Blue Mountain Data Systems
Tech Update Summary
July 2018

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for July 2018. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Network Security

Network Security
VIDEO: What A 3D Printed Pelvis Can Teach Us About Network Security.
Christiaan Beek discovered that he could make a living off a passion that starts as
an interest: hacking. Now he leads one of the most sophisticated threat research
teams in the global cyber-security industry. Read more
[FORBES.COM]
OPINIONS: Overcoming the Siloed Network Security Challenge. As organizations’
potential attack surface expands and attack volumes increase, it is imperative to
track the most popular and successful strategies of cyber-criminals to stay ahead of
their malicious intentions. As a result, facing up to current security challenges
requires enterprises to think outside of the box. Read more
[INFOSECURITY-MAGAZINE.COM]

Network Security
IT BEST PRACTICES: OPAQ Enables Total Network Security from the Cloud. OPAQ
built a global network infrastructure and embedded enterprise-grade security
services that even extend to an organization’s endpoints. Read more
[NETWORKWORLD.COM]
CONNECTIVITY AS CODE: Making Network Security DevOps-Friendly. DevOps is all
about agility, with fast, short delivery cycles and automation for software
development and applications. Enabled by recently introduced technologies such
as virtualization, cloud and software-defined networking (SDN), spinning up new
servers, provisioning storage in a public or private cloud or even launching whole
environments can take just minutes or even seconds. But if that new application,
service or environment needs a change in network connectivity or firewall rules to
enable it to work, then the pace of delivery can often slow to a crawl. Read more
[DEVOPS.COM]

Encryption

Encyption
INDUSTRY INSIGHT: Using Encryption to Help Fight Data Breaches. With
increasingly porous networks and expanding use of cloud resources, traditional
endpoint and network security are no longer sufficient. When implemented as a
part of the initial development, data security — most especially, encryption —
offers increased protection to known and unknown sensitive data in advanced
technology environments. Read more
[GCN.COM]
ID MANAGEMENT: What If Your Data Could Secure Itself? While the government
manages and secures large, complex and often outdated legacy IT systems, as
federal agencies modernize their IT, it is possible to harden systems from the inside
out by encrypting and anonymizing data to minimize the potential for loss when an
adversary invades. Read more
[NEXTGOV.COM]

Encyption
HOW: The US Government Secretly Sold ‘Spy Phones’ to Suspects. In 2010, a
suspected cocaine smuggler named John Krokos bought encrypted BlackBerry
devices from an undercover Drug Enforcement Administration agent. That sort of
federal subterfuge is par for the course. But in this case, the DEA held onto the
encryption keys—meaning that when the government moved on Krokos and his
alleged collaborators a few years later, they could read the emails and messages
that passed to and from the phone. Read more
[WIRED.COM]
SECURITY: PGP Encryption Won’t Protect Your Data. But PURBs Can. You may
think that encrypting your sensitive files with, say, PGP may protect your data – but
you’d be wrong. Most encryption formats leak a lot of plaintext metadata, and
that’s a problem. Here’s what you need to know. Read more
[ZDNET.COM]

Databases

Databases
DATA MANAGEMENT: GraphQL for Databases: A Layer for Universal Database
Access? GraphQL is a query language mostly used to streamline access to REST
APIs. Now, a new breed of GraphQL implementations wants to build an abstraction
layer for any database on top of GraphQL, and it seems to be catching up. Read
more
[ZDNET.COM]
MICROSOFT: Microsoft Graph Explorer – A Good Tool That’s Not Yet Ready. The
GraphQL tools for programming the Microsoft 365 platform are promising but lack
the needed integration into developer tools. Read more
[INFOWORLD.COM]

Databases
AMAZON CTO: Our Cloud Offers Any Database You Need. Oracle Corp. may still be
the biggest provider of databases, one of the foundations of today’s data-driven
businesses, but Amazon.com Inc. wants the world to know there’s more to
databases than the venerable giant’s brand. Read more
[SILICONANGLE.COM]
CYBERSECURITY: Oracle Plans to End Java Serialization, but That’s Not the End of
the Story. Recently, on the “Ask The Architect” session from the Devoxx UK 2018
conference, Oracle’s chief architect, Mark Reinhold, shared his thoughts about
Java’s serialization mechanism which he called a “horrible mistake” and a virtually
endless source of security vulnerabilities. Read more
[SECURITYINFOWATCH.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech

Federal Tech
FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape,
Modernize Government Technology. The size and scope of the
federal government’s information technology landscape only
continues to grow and in a way that makes it incredibly difficult to
change. In the Federal Chief Information Officers Council’s latest
study, the current state of government IT is described as monolithic.
And, it is not meant as a compliment. Read more
[FEDERALNEWSRADIO.COM]

