Technology Sectors

Market Sectors

Editorial

The Fax of the Matter

In the 1980s no workplace was without a fax machine. In today’s digital world the need to fax documents is largely redundant. Or is it? Not if you need to send a classified file.

 

It is patently obvious that some documents have to be kept under very strict protection from exposure because they contain military or state secrets that cannot be revealed without immediately negative repercussions.

 

What is less well known is that huge numbers of documents in regular use by government agencies are classified in the same way but are rather less critical to the safety and security of the nation at large. While less sensitive they are nonetheless considered secret and must be treated with the same attention to security as all other classified documents. There are lots of them.

This conundrum creates two challenges for government agencies in their efforts to operate as efficiently as possible while maintain at all times the required level of confidentiality for those documents falling into the classified category.

The first of these is how to transmit something between two different but related government departments without exposing it to capture by WikiLeaks, foreign governments, spies or general malcontents.

In today’s world of Encrypted Email, Virtual Private Networks, Biometric Authentication and Impenetrable Firewalls it ought to be straightforward to engineer a system for transferring documents and files between different agencies without the risk of them being comprised, stolen or manipulated. In many respects that is the case.

 

The long history of espionage however and recent exposures of all manner of interference with what should have remained confidential belies this. We have foreign governments disseminating emails internal to political parties, diplomatic reports from overseas embassies published on the Internet, and large multinational companies admitting sheepishly that their entire customer database has been compromised.

Communications facilities are undoubtedly ubiquitous and almost frightening in their speed and capacity but they are also gaining a reputation for their susceptibility to intrusion. Even the best encryption algorithms can be compromised if there is enough data to work with. In the right circumstances, valuable information can be gleaned from a data stream without actually decrypting it.

 

All of this tends to make those responsible for the integrity of classified data look to basic principles found trustworthy over many generations. The simplest of these is to ask the question: “At how many stages is this data outside my direct control?”

It is axiomatic that any file transfer involving the Internet includes dozens of interchange points and bridges that are well outside the control of the participants of the transfer. A single packet of data may pass through many diverse routers and access points on its way from sender to receiver. The famous Metropolitan Area Exchanges that are the backbone of the Internet in the US are unlikely to be platforms for snoopers but some of the outliers may be more vulnerable. How can the exposed legs of a transfer be reduced or eliminated?

Historically, and before the advent of the Internet, this was less of a concern because all communication was via the telephone network. A connection made between two telephones is point-to-point. That is, any data travels directly from one end to the other end after the link is created and this is then closed after the call. It is a dedicated one-off connection.

 

This is much harder to intercept than traffic through an Internet router that is a permanent part of the network in use. To enhance this resistance to interception some government agencies commissioned their own private phone networks entirely isolated from the public one.

 

Since the bulk of the requirement was to exchange classified documents it became the practice to use fax as the mechanism to accomplish this. To further ensure confidentiality these fax machines relied on modems that were encrypted to a very high degree and supplied under exclusive control of the NSA.

 

Non-standard fax machines were needed but the combination of dedicated connections, Secure Telephone Equipment and those specialized fax machines meant that exceptional security could be obtained and even the most sensitive documents could be transferred with considerable peace of mind.

It is the second challenge that is today becoming something of a nightmare for those tasked with organizing and managing communications in modern government agencies. The number of classified documents continues to increase and, perhaps more importantly, their nature is changing.

Historically the government office was paper based so sending a printed document was an acceptable method of communication and the volume of such transmissions could be handled by a secretariat and a dedicated secure fax machine usually housed in a basement room.

In today’s world, the desired transfer my involve a spreadsheet, GIF images, maps, PDFs, database files and all manner of material that is wholly unsuitable to being converted into a fax and transmitted as a printed document. The need is to be able to transfer any file so that it is received as an exact copy of that transmitted by the sender. We need to do files rather than just printed documents.

In addition there is a powerful need to eliminate the physical requirement for human intervention. It is no longer acceptable for staff members to attend to a device and feed sheets of paper into it or stand over a receiving machine to collect a sensitive inbound document.

