Tech Update Summary from Blue Mountain Data Systems January 2018

Blue Mountain Data Systems
Tech Update Summary
January 2018

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for January 2018. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Network Security
2018 TRENDS: Your 2018 Network Security Snapshot. Security spending is on the
rise even as IT allotments fall, creating a conundrum for IT professionals who must
deliver top-tier protection in a technology market where cybercriminal innovation
and consumer expectations are accelerating. Here’s what’s on the horizon for
network security and where IT focus has the most impact. Here’s a snapshot of
2018’s top network trends. Read more
[SECURITYINTELLIGENCE.COM]
FEDERAL: Time to Fix the TIC. The Report to the President on Federal IT
Modernization emphasizes the need for updated IT infrastructure and shared
services – specifically recommending modernizing the Trusted Internet
Connections program. Will this cause network security to become irrelevant? Read
more
[FCW.COM]

Network Security
SECURITY: Shared Services Can Improve Cybersecurity, IT Security Leaders Argue.
The government can enhance smaller agencies’ security if it gives them access to
more interagency cybersecurity services, current and former federal cyber leaders
say. Read more.
[FEDTECHMAGAZINE.COM]
TREND: The Next Step in Network Security Evolution. The next step in the
evolution for network security should be obvious. Decisions about whether to
allow or block communication must be made based on information that more
closely aligns with intent, such as the user and application making the request, the
user and the application receiving the request, and the state of the environment.
As with signature-less NGAV, machine learning can be applied to perform this
analysis in real-time. Read more.
[HELPNETSECURITY.COM]

Encyption
OPINION: Hyper-Convergence and the Need for Greater Encryption. Is there a
need to encrypt physical servers on premise, rather than just certain files and
directories based on the data they hold? The argument often given for not needing
to encrypt physical servers is usually that these servers run for weeks, months or
even years without being brought down, and that they are physically protected
within a well-fortified data center. The protection that FDE (Full Drive Encryption)
brings only really applies to data at rest and it seldom is at rest on these servers. A
response to this argument is that all drives eventually leave the data center for
repair or disposal and having them encrypted protects you from having your old
drives with your customer data on them show up on eBay. It also makes that
decommissioning process even easy, as an encrypted drive can be quickly and
easily crypto-erased if it is still operational, and if in some dramatic failure of
process these does not happen, the data is still not accessible without the
encryption key. Read more
[INFOSECURITY-MAGAZINE.COM]

Encyption
SECURITY: Skype’s Rolling Out End-to-End Encryption For Hundreds of Millions of
People. Skype has more than 300 million monthly users, making it one of the most
popular chat platforms in the world. Now, they’ll all be able to benefit from a
crucial privacy protection: Microsoft has announced that Skype will offer end-to-
end encryption for audio calls, text, and multimedia messages through a feature
called Private Conversations. Read more
[WIRED.COM]
NATIONAL SECURITY: FBI Chief Calls Encryption a ‘Major Public Safety Issue’. FBI
Director Christopher A. Wray on Tuesday renewed a call for tech companies to help
law enforcement officials gain access to encrypted smartphones, describing it as a
“major public safety issue.” Wray said the bureau was unable to gain access to the
content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it
tried to crack in that time period — despite having a warrant from a judge.
Read more.
[WASHINGTONPOST.COM]

Encyption
CHAT SECURITY: WhatsApp Security Flaws Could Allow Snoops to Slide Into
Group Chats. When WhatsApp added end-to-end encryption to every conversation
for its billion users two years ago, the mobile messaging giant significantly raised
the bar for the privacy of digital communications worldwide. But one of the tricky
elements of encryption—and even trickier in a group chat setting—has always
been ensuring that a secure conversation reaches only the intended audience,
rather than some impostor or infiltrator. And according to new research from one
team of German cryptographers, flaws in WhatsApp make infiltrating the app’s
group chats much easier than ought to be possible. Find out more
[WIRED.COM]

Databases
LAW ENFORCEMENT: To Deter Criminals, Expand DNA Databases Instead of
Prisons. Elected officials often push for lengthening prison sentences for particular
crimes in the hopes of deterring people from committing them. But new research
highlights a more effective and less costly approach: expanding databases that
record the DNA of criminal offenders. Read more
[WASHINGTONPOST.COM]
AWS: Rolls Out New Graph Database, More Database Functionality. At re:Invent,
Amazon Web Services unveils new services for Aurora and for DynamoDB, along
with Neptune — a fully managed graph database. Read more
[ZDNET.COM]

Databases
GRAPH DATABASES: A Look at the Graph Database Landscape. Graph databases
are the fastest growing category in all of data management, according to DB-
Engines.com, a database consultancy. Since seeing early adoption by companies
including Twitter, Facebook and Google, graphs have evolved into a mainstream
technology used today by enterprises in every industry and sector. So, what makes
graph databases so popular? By storing data in a graph format, including nodes,
edges and properties, graphs overcome the big and complex data challenges that
other databases cannot. Graphs offer clear advantages over both traditional
RDBMs and newer big data products. Here’s a look at a few of them particular.
Read more.
[DATANAMI.COM]

