Blue Mountain Data Systems
Tech Update Summary
October 2017

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for October 2017. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Network Security

Network Security
CISO: Convincing Employees to Care About Network Security. Employees remain
the biggest source of corporate cyber risk. According to the “IBM X-Force 2016
Cyber Security Intelligence Index,” staff members are responsible for 60 percent of
all digital attacks endured by enterprises. In most cases, there’s no malicious
intent. Employees may subvert network security by opening infected email
attachments, falling for well-crafted phishing attacks, accessing compromised
third-party apps or accidentally posting confidential information on social media
sites. Read more
[SECURITYINTELLIGENCE.COM]

Network Security
FEDERAL GOVERNMENT: Consolidating Federal Networks Could Lead to New
Security Holes. For years, one of the chief aims of the IT modernization movement
has been replacing the federal government’s outdated architecture. Before truly
tapping into the transformative power of new software and security tools, the
thinking goes, government must first scrap its ancient patchwork networks for a
new unified IT infrastructure. Read the rest
[FCW.COM]
OPINION: Why Chipmakers are Taking IoT Security Into Their Own Hands. As the
IoT and chip industry both continue to grow more chipmakers will come to
understand the importance of putting security and privacy first. Read more
[NETWORKWORLD.COM]

Network Security
STATES: Federal Government Notifies 21 States of Election Hacking. The federal
government has told election officials in 21 states that hackers targeted their
systems before last year’s presidential election. The notification came roughly a
year after U.S. Department of Homeland Security officials first said states were
targeted by hacking efforts possibly connected to Russia. The states that told The
Associated Press they had been targeted included some key political
battlegrounds, such as Florida, Ohio, Pennsylvania, Virginia and Wisconsin. Find
out more
[USNEWS.COM]

Encryption

Encyption
NEWS: Attack Renders Popular Encryption Hardware Vulnerable. Popular chips
used to encrypt smart cards and other hardware have security flaws rendering the
encryption easy to crack. The software library for the latest-generation Infineon
brand chips has a problem in its implementation of the RSA encryption standard,
first discovered by researchers at the Centre for Research on Cryptography and
Security. Companies including Google, Microsoft, Fujitsu, HP and Lenovo use the
chips. Read more
[THEHILL.COM]

Encyption
FYI: Serious Flaw in WPA2 Protocol Lets Attackers Intercept Passwords and Much
More. Researchers have disclosed a serious weakness in the WPA2 protocol that
allows attackers within range of vulnerable device or access point to intercept
passwords, e-mails, and other data presumed to be encrypted, and in some cases,
to inject ransomware or other malicious content into a website a client is visiting.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.
The research has been a closely guarded secret for weeks ahead of a coordinated
disclosure that was scheduled for 8am Monday, East Coast time. A website
disclosing the vulnerability said it affects the core WPA2 protocol itself and is
effective against devices running Android, Linux, and OpenBSD, and to a lesser
extent macOS and Windows, as well as MediaTek Linksys, and other types of
devices. The site warned that attackers can exploit the flaw to decrypt a wealth of
sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption
protocol. Find out more
[ARSTECHNICA.COM]

Encyption
DOJ: ‘Responsible Encryption’ is the New ‘Going Dark’. The DOJ calls for
‘responsible encryption’ to comply with court orders. Plus, there’s more bad
cybersecurity news for banks, and Accenture data in AWS gets exposed. Read the
rest
[SEARCHSECURITY.TECHTARGET.COM]
HOMELAND SECURITY: Orders Federal Agencies to Start Encrypting Sites, Emails.
Three-quarters of the federal government uses encryption. Homeland Security says
that isn’t enough. Find out more
[ZDNET.COM]

Databases

Databases
MongoDB: Wall Street Likes Databases, as MongoDB Soars Over 30 Percent in its
IPO. MongoDB built and currently maintains an open-source database that rode
the wave of interest in NoSQL databases over the last several years, as companies
looking to create and deploy software applications at a faster pace looked for
databases that were more flexible than the SQL databases traditionally used in
enterprise computing. MongoDB charges money for a supported version of
database and has built a few other products for monitoring as well as developer
tools. Read more
[GEEKWIRE.COM]

