Oregon highlights a key struggle with cyber security

Oregon highlights a key struggle with cyber security

What’s going on in Oregon is more than likely typical of most governments and companies – a patchwork of systems that not only have difficulty talking to one another but also gaps that leave the government, company or other institution vulnerable to an cyber threat. Simply throwing money at the cyber security problem leads to silo solutions not a shrewd, cohesive cyber security system that is both proactive and reactive that protects the institution in full. Granted, cyber attacks are a moving target, but that also means their evolving nature combined with the growing adoption of our Digital Lifestyle and expanding access points under our Digital Infrastructure investing theme mean cyber security will likely remain a key growth driver for our Safety & Security investing theme. No wonder Broadcom is looking to scoop up Symantec.

Auditors say Oregon’s central administrative agency lacks basic controls to protect its information and systems from a cyber attack.

That means the Department of Administrative Services’ information and systems are at risk for “unauthorized use, disclosure, or modification,” according to a report released Wednesday, July 3, by Secretary of State Bev Clarno.

Auditors said a fragmented organizational structure and approach to managing security concerns may be parts of the problem. The agency’s roughly 30 subdivisions “receive varying levels of support” from the agency’s IT department, which supports only 16 of the 85 applications that workers use. The rest are supported by non-IT employees scattered throughout those divisions, and don’t receive oversight or involvement from the agency’s IT department, auditors said.

That has created inconsistency, and means the agency’s subdivisions may not be aligning with best practices when it comes to security.

Auditors said cyber-threats are a growing worry. “Cyberattacks, whether big or small, are a growing concern for both the private and public sector,” auditors wrote. “Recent breaches at Oregon state agencies have only escalated this concern.”

Source: Audit: Oregon still struggles with cyber security needs | Salem Reporter | News about Salem – In-depth, Accurate, Trusted

iPhone to be proof of identity and replace passports?

iPhone to be proof of identity and replace passports?

We’ve all heard about and even longed or the day when we would no longer have to carry one’s money, credit cards, keys, and identification. Mobile payments like Apple Pay and aspects of the Connected Home have helped ease the burden on our pockets and bags, but identification has been the more elusive category. It seems, however, that Apple is looking to address that using the iPhone as a form of identification. Odds are Apple would first test such authentification on its own campus, but the possibility of replacing drivers licenses, passports and other forms of identification with the iPhone, even if mixed with another form of biometric security, is an intriguing idea. It’s also one more way Apple would make its already sticky products and services even more so with its growing user base. For investors and Apple shares, it would move them even deeper into our Safety & Security investing theme.

 

In future identification challenges, the device will be asked for the credentials by the authority, triggering the device to perform an authentication check with the user. While this could be as simple as entering a password, there is also a version that uses biometric security for the device-based authentication.

In either case, successful authentication on the device would hand over data to the requesting party. The patent application also cites the growing use of e-Passports, which includes a chip that stores an assortment of data about a user, including their name and date of birth, which can be used by customs officials to determine the user is who they say they are. Apple suggests the described system could potentially hand over a passport number or other similar data, to perform the same check.

While in most cases the patent application suggests the use of not-yet-produced hardware, in this case the components are already in place, in the form of the iPhone. It already has radio-based communications with NFC, an encrypted secure enclave that holds fingerprint and facial map data for Touch ID and Face ID respectively, and biometric-based authentication systems.

Such a system could be used by private companies, for example in authenticating employees entering a facility, but while the suggestion for the passport number is plausible, legislation becomes the stumbling block.

Source: Apple wants iPhone to be proof of identity and replace passports

Data breach exposes vulnerabilities at GM, Ford, Tesla, Toyota and dozens more

Data breach exposes vulnerabilities at GM, Ford, Tesla, Toyota and dozens more

A few months ago in episode 59 of the Cocktail Investing podcast, we discussed the looming cybersecurity threats to be had in the corporate supply chain. After that conversation, we figured it was only a matter of time until a high profile supply chain attack occurred. It was only a matter of months until the vulnerabilities for several automotive companies and their suppliers were exposed. How they address it means more spending associated with our Safety & Security investing theme.