Databases
ENTERPRISE: Data Storage and Analytics: 10 Tips to Make it the Perfect Marriage.
In the past, data storage was kind of dumb. It sat there inert – waiting for an
application to come along and do something with it. Those days are gone, as big
data and analytics tools seek to unearth trends, isolate opportunities and detect
threats in real time. Here are some tips from the experts on how to get the most
out of the evolving relationship between storage and analytics. Find out more
[ENTERPRISESTORAGEFORUM.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech
FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape,
Modernize Government Technology. The size and scope of the
federal government’s information technology landscape only
continues to grow and in a way that makes it incredibly difficult to
change. In the Federal Chief Information Officers Council’s latest
study, the current state of government IT is described as monolithic.
And, it is not meant as a compliment. Read more
[FEDERALNEWSRADIO.COM]

Federal Tech
OPINION: Government Efforts to Weaken Privacy are Bad for Business and
National Security. The federal government’s efforts to require technology and
social media companies to relax product security and consumer privacy standards
– if successful – will ultimately make everyone less safe and secure. Read the rest
PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your
DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies
had to send DNA samples to government labs and wait for it to get tested, which
could take days or even weeks. Find out more
[GOVTECH.COM]

Federal Tech
MODERNIZATION: Making Modernization Happen. Now more than ever before,
comprehensive IT modernization for federal agencies is a real possibility. The
question that remains is whether President Donald Trump’s words and actions
during his first months in office will be sustained by the administration and
Congress in the months and years ahead. Read more
[FCW.COM]

State Tech
SURVEY: Cybersecurity Concerns May Keep One in Four Americans
from Voting. Cybersecurity concerns may prevent one in four
Americans from heading to the polls in November, according to a
new survey by cybersecurity firm Carbon Black. The company
recently conducted a nationwide survey of 5,000 eligible US voters to
determine whether reports of cyberattacks targeting election-related
systems are impacting their trust in the US electoral process. The
results revealed that nearly half of voters believe the upcoming
elections will be influenced by cyberattacks. Consequently, more
than a quarter said they will consider not voting in future elections.
Read more
[HSTODAY.US.COM]

State Tech
ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is
centralizing IT operations under Alaska’s newly created Office of
Information Technology. But consolidating IT in a sprawling state like
Alaska offers challenges not found in other environments, says the
state’s new CIO Bill Vajda. Read the rest
[GCN.COM]
ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter
State IT. Jim Purcell wasn’t expecting a call from Alabama’s new
governor, Kay Ivey, and he certainly wasn’t expecting her to ask him
to head up the Office of Information Technology (OIT) – but that’s
exactly what happened last week. Find out more
[GOVTECH.COM]

State Tech
ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of
Illinois, sought to become the nation’s first Smart State – a process that required
reorganizing its 38 IT departments into one, improving government services, and
finding new sources of innovation to apply to its revenue model. Within 18
months, Illinois rose in national rankings from the bottom fourth of state
governments to the top third. Read more
[ENTERPRISERSPROJECT.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Section 508 Compliance & WCAG 2.0
ACCESSIBLE DIGITAL WORKPLACE: We Need to Build Accessibility Into Our Digital
Workplaces. According to the 2010 U.S. Census, one in five people have some form
of physical or cognitive disability. And yet as of 2016, only 17.9 percent of people
with disabilities were employed, compared with 65.3 percent of people without a
disability. Nevertheless chances are at least one person in your organization
probably has some form of disability. And the disabilities, such as dyslexia and
color blindness, are not so obvious. Read more
[CMSWIRE.COM]

Section 508 Compliance & WCAG 2.0
508 REFRESH: How Does the Refreshed Section 508 Rule Affect Your Agency? This
article focuses on what changed in the refresh and how the refresh affects agency
systems. The good news is that if agencies complied with the original Section 508
rule, then they are ahead of the game concerning the refreshed rule. Simply put –
agencies that were compliant are still compliant because there is a “safe harbor”
clause embedded in the new rule that exempts existing or “legacy” IT from having
to meet the refreshed rule. Keep in mind, though, that new or updated web pages
created after the new rule went into effect must comply with the new rule by
January of 2018. Read more
[GCN.COM]

Section 508 Compliance
LEGAL: Is Your Company Website Sufficiently Accessible to the Disabled? Over the
last two years, there have been an increasing number of lawsuits filed over the
alleged failure of websites to accommodate persons with disabilities. According to
a recent New York Times article, since January 2015, at least 751 website
accessibility lawsuits have been filed under Title III. The vast majority of these suits
have targeted retailers and restaurants. Now, other entities, such as academic
institutions, are coming under fire, and we anticipate litigation to increase in 2018
impacting all industries. Read more.
[LEXOLOGY.COM]