Databases
EVALUATE: NewSQL Databases Rise Anew — MemSQL, Spanner Among
Contenders. The NewSQL database was almost hidden when Hadoop and NoSQL
arose. Now, as more big data teams move toward production, MemSQL, Cloud
Spanner and similar products may get a second look. Read the rest
[SEARCHDATAMANAGEMENT.TECHTARGET.COM]
REPORTS: Microsoft Kept Quiet on Details of 2013 Cyber Breach. A secret,
internal database that Microsoft uses to track bugs in its software was
compromised by a hacking group more than four years ago, according to five
former employees who spoke with Reuters. Find out more
[THEHILL.COM]

Databases
NEW: Microsoft Ignite: SQL Server 2017 for Linux Goes Live; or Windows, If You
Want. The preview Docker image has already been fetched 2 million times. Find
out more
[ARSTECHNICA.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech

Federal Tech
FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape,
Modernize Government Technology. The size and scope of the
federal government’s information technology landscape only
continues to grow and in a way that makes it incredibly difficult to
change. In the Federal Chief Information Officers Council’s latest
study, the current state of government IT is described as monolithic.
And, it is not meant as a compliment. Read more
[FEDERALNEWSRADIO.COM]

Federal Tech
OPINION: Government Efforts to Weaken Privacy are Bad for Business and
National Security. The federal government’s efforts to require technology and
social media companies to relax product security and consumer privacy standards
– if successful – will ultimately make everyone less safe and secure. Read the rest
[INFOSECURITY-MAGAZINE.COM]
PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your
DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies
had to send DNA samples to government labs and wait for it to get tested, which
could take days or even weeks. Find out more
[GOVTECH.COM]

Federal Tech
MODERNIZATION: Making Modernization Happen. Now more than ever before,
comprehensive IT modernization for federal agencies is a real possibility. The
question that remains is whether President Donald Trump’s words and actions
during his first months in office will be sustained by the administration and
Congress in the months and years ahead. Read more
[FCW.COM]

State Tech

State Tech
SURVEY: Cybersecurity Concerns May Keep One in Four Americans
from Voting. Cybersecurity concerns may prevent one in four
Americans from heading to the polls in November, according to a
new survey by cybersecurity firm Carbon Black. The company
recently conducted a nationwide survey of 5,000 eligible US voters to
determine whether reports of cyberattacks targeting election-related
systems are impacting their trust in the US electoral process. The
results revealed that nearly half of voters believe the upcoming
elections will be influenced by cyberattacks. Consequently, more
than a quarter said they will consider not voting in future elections.
Read more
[HSTODAY.US.COM]

State Tech
ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is
centralizing IT operations under Alaska’s newly created Office of
Information Technology. But consolidating IT in a sprawling state like
Alaska offers challenges not found in other environments, says the
state’s new CIO Bill Vajda. Read the rest
[GCN.COM]
ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter
State IT. Jim Purcell wasn’t expecting a call from Alabama’s new
governor, Kay Ivey, and he certainly wasn’t expecting her to ask him
to head up the Office of Information Technology (OIT) – but that’s
exactly what happened last week. Find out more
[GOVTECH.COM]

State Tech
ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of
Illinois, sought to become the nation’s first Smart State – a process that required
reorganizing its 38 IT departments into one, improving government services, and
finding new sources of innovation to apply to its revenue model. Within 18
months, Illinois rose in national rankings from the bottom fourth of state
governments to the top third. Read more
[ENTERPRISERSPROJECT.COM]

Electronic Document Management

Electronic Document Management
CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

Electronic Document Management
ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

508 Compliance

Section 508 Compliance
WEBSITE AUDITOR: The Hot Job Title You Want. “The web accessibility
compliance auditor is a field that every computer science and information systems
student should think of pursing,” says Dr. James Logan, who is the quality
assurance manager for Georgia Institute of Technology’s Enterprise Information
Systems. “It really is just an extension of information systems. The field has so
many opportunities for web developers.” Read more
[BLACKENGINEER.COM]