The use of point-to-point dedicated links employing the best encryption in the form of Secure Telephone Equipment remains the foremost mechanism for transferring sensitive data.

This reliable and robust facility needs to be modernized to eliminate the fax machine and open up the ability to transfer classified files of any sort, automatically and with minimum operator intervention.

 

About the Author:
James E. Abbey is CEO of Preston Abbey, specialists in the secure exchange of classified files.   

3 Ways to Protect Your Critical Infrastructure

3 Ways to Protect Your Critical Infrastructure

By Jim Pruden, Senior Director Federal Civilian, Cloudera

 

An electrical fire at Hartsfield-Jackson Atlanta International Airport in December 2017 left America’s busiest airport without power for nearly 11 hours, delaying thousands of passengers during the busy holiday travel season. While the outage was not linked to a malicious actor, the event demonstrates how devastating an attack can be, and the impact could be much worse than a slew of frustrated travelers if the scenario arose from a targeted attack on more critical infrastructure.

 

The Department of Homeland Security (DHS) has designated 16 critical infrastructure sectors in the United States, including energy, communications, financial services and food and agriculture. These 16 industries are “considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic stability, national public health or safety, or any combination thereof.”

 

Although it’s true that many critical infrastructure sectors are primarily owned and operated by the private sector, such as energy and commercial facilities, the role of government should not be neglected when evaluating how best to protect these industries from attack. It can seem like a daunting task to account for and defend against all threats, from a physical terrorist attack to a targeted cyber strike to a natural disaster. But given the rising prevalence of cybersecurity threats, there are some precautionary measures that government agencies should keep in mind.

 

  • Stay current on federal recommendations -- Securing our critical infrastructure requires coordinated efforts from state, local, and federal governments as well as the private sector. But it is the federal government that is tasked with issuing standards and best practices on the most effective approach. Managed by DHS, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is an annual report that offers a recap of the health of the nation’s critical infrastructure to reduce risks. Private sector organizations operating within a designated critical infrastructure sector can request an assessment from DHS against a number of cybersecurity standards. Assessing the current state of readiness is the first step to implementing an effective cybersecurity plan.

 

  • Be aware of the weaker lines between OT and IT--Operational Technology (OT) is a system that monitors and controls physical devices and processes, such as how much electricity is generated through transmission lines. Traditionally, these functions were run on manual equipment physically operated by a human, but as the Internet of Things (IoT) has grown and operations are streamlined, many OT devices are now equipped with IP addresses to enable remote access and control. This transition means that OT and IT networks are becoming more closely connected, and so security standards must catch up to ensure proper barriers between the networks. Such measures include improved access control and encryption, which help prevent hackers from gaining access to the IT network and quickly taking control of the OT, which could lead to the disruption or even ransom of essential services like electricity and water.

 

  • Adapt security standards as IT landscape evolves--Private and public sector organizations alike are moving toward more digital business models that rely on the latest technological trends. From the growth of IoT to moving into public clouds and BYOD policies, IT operations and security must adapt to keep pace with the newest advancements. But this shift doesn’t mean that agencies and private sector organizations have to reinvent the wheel. Although attacks on critical infrastructure are highly targeted and can have dire consequences, they are nevertheless typically the same types of cyber attacks that have hit other industries already, from phishing and malware to ransomware, and can be mitigated with the same best practices already in place. And there are many new or improving technologies assisting organizations in the protection of critical infrastructure assets, like voice and video analytics that provide a number of capabilities, including crowd control, gauging expected motions, and identifying objects and individuals whether stationary or in motion.

 

Critical infrastructure protection is essential to the security of the United States. The 16 critical infrastructure sectors occupy a unique position of having such a designation via a federal agency, yet most of the operations are owned and operated by private businesses. Thus, information sharing and collaboration between the public and private sectors are vital to securing our nation’s critical infrastructure.