Section 508 Compliance
ACCESSIBLE WEB DESIGN: How to Accommodate the Dyslexic Reader. Dyslexia is
a general term for disorders that involve difficulty in learning to read or interpret
words, letters, and other symbols, but that do not affect general intelligence. It is
the most common cause of reading, writing, and spelling difficulties. Of people
with reading difficulties, 70-80% are likely to have some form of dyslexia. It is
estimated that between 5-10% of the population has dyslexia, but this number can
also be as high as 17%. Here are some CSS tips to consider when designing web
content to accommodate the dyslexic reader. Read more.
[ACCESSIBLEWEBSITESERVICES.COM]

Security Patches
WINDOWS: Windows 7 Update Guide: How ‘Security-Only’ and ‘Monthly Rollups’
Differ. Microsoft in 2016 changed the way it rolls out updates for Windows 7 and
Windows 8.1, leaving many IT admins and users confused. Here’s how to sort out
what the company is doing. Read more
[COMPUTERWORLD.COM]
ANDROID: Google Releases December Security Bulletin for Android, KRACK Fix
Included. You have to thank the Android gods that Google is as regular as the
sunrise when it comes to releasing their monthly Android Security Bulletin. Ever
since the Stagefright vulnerability was made public, the mothership has made it its
own responsibility to put out a monthly patch for evolving Android security risks.
The patch for December 2017 is now out, both for general Android devices, and
one specific to Nexus and Pixel devices. Find out more
[ANDROIDCOMMUNITY.COM]

Security Patches
INTEL: Intel’s Security Patches are Causing Computers to Randomly Restart. Intel
confirms that its patches to fix processors affected by the Spectre and Meltdown
security flaws are causing computers to suddenly reboot on their own. Read more
[CNBC.COM]
MICROSOFT: Says Security Patches Slowing Down PCs, Servers. Microsoft Corp
has announced that software patches released to guard against microchip security
threats slowed down some personal computers and servers, with systems running
on older Intel Corp processors seeing a noticeable decrease in performance. Read
more
[REUTERS.COM]

Security Patches
SECURITY: The Hidden Toll of Fixing Meltdown and Spectre. In the early days of
2018, the engineering team at the mobile services company Branch noticed
slowdowns and errors with its Amazon Web Services cloud servers. An
unexpected round of AWS server reboots in December had already struck Ian
Chan, Branch’s director of engineering, as odd. But the server slowdowns a few
weeks later presented a more pressing concern. Read more.
[WIRED.COM]
GOOGLE: Says Its Security Patches Not Slowing Down Systems. Alphabet Inc’s
Google said it has already deployed software patches against the Spectre and
Meltdown chipset security flaws last year, without slowing down its cloud
services. Find out more
[WIRED.COM]

For the CIO, CTO & CISO
CIO: Cybersecurity, IT Centralization Are Focuses for Santa Clara County CIO.
Nearly 11 months after former EPA CIO Ann Dunkin became Santa Clara County’s
CIO, she reflects on an ongoing IT centralization and the importance of good
“cyberhygiene.” Read more
[GOVTECH.COM]
CTO: FCC’s Own Chief Technology Officer Warned About Net Neutrality Repeal.
The Federal Communications Commission’s own chief technology officer expressed
concern about Republican Chairman Ajit Pai’s plan to repeal the net neutrality rules,
saying it could lead to practices that are “not in the public interest.” Read more
[POLITICO.COM]

CIO, CTO & CISO
CISO: How Federal CISOs Can Make the Most of Security Resources They Have.
Chief information security officers need to efficiently use the resources at hand
while planning for the future. Read more.
[NEXTGOV.COM]
Q & A: Meet the Alumna Serving as Acting CIO of the United States. As acting
chief information officer of the United States, University of Virginia alumna
Margaret Graves oversees the vast web of technology that supports and protects
the work of the federal government every day. It’s a big task and one to which
Graves is deeply committed. Read more.
[NEWS.VIRGINIA.EDU]

Penetration Testing
THREAT INTELLIGENCE: You Break It, They Buy It: Economics, Motivations
Behind Bug Bounty Hunting. Some bug hunters make 16 times the median
salary of software engineers in their home countries. As the momentum grows
in both the private and public sector for crowdsourced bug bounty programs,
freelance security researchers are increasingly finding their profession for finding
software vulnerabilities turning into a lucrative career opportunity in its own
right. Read more
[DARKREADING.COM]

Penetration Testing
NEXT-GEN: Using Search Engines as Penetration Testing Tools. Search engines
are a treasure trove of valuable sensitive information, which hackers can use for
their cyber-attacks. Good news: so can penetration testers. From a penetration
tester’s point of view, all search engines can be largely divided into pen test-
specific and commonly-used. Learn how ethical hackers use three search engines
as penetration testing tools: Google (the commonly-used) and two pen test-
specific ones: Shodan and Censys. Read more
DATA BREACH: ‘Hacking Incident’ Impacts Nearly 280,000 Medicaid Patients. A
health data breach reported to federal regulators as a “hacking/IT incident”
impacting nearly 280,000 Medicaid patients in Oklahoma has experts wondering
exactly what happened. Read more.
[GOVINFOSECURITY.COM]