Section 508 Compliance
FYI: Web Design to Accommodate the Dyslexic Reader. Of people with reading
difficulties, 70-80% are likely to have some form of dyslexia. It is estimated that
between 5-10% of the population has dyslexia, but this number can also be as high
as 17%. Here are some CSS tips to consider when designing web content for
dyslexics. Get the CSS tips.
[ACCESSIBLEWEBSITESERVICES.COM]
WCAG 2.0: Checklists. It’s extremely useful to have a WCAG 2.0 checklist on hand
when you’re working through the guidelines. A WCAG 2.0 checklist helps you to
check your web accessibility progress, record how far you’ve come and set your
targets out for the future. Find out more
[WUHCAG.COM]

Section 508 Compliance
HOW-TO: 17 Website Adjustments You Can Make Today for Better Accessibility.
In order to assure that websites and web applications are accessible to and usable
by everyone, web designers and developers must follow the Web Content
Accessibility Guidelines (WCAG 2.0) published by the Web Accessibility Initiative
(WAI) of the World Wide Web Consortium (W3C), the main international standards
organization for the Internet. It covers an expanded range of disabilities: blindness
and low vision, deafness and hearing loss, learning disabilities, cognitive
limitations, limited movement, speech disabilities, and photo sensitivity. Here are
17 adjustments you can make to your website now to make it more accessible.
Read more
[ACCESSIBLEWEBSITESERVICES.COM]

Security Patches

Security Patches
MICROSOFT VS. GOOGLE: Microsoft Hits Back at Google’s Approach to Security
Patches. Microsoft’s Windows security team haven’t been happy with Google for
the past year. While the pair are bitter rivals for a number of different reasons,
Google disclosed a major Windows bug before Microsoft was ready to patch it last
year. It irritated the company so much that Windows chief Terry Myerson authored
a blog post criticizing Google for not disclosing security vulnerabilities responsibly.
That resentment still remains today. Read more
[THEVERGE.COM]

Security Patches
HOW TO: Fix the KRACK Wi-Fi Security Hole in Your Phone or Laptop.
Researchers have announced that they had found a gaping security hole in WPA2,
one of the most popular Wi-Fi communications encryption standards. But the
exploit they uncovered that could allow hackers to steal even encrypted wireless
data, dubbed KRACK, can be foiled by software updates. And the major tech
hardware and software vendors quickly started announcing those fixes. Click here
for key takeaways.
[FORTUNE.COM]

Security Patches
ORACLE: Swats 252 Bugs in Patch Update. Hundreds of different products are
affected by a range of vulnerabilities tackled in the update. Find out more
[ZDNET.COM]
WINDOWS 10: Excel, Access, External DB Driver Errors Linked to this Month’s
Patches. If you’re seeing new “Unexpected error from external database driver”
error messages, chances are good you recently installed KB 4041681 (Win7),
KB4041676 (Win10 1703), or any of this month’s Windows security patches. Read
more
[COMPUTERWORLD.COM]

CIO, CTO & CISO

For the CIO, CTO & CISO
CTO: FCC Names New CTO. Eric Burger was named chief technology officer of the
Federal Communications Commission on Oct. 2. Burger previously served as
director of the Security and Software Engineering Research Center, based in
Muncie, Ind. The center focuses on telecommunications issues, including
robocalling, access by people with disabilities and network stability. It represents
researchers, faculty and students drawn from three institutions of higher learning:
Ball State University, Virginia Tech and Georgetown University. Read the rest
[FCW.COM]
CISO: Think About How Your Customers Actually Use Your Mobile Apps. It’s not
every day that a veteran chief information security officer writes a book that blasts
the mobile community for torpedoing enterprise security. Find out more
[COMPUTERWORLD.COM]

