Doug Bedell — February 21, 2018, 4:11 pm

Truckers Increasingly Aware of the Need for Cybersecurity

Here’s an indication of how the awareness of the need for heightened cyber security keeps rolling on: DarkReading reports that the American Trucking Associations (ATA) has launched “FleetCyWatch, a new service for members of the trucking industry to share threat information and report cybercrimes affecting fleet operations.”

What would such a cybercrime be? From the ATA’s own release on the subject:

“As the industry responsible for delivering America’s food, fuel and other essentials, security is of paramount importance, particularly in an increasingly technologically connected world,” said ATA President and CEO Chris Spear. “Fleet CyWatch is the next logical step in our association’s and our industry’s commitment to working with law enforcement and national security agencies to keep our supply chain safe and secure.

“Fleet CyWatch was developed by ATA’s Technology and Maintenance Council and Transportation Security Council, in conjunction with the Federal Bureau of Investigation, to assist fleets in reporting information about trucking related internet crimes and cyber-attacks, and in providing information to fleets about threats that may impact their operations. Fleet CyWatch coordinates with private and federal efforts to provide motor carriers with information and recommendations in the areas of cybersecurity awareness, prevention, and mitigation methods. The program connects industry, federal enforcement, and associations and trade groups specialized in cybersecurity to improve U.S. road transport safety.”

They’re on the lookout for “internet crimes related to disrupting fleet operations, which are then communicated to the proper authorities,” like, indeed, the FBI. Here/s the ATA’s own release on the subject.

Doug Bedell — February 19, 2018, 11:34 am

Tax Preparers and Payers: Be Mindful of Banking Hackers

It’s the income tax season and Brian Krebs writes about “identity thieves who specialize in tax refund fraud” – another form of security challenge.

They’re hackers. They hunt through bank accounts looking for large deposits from the Internal Revenue Service from tax refunds. In the Oklahoma City area, says an official of the Oklahoma Bankers Association, “Bank customers received hefty deposits into their accounts from the U.S. Treasury, and shortly thereafter were contacted by phone by someone claiming to be a collections agent for a firm calling itself DebtCredit and using the website name

“We’re having customers getting refunds they have not applied for,” says the banking official, noting that “the transfers were traced back to a local tax preparer who’d apparently gotten phished or hacked…If the crooks have breached a tax preparer and can send money to the client, they can sure enough pull money out of those accounts, too.”

And so it goes; be watchful.

Doug Bedell — February 18, 2018, 10:48 am

A City Ranked ‘Safe’ Had a School Shooting Regardless

In terms of security, Parkland, Fla.,where the latest school shootings occurred, was ranked as on of the safest cities in the U.S., Security InfoWatch notes.

“Parkland is an affluent residential community that backs up to the Everglades. The school was named to honor Stoneman Douglas, an environmentalist who fought to protect Florida’s Everglades. In fact, just this week, the city was ranked as the 15th safest city in America and one of the safest cities in Florida.

“But it could not be protected from an active shooter…”

Doug Bedell — February 12, 2018, 2:22 pm

Repairing Security Equipment: Not a Job for Everyone

If you’re producing security equipment for user customers, give an eye to this SecurityInfoWatch post on the “Right-to-Repair” legislation that’s pending in several states.

“By and large,” advises InfoWatch, “these bills are intended to give consumers the ability to have their automobiles, appliances and other devices repaired by someone other than the original manufacturer by requiring said manufacturers to provide independent repair shops the tools and information they need to make necessary fixes. However, many of the bills that have been introduced in state legislatures are very broad in nature and could potentially raise of a number of issues for security equipment manufacturers.”

The Security Industry Association (SIA) notes, for example, that a bill pending in Vermont would require manufacturers “to disclose proprietary source code, diagnostic and repair information to independent repair providers, which SIA contends would jeopardize the security and cybersecurity of certain products and also void related warranties intended to protect consumers.”

Looks like an example of good intentions gone seriously awry. Security equipment manufacturers know their stuff, and shouldn’t have to let others in on what it takes to “fix” it if it breaks. That could be a road to insecure.

Doug Bedell — February 6, 2018, 5:18 pm

Small Business People: You’re Increasingly Under Cyber Attack

Small businesses across the U.S. are increasingly finding themselves the victims of cyber crimes, reports Security Info Watch.

“Small businesses across the country,” says the Info Watch post, “are finding that they have suddenly emerged as potential targets of both nefarious solo hackers looking to steal personal information or engage in ransomware scenarios, as well as foreign-backed agents bent on stealing proprietary company information, disrupting supply chain logistics and weakening national security.”