Penetration Testing
FEDERAL GOVERNMENT: The Pentagon Opened Up to Hackers—And Fixed
Thousands of Bugs. The United States government doesn’t get along with hackers.
That’s just how it is. Hacking protected systems, even to reveal their weaknesses,
is illegal under the Computer Fraud and Abuse Act, and the Department of Justice
has repeatedly made it clear that it will enforce the law. In the last 18 months,
though, a new Department of Defense project called “Hack the Pentagon” has
offered real glimmers of hope that these prejudices could change. Find out more
[WIRED.COM]

Open Source
LINUX: 10 Open Source Technologies You’ll Need to Know in 2018. For most
enterprise IT departments, using and contributing to open source projects is
now a part of everyday life. Read more
[LINUX.COM]
MAPPING: An Open Source Startup Dies as Mapping Gets Hotter Than Ever. For
at least one startup, 2018 opened with a thud. On Tuesday, the open source
mapping company Mapzen announced it would shut down at the end of the
month, with its hosted APIs and support services going dark on February 1.
That’s a real pain for Mapzen users, whose ranks include civic tech organizations
like Code for America, app developers, and government agencies like the
Portland-area transportation agency TriMet. And it’s a bummer for those who
contributed to Mapzen’s wide-ranging data sets, which included detailed info on
public transportation. Read more
[WIRED.COM]

Open Source
APPLICATION SECURITY: Open Source Components, Code Volume Drag Down Web
App Security. The number of new Web application vulnerabilities published last
year was 212% greater than the number disclosed in 2016, Imperva says in a new
report this week. Read more.
[DARKREADING.COM]
LEARN: Meet Open Source – The Not-So-Secret to Success. Open source is a great
tool for developers, but it doesn’t solve all problems. In this article, Milen Dyankov
discusses the lessons he has learned as a long time user and advocate of open
source software, and the value of nurturing relationships. Read more.
[JAXENTER.COM]

Business Intelligence
BIG DATA: Three Ways to Turn Business Intelligence into a Business Advantage.
Julian Burnett, CIO at retailer House of Fraser, explains how he has placed business
intelligence (BI) front and centre at House of Fraser and offers best practice tips to
CIOs around developing a strategy, honing that capability and exploiting innovation,
including artificial intelligence (AI). Read more
[ZDNET.COM]
LEARN: 9 Ways You’re Failing at Business Intelligence. Solid business intelligence is
essential to making strategic business decisions, but for many organizations, BI
efforts are derailed by poor data practices, tactical mistakes and more. Read more.
[ITWORLD.COM]

WHY: Business Intelligence Requires Natural Language Generation. Stuart Frankel,
CEO of Narrative Science, discusses how Business Intelligence requires natural
language generation (NLG) technology, a subset of artificial intelligence, that
transforms data and analysis into concise, intelligent and human-sounding language
that anyone can understand. This transformation occurs in mere seconds, at a scale
only possible with AI-powered software, freeing up workers from tedious, manual
data analysis processes. Find out more
[INSIDEBIGDATA.COM]
READ: 12 Ways to Empower Government Users With the Microsoft Business
Intelligence (MBI) Stack. Are your organization’s Federal IT resources under
constant pressure, with no end in sight? Your agency is not alone. With limited
access to dedicated information technology resources, non-technical end users
often play the waiting game, relying on IT staff to do simple tasks like generating
custom queries and embedding them within applications. Here are ways to
empower your end users with the Microsoft Business Intelligence (MBI) Stack. Find
out more
[BLUEMT.COM]

READ: 12 Ways to Empower Government Users With the Microsoft Business
Intelligence (MBI) Stack. Are your organization’s Federal IT resources under
constant pressure, with no end in sight? Your agency is not alone. With limited
access to dedicated information technology resources, non-technical end users
often play the waiting game, relying on IT staff to do simple tasks like generating
custom queries and embedding them within applications. Here are ways to
empower your end users with the Microsoft Business Intelligence (MBI) Stack. Find
out more
[BLUEMT.COM]

READ: Business Intelligence vs. Business Analytics: Where BI Fits Into Your Data
Strategy. While BI leverages past and present data to describe the state of your
business today, business analytics mines data to predict where your business is
heading and prescribe actions to maximize beneficial outcomes. Find out more
[CIO.COM]
U.S. GOVT FINANCE: 11 Ways to Speed Up Government Procurement. Buying with
public money is difficult by design, but are there fair ways to fix it? Read more
[GOVTECH.COM]

Operating Systems
CONTAINERS VERSUS OPERATING SYSTEMS: What Does a Distro Provide? The
most popular docker base container image is either busybox, or scratch. This is
driven by a movement that is equal parts puritanical and pragmatic. The puritan
asks “Why do I need to run init(1) just to run my process?” The pragmatist asks
“Why do I need a 700 meg base image to deploy my application?” And both,
seeking immutable deployment units ask “Is it a good idea that I can ssh into my
container?” But let’s step back for a second and look at the history of how we got to
the point where questions like this are even a thing. Read more
[DAVE.CHENEY.NET]