CIO, CTO & CISO
CIO: 5 State CIOs Discuss Priorities, Share Recommendations. At NASCIO’s
annual conference, five CIOs were given five minutes each to revisit their
respective priorities and make recommendations based on their own
experiences. Read more
[GOVTECH.COM]
CISO: McDonald’s New CISO Shares Insights on Talking to the Board. What
advice does the new CISO of fast-food giant McDonald’s, who has served as CISO
at two other major corporations, have for how to communicate with the board
of directors? Tim Youngblood says the key is to know that the board’s role is “to
understand what is the risk to our organization and are we doing the right things
to address that risk.” Read more
[BANKINFOSECURITY.COM]

CIO, CTO & CISO
CISO: The Security Leader’s Expanding Role: Seven Priorities to Drive CISO
Success. Some of the security leader’s tasks are project-based, but because the
job is ongoing, CISOs need to remain cognizant of a set of priorities that can’t be
left to chance. Here are seven priorities can help today’s CISOs stay on top of
their game and keep their companies secure. Find out more
[SECURITYINTELLIGENCE.COM]

Penetration Testing

Penetration Testing
DIGITAL GOVERNMENT: Security, Privacy, Usability – The 3 Legs of Login.gov
Platform. The government’s fourth attempt to build a single sign-on identity
management capability for federal services is off to a better start than its
predecessors. The General Services Administration launched the Login.gov
platform in April. The platform, which already has five agencies ready to test it
out, experienced a spike of user accounts in October. Joel Minton, the director of
the Login.gov platform run by GSA’s 18F organization, said they are driving
privacy, security and usability to give citizens confidence in using federal
services. Read more
[FEDERALNEWSRADIO.COM]

Penetration Testing
SECURITY: The White Hat Brigade. The fight against cybercriminals involves a
whole range of different offensive and defensive measures, from devices with
built-in smart security to intelligent analytics tools that can watch the network
for aberrant behaviour. Who might suspect, however, that one of the strongest
weapons in the battle against hackers might be, well, other hackers? Whether
they’re expert security professionals with a deep understand of how hacking
works, or reformed ‘bad’ hackers who now use their powers for good, the white
hat brigade is here to stay. Read more.
[ITPRO.CO.UK]

Penetration Testing
INTERVIEW: Life in the Trenches: a Penetration Tester Speaks. The fear of a loss
of reputation is the primary motivator for organisations to seek penetration
testing of their networks, to find out how secure they are against likely intruders,
according to a senior penetration tester with security firm SecureWorks. Find out
more
[ITWIRE.COM]
STATE GOVERNMENT: Securing the Government Cloud: Tips for Screening SaaS
Products. Some vendors mislead their customers when it comes to
cybersecurity. Everlaw CEO AJ Shankar shares a few questions that should be
asked to keep them honest. Read more
[STATESCOOP.COM]

Open Source

Open Source
MOZILLA: Funds Open Source Projects with Half a Million in Grants. Mozilla has
announced the latest recipients of its Open Source Support grants, totaling
$539,000. The web tech company regularly helps out smaller projects, and this
round in particular favored ones aimed at safety and security. Read more
[TECHCRUNCH.COM]
DHS: Says Kaspersky Decision Based on ‘Open Source’ Information. The
Department of Homeland Security’s (DHS) decision to bar federal agencies and
departments from using Kaspersky Lab software was primarily based on open-
source information, a department official said Tuesday. “That determination was
based on the totality of evidence, including on the most part open-source
information,” said Christopher Krebs, a senior cybersecurity official at DHS,
during a House Homeland Security Committee hearing. Read the rest
[THEHILL.COM]

Open Source
READ: PostgreSQL, Open Source Software Bringing Security, Innovation,
Performance and Savings. Federal agencies continue to be caught between the
need to innovate and reduce costs, all while maintaining performance and strong
security. This conundrum has driven the adoption of open source software in
government, which not only saves money for the government, but also offers more
reliability and agility – and better security. Find out more
[FEDSCOOP.COM]
INDUSTRY INSIGHT: Open Source and the Public Sector. The U.S. government
continues to devote resources to advancing the country’s technology by utilizing a
mixture of “proprietary, open source, and mixed source code” when building out
federal solutions, according to the Federal Source Code Policy. Read more
[GCN.COM]