Federal Tech
OPINION: Government Efforts to Weaken Privacy are Bad for Business and
National Security. The federal government’s efforts to require technology and
social media companies to relax product security and consumer privacy standards
– if successful – will ultimately make everyone less safe and secure. Read the rest
[INFOSECURITY-MAGAZINE.COM]
PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your
DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies
had to send DNA samples to government labs and wait for it to get tested, which
could take days or even weeks. Find out more
[GOVTECH.COM]

Federal Tech
MODERNIZATION: Making Modernization Happen. Now more than ever before,
comprehensive IT modernization for federal agencies is a real possibility. The
question that remains is whether President Donald Trump’s words and actions
during his first months in office will be sustained by the administration and
Congress in the months and years ahead. Read more
[FCW.COM]

State Tech

State Tech
SURVEY: Cybersecurity Concerns May Keep One in Four Americans
from Voting. Cybersecurity concerns may prevent one in four
Americans from heading to the polls in November, according to a
new survey by cybersecurity firm Carbon Black. The company
recently conducted a nationwide survey of 5,000 eligible US voters to
determine whether reports of cyberattacks targeting election-related
systems are impacting their trust in the US electoral process. The
results revealed that nearly half of voters believe the upcoming
elections will be influenced by cyberattacks. Consequently, more
than a quarter said they will consider not voting in future elections.
Read more
[HSTODAY.US.COM]

State Tech
ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is
centralizing IT operations under Alaska’s newly created Office of
Information Technology. But consolidating IT in a sprawling state like
Alaska offers challenges not found in other environments, says the
state’s new CIO Bill Vajda. Read the rest
[GCN.COM]
ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter
State IT. Jim Purcell wasn’t expecting a call from Alabama’s new
governor, Kay Ivey, and he certainly wasn’t expecting her to ask him
to head up the Office of Information Technology (OIT) – but that’s
exactly what happened last week. Find out more
[GOVTECH.COM]

State Tech
ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of
Illinois, sought to become the nation’s first Smart State – a process that required
reorganizing its 38 IT departments into one, improving government services, and
finding new sources of innovation to apply to its revenue model. Within 18
months, Illinois rose in national rankings from the bottom fourth of state
governments to the top third. Read more
[ENTERPRISERSPROJECT.COM]

Electronic Document Management

Electronic Document Management
CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

Electronic Document Management
ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Section 508 Compliance & WCAG 2.0

Section 508 Compliance & WCAG 2.0
BRIEF: Web Accessibility Isn’t a ‘One-and-Done’ Task. Website accessibility is not a
“one and done” task, a law firm is warning businesses after an 11th U.S. Circuit
Court of Appeals ruling against Hooters. Read more
[HRDIVE.COM]
TESTING: Why Using Scanning Tools for ADA Compliance Isn’t a Great Idea. There
are paid and free scanning tools that claim to assess website ADA compliance, but
often these types of tools miss important factors in determining if your site will
meet compliance standards. Read more
[CUINSIGHT.COM]

Section 508 Compliance & WCAG 2.0
FEDERAL GOVERNMENT: How Feds Can Ensure Everyone Can Access Tech Tools.
The U.S. Access Board released a new set of Section 508 requirements in 2017
designed to meet modern accessibility standards. Compliance with those
standards became mandatory for federal agencies on Jan. 18. (Legacy technology
that complies with the original standard is exempt.) To meet the new
requirements, agencies have to understand them. Here are key considerations that
IT teams must deal with as they strive to meet the new Section 508 standards.
Read more
[FEDTECHMAGAZINE.COM]

Section 508 Compliance & WCAG 2.0
QUESTION: Is Your Website ADA-compliant? Avoid Becoming a Litigation Target.
Public-facing businesses remain targets of litigation claiming that their websites
are not accessible under Title III of the Americans with Disabilities Act (ADA) and
similar state and local laws. The number of such lawsuits continues to trend
upward, particularly in Florida, New York and California. Read more
[MIAMIHERALD.COM]

Security Patches

Security Patches
ADOBE: Fixes Over 100 Vulnerabilities in Latest Security Patch Update. Adobe has
released a huge patch update which resolves over 100 vulnerabilities in a range of
popular software. Adobe Flash, Acrobat, Connect, Experience Manager, and
Reader are all affected. The bugs impact Linux, macOS, Chrome OS, and Windows
machines. In total, 112 vulnerabilities have been patched, the majority affecting
Adobe Acrobat and Adobe Reader. However, there are no zero-day vulnerabilities
reported in this update. Read more
[ZDNET.COM]
MICROSOFT: Yanks Buggy Office 2016 Patch KB 4018385, Republishes All of This
Month’s Patch Downloads. Bugs galore in the July patches led to an
unprecedented (and unexplained) re-release of everything, and a complete
takedown of KB 4018385. Note to self: Who’s testing this stuff? Read more
[COMPUTERWORLD.COM]

