Category Archives: Government

Breaking: US Cloud Companies To Lose Billions In EU Due To PRISM

The European Commission’s vice president Neelie Kroes said in statement that reports of the US government spying on servers held by US cloud providers are creating an “atmosphere of distrust” around cloud services.

“Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes?” Kroes said. “Front or back door – it doesn’t matter – any smart person doesn’t want the information shared at all.”

“If European cloud customers cannot trust the United States government or their assurances, then maybe they won’t trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies.”

The Future of Tech Companies, the NSA, and Your Information

Guest Post by Lewis Jacobs

Verizon and the NSA

Last week, the technology world was turned upside down when the Guardian broke the news that the National Security Agency had directed telecommunications company Verizon to release customer call records and metadata on an “ongoing daily basis.”

Though the metadata doesn’t include the audio content of calls, it does include the phone numbers on both ends of calls, the devices and location of both parties involved, and the time and duration of calls.

The order was leaked by Edward Snowden, an analyst for defense contractor Booz Allen Hamilton at the NSA. The order targets both international and domestic calls, and it does not contain parameters for who can see the data or whether or not the data will be destroyed after NSA use.

Though the White House and the NSA say that the data will only be used for counter-terrorism efforts and other national security measures, the order nonetheless gives the federal government access to data from all of Verizon’s more than 100 million customers.

Since the story broke, there has been significant debate over whether the NSA is working within the regulations of the First and Fourth Amendments or whether it is violating citizens’ rights to free speech and privacy. The White House has defended the order as a necessary measure for national security. But critics, including the American Civil Liberties Union and several U.S. lawmakers, disagree.

What it means for the future

The controversy raises the question of whether or not other technology and telecommunications companies will be required to follow suit—or whether they already have. Amy Davidson at the New Yorker speculates that the leaked Verizon order is “simply one of a type—the one that fell off the truck.” Adam Banner at the Huffington Post wonders, “How many other ‘top secret’ court orders are currently in action with countless other information providers?”

The NSA is said to have been monitoring and collecting customer data from some of the world’s largest technology companies with the help of surveillance program PRISM. But many companies, including Google, Facebook, Microsoft, Yahoo, Apple, and AOL, have denied providing the government direct access to their users’ information. Google, one of the companies to deny any knowledge of PRISM, wrote an open letter to the Attorney General and the FBI requesting to make public any federal requests for data.

In any case, it’s unlikely that the NSA demanded customer information only from Verizon, meaning that the federal government could be (and probably is) accessing information about citizens through their phone providers, their email services, and their search engines. Faced with federal orders, there’s not much that technology companies can do in opposition.

The future of NSA technology surveillance will depend, of course, on its legality, which is yet to be determined. It’s unclear whether or not the NSA’s actions fall under the provisions of the Patriot Act, the FISA Amendments Act, the Constitution, and federal government’s system of checks and balances.

The American Civil Liberties Union recently announced their plan to sue the White House Administration for violating the privacy rights of Americans. On the other side, whistleblower Edward Snowden is currently under investigation for the disclosure of classified information, an offense that could result in life in prison.

This article was submitted by Lewis Jacobs, an avid blogger and tech enthusiast. He enjoys fixing computers and writing about internet trends. Currently he is writing about an internet in my area campaign for local internet providers.

Sources:

http://www.newyorker.com/online/blogs/closeread/2013/06/the-nsa-verizon-scandal.html

http://www.huffingtonpost.com/adam-banner/the-nsa-and-verizon

http://money.cnn.com/2013/06/11/technology/security/google-government-data/

http://money.cnn.com/2013/06/07/technology/security/nsa-data-prism/

http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/06/everything-you-need-to-know-about-the-nsa-scandal/

FOSE 2013: Cloud, Virtualization, Cybersecurity, Mobile Government, Big Data Featured

Cloud and Virtualization; Cybersecurity; Mobile Government; Big Data and Business Intelligence; and Project Management will be the featured tracks at FOSE 2013, each providing cutting-edge technology insights, policy updates, case studies and expert guidance to optimize the efficiency and effectiveness of government programs. FOSE 2013, the largest and most comprehensive event serving the government technology community, will take place May 14-16 at the Walter E. Washington Convention Center in Washington, D.C.

“Late last year we surveyed our government and industry attendees to gauge the topics that are of most interest,” said Mike Eason, Vice President, Public Sector Events, 1105 Media, Inc. “Not surprisingly, cloud, mobile, big data/analytics and cyber came in at the top. It’s our job to ensure we are offering the education that supports the government’s needs around these issues. We are once again structuring our program to highlight these key trends, and will be drawing on the expertise of agency executives that have real past performance in the five areas to serve as speakers.”

