at least 22.1 million people.
China is said to be behind the breach, but it doesn’t really matter who is behind it. It could be pimple-faced kids on TOR in a basement, selling Social Security Numbers to kiddie porn vendors. The fact is, it’s not hard to get our government’s data.
Archuleta had resisted stepping down, but finally told her staff in an email on Friday morning, “I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work.”
In other words, Katherine Archuleta dove under the bus for the team. Interestingly, OPM’s chief information officer, Donna Seymour, is not going anywhere.
Consider this: Katherine Archuleta had only been on the job at OPM for 17 months when she left. The breaches happened last year. When she was first confirmed for the position, she announced as a priority the replacement and upgrading of the government’s “antiquated computer systems.”
Even as she was run from the building, Archuleta was screaming that it was the government’s “legacy” computer systems that were to blame for the problem, and that she had been trying to fix the issue all along.
White House press secretary Josh Earnest told reporters that Archuleta resigned “of her own volition.”
“The president thinks it’s quite clear that new leadership with a set of skills and experiences that are unique to the urgent challenges that OPM faces are badly needed. There are significant [cybersecurity] challenges that are faced not just by the federal government, but by private-sector entities as well. This is a priority of the president.”
Anyone who has ever stood in a DMV, applied for Food Stamps, or served in the United States military knows this is an utter crock.
Have you ever seen a government employee boot up a shiny, new computer to handle your case, only to open up a small window on the desktop that won’t take mouse input, has green characters and a black background? The poor worker curses and bangs on the Tab key, hitting Function buttons to open more windows for each task.
That is a “legacy” system laid over top of a slick new computer. It’s old, it probably goes down a lot, and everyone hates it. “Legacy” means it’s old crap grandfathered in from six administrations ago, and you’re stuck with using it. No one dares shut everything down to migrate all that data to new systems. So they keep patching it, keep bridging it to new versions of Windows.
It’s not just our government that uses this. Call centers all over the country do it too, especially if they do any government contract work. Managers gripe about it, but make they do because, hey, what else can you do? Everyone before you made it work. You find a way to duct tape that thing and make it work, or we’ll find someone who will.
So what can we do about this, besides keep firing more Archuletas in symbolic swipes at change?
How about this common sense step for starters? Stop putting everyone’s Social Security Number on every damn piece of paper that the government wants.
Indeed, be smart about what information is put together with other information. One government form, called SF86, is used to catalog every fact about a government employee, military personnel, TSA agent, or contractor that even remotely hopes to do business with the US government.
Split that stuff up. Put it in different places. Why is it that corporations know to do this, but the U.S. government is still running on DOS window programs?
Here’s another idea: Get the next Katherine Archuleta replacement a Deputy to help her fix all this stuff. There has been no Deputy Director in that office for months because their confirmations are held up in Congress.
Besides, this is not just an OPM problem. It is a government-wide problem. OPM is just where all the Social Security Numbers bottleneck through.
Katherine Archuleta was a token face thrown under the bus. Until the very systems she screamed about are fixed, you can leave the bus running to cart away each successor who has the crap luck to take her job.
President Obama is about to receive a letter signed by dozens upon dozens of companies and organizations, urging him to resist giving government agencies access to citizens’ personal data via backdoors in encrypted devices.
“We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad,” says the letter.
“We are writing today to respond to recent statements by some Administration officials regarding the deployment of strong encryption technology in the devices and services offered by the U.S. technology industry. Those officials have suggested that American companies should refrain from providing any products that are secured by encryption, unless those companies also weaken their security in order to maintain the capability to decrypt their customers’ data at the government’s request. Some officials have gone so far as to suggest that Congress should act to ban such products or mandate such capabilities.”
The idea that devices should be encrypted but not that encrypted is one that’s been gloated around as of late by officials like U.S. Secretary of Homeland Security Jeh Johnson.
The “current course [the technology industry is on], toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security,” said Johnson recently. “Encryption is making it harder for your government to find criminal activity and potential terrorist activity.”
The consortium argues against backdoors (or front doors or whatever you want to call them) that would allow access to encrypted devices.
“Encryption thereby protects us from innumerable criminal and national security threats. This protection would be undermined by the mandatory insertion of any new vulnerabilities into encrypted devices and services. Whether you call them ‘front doors’ or ‘back doors’, introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts,” says the letter.
The letter is signed by companies like Apple, Facebook, Microsoft, Google, Twitter, and Yahoo – as well as privacy organizations like the ACLU, Human Rights Watch, the Electronic Frontier Foundation, and over 50 security and policy experts.
According to the Washington Post, the letter is also signed by “three of the five members of a presidential review group appointed by Obama in 2013 to assess technology policies in the wake of leaks by former intelligence contractor Edward Snowden.”
“The Administration faces a critical choice: will it adopt policies that foster a global digital ecosystem that is more secure, or less? That choice may well define the future of the Internet in the 21st century,” they say.
Today, President Obama signed an executive order that will allow the US government to go after those who perpetrate cyber attacks with sanctions
“Cyber intrusions and attacks – many of them originating overseas – are targeting our businesses, stealing trade secrets, and costing American jobs,” says President Obama.
“In response to these cyber threats, our government is using every tool at our disposal – including diplomacy, law enforcement, and cooperation with other nations and the private sector – to strengthen our defenses and detect, prevent, respond to, and recover from attacks. Still, it’s often hard to go after bad actors, in part because of weak or poorly enforced foreign laws, or because some governments are either unwilling or unable to crack down on those responsible.