 

 

 

Government Security News Judge Chuck Brooks appointed to Adjunct Faculty at Master's in Applied Intelligence Program at Georgetown University

Chuck Brooks, MA ’81 was recently appointed to be Adjunct Faculty at Master's in Applied Intelligence Program at Georgetown University. Georgetown University’s Master of Professional Studies in Applied Intelligence program focuses on three key sectors, namely homeland security, law enforcement, and competitive business intelligence.

Chuck will be teaching a graduate course in Risk Management in Homeland Security. His course will provide students with the skills needed to assess and respond to an organization's exposure to risk as related to homeland security. Students will learn how to model, measure, and assess undesirable risks and reduce risks relevant to large organizations with public obligations across criminal justice disciplines and in public-private security collaborations.

Chuck is currently President Brooks Consulting International, a firm specializing in cybersecurity and emerging technologies strategy, branding, thought leadership, and marketing. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 500 million members.  He is also an advisor to LinkedIn on cybersecurity and emerging technology issues. Chuck has published more than 150 articles and blogs on cybersecurity and technology issues and is a frequent featured speaker at conferences.

Chuck has also judged five Government Security News Homeland Security Awards. In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a member, Electrical and Electronics Engineers IEEE Standards Association (IEEE-SA) Virtual Reality and Augmented Reality Working Group. He is on the Advisory Board, Center for Advancing Innovation, and has also served as a Technology Partner Advisor to the Bill and Melinda Gates Foundation.

Chuck has served in government at The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering  security and technology issues on Capitol Hill. Earlier in his career he served a Special Assistant of the Director of Voice of America. He also was an Auxiliary Police Officer for Arlington County , Virginia.

Chuck was also an Adjunct Faculty Member at Johns Hopkins University where he taught a course on Homeland Security and Congress.  He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.  

You can follow Chuck on LinkedIn: https://www.linkedin.com/in/chuckbrooks/

And on Twitter @ChuckDBrooks

NASA Television to Air Live Coverage of Upcoming Rare Lunar Eclipse

WASHINGTON, Jan. 29, 2018 -- Sky-gazers are in for a rare treat Wednesday, Jan. 31, when three celestial events combine to create a super blue blood moon. NASA Television and the agency's website will provide live coverage of the celestial spectacle beginning at 5:30 a.m. EST.
Weather permitting, the broadcast will feature views from the varying vantage points of telescopes at NASA's Armstrong Flight Research Center in Edwards, California; Griffith Observatory in Los Angeles; and the University of Arizona's Mt. Lemmon SkyCenter Observatory.

This event offers a rare opportunity to see a supermoon, a blue moon and a lunar eclipse at the same time. A supermoon occurs when the Moon is closer to Earth in its orbit and appears about 14 percent brighter than usual. As the second full moon of the month, this moon is also commonly known as a blue moon, though it will not be blue in appearance. The super blue moon will pass through Earth's shadow and take on a reddish tint, known as a blood moon.

A total lunar eclipse occurs when the Sun, Earth, and a full moon form a near-perfect lineup in space. The total phase of the eclipse will last 1 hour and 16 minutes. The whole process will take more than four hours.

If skies are clear, the U.S. West Coast, Alaska and Hawaii will have the best view of totality, from start to finish. For the eastern U.S. and Canada, a clear view will be limited as the Moon sets and the Sun rises during the early stages of the eclipse.

The last total lunar eclipse occurred Sept. 27-28, 2015. The next total lunar eclipse visible across North America will occur Jan. 21, 2019.

The Jan. 31 eclipse is the third in a series of supermoons in December 2017 and January 2018. Watch the Supermoon Trilogy video.

Follow the event online at:

https://moon.nasa.gov 

Join the conversation on Twitter at:

https://twitter.com/NASAMoon

Approaching video forensics with fresh intelligence

New AI technology that mimics the human brain can help law enforcement and intelligence organizations rapidly identify patterns, objects and faces in large amounts of archived and live streaming video

 

Video is a critical element in crime prevention and investigation, yet current law enforcement systems are increasingly unable to cope. The sheer volume of surveillance material captured and stored every day is staggering, and set to rise dramatically. Adding more cameras to gather more information will only ever be useful if processes to search and analyze the mountain of data keep pace. As it stands vital information may be missed because the vast majority of video is simply never viewed. 