To check out our latest Cocktail Investing podcast, click here.

 

Security researcher UpGuard Cyber Risk disclosed Friday that sensitive documents from more than 100 manufacturing companies, including GM, Fiat Chrysler, Ford, Tesla, Toyota, ThyssenKrupp, and VW were exposed on a publicly accessible server belonging to Level One Robotics.

The exposure via Level One Robotics, which provides industrial automation services, came through rsync, a common file transfer protocol that’s used to backup large data sets, according to UpGuard Cyber Risk. The data breach was first reported by the New York Times.

According to the security researchers, restrictions weren’t placed on the rsync server. This means that any rsync client that connected to the rsync port had access to download this data. UpGuard Cyber Risk published its account of how it discovered the data breach to show how a company within a supply chain can affect large companies with seemingly tight security protocols.

This means if someone knew where to look they could access trade secrets closely protected by automakers.

Source: Data breach exposes trade secrets of carmakers GM, Ford, Tesla, Toyota | TechCrunch

Emirates thinks robots, AI and big data can improve the airport experience

Emirates thinks robots, AI and big data can improve the airport experience

Team Tematica logs plenty of air miles each year, and we would love to see a more stream lined way to getting not only in and out of the airport, but on and off the airplane as well. It seems, we’re not alone in that thinking and now Emirates, the world’s biggest long-haul carrier, is sharing its view on how using several Disruptive Technologies could improve that experience.

We’ve previously said the adoption of disruptive technologies can take many forms, often with the game changer in terms of adoption coming from an unlikely source. I’m not sure if airline travel is it, but I’d be more than happy for the results… provided my bags don’t get lost.

 

Outlining what automation, artificial intelligence and big data can do for air travel, the carrier’s President Tim Clark laid out a vision in which robots, with no need for human intervention, would ID bags, put them in prescribed bins and later take them out of the aircraft. His concept also includes cutting back on what is still the most laborious part of flying — the central security search.

“That’s in today’s technology,” he told reporters in Sydney on Tuesday at the International Air Transport Association’s annual general meeting.

The entire process, from arrival at the airport, check-in, immigration through all the way to the boarding gates, would become seamless and uninterrupted, he said. The technology can be deployed even for security searches, said Clark, 68, adding a passenger passing through the system would keep walking while being inspected by “lots of entities.”

Source: Emirates Wants Amazon-Like Robots Sorting Out Airport Baggage – Bloomberg

Pain Points in Investing – Social Security Number as a case study

Pain Points in Investing – Social Security Number as a case study

The core of Tematica’s investing strategy is to look not only for those long-term forces that generate profound headwinds or tailwinds but it also entails looking for those pain points that create an opportunity for those who can best address them. This was one of the focal points we laid in our book Cocktail Investing. Today we will look at one pain point that a significant majority of us in the United States have experienced – the theft of one’s Social Security number. While many focus on the growing cyber threat, this pain point showcases the breadth and depth of our Safety & Security investing theme.

An individual’s Social Security number has become the cornerstone of all identify verification and is key for everything from opening a checking account to getting a credit card or a mortgage, let alone for a medical treatment in the emergency room. Yet that was never the intention behind it. It was originally intended solely to track the earnings history of workers for benefits upon retirement: talk about scope creep!

Clearly, given the various hacks ranging from Equifax to the U.S. Postal Service to the Social Security Department itself, the Social Security number is poorly suited for identification verification and securing one’s personal finances.

By the way, up until 1972 the phrase: “FOR SOCIAL SECURITY PURPOSES — NOT FOR IDENTIFICATION,” was on the bottom of all social security cards!

This issue appears to be finally getting the attention it deserves.