Business Intelligence

Business Intelligence
READ: 12 Ways to Empower Government Users with the Microsoft Business
Intelligence (MBI) Stack. Are your organization’s Federal IT resources under
constant pressure, with no end in sight? Your agency is not alone. With limited
access to dedicated information technology resources, non-technical end users
often play the waiting game, relying on IT staff to do simple tasks like generating
custom queries and embedding them within applications. Your department’s need
to generate on demand, ad hoc reports gets pushed to the back burner while IT
resources respond to more pressing matters. Implementing a self-service approach
alleviates your IT staff from such tasks, affording them more time to focus on
solving high impact problems. Read more
[BLUEMT.COM]

Business Intelligence
REPORT: 2017 State Of Business Intelligence And Predictive Analytics. Insights
gained from interviews with Dresner Advisory Service’s research community of over
3,000 organizations, in addition to vendor customer community interviews. 57% of
respondents are from North America, 31% from Europe, the Middle East & Africa,
with the remaining 12% from Asia-Pacific (8%) and Latin America (4%). For
additional details regarding the methodology, please see page 11 of the study.
Industry interest in advanced and predictive analytics grew sharply in 2017, with
business intelligence experts, business analysts, and statisticians/data scientists
being the most prevalent early adopters. Click here for key takeaways.
[FORBES.COM]

Business Intelligence
READ: Business Intelligence vs. Business Analytics: Where BI Fits Into Your Data
Strategy. While BI leverages past and present data to describe the state of your
business today, business analytics mines data to predict where your business is
heading and prescribe actions to maximize beneficial outcomes. Find out more
[CIO.COM]
U.S. GOVT FINANCE: 11 Ways to Speed Up Government Procurement. Buying with
public money is difficult by design, but are there fair ways to fix it? Read more
[GOVTECH.COM]

Operating Systems

Operating Systems
NEWS: All Operating Systems Are Susceptible to This WiFi Attack. With so many
consumers relying on mobile devices these days, it is no surprise criminals continue
to look for new ways to take advantage. A new exploit recently uncovered by
researchers shows how assailants can read WiFi-based traffic between devices.
Around 41% of all current Android devices are susceptible to such an exploit. This
issue goes well beyond mobile devices, although Linux-based devices are most
prone to attack. Read more
[THEMERKLE.COM]

Operating Systems
APPLE: Operating Systems Vulnerable to Password Theft. Apple released a new
macOS operating system Monday, but already security experts are saying it is
vulnerable to a zero-day exploit that puts users’ passwords at risk. Read the rest
[CONSUMERAFFAIRS.COM]
MICROSOFT: Has Already Fixed the Wi-Fi Attack Vulnerability. Microsoft says it has
already fixed the problem for customers running supported versions of Windows.
“We have released a security update to address this issue,” says a Microsoft
spokesperson in a statement to The Verge. “Customers who apply the update, or
have automatic updates enabled, will be protected. We continue to encourage
customers to turn on automatic updates to help ensure they are protected.”
Microsoft says the Windows updates released on October 10th protect customers,
and the company “withheld disclosure until other vendors could develop and
release updates.” Find out more
[THEVERGE.COM]

Operating Systems
DHS: Mandates New Security Standards for Federal Networks. The Department of
Homeland Security is requiring agencies to use new email and web security
guidelines that address man-in-the-middle attacks. A binding operational directive
from DHS gives federal agencies 90 days to implement a pair of tools, Domain-
based Message Authentication Reporting and Conformance (DMARC) and
STARTTLS. DMARC is an email authentication tool designed to prevent email
spoofing and provide data on where a forgery may have originated. STARTTLS helps
protect against passive man-in-the-middle attacks by allowing for email encryption
while data is in transit. The directive also requires agencies to switch all publicly
accessible federal websites to HTTPS and HSTS-secure connections within 120 days.
Doing so could potentially eliminate a large swath of security flaws that affect most
federal government websites. Find out more
[FCW.COM]