Operating Systems
EUROPE: Barcelona Abandons Windows and Office, Goes with Linux Instead. In
another entire-city-abandons-Microsoft affair, Barcelona has announced that it’s
dumping Windows and Office in order to migrate to Linux and other open source
solutions. The idea is, obviously enough, to save money by not paying subscription
fees to Microsoft, because the beauty of open source software is that it’s free. Read
more
[TECHRADAR.COM]
MICROSOFT: Ends Mainstream Support for Windows 8.1. Windows 8.1 users are
now left without mainstream support, as Microsoft officially pulls the plug on the
operating system. The company will still continue to offer security updates until
2023, when all support for the platform will end. Read more.
[KITGURU.NET]

Operating Systems
TECH TIP: Keeping Up With the Meltdown and Spectre Bugs. Is it safe to install the
Windows patch for these new Spectre and Meltdown bugs? Do they affect Linux?
(And who names these security flaws, anyway?) Find out the answer. Read more.
[NYTIMES.COM]

BYOD
SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass
study pointed out some interesting statistics: Over a quarter (28%) of organizations
rely solely on user-generated passwords to secure BYOD, potentially exposing
countless endpoints to credential guessing, cracking and theft. 61% of respondents
also had reservations about Apple’s Face ID technology. Given that the general
concept in security has always been to eliminate passwords and use MFA, the
results are surprising, so why the disconnect? Read more

BYOD
DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The
Marine Corps has been talking about implementing a bring-your-own-device
strategy for more than three years as one way to cut costs and speed up its
adoption of commercial smartphone technology. But the service’s chief information
officer says the goal is still a long way off, and the Marines are still struggling to
bring aboard the most modern mobile devices, even when they’re owned by the
government. Read more.
TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning
Technology. Today, schools across the country look to educators to customize
learning for their unique classrooms. Here is how educators are accomplishing this
through unbundling and BYOD. Find out more
[ESCHOOLNEWS.COM]

BYOD
FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are
currently more than 7.7 billion mobile connections around the world. Thanks to the
Internet of Things, it is predicted that the number of connected devices will reach
an astounding 20.8 billion by 2020. With the average number of mobile devices
owned per person currently estimated at 3.64, those devices are becoming
necessary equipment for today’s workers. Yet while the private sector has been
quick to establish Bring-your-own-device policies, the public sector has lagged
behind because of security and privacy concerns. Despite several initiatives —
including a White House-issued BYOD toolkit and two National Institute of
Standards and Technology documents (800-124 and 800-164) giving guidance on
securing devices that connect with government networks — many federal agencies
are still reluctant to establish BYOD policies. Read more
[GCN.COM]

Incident Response
ENTERPRISE IMPERATIVE: Five Tips for Improving Incident Response. While there’s
no silver bullet for incident response, Christopher Scott, global remediation lead for
IBM’s X-Force Incident Response and Intelligence Services (IRIS) team, argues that
the right processes and people make all the difference. Ultimately, that’s what
executives are looking for: ways to bridge the gap between existing response efforts
and best-of-breed solutions. Here’s what Scott names as the five key tips for
improving enterprise incident response. Read more
[SECURITYINTELLIGENCE.COM]
TUTORIAL: Incident Response: A Quick Way To Gather Lots of Files. Using
PowerShell, finding infected files can take just a few minutes to complete. Read
more
[REDMONDMAG.COM]

Incident Response
OPINION: The New DHS Breach Illustrates What’s Wrong with Today’s
Cybersecurity Practices. This month, the Department of Homeland Security notified
affected employees about a 2014 breach of 247,167 employee records. There are
many interesting details in the department’s disclosure, including the fact that there
was six-month privacy investigation between the discovery of the breach and the
notification, and the fact that the records were uncovered during a criminal
investigation. DHS even revealed that the records were found in the possession of a
former DHS Office of Inspector General employee. But the part that jumped out the
most was how explicit DHS was about characterizing this as a “privacy incident.” In
its public statement, the department made no mention of the incident as an insider
threat issue, despite the records being found in the possession of a former
employee. Read more.
[THEHILL.COM]

Incident Response
FERC: Proposes Cybersecurity Incident Reporting Rule. On December 21, 2017 the
Federal Energy Regulatory Commission (FERC) proposed a rule to direct the North
American Electric Reliability Corporation (NERC) to clarify and expand the scope of
cyber incident reporting. The rule envisions that the NERC will require reporting of
cyber incidents when there is a compromise of or even an attempt to compromise
certain network infrastructure. If the rule is finalized, cyber incidents would have to
be reported to both the Electricity Information Sharing and Analysis Center (E-ISAC),
which is required under the current standard, and the Industrial Control Systems
Cyber Emergency Response Team (ICS-CERT), which is an office within the
Department of Homeland Security (DHS). Read more.
[LEXOLOGY.COM]