Security Patches
GOOGLE: Rolls Out New Security Patch to Fix 11 Issues in Pixel, Nexus Phones.
There are 11 issues resolved in the July security patch dated 2018-07-01 and 32
for 2018-07-05. Vulnerabilities range from high to critical, with the most severe
relating to the media framework and a remote attacker possibly executing
arbitrary code through a crafted file. Read more
[ECONOMICTIMES.COM]
CISCO: Patches High-Severity Bug in VoIP Phones. Cisco also patched three
medium-security flaws in its network security offerings; and, it issued a fix for a
high-severity bug in its platform for mobile operator routers, StarOS. Read more
[THREATPOST.COM]

CIO, CTO & CISO

For the CIO, CTO & CISO
CIO: Continuous Learning is Key to Digital Transformation. Lexmark CIO Brad Clay,
who is upgrading everything from how Lexmark replenishes printer toner to how
employees consume corporate information, says the company must learn fast and
learn continuously. Read more
[CIO.COM]
CTO: Open Source Software Can Be Profitable. Bikash Koley came to Juniper with a
clear understanding of the power of open source software, from his years at Google
as a senior network architect who helped drive things such as OpenConfig, getting
the industry to rally around key standards for next-gen networks. As the CTO of
Juniper Networks Inc., however, he is seeing the other side of open source and how
it is transforming vendor business models. Read more
[LIGHTREADING.COM]

CIO, CTO & CISO
CISO: Former Air Force CISO Peter Kim Lands at Raytheon. Peter Kim, who left
the Air Force in early June after serving as its chief information security officer,
has been hired as director of IT security and governance at Raytheon subsidiary
Raytheon Missile Systems. Read more
[FEDSCOOP.COM]
FEDERAL GOVERNMENT: Former Federal CIO Tony Scott’s Federal Foresight.
Tony Scott was the Federal government’s third chief information officer, serving
the nation in that role from 2015 through early 2017. During his time at the helm
of government-wide IT, Scott led the development of 2016’s State of Federal IT
Report, which left a lasting roadmap for modernization progress in the Federal
government. Scott sat down with MeriTalk founder Steve O’Keeffe at MeriTalk’s
2018 Cloud Computing Brainstorm to discuss that progress and all the pieces in
play in today’s Federal IT environment. Read more
[MERITALK.COM]

Penetration Testing

Penetration Testing
FAQs: How to Choose Between Penetration Tests and Vulnerability Scans. Even
seasoned cybersecurity professionals confuse penetration tests with
vulnerability scans. Both play an important role in the security practitioner’s
toolkit, but they vary significantly in scope and expense. Here are answers to
some common questions about the topic. Read more
[EDTECHMAGAZINE.COM]
SPACE ROGUE: A Security Rebel Turned Pen Tester. Cris Thomas, who also goes
by the pseudonym Space Rogue, is the global strategy lead at IBM X-Force Red.
In a recent interview, he spoke about his work as a penetration testing specialist,
his role as a cybersecurity activist in the late 1990s — and the recent reunion of
his influential hacking group on Capitol Hill. Read more
[SECURITYINTELLIGENCE.COM]

Penetration Testing
ELECTIONS: Cybersecurity Firm Offers Free Penetration Testing to States Ahead
of Midterm Elections. Synack is the latest tech company to offer its services to
states worried about election security this year. Read more
[STATESCOOP.COM]
RESEARCH: Industry Report Cites Mounting Threats to Election Infrastructure.
According to recent research from one cybersecurity firm, state and local election
infrastructure is becoming a more popular target for state-sponsored
cyberattacks. Read more
[GOVTECH.COM]

Open Source

Open Source
DEVELOPERS: Why It’s Time to Be More Open About How Projects are Run.
Security isn’t the only consideration as you assess which open source projects to
rely on; governance, community and professionalism matter too. Read more
[ZDNET.COM]
LINUX: The Number One In-Demand Skill: Open Source Career Trends. The
Linux Foundation and Dice.com have released their annual Open Source Jobs
Report. Over 750 hiring managers and 6,500 open source professionals were
interviewed about the challenges they face, what they look for, and what
technology affects hiring decisions. Read more
[JAXENTER.COM]

Open Source
GitHub: Changes to EU Copyright Law Could Derail Open Source Distribution. A
proposed European law would mandate that content providers utilize some kind of
content filter to make sure rights holders get their royalties. But for a public open
source code repository, such a contraption could be a nuisance, or it could be
catastrophic. Read more
[ZDNET.COM]
WHY: Open Source Needs Marketing (Even Though Developers Hate It). The
concept of creative commons is far older than the advent of Linux some 25 years
ago. Like creative commons, word of mouth has long been the foundation of open-
source marketing. Indeed, it is how open source has grown its community of
contributors. Talk to just about any developer, however, and they’ll tell you they
don’t want to be marketed to — not in the traditional sense, anyway. So, what role
does marketing have and what value does marketing bring to the open-source
community? Read more
[FORBES.COM]