BYOD

BYOD
INDUSTRY INSIGHT: BlueBorne and Wireless Risk…Going Beyond NIST and
Standard Frameworks. Security frameworks such as the National Institute of
Standards and Technology SP 800-53, 800-121, and Department of Defense 8500
security requirements rely mostly on FIPS 140-2 and are stringent and unforgiving
to insecure protocols such as wireless — specifically, Bluetooth and other 802.15
protocols. Unfortunately, these requirements are frequently overlooked and the
features get included in phones. The other overlooked peripherals that pose risk are
2.4 GHz keyboards and mice. Thankfully, bring-your-own-device policies have not
caught on or been encouraged in the public sector to the degree they have in the
private sector. This type of cost-cutting strategy can end up costing the organization
more money in the long run when it must address compromises on unmanaged
BYOD devices containing enterprise data. Read more
[GCN.COM]

BYOD
SECURITY: Why Agencies Need to Protect Their Endpoints, and Not Just Their
Networks. As agencies deploy more mobile devices, their users out in the field and
away from their desks become targets for hackers and cybercriminals. Click here for
key takeaways.
[FEDTECHMAGAZINE.COM]
HEALTHCARE: 5 Tips to Lockdown Security for Internet of Things Medical Devices.
Segmented networks, authorization protocols, device behavior are a few strategies
that execs should adopt today. Find out more
[HEALTHCAREITNEWS.COM]

Incident Response

Incident Response
HOW: An Effective Incident Response Plan Can Help You Predict Your Security
Future. Chief information security officers (CISOs) understand that their enterprises
will be subject to a breach, or at least an attempted attack, at some point. While
they can’t predict the future, they can learn a lot about would-be attackers’
motivations and methods just by developing a thorough incident response strategy.
This plan is crucial because it informs your actions, helps you create a positive
outcome, and minimizes data loss and operational disruption in the event of a
breach. Here are five key questions to consider when developing your incident
response plan. Read more
[SECURITYINTELLIGENCE.COM]

Incident Response
BREACH PREPAREDNESS: Incident Response Insights from US Army Medicine CISO.
The recent Equifax mega-breach demonstrates how essential it is to have a robust,
well-tested incident response plan in place that includes a strong public relations
component, says Heath Renfrow, CISO at U.S. Army Medicine. Read the rest
[BANKINFOSECURITY.COM]
SECURITY: Federal IT Security Leaders Push for More Training to Boost
Cybersecurity Response. The Trump administration’s executive order on
cybersecurity gives agencies enough direction to guide investments in education
and training, officials say. Find out more
[FEDTECHMAGAZINE.COM]

Incident Response
ENDPOINT: How Businesses Should Respond to the Ransomware Surge. Modern
endpoint security tools and incident response plans will be key in the fight against
ransomware. Find out more
[DARKREADING.COM]

Cybersecurity

Cybersecurity
MICROSOFT: A Pictorial Walk-Through Of Microsoft’s New Cybersecurity Tools.
Cybersecurity should be on every person’s mind in 2017, and certainly every
lawyer’s. Here’s why…Read more
[ABOVETHELAW.COM]
FEDERAL GOVT: U.S. Government Cybersecurity Lags Behind That of a Fast Food
Joint, Say Analysts. The American federal government and countless state and local
governments throughout the U.S. are more vulnerable to cyberattacks than your
local McDonald’s. A new study ranking the cybersecurity of 18 industries “paints a
grim picture” with the U.S. government 16th when it comes to protecting its
computer systems and data from hackers. Read the rest
[NEWSWEEK.COM]

Cybersecurity
DATA: The Piece of Cybersecurity Feds Can No Longer Ignore. The Trump
administration needs to work with Congress to fully fund the Department of
Homeland Security’s Continuous Diagnostics and Mitigation program. Find out more
[FEDTECHMAGAZINE.COM]
STATE & LOCAL GOVERNMENT: Annual Cybersecurity Review for State and Local
Government Approaches. Non-federal agencies still ride low on the maturity
benchmark, but the increased political attention around cybersecurity could
improve results in the coming survey period. Find out more about the study results
[STATESCOOP.COM]

