Doug Bedell — April 23, 2014, 12:51 pm

Employer and Employee Computer Rights

Here’s a good backgrounder on computer use in organizations – the sometimes conflicting needs of employee access for personal needs and the interest of employers in maintaining secure corporate networks.

“The conflict between security and privacy is nothing new,” David Melnick writes on an Information week Dark Reading post. “What’s new is the revelation that employee privacy can actually be a vehicle to better security and that you don’t have to sacrifice one for the other. Privacy as a complement to security – that should become the new normal.”

Doug Bedell — April 21, 2014, 11:33 am

Moxie at the Marathon

Wow! There are 9,000 more people running in the Boston Marathon today – 36,000 in all – than participated last year, when the race was wracked at the finish line by a terrorist’s bomb blast. Homeland Security Watch notes that over a million spectators are expected, double the average number, and Boston’s hotels have been booked for months.

May the marathon be run in that same defiant/celebratory manner! And hail to the winners – all of us.

Doug Bedell — April 16, 2014, 4:12 pm

How DHS Responded to ‘Heartbleed’

The U.S. Department of Homeland Security (DHS) has been as concerned as any other branch of government, or anyone in the private sector, over the possibility of the Internet security breach “Heartbleed” raising havoc with corporate and personal computer-based information. Here’s what DHS said of the “Heartbleed” situation, in a Web posting issued April 5:

“While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems. That is why everyone has a role to play to ensuring our nation’s cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.” In short, we’re on the case…

Doug Bedell — April 14, 2014, 1:14 pm

The Essential Security Setting: ‘Always On’

Security vigilance comes in one setting only – always on. That’s brought home by a pdf post from Domestic Security News noting the reality of differing arrival rates for vehicles at entry gates. On two occasions during “routine” morning delivery hours at a “sensitive public location” there was an 18 percent difference in unfamiliar vehicles entering.

“Sometimes,” the post observes, “we narrowly focus on a perceived threat we learned from training as well as news stories, such as the stereotypical vehicle bomb inside the Ryder or U-Haul rental truck, and we forget it is possible to load explosives into a vehicle other than what we see on television, such as the local UPS truck or daily dry cleaning van that we see everyday.”

UPS won’t like that reference, any more than your local dry cleaner will. But the reality is that threats can arrive by familiar means. Vigilance is unforgiving in that regard; “always on” is indeed the proper setting.

Doug Bedell — April 11, 2014, 1:37 pm

Internet Security: A Purported Solution to ‘Heartbleed’

You’ll no doubt be hearing about the “Heartbleed” Internet security breach that has endangered the security of personal information entrusted to supposedly secure websites and servers. Here, Government Security News promotes a presumably reliable software alternative, SAIFE, to protect user accounts while Internet security certificates are being updated.

‘”It’s unfortunate that so many people will be impacted by the Heartbleed bug when it is completely preventable,’ said (Ty) Lindteigen (SAIFE’ CEO0. ‘If companies would invest in technology solutions such as SAIFE, consumers will not have to worry about the security of their data in the future. Websites using SAIFE’s technology are secure and the consumers who use them do not have to worry about staying offline or having their personal information stolen.”‘

Doug Bedell — April 9, 2014, 11:31 am

Hospital Security Begins at Entryways

Hospitals are stressful places, for patients, their families and hospital staff members themselves. But they can at least be as secure as possible, places of safety as a prelude to healing. At the ISC West meeting (International Security Conference) just concluded, there was a panel on protecting hospitals from violence. Sad that the topic was called for, but it is.

Government Security News provides an account of a session focused on protecting hospitals from violence, especially shooter scenarios. A strong reporting reflex is called for, with hospital staffers being continually on the alert. Access control policies, too, are part of a desirable level of alertness. We’d add that they might begin at the entrance to parking lots, with adequate vehicle access control stations.

Doug Bedell — April 8, 2014, 11:14 am

Ultimate Computer Security Remains Elusive

Further computer security insights from Bruce Schneier: Be careful, he warns, about thinking you have undoubtedly secure computers. Schneier’s post, “‘Unbreakable’ Encryption Almost Certainly Isn’t,” makes for sobering security reading. He adds a couple of other sources for good measure and useful insight.

It’s not that computers can’t be made usefully secure. But surely secure is another matter.

Doug Bedell — April 4, 2014, 10:03 am

Bruce Schneier on Internet Security, as Experienced by Us

Bruce Schneier tries to sort through how actively the government and Internet proprietors are sharing information on individuals – willingly or unwillingly in the case of the web companies. He decides that both the government and the Internet sites have unclean hands when it comes to monitoring U.S. citizens.

“It would be better,” he writes, “if they (Google, Facebook, Microsoft and others) openly acknowledged their users’ insecurity and increased their pressure on the government to change, rather than trying to fool their users and customers.” A meaty piece on the state of Internet security.

Doug Bedell — April 2, 2014, 12:32 pm

Computer Systems Security a Field of Great Challenge

Government agencies are mindful of a shortage in cyber security skills. A writer on Government Security News sees automation as part of the answer. We don’t know – this is a pretty vexing question. Meanwhile, be confident of the capacities your IT people and suppliers and expect them to provide all the help with digital security that’s available to them.

Doug Bedell — April 1, 2014, 12:53 pm

Homeland Security Being Helpful to Taxpayers

This isn’t a case of one federal agency poaching on the turf of another. It’s the Department of Homeland Security (DHS) trying to be helpful to the customers of the Internal Revenue Service (IRS), we taxpayers, as this year’s tax season reaches its peak. Thus, DHS is providing a series of tips on “Ensuring Your Cyber Safety this Tax Season.”

Like, “Look out for phony messages on websites claiming to be from the IRS,” among other well-intended tips.