Business Intelligence

Business Intelligence
INDUSTRY INSIGHT: Delivering Citizen-Centric State Government. When faced with
challenges of meeting the ever-increasing expectations of a demanding citizenry,
CIOs can now turn to modern tools to help state agencies interact with their
citizens. Cloud-based solutions provide ubiquitous infrastructure and modern web-
and mobile-based access, business intelligence delivers comprehensive information
to solve a citizen’s unique problem and automation provides a cost-effective and
secure way of bridging legacy systems without the need for massive fork-lift system
upgrades. Read more
[GCN.COM]

Business Intelligence
GOVERNMENT & STARTUPS: Potential of Government-tech Start-ups and Their
Framework. According to Gartner, Government-Tech is $ 400 billion market globally
and is slowly getting attention of the governments, new age startups and venture
capitalist for bringing efficiency and transparency into the age-old problems. Legacy
systems, paper-based processes, and outdated technology are a matter of concern
and are disarming for governments and citizens alike. In a connected world the
manner in which the citizens want to deal with government and the public sector is
changing. Read more
[ENTREPRENEUR.COM]
TECHNOLOGY SPENDING: From Public Cloud to Security Measures. As far as
business intelligence and analytics software is concerned, 48% of recently-surveyed
CIOs expressed that they foresee Microsoft growing the most in strategic
importance. Read more
[THESTREET.COM]

Business Intelligence
FEDERAL GOVERNMENT: 12 Ways to Empower Government Users With the
Microsoft Business Intelligence (MBI) Stack. Your agency’s use of Microsoft
Business Intelligence (MBI) tools and reporting services help advance your
organization’s ROI and autonomy for your users. Read more
[BLUEMT.COM]

Operating Systems

Operating Systems
MOBILE: Project ‘Fuchsia’ – Google Is Quietly Working on a Successor to Android.
For more than two years, a small and stealthy group of engineers within Google has
been working on software that they hope will eventually replace Android, the
world’s dominant mobile operating system. As the team grows, it will have to
overcome some fierce internal debate about how the software will work. The
project, known as Fuchsia, was created from scratch to overcome the limitations of
Android as more personal devices and other gadgets come online. It’s being
designed to better accommodate voice interactions and frequent security updates
and to look the same across a range of devices, from laptops to tiny internet-
connected sensors. Google Chief Executive Officer Sundar Pichai has set his
company in this direction — toward artificial intelligence services that reach
consumers everywhere. Yet its prime operating systems, which depend on scores of
hardware partners, haven’t kept up. Read more
[BLOOMBERG.COM]

Operating Systems
COMPARISON: Chrome OS Vs Windows Laptops – Which Operating System Is
Better For You? While there may once have been a time when you decided
between either a Windows or Mac computer, these days there’s another option to
consider — the Chromebook. Chromebooks have grown in popularity over the past
five years or so as an excellent way to get many of the features you would expect in
a laptop, in a lightweight and affordable box. Of course, because of the fact that
Chrome OS — the operating system that runs on Chromebooks — are so
lightweight, there are a few features that Chromebooks don’t offer, and that you
will instead find on Windows laptops. That won’t matter for everyone — if you
don’t need those features, then it doesn’t really matter if you don’t have them.
Here’s a rundown of the major differences between Chromebooks and Windows
laptops. Read more
[FORBES.COM]

Operating Systems
MICROSOFT: Already Working on Next-Gen Operating System? A recent press
release by Synaptics, named, Synaptics, AMD Collaborate on Enterprise-Grade
Biometric PC Security for Next-Generation Microsoft Operating System, suggests
that Microsoft is working on a next-generation operating system already. Read more
[GHACKS.NET]
FEDERAL GOVERNMENT: Agencies Get Access to New Mobile Phishing Protections.
Technology from Lookout, which received funding from the Department of
Homeland Security, can now help agencies guard against phishing attacks on mobile
devices. Read more
[FEDTECHMAGAZINE.COM]

BYOD

BYOD
SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass
study pointed out some interesting statistics: Over a quarter (28%) of organizations
rely solely on user-generated passwords to secure BYOD, potentially exposing
countless endpoints to credential guessing, cracking and theft. 61% of respondents
also had reservations about Apple’s Face ID technology. Given that the general
concept in security has always been to eliminate passwords and use MFA, the
results are surprising, so why the disconnect? Read more
[INFOSECURITY-MAGAZINE.COM]

BYOD
DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The
Marine Corps has been talking about implementing a bring-your-own-device
strategy for more than three years as one way to cut costs and speed up its
adoption of commercial smartphone technology. But the service’s chief information
officer says the goal is still a long way off, and the Marines are still struggling to
bring aboard the most modern mobile devices, even when they’re owned by the
government. Read more.
[FEDERALNEWSRADIO.COM]
TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning
Technology. Today, schools across the country look to educators to customize
learning for their unique classrooms. Here is how educators are accomplishing this
through unbundling and BYOD. Find out more
[ESCHOOLNEWS.COM]