 

Information technology firm Cisco estimates than in 2021 it would take more than 5 million years to watch the amount of video traffic across the globe – each month. Market researcher IHS forecasts that 127 million surveillance cameras and 400,000 body-worn cameras will ship this year, in addition to the estimated 300 million cameras already deployed. By 2020 it is predicted there will be more than 1 billion cameras operated by smart cities worldwide, providing 30 billion frames of video per day. Internet video surveillance traffic alone increased 71 per cent in 2016 according to Cisco, and is set to increase sevenfold by 2021. Globally, 3.4 per cent of all video traffic crossing the internet will be video surveillance.

 

Give that a major problem for surveillance operators is directed attention fatigue, where the brain naturally alternates between periods of attention and distraction, it would require a superhuman effort to identify and classify all these images. What is required is a system that is never distracted and can work in conjunction with people to reduce errors, which is what artificial intelligence-driven video systems promise. 

 

AI in video surveillance can potentially deliver four times the performance of conventional video search – in contrast to human vigilance, which studies have shown can degrade by 95 per cent after about 20 minutes.

 

The cost of deep learning

 

Since 2012, when AI video analytics took off, the systems trained to recognize objects and facial IDs from different types of image have proved expensive to run and slow to compute, and require large datasets to generate results. These systems, which are based on convolutional neural networks (CNNs), employ an AI technique known as ‘deep learning’. They excel at churning through data but lack the ability to refine and react to streams of information gathered from the surrounding environment – which the human brain is extremely good at.

 

What’s more, CNNs exhibit limitations including poor noise immunity, particularly when random pixels appear in an image due to noisy sensors or lens contamination. They can serve false classifications if the network becomes confused – for example by someone wearing glasses, or if it cannot find a new face in a crowd without a large set of labelled images relating to that face being added to the database. The network parameters of CNNs need careful adjustment, and even then the accuracy rate for correct image classification may not be sufficient for video surveillance applications.

 

Spiking neural networks

 

A relatively new approach is the spiking neural network (SNN), which simulates and models the different aspects of the human brain’s operation much more closely than a CNN.

 

For instance, a police department that is looking for a suspect in live video streams does not have thousands of images of that suspect; nor does it have weeks to train a CNN system. In an SNN-based system, it can find patterns and people in videos in milliseconds and from a single image – which, importantly, can be as small as 24 x 24 pixels: it doesn’t need to be high definition. The system excels in recognition in low-light, low-resolution, noisy environments, making it ideal for the large amount of previously installed video surveillance systems.

 

Unlike current CNN technologies that require extensive pre-labelled datasets and expensive cloud-based training and acceleration, an SNN system can be implemented in software with traditional computer processors (CPUs) and trained on-premises. The one-shot technology learns in real time and requires only modest processing power – typically a Windows- or Linux-based x86 desktop computer or server – as well as consuming little energy.

 

This enables a greater number of law enforcement organizations to capitalize on the opportunities offered by AI. It means AI algorithms can be used with legacy systems without requiring expensive hardware or infrastructure upgrades, and it can be deployed in the field in highly secure environments that may not have cloud connectivity.

 

Tasks that seemed impossible for machines just a few years ago are becoming almost routine, and SNN technology has perhaps the greatest potential to bring valuable new capabilities into mainstream automated video surveillance today.

 

About the author:

Bob Beachler is Senior Vice President of Marketing and Business Development at BrainChip. He can be reached at: [email protected]

Can airlines and airports use 'smart contracts' for shared control of data?

SITA Lab, the research team of the air transport industry’s IT provider SITA, today revealed the learnings from research it carried out with British Airways, Heathrow, Geneva Airport and Miami International Airport into ‘smart contracts’ residing on a blockchain.