Cybersecurity
OPINION: Cybersecurity Today Is Treated Like Accounting Before Enron. Nathaniel
Fick, the chief executive of Endgame, a cybersecurity software company, writes in
The New York Times: “Last week, we learned that researchers had discovered two
major flaws in microprocessors of nearly all the world’s computers. The revelation
came on the heels of a distressing series of major hacks: In 2017, Yahoo revealed
that all of its three billion accounts were compromised, WannaCry ransomware shut
down hospitals across the globe, and an Equifax breach affected approximately
145.5 million consumers in the United States. The latest news about the computer
security problems — whose names, “Spectre” and “Meltdown,” appropriately
convey their seriousness — is just the latest evidence that true digital security
remains out of our reach.” Read more
[NYTIMES.COM]

Cybersecurity
INDUSTRY INSIGHT: AI Cybersecurity: Let’s Take Some Deep Breaths. The concept
of artificial intelligence in cybersecurity has taken on nearly mythic proportions over
the past couple years. Many articles have been written on the topic, breathlessly
heralding the potential benefits and hazards posed by the rise of machine learning.
However, all the hype surrounding AI tends to obscure a very important fact. The
best defense against a potential AI cyber attack is rooted in maintaining a
fundamental security posture that incorporates continuous monitoring, user
education, diligent patch management and basic configuration controls to address
vulnerabilities. Here’s how each of these four fundamental security practices can
aid in the fight for cybersecurity’s future (and present). Read more
[GCN.COM]

Cybersecurity
IRS: Tax Scam Alert – The IRS Just Issued a New Cybersecurity Warning. While
cybersecurity should be a year-round concern for small business owners, income
tax filing season can bring some particular risks, according to the IRS. The agency
says it has gotten an increase in reports of attempts to obtain employees’ W-2
forms in hopes of stealing people’s personal information and identities. The scams
often go after employees in companies’ human resources and payroll departments,
but any staffer or manager could be a target. In the scam, a potential thief poses as
a company executive, sending an email from an address that might look legitimate,
and requests a list of employees and their W-2s. Read more.
[TIME.COM]

Cybersecurity
TRENDS: 18 Cyber Security Trends We Are Watching in 2018. If any trend is
obvious, it’s that 2018 will continue to be interesting for the cybersec industry. How
interesting? Here is are the 18 trends that will be making the headlines and should
be on your radar for 2018. Read more.
[SECURITYBOULEVARD.COM]

IT Management
READ: All Management Is Change Management. Change management is having its
moment. There’s no shortage of articles, books, and talks on the subject. But many
of these indicate that change management is some occult subspecialty of
management, something that’s distinct from “managing” itself. This is curious
given that, when you think about it, all management is the management of
change. Read more
[HBR.ORG]
NARA: Improvements Seen in Federal Records Management, but ‘There is Work
to be Done’. Compliance, collaboration and accountability are the themes of the
National Archives’ recommendations to agencies for improving how they handle
paper – and electronic – trails. That’s according to NARA’s 2016 Federal Agency
Records Management Annual Report. Read more.

IT Management
FINANCIAL: Washington State’s Strategy for Tracking IT Spending. The state of
Washington’s first efforts to bring technology business management to its IT
spending practices began in 2010 when the legislature mandated annual reports
and specific evaluation requirements for investments. As interest grew in
monitoring the cost of IT along with the business services IT provides, officials in
the Washington’s Office of the CIO worked to refine the strategy through the
creation of a state TBM program. Find out more
[GCN.COM]

IT Management
HR: A Blueprint for Improving Government’s HR Function. Government, at its
core, is its employees and their commitment to serve the country. That fact is
too often overlooked. While technology enables employees to make better,
faster decisions, until artificial intelligence replaces the acquired knowledge of
employees, agency performance will continue to depend on the skill and
dedication of government workers. As such, civil service reform is increasingly
important because workforce rules and regulations are out of sync with current
management thinking. To use a basketball analogy, government is still shooting
two handed set shots. Read more
[GOVEXEC.COM]

Application Development
MOBILE APPS: What are the Advantages of Rapid Application Development?
Rapid mobile app development (RMAD) requires less know-how, but still reduces
the costs and risks typically involved in a traditional app build. Here are some of the
advantages of adopting RMAD products. Read more
[SEARCHMOBILECOMPUTING.TECHTARGET.COM]
FEDERAL GOVERNMENT: Will 2018 be the Year for Blockchain for Government?
While 2017 was the year everyone in government talked about blockchain, 2018
may finally mark the year of action. For all the discussion and hype, there are few
use cases of the technology to highlight. Jose Arrieta, former director of the
General Services Administration’s IT Schedule 70 Contract Operations, was quoted
in a recent interview that GSA’s use of blockchain to automate and speed up
contracts review for its FAStLane program was — as far as he knew — the only
actual proof of concept of a blockchain enabled system in the federal government.
Read more
[FCW.COM]

Application Development
APIs: Why Managing APIs is Critical for Federal Agencies. Federal IT managers are
basically software-as-a-service providers and should be prepared to act that way.
Read more.
[NEXTGOV.COM]
COMMENT: Why is There So Much Customized Software in the Federal
Government? Former federal CIO Tony Scott writes, “During my tenure as federal
CIO in the Obama administration, one of the things that shocked me most was the
enormous amount of custom code that has been (and continues to be) written
over the years to support the federal government. Nearly everywhere I looked, I
found that regardless of how old or how new (from mainframe all the way to
modern cloud), the business applications of the federal government were
invariably (and quite alarmingly) almost always based on custom software
applications.” Read more.
[FCW.COM]