Each track provides an in-depth look into the given topic, including:

  • Cloud and Virtualization will feature best practices and insights on technology trends, case studies and leading practices on planning, implementation and benefits realization.
  • Cybersecurity will examine the business of cyber, including detecting complicated malware and adversaries – insider and outsider, determining what data left the organization, developing defensive and preemptive measures to keep attacks from happening and managing risk-based compliance.
  • Mobile Government will offer tools, strategies and insights into hot issues such as BYOD, security, APIs and mobilizing enterprise systems, as well as achieving the goals of the Digital Government Strategy.
  • Big Data and Business Intelligence will focus on how to extract meaning from bits and bytes to reach business objectives, featuring case studies from federal agencies that have found useful intelligence from data, examine toolkits being used and highlight the management and policy challenges that come up in the process.
  • Project Management, developed in conjunction with the Project Management Institute, will provide best practices and trade secrets of agile project management to help the government professional advance their career.

A selection of confirmed session topics includes:

For more information and to keep up-to-date on the full program agenda, visit www.fose.com. To see how FOSE addresses the technology road ahead, view the FOSE 2013 infographic at www.fose.com/techtrends.

Anticipating Law Enforement Move to the Cloud, Assocation Publishes Guide

Today, the International Association of Chiefs of Police (IACP) released “Guiding Principles on Cloud Computing in Law Enforcement” at the Leveraging the Cloud for Law Enforcement Symposium held at the Newseum.  Developed in collaboration with key law enforcement subject matter experts from around the nation as well as experts from SafeGov.org, the principles establish clear and concise parameters and a path forward for the exploration of cloud-based computing solutions and services by law enforcement.  The IACP principles come after a newly released IACP/Ponemon Institute/SafeGov.org commissioned survey showed that over half of law enforcement agencies surveyed indicated that they had implemented, were planning or considering implementing cloud-based solutions in the next two years.

“Cloud computing represents an important shift in the way information resources are managed and deployed by law enforcement agencies,” said Bart R. Johnson , Executive Director, IACP. “Realizing the substantial potential benefits of cloud computing, however, requires that we recognize the sensitivity of law enforcement information, make every effort to maintain the security and availability of key systems and data, and that we work closely with industry to build solutions that meet the critical and evolving needs of law enforcement.”

The IACP principles focus on addressing some of the most tangible benefits that cloud computing offers, including cost savings, rapid deployment of critical resources, off-site storage and disaster recovery as well as meeting dynamic operational needs, while maintaining the security of systems and the proper use of data.

Key principles include:

  • FBI CJIS Security Policy Compliance – Services provided by a cloud service provider must comply with the requirements of the Criminal Justice Information Services (CJIS) Security Policy.
  • Data Ownership – Law enforcement agencies should ensure that they retain ownership of all data.
  • Impermissibility of Data Mining – Law enforcement agencies should ensure that the cloud service provider does not mine or otherwise process or analyze data for any purpose not explicitly authorized by the law enforcement agency.
  • Confidentiality – The cloud service provider should ensure the confidentiality of law enforcement data it maintains on behalf of a law enforcement agency.

IACP will be working in the coming months to develop model policies associated with cloud computing through the IACP National Law Enforcement Policy Center. Model policies are expected to be released at the IACP Annual Conference, scheduled for October 19-23, 2013 in Philadelphia, Pennsylvania.

To view the IACP principles and results and methodology of the IACP/Ponemon Institute/SafeGov.org commissioned survey, please visit http://www.theiacp.org/cloudcomputing.

Five IT Security Predictions for 2013

Guest Post by Rick Dakin, CEO and co-founder of Coalfire, an independent IT GRC auditor

Last year was a very active year in the cybersecurity world. The Secretary of Defense announced that the threat level has escalated to the point where protection of cyber assets used for critical infrastructure is vital. Banks and payment processors came under direct and targeted attack for both denial of service as well as next-generation worms.

What might 2013 have in store? Some predictions:

1. The migration to mobile computing will accelerate and the features of mobile operating systems will become known as vulnerabilities by the IT security industry. 

Look out for Windows 95 level security on iOS, Android 4 and even Windows 8 as we continue to connect to our bank and investment accounts – as well as other important personal and professional data – on smartphones and tablets.

As of today, there is no way to secure an unsecured mobile operating system (OS). Some risks can be mitigated, but many vulnerabilities remain. This lack of mobile device and mobile network security will drive protection to the data level. Expect to see a wide range of data and communication encryption solutions before you see a secure mobile OS.

The lack of security, combined with the ever-growing adoption of smartphones and tablets for increasingly sensitive data access, will result is a systemic loss for some unlucky merchant, bank or service provider in 2013. Coalfire predicts more   than 1 million users will be impacted and the loss will be more than $10 million.