Blockchain has been heralded as a transformational technology for many industries. While several use cases have been identified for the air transport industry, the opportunity of using ‘smart contracts’ for shared control of data by airlines and airports is one which promises real benefits. SITA Lab today issued FlightChain, a paper outlining the findings of its research conducted with its airline and airport partners.

The air transport industry is highly-connected and there is a need for ‘single source of truth’ for various data used by different stakeholders. Control of shared data is a key concern for all. Blockchain offers potential to share data in a controlled way. SITA recognizes, however, that there is a need for research so the industry can take the right approach, to ensure governance, standards, compliance, security and more.

This research project was initially established by SITA Lab with Heathrow Airport Holdings Limited (HAL) and International Airlines Group (IAG) with Geneva Airport and Miami International Airport participating. Called FlightChain, it was devised to investigate a single source of truth for flight data.  The “flight data problem” is a well-known issue in the industry - namely, there is no single source of the truth and the data that does exist, is not easily accessed by all parties.

While there are many cases of airlines and airports collaborating to share flight data, this data still resides in separate silos. When there are flight delays, this results in differences between passenger apps, airport FIDS and airline agents. FlightChain ensures all stakeholders have the same information.

Jim Peters, CTO, SITA, said: “Our FlightChain project has demonstrated that blockchain is a viable technology to provide a single source of truth for data for airlines and airports, specifically for real-time flight information. While there are other technologies available for sharing data, the use of blockchain, and smart contracts in particular, provides ‘shared control’ and improves the trustworthiness of the data. This research with our partners shows the potential of blockchain for sharing data across the air transport industry.”

FlightChain was established as a private permissioned blockchain (implemented on both Ethereum and Hyperledger-Fabric) that stores flight information on the blockchain, using a smart contract to arbitrate potentially conflicting data. British Airways, Geneva Airport, Heathrow and Miami International Airport provide flight data that is merged and stored on the blockchain. During this project more than two million flight changes were processed by the smart contract and stored on FlightChain.

Stuart Harwood, Heathrow Automation and Innovation, HAL, said: “Heathrow’s participation in FlightChain with SITA Lab has been very valuable. We are still early in the blockchain technology cycle and more research is required but FlightChain has shown the opportunities for shared control of data with our industry partners.”

Peters, added: “In a real-world network, it will be important to manage the changes to the smart contract as it affects all participants. Industry bodies such as ACI and IATA, working with SITA as the neutral IT provider to the air transport community, could be involved in the establishment of the contract. In fact, we can imagine a future where industry standards are written directly as smart contracts instead of published as PDF documents.”

Glenn Morgan, Head of Digital Business Transformation at International Airlines Group (IAG), said: “Now we’ve proven the technology, we are really excited by the opportunities that blockchain can create in the industry. We will work with IATA and ACI to ensure the best practices are in place.”

The research paper published today details key lessons learned regarding governance, smart contracts, system security and system performance, scalability and reliability. Along with a view on the use of public versus private blockchain networks for the air transport industry.

Lawmakers, Procurement Experts Call Puerto Rico Power Contract a 'Travesty'

 

The Trump administration is distancing itself from a controversial contract aimed at rebuilding the power grid in hurricane-ravaged Puerto Rico, which procurement experts and lawmakers say has dubious origins and contains highly unusual provisions.

The contract in question was valued at $300 million and awarded to a small Montana firm, Whitefish Energy, by the Puerto Rico Electric Power Authority. The unusually high labor costs and language that prohibits government agencies from auditing certain aspects of the deal, as revealed in the leaked contract, sparked concern from members of Congress and government watchdogs. Sen. Claire McCaskill, D-Mo., the ranking member of the Senate Homeland Security and Governmental Affairs Committee, said the contract “raises every red flag in the book.”

Both the White House and the Federal Emergency Management Administration have distanced themselves from the contract.

