Author Archives: Taylor Armerding

Pedophiles have the same right to privacy as everyone else.

That is almost surely a losing political argument. But privacy advocates contend that if it is not a winning legal argument, then everybody’s privacy will be in jeopardy.

It is an argument that is especially intense now, regarding the so-called Playpen cases. The US Department of Justice (DoJ) is prosecuting a reported 137 people who they allege visited a now-defunct child porn website called Playpen in 2015, while it was under the control of the FBI.

And while privacy advocates hasten to say they are not defending the sexual abuse of children, and don’t oppose lawful investigations of such crimes, they contend that the government surveillance of Playpen visitors violated the defendants’ Fourth Amendment privacy rights.

To read this article in full or to leave a comment, please click here

It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.

But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”

To read this article in full or to leave a comment, please click here

It’s common knowledge that healthcare organizations are prime – and relatively easy – targets for ransomware attacks. So it is no surprise that those attacks have become rampant in the past several years. The term “low-hanging fruit” is frequently invoked.

But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”

To read this article in full or to leave a comment, please click here

Robots are supposed to do good things for us, not bad things to us.

But there is plenty of evidence that, like the billions of other connected devices that make up the Internet of Things (IoT), the growth of robot technology is coming with loads of features, but not much of a security blanket.

More evidence came in a report on home, business and industrial robots released last month by security research firm IOActive, which found that “most” of them lacked what experts generally call “basic security hygiene.”

Those included the predictable list: Insecure communication channels, critical information sent in cleartext or with weak encryption, no requirement for user names or passwords for some services, weak authentication in others, and a lack of sufficient authorization to protect critical functions such as software installation or updates.

To read this article in full or to leave a comment, please click here

In the wake of the Food and Drug Administration (FDA) issuing both “premarket” (2014) and “postmarket” (2016) guidance for improving security in the development and manufacture of connected medical devices, the Open Web Application Security Project (OWASP) has released a set of best practices for the secure deployment of those devices.

As the report’s author and project leader, Christopher Frenz, puts it, “a medical device with all the security features in the world will not stand up to an attack if it is deployed in an insecure manner.”

Frenz, also director of IT infrastructure at Interfaith Medical Center, said the “OWASP Medical Device Deployment Standard,” released last month, was not coordinated with the FDA, but is designed to be “complementary” to its guidance.

To read this article in full or to leave a comment, please click here

Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage.

According to the Sept. 25, 2015 White House press release, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?

The reviews on that are mixed, but there is general agreement that while it hasn’t stopped, the theft of intellectual property (IP) by the Chinese against the US is not as rampant as it was several years ago when The Commission on the Theft of American Intellectual Property estimated total losses, including jobs, competitiveness, stock value, market share, in the hundreds of billions, and former National Security Agency director Gen. Keith Alexander famously called it, “the greatest transfer of wealth in human history.”

To read this article in full or to leave a comment, please click here

Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage.

According to the Sept. 25, 2015 White House press release, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?

The reviews on that are mixed, but there is general agreement that while it hasn’t stopped, the theft of intellectual property (IP) by the Chinese against the US is not as rampant as it was several years ago when The Commission on the Theft of American Intellectual Property estimated total losses, including jobs, competitiveness, stock value, market share, in the hundreds of billions, and former National Security Agency director Gen. Keith Alexander famously called it, “the greatest transfer of wealth in human history.”

To read this article in full or to leave a comment, please click here

The debate over the chances of a catastrophic cyber attack taking down a major part of the nation’s critical infrastructure (CI) has been ongoing for a generation.

But it hasn’t been settled – in some ways it is more intense now than ever.

On one side are those, including high government officials, who warn of a “cyber Pearl Harbor” that could leave swaths of the country in darkness and cold – without electric power – for months.

Retired Adm. James Stavridis, dean at Tufts Fletcher School and a former NATO supreme allied commander, used that term just three months ago, saying such an attack would be aimed either at the electrical grid or the financial sector.

To read this article in full or to leave a comment, please click here

The debate over the chances of a catastrophic cyber attack taking down a major part of the nation’s critical infrastructure (CI) has been ongoing for a generation.

But it hasn’t been settled – in some ways it is more intense now than ever.

On one side are those, including high government officials, who warn of a “cyber Pearl Harbor” that could leave swaths of the country in darkness and cold – without electric power – for months.

Retired Adm. James Stavridis, dean at Tufts Fletcher School and a former NATO supreme allied commander, used that term just three months ago, saying such an attack would be aimed either at the electrical grid or the financial sector.

To read this article in full or to leave a comment, please click here

One of the main reasons to buy insurance is to prevent the cost of an accident or other disaster from breaking the bank. But what if simply buying insurance threatens to break the bank?

That scenario is starting to worry some organizations, for several reasons.

First is the simple but powerful market force of supply and demand. More and more organizations, spooked by regular stories of catastrophic breaches – such as the compromise of more than 1.5 billion Yahoo! accounts, which took down its acquisition value by a reported $350 million – are seeking insurance. And when demand rises, the price tends to do so as well.

To read this article in full or to leave a comment, please click here