Concerns like these were aired earlier this month at a U.S. House meeting that reviewed the the Small Business Advanced Cybersecurity Enhancements Act of 2017. Never heard of it? Well, check it out. “As small businesses increasingly rely on foreign technology products and services, they face an even greater threat from cyber attacks.” That’s today’s reality.

And it’s a threat that won’t go away in our increasingly digital world. So read on in Info Watch.

Doug Bedell — February 2, 2018, 4:36 pm

Guards or Not? A Pertinent Security Choice

Let’s take a look, courtesy of Security InfoWatch, at the human side of security. We’re using talking about security hardware or techniques. Here’s discussion of whether protection should be provided by in-house people or contracted to outsiders.

“On the surface,” says InfoWatch, “it would seem like the decision to outsource security to a third party would be a no brainer given the cost savings. But just turning over a function as vital as security to the lowest bidder without conducting the proper due diligence would be ill-advised and potentially negligent.”

First make an assessment of whether a facility is a higher or lower risk. “A ‘high risk’ facility can be described as such based on the following considerations:

• A facility that is open to the public with no access control.
• A multi-occupancy facility that contains several stores, shops, or offices.
• A location with a prior history of numerous reports of criminal activity within or on the property.
• A location that sells or produces a high value items, such as a jewelry store, gun shop, marijuana store, etc.
• A location that has previously contracted with armed security officers for a justifiable reason.
• A location at or near where homeless and other undesirable individuals are known to loiter.”

And go on from here, taking account of the rest of the InfoWatch discussion.

Doug Bedell — January 31, 2018, 3:51 pm

‘Security’ Often Isn’t Secure Enough

Security isn’t always simply security. You have to consider what you’re possibly securing against, as well as what you’re doing about it. “Depending on how you arrived at the list of your services,” advises the Security Executive Council, “the issue may be you are only providing discrete security services and not an overall comprehensive security program.”

Definitely, there are key distinctions between security services and a security program. “Do you really have a security program and are you managing program results?” is the Executive Council’s key question.

A security program has to do with what management actually desires and the means to accomplish it. Security services, by contrast, are the “day-to-day activities that employees or contractors deliver to customers in support of security risk mitigation.” They may, or may not, be sufficient. ID badges for employees, or pre-hire background checks, for example, may well not be sufficient.

It all comes down to how risk-tolerant an organization is – once the organization fully understands the risks of not being wary enough. Read on in the Security Executive Council’s post for a deeper understanding of true site security.

Doug Bedell — January 29, 2018, 4:28 pm

A Good Place to Hang Out: DHS is Serious about Web Security

We just passed Data Privacy Day on Jan. 28, the Department of Homeland Security advises. That’s “an international effort designed to inspire dialogue and empower individuals (to) take action to protect privacy, safeguard data, and enable trust in our interconnected world.”

This is an increasingly tall order on the vast, beleaguered Internet. A good place to check in regularly is the Homeland Security site itself. “Following a year of massive data breaches at both public companies and government organizations,” DHS notes, “it’s time we all learn how to secure our personal information and ‘own’ our online presence.” Indeed.

Doug Bedell — January 23, 2018, 3:08 pm

U.S. Marines Looking for More Than a Few Good Hackers

The U.S. Marine Corps., reports Defense Tech, is recruiting cyber operations specialists who will be assured of careers as Marine cyber security and hacking experts. “Join the Marines and serve at a keyboard,” might well be the slogan of corps’ recruiters. Security has come to rest on more than battlefield tactics.

“‘Anybody in here a hacker?” Gen. Robert Neller asked, looking around the basketball court at Marines crowded into a semi-circle, as afternoon sunlight streamed in. “If you are, come see me, because I’ll give you a re-enlistment bonus. I’m serious. I’m looking for people who know how to do that.”

“No hands go up, but the offer stands, and the Marines know Neller will be back later that evening for one-on-one conversations.

“Marine leaders have been vocal about their desire to build more cyber capabilities into the force.”

Not so surprising when you realize that the Marines, like the rest of us, are functioning in today’s digital world.

Doug Bedell — January 21, 2018, 10:55 am

Security ‘Rings’ Enable Internal Protection

To be sure you’re as protected as you need to be, think of site security in phases, working inward. There’s the perimeter (fencing), access spaces (vehicle barriers and personnel checks), door locks and, inside, computer and other electronic protections.

SecurityInfoWatch lays all this out nicely, noting that “The concept that is commonly referred to as ‘Concentric Circles of protection’, involves the use of multiple ‘rings’ or ‘layers’ of security. The first layer is located at the boundary of the site, and additional layers are provided as you move inward through the building toward the high-value assets.”