US Hacker Tools treated like weapons in US arms deals with other countries — why not; the true war is really in Cyber.
The government is rewriting a proposal under arms control rules from 20 years ago to make it simpler to export tools related to surveillance and hacking software, since they are used for network security.
Tough to be a doctor these days — Could be bad news for Providers with limited or no Cyber Risk Coverage.
Providers are focusing on cybersecurity with increased urgency. Cyberattacks on health-care organizations reached an all-time high in 2015 and aren’t expected to slow down in 2016, Harry Greenspun, director for Deloitte’s Center for Health Solutions, told Bloomberg BNA. One element of a comprehensive strategy to address data security is customized cyber risk insurance. Recent case law supports standing for class action litigants alleging future injuries, which may not be covered by some policy forms. We urge providers to review their cyber risk coverage with the increasing risks and this new case law in mind.
Specifically, it is critical that cyber risk insurance is designed to both: adequately mitigate future harm to those whose private information is compromised as a result of a data breach; and satisfy the full array of damages sought by such third parties, including damages for future injuries resulting from the anticipated improper use of data. These considerations are increasingly important because the policies available in today’s market are not standardized. While many absorb some of the costs associated with notification and fraud monitoring, existing forms may not protect against damages sought for susceptibility to identity theft.
The Remijas decision
Last fall, the Seventh Circuit reviewed the “substantial risk” standard for Article III class action standing in Remijas v. Neiman Marcus Group and held that even a 2.5 percentage of compromised credit card holders is enough to show a substantial risk to an entire universe of credit card holders with breached data. 794 F.3d 688, 693 (7th Cir. 2015).
Another article just came out today providing additional content on the Quantum Computing threat and it did reference the article that I had published. Glad that folks are working on this.
The NSA is worried about quantum computers. It warns that it “must act now” to ensure that encryption systems can’t be broken wide open by the new super-fast hardware.
In a document outlining common concerns about the effects that quantum computing may have on national security and encryption of sensitive data, the NSA warns that “public-key algorithms… are all vulnerable to attack by a sufficiently large quantum computer.”
Quantum computers can, theoretically, be so much faster because they take advantage of a quirk in quantum mechanics. While classical computers use bits in 0 or 1, quantum computers use “qubits” that can exist in 0, 1 or a superposition of the two. In turn, that allows it to work through possible solutions more quickly meaning they could crack encryption that normal computers can’t.
NSA states it must act now against the “Quantum Computing Threat” due to hackers can possess the technology. I wrote about this on Jan 10th. Glad someone finally is taking action.
The National Security Agency is worried that quantum computers will neutralize our best encryption – but doesn’t yet know what to do about that problem.
True points and many that I have been sharing on Quantum around its own potential to change everything that we know about technology (devices, internet & networking in general, wireless and satellites, AI, advancements in biotech, security, big data, and singularity itself). The author also highlights many of the same concerns that I have shared around hackers on Quantum breaking through the older digitized platforms and networks; therefore, many companies and governments are exposed as well as consumers who have not adopted Quantum.
Although the author speculates we’re less than 10 yrs for Quantum to be seen in the everyday usage; I believe we’re within 7 yrs.
Within four years quantum computers will have the beating of conventional computers and that will produce a dramatic change in both the technology landscape and in business, according to Professor Jeremy O’Brien from Bristol University.
This is not good especially as we look at those aspirations for more nanobots to connect us to the cloud plus Mr. Kurzweil’s desire to live forever.
Medical device manufacturers are struggling to safeguard their newly connected designs from current and emerging security threats.
Natick, MA (PRWEB) January 29, 2016.
The medical device sector will be among the fastest growing markets for embedded security software through the next five years, according to a new report by VDC Research (click here to learn more). The market for medical devices spans a variety of hardware profiles including high-performance imaging systems, mobile diagnostic equipment and pumps, and wearable or implantable devices. Until recently, the majority of medical device manufacturers and others within the ecosystem treated security as an optional value-add under the misconception that their devices/products did not produce valuable data or would be a target for a hacker. The Internet of Things has enlarged the crosshairs on medical devices as such systems become more accessible and integrated with enterprise hospital platforms.
Could the FDA crush IoT opportunities in Healthcare?
The U.S. Food and Drug Administration last week took a step toward addressing the threat the Internet of Things poses to patients and their data by releasing some proposed guidelines for managing cybersecurity in medical devices.
“A growing number of medical devices are designed to be networked to facilitate patient care. Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats,” the FDA says in its proposal.
“The exploitation of vulnerabilities may represent a risk to the safety and effectiveness of medical devices and typically requires continual maintenance throughout the product life cycle to assure an adequate degree of protection against such exploits,” the agency notes.
This is sad in a way; especially as you see the large gap that still remains in Cyber Security v. hackers. 2015 was not a stellar year for security against hackers. Quantum does offer hope for many in finally getting a handle on Cyber Security; however, that may be even 7 years away before main street is able to leverage an operational Quantum Internet and/ or platform.
However, tech companies & proven Cyber talent need to strategically come together under a broader cyber program (beyond just the US Government and special interest groups; or a couple of venture partnerships) to resolve Cyber Security once and for all. Granted there has been some attempts for companies and industry talent to cross collaborate & address the Cyber Threat challenges for a while now. And, myself and others from big tech have worked together on “special programs to address the Cyber Threat Challenges.” Unfortunately, it hasn’t been enough; we need something more on a larger scale.
https://lnkd.in/bRzqQNf
April 7, 2004–Cyco.net Inc. (OTC BB: CYKE) announced today it has signed a financing commitment with Cornell Capital Partner LP, a.
Adrienne Porter Felt, Staff Software Engineer, Google Chrome.
Everyone wants to build software that’s both usable and secure, yet the world is full of software that falters at this intersection. How does this happen? I experienced the disconnect firsthand, when the Chrome security team redid Chrome’s security UI to conform to best practices for usable security. In the process, we learned how hard it is to actually adhere to oft-cited wisdom about usable security when faced with real-world constraints and priorities. With a set of case studies, I’ll illustrate the limitations we encountered when trying to apply common wisdom to a browser with more than a billion users—and discuss what has actually worked for us in practice, which might work for other practitioners too.
Sign up to find out more about Enigma conferences:
https://www.usenix.org/conference/enigma2016#signup
Watch all Enigma 2016 videos at:
http://enigma.usenix.org/youtube
Rob Joyce, Chief, Tailored Access Operations, National Security Agency.
From his role as the Chief of NSA’s Tailored Access Operation, home of the hackers at NSA, Mr. Joyce will talk about the security practices and capabilities that most effectively frustrate people seeking to exploit networks.
Sign up to find out more about Enigma conferences:
https://www.usenix.org/conference/enigma2016#signup
Watch all Enigma 2016 videos at:
http://enigma.usenix.org/youtube