2. Government will lead the way in the enterprise migration to “secure” cloud computing.

No entity has more to gain by migrating to the inherent efficiencies of cloud computing than our federal government. Since many agencies are still operating in 1990s-era infrastructure, the payback for adopting shared applications in shared hosting facilities with shared services will be too compelling to delay any longer, especially with ever-increasing pressure to reduce spending.

As a result, Coalfire believes the fledgling FedRAMP program will continue to gain momentum and we will see more than 50 enterprise applications hosted in secure federal clouds by the end of 2013. Additionally, commercial cloud adoption will have to play catch-up to the new benchmark that the government is setting for cloud security and compliance. It is expected that more cloud consumers will want increased visibility into the security and compliance posture of commercially available clouds.

3. Lawyers will discover a new revenue source – suing negligent companies over data breaches.

Plaintiff attorneys will drive companies to separate the cozy compliance and security connection. It will no longer be acceptable to obtain an IT audit or assessment from the same company that is managing an organization’s security programs. The risk of being found negligent or legally liable in any area of digital security will drive the need for independent assessment.

The expansion of the definition of cyber negligence and the range of monetary damages will become more clear as class action lawsuits are filed against organizations that experience data breaches.

4. Critical Infrastructure Protection (CIP) will replace the Payment Card Industry (PCI) standard as the white-hot tip of the compliance security sword.

Banks, payment processors and other financial institutions are becoming much more mature in their ability to protect critical systems and sensitive data.  However, critical infrastructure organizations like electric utilities, water distribution and transportation remain softer targets for international terrorists.

As the front lines of terrorist activities shift to the virtual world, national security analysts are already seeing a dramatic uptick in surveillance on those systems. Expect a serious cyber attack on critical infrastructure in 2013 that will dramatically change the national debate from one of avoidance of cyber controls to one of significantly increased regulatory oversight.

5. Security technology will start to streamline compliance management.

Finally, the cost of IT compliance will start to drop for the more mature industries such as healthcare, banking, payment processing and government. Continuous monitoring and reporting systems will be deployed to more efficiently collect compliance evidence and auditors will be able to more thoroughly and effectively complete an assessment with reduced time on site and less time organizing evidence to validate controls.

Since the cost of noncompliance will increase, organizations will demand and get more routine methods to validate compliance between annual assessment reports.

Rick Dakin is CEO and co-founder of Coalfire is an independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP.

Carahsoft to Resell Splunk to Government Customers

SSplunk Inc. and Carahsoft Technology Corp. today announced an alliance under which Carahsoft will market, sell and distribute Splunk software to federal, state and local government agencies and the Splunk reseller partner ecosystem.

“Splunk software will enable Carahsoft and our reseller network to better equip agencies with big data management and security solutions needed for highly sensitive, mission critical environments,” said Craig P. Abod, Carahsoft president. “Splunk’s ability to make machine data accessible, usable and valuable makes it a core technology in our big data portfolio and a critical solution for our customers.”

With Splunk software, government entities can index, monitor, analyze and visualize massive volumes of valuable machine data generated by complex physical, virtual and cloud-based environments. Splunk helps agencies create real-time visibility across all agency servers and network devices by enabling agencies to create a single viewpoint to help investigate security incidents and address critical operations and application management functions.

“The government faces a paradox today with massive streams of data, real-time mission requirements and shrinking budgets,” said Bill Cull, vice president of public sector, Splunk. “Splunk software helps agencies to effectively analyze machine-generated big data, meet security and compliance standards and drastically cut operational costs. Our strategic alliance with Carahsoft will give agencies easier access to our products, allowing them to uncover data and improve operational intelligence to achieve mission success.”

For more information on Splunk, visit the intelligence solutions section of Carahsoft’s website or join Carahsoft and Splunk at the FedCyber.com Cyber Security Summit on Thursday, November 15, 2012 in Washington, D.C. Go to Splunk’s website to learn how Splunk works with government agencies and click here to download a free version of Splunk Enterprise.


Sorenson Forensics Launches New Cloud-based Database for CSI Management, DNA Profile Archiving

Sorenson Forensics today announced the launch of its new LEAD (Local Entry Accessible DNA) Database, a secure, cloud-based service designed for local law enforcement agencies to simplify the archival, search and reference of DNA profiles from crime scene samples. The LEAD Database™ was unveiled during the 2012 International Association of Chiefs of Police Conference in San Diego, Calif.

The Sorenson Forensics LEAD Database™ gives law enforcement agents at a local level the control they need to archive DNA profiles collected within their jurisdiction to be easily searched and referenced by an authorized user. By centralizing collected profiles, users can access the database to compare DNA profiles against current crime scene evidence. Using a sophisticated algorithm, the LEAD Database™ searches existing profiles and will automatically notify users when a matching profile is identified, enabling crimes to be solved more quickly.