Big Data
AI: Artificial Intelligence Proves Major Time Savings for Federal Employees. While
AI isn’t a panacea for every big-data problem in government, agency leaders say
they see value in using machine learning to handle the most tedious aspects of
handling data, which frees up human operators to address more mission-critical
issues. Read more
LOCAL GOVERNMENT: Virginia Beach Puts Big Data to Work as it Plans for Sea
Level Rise. As a result of tidal flooding and severe costal storms, sea levels in
Virginia Beach have risen nearly a foot over the past 58 years. City officials are
working with researchers, state and federal authorities to develop a response to the
frequent flooding problem. They plan to develop a hydrodynamic modeling system
by using data from sensors that measure water levels and wind speeds. Read more
[GCN.COM]

Big Data
ENVIRONMENT: After Big Data: The Coming Age of “Big Indicators”. Remote
sensing and big data allow us to collect unprecedented streams of observations
about our planet and our impacts upon it, and dramatic advances in AI enable us to
extract the deeper meaning and patterns contained in those vast data streams. The
rise of the cloud empowers anyone with an Internet connection to access and
interact with these insights, at a fraction of the traditional cost. In the years to
come, these technologies will shift much of the current conversation focused on big
data to one focused on “big indicators” — highly detailed, continuously produced,
global indicators that track change in the health of the Earth’s most important
systems, in real time. Read more.
[SSIR.ORG]

Big Data
OPINION: A.I. and Big Data Could Power a New War on Poverty. When it comes to
artificial intelligence and jobs, the prognostications are grim. The conventional
wisdom is that A.I. might soon put millions of people out of work — that it stands
poised to do to clerical and white collar workers over the next two decades what
mechanization did to factory workers over the past two. And that is to say nothing
of the truckers and taxi drivers who will find themselves unemployed or
underemployed as self-driving cars take over our roads. But it’s time we start
thinking about A.I.’s potential benefits for society as well as its drawbacks. The big-
data and A.I. revolutions could also help fight poverty and promote economic
stability. Read more.
[NYTIMES.COM]

Internet of Things (IoT)
BIG DATA: Blockchain And The Internet Of Things: 4 Important Benefits Of
Combining These Two Mega Trends. The Internet of Things (IoT) and blockchain are
two topics which are causing a great deal of hype and excitement, not just in the
technology circle but in the wider business world, too. Many say they are set to
revolutionize all aspects of our lives, while others point out that there is a lot of hot
air around both ideas, and a lot is yet to be proved. However, the idea that putting
them together could result in something even greater than the sum of its (not
insignificant) parts, is something which is starting to gain traction. Read more
[FORBES.COM]

BUSINESS: Why Should You Beware of ‘Internet of Things’? Baltimore Firm
Explains. The “internet of things” — any device other than your computer, laptop,
tablet or phone that’s connected to the internet — is a rapidly expanding
technology. It includes anything from your Fitbit to your thermostat, home security
system, even your refrigerator or your child’s teddy bear. The internet of things is
making our lives more productive and entertaining — and making our privacy more
vulnerable. Read more
[WTOP.COM]
IoT & CRIME: An Internet of Things ‘Crime Harvest’ is Coming Unless Security
Problems are Fixed. Internet of Things product manufacturers must get their act
together and secure their devices or they risk creating new ways for wrongdoers to
commit crimes, a senior police officer has warned. Read more.
[ZDNET.COM]

DATA MANAGEMENT: The Internet of Things: Still Lots for You to Learn. IT groups
will need to provide architecture, data-mining tools and connectivity, while giving
business groups the freedom to innovate on their own with the Internet of Things.
Read more.
[INFORMATIONWEEK.COM]

Mobile
ENTERPRISE: How Killing Net Neutrality Will Affect Enterprise Mobility. As the FCC
prepares to eliminate net neutrality rules, allowing ISPs to charge more for some
internet traffic based on speed of delivery, companies will have to rethink how
mobile apps are created and how they host content. Read more
[COMPUTERWORLD.COM]
FINANCIAL: Most Cryptocurrency Mobile Apps Are Vulnerable. Mobile
cryptocurrency app report finds that many apps are vulnerable to cybersecurity
threats after testing the Google Play Store’s Top 30 Financial apps. Read more.
[APPDEVELOPERMAGAZINE.COM]

Mobile
DIGITAL WORKSPACE: DOD Creates New Security Requirements for Mobile Apps.
The Defense Department has outlined baseline standards that mission-critical and
business mobile applications need to meet. Find out more
LOCAL: App Brings SA Government Contract Leads to Local Bidders. A pair of U.S.
military veterans-turned-entrepreneurs in San Antonio are banking on big returns
from a app geared toward connecting small businesses with the government
procurement process — both for municipalities seeking bids from local companies
and for businesses looking to break into the market. Find out more
[BIZJOURNALS.COM]