“That’s why, with the new Executive Order I’m signing today, I’m for the first time authorizing targeted sanctions against individuals or entities whose actions in cyberspace result in significant threats to the national security, foreign policy, or economic health or financial stability of the United States.”
According to Obama, the White House’s primary focus will be on international threats. “From now on, we have the power to freeze their assets, make it harder for them to do business with U.S. companies, and limit their ability to profit from their misdeeds,” says Obama.
Obama also authorized sanctions against companies that use information gained from said cyberattacks, what he calls the “demand side”.
“Malicious cyber activity — whether it be stealing sensitive information, including personal identifiers, or trade secrets — is often profit-motivated. Because those responsible want to enjoy the ill-gotten proceeds of their activities, sanctions can have a significant impact. By freezing assets of those subject to sanctions and making it more difficult for them to do business with U.S. entities, we can remove a powerful economic motivation for committing these acts in the first place. With this new tool, malicious cyber actors who would target our critical infrastructure or seek to take down Internet services would be subject to these costs when designated for sanctions,” says Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco.
Back in February, Obama established a new cyber intelligence agency called the Cyber Threat Intelligence Integration Center (CTIIC). The brand new agency tasked with centralizing and organizing intelligence related to cyber threats to help combat cyber attacks. With these two actions, Obama is making good on promises he made in the SOTU address to focus on cybersecurity.
It’s official – the US has a new agency to help combat cyber attacks.
Through a new memorandum, President Obama has established the Cyber Threat Intelligence Integration Center (CTIIC), a brand new agency tasked with centralizing and organizing intelligence related to cyber threats. The CTIIC was first announced earlier this month by Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco.
“Cyber threats are among the gravest national security dangers to the United States. Our citizens, our private sector, and our government are increasingly confronted by a range of actors attempting to do us harm through identity theft, cyber-enabled economic espionage, politically motivated cyber attacks, and other malicious activity,” says The White House. “As with our counterterrorism efforts, the United States Government is taking a “whole-of-government” approach to defend against and respond to these threats. In creating the CTIIC, the Administration is applying some of the hard-won lessons from our counterterrorism efforts to augment that “whole-of-government” approach by providing policymakers with a cross-agency view of foreign cyber threats, their severity, and potential attribution.”
The CTIIC will not be an intelligence-gathering agency, instead it’ll act in a supporting role (hence the “integration”).
“The CTIIC will not be an operational center,” says The White House. “It will not collect intelligence, manage incident response efforts, direct investigations, or replace other functions currently performed by existing departments, agencies, or government cyber centers. Instead, the CTIIC will support the National Cybersecurity and Communications Integration Center (NCCIC) in its network defense and incident response mission; the National Cyber Investigative Joint Task Force (NCIJTF) in its mission to coordinate, integrate, and share information related to domestic cyber threat investigations; and U.S. Cyber Command in its mission to defend the nation from significant attacks in cyberspace. The CTIIC will provide these entities, as well as other departments and agencies, with intelligence needed to carry out their cybersecurity missions.”
The new agency will start off with a $35 million budget and about 50 people on staff, and will fall under the Office of the Director of National Intelligence.
…In that they like to watch porn. And they get bored at work. And like to cure that boredom with porn.
North Carolina Republican Mark Meadows is sick of all the porn watching, however, and has introduced a new bill to “prohibit federal employees from accessing pornographic or explicit material on government computers and devices.”
It’s called the Eliminating Pornography from Agencies Act. Meadows serves on the House Oversight and Government Reform Committee.
A Washington Times report found that the number one reason that federal employees look at so much porn, besides the fact that you know, it’s porn, is pure boredom:
“[The guy caught porning at work] stated he is aware it is against government rules and regulations, but he often does not have enough work to do and has free time,” investigators wrote of another federal employee, this one at the Treasury Department, who viewed more than 13,000 pornographic images in a six-week span.
There have apparently been cases of excessive porn viewing at the FCC, EPA, HUD, the Commerce Department, and the General Services Administration.
As The Hill points out, most federal agencies already have rules that ban employees from jacking around on the job – but Meadows’ bill would make agencies ban pornographic content.
“It’s appalling that it requires an act of Congress to ensure that federal agencies block access to these sites,” Congressman Meadows said.
Meadows says that feds are doing this on your tax dollar, so you should be upset. Also, porning on the job is a cybersecurity threat.
“While there are rules in place at most agencies to ban this kind of unprofessional and potentially hostile workplace behavior, it continues to take place. There is absolutely no excuse for federal employees to be viewing and downloading pornographic materials on the taxpayers’ dime,” Meadows said.
“Further, downloading these files, which are often ridden with viruses and malware, poses a cybersecurity threat at our federal agencies. This commonsense legislation ensures that federal workers have a comfortable, safe work environment and protects taxpayer resources from being misused.”
This is second time Meadows has proposed this bill. It went nowhere the last time.
Sure, anyone trying to limit your porn consumption is a killjoy. But honestly, boring job or not, can’t we all wait until we get home before we head to Pornhub?
China is slowly making its presence known in the realm of financial technology. Companies like WeChat have already made serious forays in the West in a bid to court more users. China’s social media icon has already rolled out the payment platform WeChat Pay in the UK since last year. It now has plans to put up a headquarters in the country as well. WeChat’s parent company, TenCent, has already established an office in the US as it works to expand its service in the country.