“The national DNA database is controlled by the FBI, and while federal, state and local public crime labs have access to its information, it is not comprehensive nor does it provide a local database of information that is needed,” said Timothy D. Kupferschmid, executive director of Sorenson Forensics. “With the Sorenson Forensics LEAD Database™, we are giving local control of DNA profiles to law enforcement agencies. This solution enables each agency the ability to handle casework in a way that best suits their individual needs, and expedites the time it takes to get the information needed to resolve cases.”

DNA profiles from evidence samples can be manually uploaded to the LEAD Database™ via a secure Internet connection by a local state crime lab, or samples can be submitted to Sorenson Forensics’ laboratory to be analyzed and added to the database. Sorenson Forensics’ advanced DNA laboratory holds the prestigious ASCLD/LAB-International accreditation.

The LEAD Database™ is the latest in a line of innovative services introduced by Sorenson Forensics to better assist local law enforcement agencies to solve difficult cases. In 2011, the company launched Investigative LEADTM, the industry’s most advanced ancestry DNA test for law enforcement. Since its founding in 2006, Sorenson Forensics has developed an international reputation for providing advanced forensic DNA services, including DNA testing and analysis, expert witness testimony, DNA case reviews, laboratory validation services and evidence screening.

For pricing and purchasing information on the Sorenson Forensics LEAD Database™, contact: salesinfo@sorensonforensics.com.


Study: If Federal Agencies Move Three Applications Each to the Cloud, Savings Top $16 Billion

MeriTalk recently surveyed Federal IT professionals to understand if and how they are moving mission critical applications to the cloud.  They found that Feds estimate they can save $16.6 billion annually if all agencies move just three mission-critical applications to the cloud.

As Federal agencies are making cloud progress, the early-adopters that are moving their mission-critical applications to the cloud are realizing cost savings and improved access to IT, according to the report, which was sponsored by EMC CorporationVMware and Carahsoft.  The report says the Feds spend more than half their IT budget on supporting mission-critical applications – and that private cloud is the platform of choice for mission-critical application transition.  The study reveals how Federal IT executives view the barriers, current status, and future plans related to this shift.

Not surprisingly, Feds say security is a challenge – 73 percent identify security as a primary barrier.  As a result, most favor private clouds.  Thirty-eight percent of respondents say they have moved a mission-critical application to a private cloud; 11 percent say they have moved a mission-critical application to a hybrid cloud; and, 10 percent say they have moved a mission-critical application to a public cloud.

“Private and hybrid clouds offer significant cost-saving benefits along with the necessary security infrastructure that have not yet been realized through public cloud models,” said Kyle Keller, Cloud Business Director at EMC Federal.  “The benefits of moving mission-critical applications to the cloud can be realized while also maintaining confidence in the security of those resources.”

Agencies spend 70 percent of their IT budget maintaining outdated legacy applications[1] – this is identified as a significant obstacle to cloud transition.  Federal IT executives report that 52 percent of their mission-critical applications are custom built.  When asked what would be required to make mission-critical applications ready for the cloud, 45 percent of Federal IT executives said these applications will require major re-engineering to modernize for the cloud.

Forty six percent of Federal IT executives say moving mission-critical applications to the cloud will improve their agencies ability to fulfill their mission, and 43 percent say it will improve their agencies’ big data analytics capabilities.

Of those who have moved a mission-critical application to the cloud, 91 percent report success.  Federal IT managers surveyed report moving applications including financial management, procurement, logistics, customer relationship management systems, and project management.

“Our customers who are migrating their mission critical applications to the private cloud are realizing great benefits in cost savings, efficiency, availability and agility,” says Aileen Black, Vice President of U.S. Public Sector, VMware.  “These benefits, enabled by the cloud, are the keys to customer success in the cloud.”

“Transitioning legacy, mission-critical applications to the cloud is not a forklift exercise – in many cases it’s more like an organ transplant,” said Steve O’Keeffe, founder, MeriTalk.  “With the complexity and security concerns, it’s not surprising many agencies want a private room.”

“It’s been our experience that agencies are moving to the cloud in great numbers and are, as this survey clearly indicates, achieving significant benefits from doing so,” said Craig P. Abod, President, Carahsoft. “What began with virtualization now encompasses mission-critical applications as the next step in the journey and the value chain.”

Despite the barriers, many Federal IT executives see mission-critical applications in the cloud in their agencies’ futures.  In two years, they expect 26 percent of their mission-critical applications to live in the cloud.  In five years, they expect 44 percent to be in the cloud.  In order to accomplish implementation goals, Federal IT executives recommend promoting cloud savings opportunities, identifying cloud-ready mission-critical applications, clarifying FedRAMP, and encouraging early adopters to share best practices.

“Mission-Critical Cloud:  Ready for the Heavy Lift?” is based on a survey of 151 IT Federal government managers and systems integrators in June 2012.  The report has a margin of error of +/- 7.95 percent at a 95 percent confidence level.

Download the study.