Earlier this month, the Trump administration’s top cybersecurity official said the Social Security number has “outlived its usefulness.” Last week, a top Republican in Congress introduced a bill that would require the major credit-reporting firms to phase out by 2020 the use of Social Security numbers to verify consumers’ identities.

Clearly, we have a very big pain point here with no obviously viable solutions immediately identifiable or available, which makes this a great pain point to track. A google search for “Alternatives to social security number” generates over 9.2 million results. Most likely the solution will be a combination of biometrics and unique code identifiers and most likely, the solution will not be generated by the U.S. Government as that is not where the pain is most acutely felt. There is no real danger to government officials compared to what is faced in the private sector.

There is already considerable discussions from those in D.C. that things need to change, but we suspect that given the enormous benefit to be gained in the private sector, we will likely see private sector solutions emerge and compete against one another. We already have one massive experiment taking place in India where Aadhar, the world’s largest biometric identification system, has been implemented with nearly 1.12 billion individuals.

Pain also means opportunity and this is one we are watching closely.

Source: Social Security Numbers: Hacked, Hated—and Irreplaceable – WSJ

Osram Scales It’s Disruptive Security Technology for Samsung Smartphones

Osram Scales It’s Disruptive Security Technology for Samsung Smartphones

As we shift more of our digital lives into the smartphone, security becomes increasingly important and that is giving rise to new technologies. Apple brought its TouchID into them mainstream with the iPhone, but Osram is scaling up its infrared iris-scanning technology for Samsung. We’re thinking these disruptive technologies are likely to move past smartphones and consumer electronics into other aspects of our Safety & Security investing theme.

 

Osram plans to hire up to 1,000 new staff at its plant in Regensburg, Germany as it anticipates a fast ramp-up in demand for its infrared components used for iris-scanning identification in smartphones, a spokesman for the German lighting group said.

 

The smartphone market represents an important new opportunity for Osram, which currently makes about half of its revenue from the automotive sector.

 

Osram supplied iris-scanning infrared components for Samsung’s ill-fated Galaxy Note 7, which was recalled just after its launch last September after some smartphones caught fire. It is also expected to supply the technology for Samsung’s next flagship model, the Galaxy S8, which is likely to be announced in March and go on sale in April.

Source: Osram to hire 1,000 in Germany for smartphone infrared push | Reuters

Obama Gets Into Cyber Security Game

Obama Gets Into Cyber Security Game

Finally after more than few years of mounting cyber attacks with increasingly devastating results to individuals, businesses and other institutions, President Obama finally opts to get into gear with our Safety & Security investment theme. This also confirms what many of us have already thought – the increasing role of cyber attacks in modern warfare.

The Obama administration is preparing to elevate the stature of the Pentagon’s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State, current and former officials told Reuters.

Under the plan being considered at the White House, the officials said, U.S. Cyber Command would become what the military calls a “unified command” equal to combat branches of the military such as the Central and Pacific Commands.

Source: Obama prepares to boost U.S. military’s cyber role: sources | Reuters

Akamai’s 1Q 2016 State of the Internet and Security

Akamai’s 1Q 2016 State of the Internet and Security

When a cyber attack makes the headlines it serves as a reminder of the growing threat we face as part of our increasingly Connected Society. Even without flashy headlines, ongoing increases in the number of cyber attacks confirm its place as a growth industry.  

Akamai Technologies released its Q1 2016 State of the Internet – Security Report, which takes an in-depth look into the global cloud security threat landscape to provide analysis and insight into malicious activity that’s been observed across the Akamai Intelligent Platform™ from January to March of this year.“We have continued to witness significant growth in the number and frequency of DDoS and web application attacks launched against online assets, and Q1 2016 was no exception,” explained Stuart Scholly, SVP and GM of Akamai’s Security Business Unit.

Source: State of the Internet and Security In Q1 2016 | PYMNTS.com