BYOD
FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are
currently more than 7.7 billion mobile connections around the world. Thanks to the
Internet of Things, it is predicted that the number of connected devices will reach
an astounding 20.8 billion by 2020. With the average number of mobile devices
owned per person currently estimated at 3.64, those devices are becoming
necessary equipment for today’s workers. Yet while the private sector has been
quick to establish Bring-your-own-device policies, the public sector has lagged
behind because of security and privacy concerns. Despite several initiatives —
including a White House-issued BYOD toolkit and two National Institute of
Standards and Technology documents (800-124 and 800-164) giving guidance on
securing devices that connect with government networks — many federal agencies
are still reluctant to establish BYOD policies. Read more
[GCN.COM]

Incident Response

Incident Response
INSURANCE: Chubb Enhances Global Cyber Incident Response Management
Capabilities. Chubb announced that it has enhanced its cyber incident response
management capabilities and launched two new ways of accessing the service: a
mobile application and a dedicated website. As the threat of cyber risks facing
commercial enterprises increases, Chubb has expanded its network of incident
response management firms to include services in more than 50 countries across
Europe, North and South America, Asia Pacific and Africa. Read more
[INSURANCEJOURNAL.COM]

Incident Response
RESOURCES: 5 Fundamental Incident Response Checklists. Once you have a good
understanding of the phases of incident response, it’s time to start developing and
implementing incident response checklists that are customized for your
organizations. IR checklists can help your security team efficiently respond to
incidents by following a systematic process. Here are some ideas to help you build
your own incident response checklists. Read more
[SECURITYBOULEVARD.COM]
ACQUISITION: Agencies Can Pilot Mobile Phish-Blocking Tech Through DHS.
Technology funded by the Department of Homeland Security to block phishing
attacks on mobile devices is now available to agencies to test through a select
number of licenses provided by the department. Read more
[FEDSCOOP.COM]

Incident Response
BEST PRACTICES: What to Consider When Developing or Refining your Cyber
Incident Response Plan. Companies should consider instituting and strengthening
plans for when — not if — they suffer a cybersecurity incident. Read more
[PROPERTYCASUALTY360.COM]

Cybersecurity

Cybersecurity
TRANSPORTATION: Metro Cybersecurity Audit Highlights Growing Concerns at
Agencies Across the Country. Washington DC-area Metro officials say they plan to
focus on improving security throughout the transit system after a classified
inspector general’s report concluded that the agency remains vulnerable to hacks
and attacks that could imperil safety and day-to-day operations. Read more
[WASHINGTONPOST.COM]
STATES: With Russian Hacking Fresh in Mind, Washington State Beefs Up Elections
Cybersecurity. Exercises that simulate a hacking attempt. Assistance from the U.S.
Department of Homeland Security, with higher-level security clearances for top
state officials. A Washington National Guard contingent ramping up to go on alert.
In years past, you might have mistaken these preparations as defense against a
foreign invasion. But in Washington, in 2018, this is what officials are doing to
safeguard the state’s elections systems. Read more
[SEATTLETIMES.COM]

Cybersecurity
QUESTION: Why Are So Many Execs Sleeping On Cybersecurity? Cybersecurity is
like fire prevention: Sure, your house is probably not going to catch on fire this year,
but you install smoke detectors and pay your insurance premiums anyway. In fact,
these days, it’s much more likely you’ll wake up to find your business has been shut
down by hackers than arriving home to a pile of smoldering embers where your
house used to be. And yet there are many business leaders who are resistant to
investing in systems and training to protect against cyberattacks. Read more
[FORBES.COM]
OPERATIONS: 6 Ways Greed Has a Negative Effect on Cybersecurity. The security
industry can both make money and stay true to its core values. Here are six
prominent examples of how greed is taking us further away from solving the
problems we face. Read more
[DARKREADING.COM]

Cybersecurity
FEDERAL GOVERNMENT: 10 Cybersecurity Issues New Federal CISO Should Focus
On. If you haven’t heard, there’s a new federal chief information security officer in
town — or, in the White House. The Office of Management and Budget announced
Grant Schneider as the second federal CISO, filling the shoes of Greg Touhill after he
stepped down in January 2017. Read more
[GOVERNMENTCIOMEDIA.COM]
STATE GOVERNMENT: States and Counties Are Not ‘Sitting Back’ on Election
Cybersecurity, Officials Tell Congress. Federal, state and local officials said they are
forging closer partnerships that will protect elections against cyberattacks, as
lawmakers found distractions in Trump tweets, Google rankings, and other
miscellany. Read more
[STATESCOOP.COM]