“Based on initial review and information from PREPA, FEMA has significant concerns with how PREPA procured this contract and has not confirmed whether the contract prices are reasonable,” FEMA said in a statement on Friday. “FEMA is presently engaged with PREPA and its legal counsel to obtain information about the contract and contracting process, including how the contract was procured and how PREPA determined the contract prices were reasonable.”

One provision of the document stated “FEMA has reviewed and approved of this contract” and is “an acceptable form to qualify for funding from FEMA and other U.S. governmental agencies,” but FEMA said that characterization is “inaccurate.”

Another section of the contract states “the federal government is not a party to this contract and is not subject to any obligations or liabilities to PREPA” or anyone else party to the document. FEMA said it has yet to provide any reimbursement to Whitefish, adding any applicant for its public assistance grants must abide by federal requirements or “risk not being reimbursed.”

White House Press Secretary Sarah Sanders said at a briefing on Friday the contract was “not something the federal government played a role in” and declined to comment on its propriety until a proper audit is conducted.

Both the process for obtaining the contract and the subject of it are problematic, said Steven Schooner, a professor of government procurement law at The George Washington University and a former associate administrator for procurement law and legislation at the Office of Federal Procurement Policy in the Office of Management and Budget. Whitefish did not go through a competitive, open bidding process before receiving the contract. The attempt to limit transparency through restricting audits “jumps off the page” and is “highly irregular,” Schooner said.

The contract states that, “In no event shall PREPA, the Commonwealth of Puerto Rico, the FEMA administrator, the comptroller general of the United States, or any of their authorized representatives have the right to audit or review the cost and profit elements of the labor rates specified herein."

Scott Amey, general counsel at the Project on Government Oversight, said an audit clause used to be standard practice until sometime during the Clinton administration. He added that many contracts today still go out the door without requiring firms to “provide adequate support for costs or prices.” Amey found problematic another clause in the contract, in which PREPA waived “any claims against” Whitefish for any delays in completing work.

The waiver “raises concerns about whether Whitefish or its subcontractor workforce is prolonging the work to reach, and possibly extend, the contract’s $300 million ceiling,” Amey said.

Amey echoed Schooner in noting the contract highlighted the difficulties in negotiating relief contracts after a disaster strikes. Many observers faulted Puerto Rico for reaching an agreement with Whitefish rather than relying on a previously established mutual-aid network of public utilities that typically handle power restoration.

Several aspects of the billing have also raised concerns. A journeyman lineman on the contract, Schooner noted, would make about $228 per hour. Subcontracted journeyman linemen, who will provide the vast majority of the work for the contract, will earn $319 per hour. That provides a significant take off the top for Whitefish, Schooner said, in which “you’d have to be an idiot” to send your own employees to do the work rather than hiring subcontractors. Those employees will also earn a $400 per diem, according to the contract, meaning a subcontractor lineman working eight hours would bill at nearly $3,000 per day.

“That’s a jaw-dropping rate,” Schooner said. “How could somebody have agreed to these kinds of rates?”

Whitefish is also billing the government at an hourly rate for equipment, which Schooner called “unthinkable.”

“It’s so unbelievably nonsensical I don’t even know where to begin,” he said.

The contract initially came under scrutiny after reports surfaced that Whitefish is headquartered in the small town where Interior Department Secretary Ryan Zinke lives, and that Zinke’s son interned at the company. Interior has denied Zinke had any involvement with the contract, something Sanders said Zinke reiterated to Trump at a previously scheduled White House meeting on Friday.

"Any attempts by the dishonest media or political operatives to tie me to awarding or influencing any contract involving Whitefish are completely baseless," Zinke said in a statement Friday. "I welcome any and all investigations into these allegations, and encourage the Interior Department's inspector general to investigate this matter fully." 

Two House committees, Energy and Commerce and well as Natural Resources, have launched probes into the contract. The Homeland Security Department’s inspector general is also investigating the contract. McCaskill and the chairman of her committee, Sen. Ron Johnson, R-Wis., wrote a letter to the IG requesting he determine whether the contract is eligible for reimbursement under FEMA’s Public Assistance Program. Their committee is holding a hearing on the federal government’s recent hurricane response efforts, and McCaskill said Trump administration officials “better be ready to answer tough questions on exactly what is happening with this contract.”