Programming & Scripting Development
Client & Server-Side

JAVASCRIPT: State of JavaScript 2017. The State of JavaScript 2017 has released its
features and opinion survey results. The report was released last month with the
promise of adding more results in the coming weeks. The features section looks at
what features developers value the most. All features were considered nice to
have, but not important. Code splitting, hot module reloading, and dead code
elimination were voted as major features, with the percent of votes almost as high
in those sections as they were for nice-to-have features. Most developers agreed
with the statements presented to them in the opinions section, such as “JavaScript
is moving in the right direction” and “I enjoy building JavaScript apps.” The only
statement that developers did not agree with was “JavaScript is over-used online.”
Read more
[SDTIMES.COM]

HTML: What’s New in HTML5.2. The latest version of the core web specification
gets security, commerce, and accessibility improvements. Read more
[INFOWORLD.COM]
JAVA: Top 10 Java stories of 2017: Angular, Eclipse, ML, and more. Here’s a look at
some top stories from the whole of 2017, from Java to Eclipse, Angular to ML, and
more! Read more.
[JAXENTER.COM]
AI & ML: 3 Key Machine Learning Trends To Watch Out For In 2018. What’s in
store for AI and ML in 2018? Here are three key trends for 2018 that will take AI
and ML to the next level. Read more.
[FORBES.COM]

Cloud Computing
STRATEGY: Cloud Computing…Three Strategies for Making the Most of On-Demand.
The cloud computing tipping point will vary for different companies, which means
different approaches are needed. Read more
[ZDNET.COM]
SECURITY: Meltdown and Spectre Target Cloud Computing Environments. Hackers
could target cloud computing environments to exploit the Meltdown and Spectre
vulnerabilities, but AWS, Microsoft and Google say their fixes are enough to bar the
doors. Read more
[SEARCHCLOUDCOMPUTING.TECHTARGET.COM]

Cloud Computing
FEDERAL GOVERNMENT: DoD Reshuffles Panel Tasked with Speedy Adoption of
Cloud Computing. The panel of senior leaders the Defense Department appointed
to help speed up its adoption of cloud computing is undergoing notable changes to
its membership less than four months after it was first created. The Cloud Executive
Steering Group (CESG) will grow from five voting members to seven, but will no
longer be led by Ellen Lord, the undersecretary of Defense for acquisition,
technology and logistics, according to a memo signed by deputy Defense secretary
Patrick Shanahan last week. Lord had been the chairwoman of the board since its
inception on Sept. 13. Read more.

Cloud Computing
PREDICTIONS: How Cloud Heavyweights Microsoft, Amazon And IBM Will
Transform Cloud Computing In 2018. While each of the three biggest and most-
influential cloud-computing vendors—Microsoft, Amazon and IBM—will pursue
markedly different strategies in 2018, their individual influences will coalesce
around several key initiatives that will radically reshape the cloud marketplace for
years to come. Those initiatives reflect the rapid—and welcome—evolution of the
cloud business away from the tech-obsessed and jargon-jammed discussions that
dominate the early days of emerging marketplaces, and toward the development of
more customer-centric products, services, positioning and messaging. Read more.
[FORBES.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism
researchers, AI developers, government scientists, threat-intelligence specialists,
investors and startups gathered at the second annual WIRED conference to discuss
the changing face of online security. These are the people who are keeping you safe
online. Their discussions included Daesh’s media strategy, the rise of new forms of
online attacks, how to protect infrastructure, the threat of pandemics and the
dangers of hiring a nanny based on her Salvation Army uniform. Read more
[WIRED.CO.UK]
IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix
Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to
get the most out of your workers and keep your business safe. Read more.
[TECHREPUBLIC.COM]

FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity.
The federal government is and will continue to be a target of cyber crimes.
According to the Identity Theft Resource Center, U.S. companies and government
agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017
show 791 incidents as of the end of June – a 29 percent increase over the same
period in 2016. With that said, is the government doing enough to prepare for cyber
threats? On this episode of CyberChat, host Sean Kelley, former Environmental
Protection Agency chief information security officer and former Veterans Affairs
Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas)
about initiatives to modernize the federal cybersecurity space. Read more

STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask
Federal Government for Help. A letter to the Office of Management and Budget
says that today’s regulatory environment “hampers” states in their pursuit of cost
savings and IT optimization. Find out more
STATESCOOP.COM]

From the Blue Mountain Data Systems Blog
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
29-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/
https://www.bluemt.com/business-intelligence-daily-tech-update-september-15-
2017/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-september-11-
2017/

Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/
Databases
https://www.bluemt.com/databases-daily-tech-update-september-21-2017/
Penetration Testing
https://www.bluemt.com/penetration-testing-daily-tech-update-september-26-
2017/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-september-14-
2017/

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-september-22-
2017/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-september-20-
2017/
Encryption
https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/

Open Source
5-2017/
CTO, CIO and CISO
https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/
Programming & Scripting
5-2017/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems January 2018

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Tech Update Summary from Blue Mountain Data Systems January 2018