Cybersecurity
NNSA: Banning Software Isn’t the Route to Cybersecurity, Nuclear Security Agency
Official Says. The government should be focused on mitigating the danger any
software can pose, rather than banning software from China and elsewhere, the
NNSA CIO says. Read more https://fedtechmagazine.com/article/2018/
[NEXTGOV.COM]
IoT: Continental Offers Cyber Security Solutions from Argus and Elektrobit for All
Connected Vehicle Electronics. Technology company Continental recently
announced it is offering end-to-end cyber security and wireless software update
solutions integrated into connected vehicle electronics including telematics units,
infotainment systems, gateways and more from Argus Cyber Security (Argus) and
Elektrobit (EB). Read more
[DARKREADING.COM]

Project Management

Project Management
IoT: 6 Effects of the Internet of Things on Project Management. The internet of
things has also become one of those tech buzzwords that loses a little more of its
real meaning every time a Silicon Valley wannabe carelessly tosses it around. So
what is the internet of things, really, and how does it intersect with project
management? Read more
[BUSINESS2COMMUNITY.COM]
CITIES: Smart City Project Management – Avoiding Common Pitfalls. Smart city
projects can be challenging for project managers, and in many respects they are
different from other IT projects. Alex Grizhnevich, ScienceSoft, looks at ways to
avoid common pain points. Read more
[SMARTCITIESWORLD.NET]

Project Management
OMB: Sharpens Guidance for Improving Programs and Curbing Improper
Payments. In a pair of memos to agency heads, White House Budget Director
Mick Mulvaney laid out how his office will monitor progress toward formalizing
the improvement of program management and getting a better handle on long-
standing efforts to avoid government payments to undeserving parties. Read
more
[GOVEXEC.COM]
FEDERAL GOVERNMENT: Trump’s Executive Branch Restructuring – What If The
Federal Government Is Beyond Streamlining? Can the federal government
shrink? Or is the situation like the waistlines that paradoxically parallel the
growth of the diet and fitness industry? Read more
[FORBES.COM]

Application Development

Application Development
WEB APPLICATION SECURITY: Creating a Strong Digital Battlefront. According to
IDC, more than 70 percent of the U.S. workforce will be mobile by 2020. To improve
the citizen experience — and productivity internally — many agencies are adopting
enterprise-oriented apps that increase efficiency by cutting down on paperwork
and other manual processes. Web and mobile apps for parks, libraries and the
DMV, for instance, provide citizens with information and services faster than ever
— letting people use online chat features to have questions answered or digitally
update their car registrations. But the software enabling these conveniences may
lack the security features required to process sensitive data. Read more
[GCN.COM]
DevOps: Making the Development Cycle More Secure. The promise of secure
DevOps can be realized through security technologies such as dynamic
authorization. Read more
[DEVOPS.COM]

Application Development
RED HAT: Red Hat Launches Fuse 7 and Buildah 1.0 to Advance App
Development. Red Hat is boosting its application development efforts with a pair
of new releases, including Fuse 7 and Buildah 1.0, that will help developers to build
and integrate cloud native container applications. Read more
[EWEEK.COM]
PRODUCTIVITY: Don’t Let Your Application Backlog Sink Your Digital
Transformation. As companies proceed with their digital transformations, software
becomes increasingly strategic and pervasive – which means they need more of it.
Lots more. The demand for new and updated applications and software
infrastructure as well as individual features and capabilities is exploding. And yet,
every such company is resource constrained, as professionals who are able to build
and run such software are in short supply. Read more
[FORBES.COM]

Big Data

Big Data
DATA: The Big Problem with Big Data? Without Theory, It’s Just Garbage. The idea
that big data will enable more control of behaviour may be a lot of hype. Uta Frith,
a developmental psychologist who works at University College London, is
interviewed bout mind over matter, big data and her fear that AI will lead to loss of
meaningful jobs. Read more
[WIRED.CO.UK]
ANALYTICS: 3 Big Data Platforms Look Beyond Hadoop. Learn how the Cloudera,
Hortonworks, and MapR data platforms are evolving to meet the demands for real-
time analytics and machine learning. Read more
[INFOWORLD.COM]

Big Data
FINTECH: Regulators Need To Use Big Data, Artificial Intelligence To Meet Fintech
Challenge, Says U.S. Rep. Regulators need to start using Artificial Intelligence (AI) to
adapt rules quickly to a rapidly changing financial system, a Republican
Congressman who is often mentioned as the next possible head of the House
Financial Services Committee said today. To meet the fintech challenge, Rep. Patrick
McHenry (R-NC) also called for regulators to begin employing Big Data to develop
strategies. Read more
[FORBES.COM]

Big Data
HIRING: How Big Data Can Help You Find and Hire the Most Elusive Talent. Earlier,
companies had little to guide them on a potential applicant’s future flight risk other
than gut feeling. Now, tools integrated with artificial intelligence (AI) and deep
analytic capabilities can parse the data on your company’s current employees —
including their prior experiences, skills and latest achievements — to learn what
good candidates look like based on past hiring decisions. In addition to your own
enterprise data, AI can look at data from across the industry to build a profile that
can then be applied to cull resumes, screen candidates based on warning signs, and
grade and rank a shortlist of qualified candidates for each job opening. Read more
[ENTREPRENEUR.COM]