The no-audit clause in Whitefish’s contract, Amey noted, did not apply to the DHS IG or congressional committees.

Schooner praised the reviews underway, calling the contract a “travesty” and suggesting some major changes happen quickly.

“It would be an abomination if it isn’t very quickly terminated, modified or replaced,” he said.

 

Hikvision Launches Cybersecurity Hotline

 

Hikvision North America solidifies its commitment to cybersecurity with a dedicated cybersecurity hotline

CITY OF INDUSTRY, Calif.—October 23, 2017–Hikvision USA Inc., the North American leader in award-winning video surveillance products and solutions, today announced the launch of a cybersecurity hotline that Hikvision integrators, clients and technology partners can call for direct support related to cybersecurity concerns.

 

Hikvision encourages its partners to update all equipment to the latest available firmware. “Updating firmware is an effective way to safeguard equipment from cyberattacks and eliminate known vulnerabilities. Firmware updates are available on the Hikvision website,” said Chuck Davis, Hikvision director of cybersecurity for North America.

 

Partners can reach the Hikvision cybersecurity hotline directly by calling 626-723-2100, or by dialing the general technical support line at 866-200-6690, and pressing “5.” Cybersecurity support can also be provided via email at [email protected]

 

Hikvision takes cybersecurity concerns with the utmost seriousness and takes diligent action to ensure that its products meet the standards of the security industry’s best practices.

 

“Cybersecurity is Hikvision’s top priority,” said Jeffrey He, president of Hikvision USA Inc. and Hikvision Canada Inc. “Innovation and R&D are integral parts of our technology development, and continuous improvements to our cybersecurity support with this hotline solidify our commitment to secure our products even further.”

 

About Hikvision

Hikvision is the world’s leading supplier of video surveillance solutions. Featuring the industry’s strongest R&D workforce, Hikvision designs, develops, and manufactures standard- and high-definition cameras, including a variety of IP cameras, analog cameras, and cameras featuring the latest in high-definition analog technology. Hikvision’s product suite also includes digital video servers, hybrid and standalone DVRs, NVRs, and other elements of sophisticated security systems for both indoor and outdoor use. Committed to the utmost quality and safety of its products, Hikvision encourages partners to take advantage of the many cybersecurity resources Hikvision offers, including the Hikvision Security Center.

 

###

 

Martha Entwistle

Senior Manager Strategic Communications, Hikvision USA Inc.

[email protected]

60 years innovating for the Latin American air transport industry

In November 1957, from a small facility in Buenos Aires, SITA began operations in Latin America. Since then, it has grown and transformed into the air transport industry’s communications and IT solution provider, with Aerolíneas Argentinas as one of its main customers.

During this period, the company has been a key contributor to airport infrastructure development in the region, through the implementation of new technologies. In 1988, Rio de Janeiro Airport was the first in the region move from manual check-in to SITA’s common-use system (CUTE – Common Use Terminal Equipment). Since 2005, passengers in Cancun can check themselves in using SITA’s self-service kiosks. Over the years, SITA has supported the air transport industry in Latin America with state-of-the-art technology, to make air travel easier at every step of the way, helping them to meet the expectations of passengers of the future.

The company’s portfolio covers all areas operations including passenger processing, airport operations, baggage, border management and aircraft communications, making the industry more efficient and effective.

Elbson Quadros, SITA Vice President, Latin America, said: “Our greatest delight is to celebrate our 60th anniversary with our customers, who have been trusting our services from the very beginning. SITA is unique because it is the global IT and communications provider to the air transport industry and is owned by the community. We have been part of the major aviation achievements in Latin American over the past 60 years and we will continue to contribute to an increasingly safe and efficient advanced industry. Through SITA Lab, our technology research team, we are exploring strategic and innovative solutions for our clients in biometrics, mixed reality and artificial intelligence. While our robot, Leo, which has already been in Brazil, Argentina, Mexico and Chile, will be showcased next month at a major industry event in Costa Rica."