Internet of Things (IoT)

Internet of Things (IoT)
CITIES: 6 Ways The Internet Of Things Is Improving The Quality Of Urban Life. So
how are cities currently leveraging IoT to improve urban life and boost the
happiness of city dwellers? Here are six examples. Read more
[FORBES.COM]
READ: The Internet of Things Era: 6 Ways to Stay Safe. While the Internet of Things
(IoT) is full of promise and can, in many ways, make our lives easier, it comes at a
cost. The devices that we carry around in our pockets and place in our homes
control access to our possessions, and our most intimate personal details. In the
wrong hands, those gadgets have the power to put our physical safety at risk. You
need to stay safe. Read more
[REUTERS.COM]

Internet of Things (IoT)
SLIDESHOW: 10 Ways the Internet of Things Will Make Our Lives Better. The
Internet of Things (IoT) links a wide range of devices — including wearables, smart
appliances, and driverless cars — to each other and the cloud. This market could
grow from $171 billion in 2017 to $561 billion by 2022, according to market
research firm Reportlinker. Intel (NASDAQ:INTC) estimates that 200 billion devices
could be connected across the IoT market by 2020. Those bullish forecasts sparked
an IoT land grab in recent years, as many companies rushed to produce connected
devices. Here are 10 ways those products can improve our lives. Read more
[FOOL.COM]

Internet of Things (IoT)
COMMENT: Data Behaving Badly. The private sector, especially consumer-facing
organizations, are betting big on data-intensive technologies like artificial
intelligence and the internet of things. The trend is accelerating worldwide, with
private sector investments in AI projected to reach $12.5 billion in 2017 alone, and
IoT investments expected to top $800 billion. Although slower to embrace AI and
IoT, government is now pursuing them aggressively. Read more
[FCW.COM]

Personal Tech

Personal Tech
TECH TIP: Picking an iPad as a Portable Photo Studio. Apple has a range of models
in its tablet line, but you may not need the most expensive one to suit your image-
editing needs. Read more
[NYTIMES.COM]
TRAVEL TECH: How the 52 Places Traveler Stays Charged While Chronicling the
World. How do New York Times journalists use technology in their jobs and in their
personal lives? Jada Yuan, who is crisscrossing the globe as The Times’s 52 Places
Traveler, discussed the tech she’s using. Read more
[NYTIMES.COM]

Personal Tech
MORE TRAVEL TECH: Emergency Charging Options on the Road. The time-honored
travelers’ trick of charging your phone from the USB port on the hotel-room
television is one option for powering up away from home. Read more
https://fedtechmagazine.com/article/2018/
[NYTIMES.COM]
COIN: Pay Off Those I.O.U.s on the Go. Along with Apple Pay Cash, several apps
and services make it easy to send and receive funds right on your phone,
smartwatch or tablet. Read more
[NYTIMES.COM]

Mobile Applications

Mobile
NIST: Updating Recommendations for Mobile App Security. The National Institute
of Standards and Technology is working on updating its recommendations for how
organizations and developers can keep mobile applications secure. The updated
recommendations are being made to the Special Publication (SP) 800-163, Vetting
the Security of Mobile Applications document that was initially released in January
2015. The 50-page draft revision includes additional clarity and details on how to
minimize mobile app risks. Read more
[EWEEK.COM]
OUR HISTORY WITH MOBILE: A Prescient Steve Jobs Predicted Our Obsession with
Mobile Apps. Though even he might have undersold it a little. Read more
[ENGADGET.COM]

Mobile
SECURITY: Team Finds Many Mobile Applications Are Open to Web API Hijacking.
Smartphones, tablets, iPads—mobile devices have become invaluable to the
everyday consumer. But few consider the security issues that occur when using
these devices. Modern mobile applications or “apps” use cloud-hosted HTTP-based
application programming interface (API) services and heavily rely on the internet
infrastructure for data communication and storage. To improve performance and
leverage the power of the mobile device, input validation and other business logic
required for interfacing with web API services are typically implemented on the
mobile client. However, when a web service implementation fails to thoroughly
replicate input validation, it gives rise to inconsistencies that could lead to attacks
that can compromise user security and privacy. Developing automatic methods of
auditing web APIs for security remains challenging. Read more
[PHYS.ORG]

Mobile
CYBERSECURITY: Risky Mobile Apps No Fun for Entertainment Sector. In case it’s
not already on your risk radar, it’s time to add mobile apps to the growing list of
threat vectors. Mobile apps are risky across all sectors, but more specifically, those
that come from media and entertainment businesses are putting users at risk.
BitSight recently released the results of its research that looked at data from more
than 1,000 companies offering apps on iOS and Google Play and found
vulnerabilities across the board. Read more
[SECURITYBOULEVARD.COM]