Ricardo Lehmacher, Airports Manager for the Aerolíneas Group, added: “For Aerolíneas Argentinas, SITA's efforts to improve our service standards are fundamental. We believe it is vital to offer our passengers and employees the latest technology available, especially in a context of growth and expansion of our business. Together with SITA we want to continue working to always be at the forefront of technology.”

Nearly every airline and airport in the world does business with SITA and its border management solutions are used by more than 30 governments. With a presence at more than 1,000 airports around the world and a customer service team of 2,000+ staff, SITA delivers unmatched service to more than 2,800 customers in more than 200 countries. 

In 2016, SITA had consolidated revenues of US$1.5 billion. SITA’s subsidiaries and joint ventures include

SITAONAIR, CHAMP Cargosystems and Aviareto.

SITA has 320 employees serving the Latin American and Caribbean region, with offices in Brazil, Argentina, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Guyana, México, Paraguay, Perú, Surinam, Venezuela, Aruba, Bahamas, Grenada, Guayana, Antigua and Barbuda, St. Martin, St. Vincent and the Grenadines, Barbados, Jamaica, Curaçao and Trinidad.

New Cybersecurity Regulations Adopted to Protect Financial Systems & Information

In 2016 almost 1.1 billion identities were stolen globally.  This number is up dramatically from a reported 563.8 million identities stolen in 2015.   In addition, the same Symantec Internet Security Threat Report placed the United States at the top of the list for both the number of breaches by country (1,023) and the number of identities stolen by country.

New York State’s Division of Financial Security and other government entities around the globe have been monitoring this increased cybercriminal threat and determining means to help protect the private information of individuals as well as the information technology systems of regulated organizations.

New York State’s Division of Financial Security released new cybersecurity requirements (23 NYCRR 500), directly affecting the way that financial data is managed going forward. Applicable to financial services companies operating in New York State, these regulations declare that, on an annual basis, financial firms are required to prepare and submit a Certification of Compliance with the NY DFS Cybersecurity Regulations to the superintendent, commencing on February 15, 2018.

The scope of this legislation describes measures related to: cybersecurity programs and policy, personnel, resources and training, penetration testing and assessments, audit trails, access privileges, application security, third parties, NPI (Non Public Information) encryption, data retention, incident response and notification.

Among other requirements, this regulation dictates that companies declare any cyberattack to the superintendent within 72 hours. In the past, many companies chose to not disclose information related to these hacking exposures because much of their cost stems from damage to brand reputation and the necessary steps required to rebuild the trust of their clients post-attack.

Similar to the NY DFS proposal, the Federal Reserve Board (FSD), the Office of the Comptroller of the Currency (OCC), and the FDIC issued an advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management and resilience standards for large banking organizations.  Additionally, the states of Vermont and Colorado have released laws pertaining to cybersecurity and the improved protection and monitoring of data. 

Two technologies specifically called out in the new NYS DFS Cybersecurity requirements, Multi-factor Authentication (MFA) and Risk Based Authentication (RBA), are key methods of complying with regulation and defending against attacks. 

Multi-factor authentication is defined as using at least two factors to authenticate a person, generally a combination of:

  • “Something I Have” — this could be a hardware token, a mobile soft token, etc.
  • “Something I Know” — like a PIN code, a password, and
  • “Something I Am” — such as a fingerprint or face recognition.

With MFA, the two factors are fully independent from each other (i.e. the failure of one factor would not compromise the other one).

Risk based authentication is the capacity to detect anomalies or changes in the normal use patterns of a person as part of the authentication process, require additional verification if an anomaly is detected to avoid any breach.

It is more efficient to avoid hacking and cyber-attacks in the first place by focusing attention on the security of the applications being accessed, both externally and internally.  To learn more about these regulations and how similar standards will impact you, visit www.hidglobal.com/iam.

Pages

 

Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...