Programming & Scripting Development
Client & Server-Side

Programming & Scripting Development
Client & Server-Side
JAVASCRIPT: Is JavaScript Destined to Be Usurped by TypeScript? Year after year
JavaScript features among the top 10 most widely used programming languages
worldwide, but is a challenger emerging to the venerable web favorite? An analysis
by TIOBE, which counts the number of hits for each programming language
returned by major search engines, suggests that Microsoft’s TypeScript is enjoying
an explosive growth in popularity and encroaching on areas previously dominated
by JavaScript. Read more
[TECHREPUBLIC.COM]
JAVA: Kotlin and Java Go Well Together, Report Shows. Kotlin is only seven years
old but it is already playing in the big leagues. Its massive success can be traced
back to the moment when Google announced Kotlin support in Android last year
but that was just the tip of the iceberg. According to Pusher’s State of Kotlin 2018
research report, great things are coming Kotlin’s way. Read more
[JAXENTER.COM]

Programming & Scripting Development
Client & Server-Side
GOOGLE: Google Debuts Jib, a Tool to Make Software Containers and Java Work
Better Together. Google LLC has released Jib, a new open-source tool that aims to
make software containers and the Java programming language work more
seamlessly together. Read more
[SILICONANGLE.COM]
PYTHON: GitHub Now Warns You About Flaws Affecting Your Python Code.
Python has joined Ruby and JavaScript on GitHub’s list of coding languages it scans
for security vulnerabilities. Developers using Python can now get security alerts for
any new bugs the code repository platform spots, as well as some recent
vulnerabilities Python has had. Read more
[ITPRO.CO.UK]

Cloud Computing

Cloud Computing
OPINION: Serverless Computing Is a Paradigm Shift for Cloud Computing. The
serverless revolution is akin to delivery companies moving away from owning large
trucks to managing a fleet of leased vans, and from there, to outsourcing
transportation to a third-party fleet of scooters. Read more
[CALCALISTECH.COM]
MICROSOFT: Catching Up to Amazon in Security Clearances for Cloud. That could
give Microsoft an edge over other potential bidders in the Pentagon’s winner-take-all
competition for a multibillion-dollar cloud computing contract. Read more
[SEATTLETIMES.COM]

Cloud Computing
BUSINESS TRANSFORMATION: Five Ways to Make the Most of the Move to On-
Demand. Cloud computing can’t fix everything but it can be a key element of
business transformation if handled well. Read more
[ZDNET.COM]
LINUX: How Red Hat Morphed From Linux Pioneer Into Cloud-Computing Player.
Red Hat’s reinvention is tied to the rise of cloud computing. Like many traditional
suppliers of information technology, it has been pressured to adapt. Read more
[INVESTORS.COM]

Announcement

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity

IT Security | Cybersecurity
SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism
researchers, AI developers, government scientists, threat-intelligence specialists,
investors and startups gathered at the second annual WIRED conference to discuss
the changing face of online security. These are the people who are keeping you safe
online. Their discussions included Daesh’s media strategy, the rise of new forms of
online attacks, how to protect infrastructure, the threat of pandemics and the
dangers of hiring a nanny based on her Salvation Army uniform. Read more
[WIRED.CO.UK]
IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix
Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to
get the most out of your workers and keep your business safe. Read more.
[TECHREPUBLIC.COM]

IT Security | Cybersecurity
FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity.
The federal government is and will continue to be a target of cyber crimes.
According to the Identity Theft Resource Center, U.S. companies and government
agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017
show 791 incidents as of the end of June – a 29 percent increase over the same
period in 2016. With that said, is the government doing enough to prepare for cyber
threats? On this episode of CyberChat, host Sean Kelley, former Environmental
Protection Agency chief information security officer and former Veterans Affairs
Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas)
about initiatives to modernize the federal cybersecurity space. Read more
[FEDERALNEWSRADIO.COM]

IT Security | Cybersecurity
STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask
Federal Government for Help. A letter to the Office of Management and Budget
says that today’s regulatory environment “hampers” states in their pursuit of cost
savings and IT optimization. Find out more
STATESCOOP.COM]

From the Blue Mountain Data Systems Blog
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
29-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/
Business Intelligence
https://www.bluemt.com/business-intelligence-daily-tech-update-september-15-
2017/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-september-11-
2017/

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/
Databases
https://www.bluemt.com/databases-daily-tech-update-september-21-2017/
Penetration Testing
https://www.bluemt.com/penetration-testing-daily-tech-update-september-26-
2017/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-september-14-
2017/

From the Blue Mountain Data Systems Blog
Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-september-22-
2017/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-september-20-
2017/
Encryption
https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/

From the Blue Mountain Data Systems Blog
Open Source
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
5-2017/
CTO, CIO and CISO
https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
5-2017/

From the Blue Mountain Data Systems Blog
Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

From the Blue Mountain Data Systems Blog
People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems Blog
Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

From the Blue Mountain Data Systems Blog
Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com