IT Management

IT Management
READ: All Management Is Change Management. Change management is having its
moment. There’s no shortage of articles, books, and talks on the subject. But many
of these indicate that change management is some occult subspecialty of
management, something that’s distinct from “managing” itself. This is curious
given that, when you think about it, all management is the management of
change. Read more
[HBR.ORG]
NARA: Improvements Seen in Federal Records Management, but ‘There is Work
to be Done’. Compliance, collaboration and accountability are the themes of the
National Archives’ recommendations to agencies for improving how they handle
paper – and electronic – trails. That’s according to NARA’s 2016 Federal Agency
Records Management Annual Report. Read more.
[FEDERALNEWSRADIO.COM]

IT Management
FINANCIAL: Washington State’s Strategy for Tracking IT Spending. The state of
Washington’s first efforts to bring technology business management to its IT
spending practices began in 2010 when the legislature mandated annual reports
and specific evaluation requirements for investments. As interest grew in
monitoring the cost of IT along with the business services IT provides, officials in
the Washington’s Office of the CIO worked to refine the strategy through the
creation of a state TBM program. Find out more
[GCN.COM]

IT Management
HR: A Blueprint for Improving Government’s HR Function. Government, at its
core, is its employees and their commitment to serve the country. That fact is
too often overlooked. While technology enables employees to make better,
faster decisions, until artificial intelligence replaces the acquired knowledge of
employees, agency performance will continue to depend on the skill and
dedication of government workers. As such, civil service reform is increasingly
important because workforce rules and regulations are out of sync with current
management thinking. To use a basketball analogy, government is still shooting
two handed set shots. Read more
[GOVEXEC.COM]

Application Development

Application Development
INDUSTRY INSIGHT: 4 Steps to Agile Success. There’s a noticeable shift toward agile
development taking place within the federal government. Driven by a need for
accelerated application development and meeting internal customers’ needs on the
very first attempt, agencies like the General Services Administration and
Department of Homeland Security have begun to move away from traditional
waterfall project management frameworks and toward iterative, agile frameworks
like scrum. Read more
[GCN.COM]

Application Development
IT MODERNIZATION: 3 Strategies for Building Successful Agile Teams. Is the
federal government truly ready to embrace agile software development?
Successful agile environments do not start with technology; they start with
creating the right team. This can be harder than it may first appear, because agile
challenges preconceived norms of how federal IT teams should be structured and
the way they approach projects. Agile teams are typically a combination of
individual contributors (particularly those from development and quality assurance
backgrounds) who rarely work together but must now collaborate to achieve
common goals. Read the rest
[NEXTGOV.COM]
ENTERPRISE: Air Force Intelligence Unit Goes Agile. The US Air Force is
determined to get more agile to produce applications that can be useful in times of
conflict. Find out more
[INFORMATIONWEEK.COM]

Application Development
PEOPLE & CAREERS: Sloughing Off the Government Stereotypes. What are CIOs
doing to lure millennials into government IT? Government CIOs across the board
are being forced to confront the retirement wave that’s about to decimate their
ranks. But does the next generation of IT pros want the jobs their parents and
grandparents are leaving behind? Read more
[GOVTECH.COM]

Big Data

Big Data
NGA: Wants to Swap Years of Government Data for Industry Know-How. The
National Geospatial-Intelligence Agency is in talks with Capitol Hill to find legal ways
to achieve a unique barter agreement between the government and industry:
swapping potentially years’ worth of data locked in the agency’s archives for
expertise and new computational techniques from the private sector. Read more
[FEDERALNEWSRADIO.COM]
E-COMMERCE: IT Convergence Trend Alters Approach to Federal Market. Federal
agencies have begun using an emerging information technology tool to manage the
huge amount of data the United States government generates and stores. Federal
IT managers recently have embraced the concept of convergence, which has been
gaining traction in the private sector. Agencies also have indicated that the
approach may be useful for other federal IT applications. Read the rest
[ECOMMERCETIMES.COM]

Big Data
NEWS: In the Next Wave Of Innovation, Big Data Is Your Competitive Advantage.
Data is becoming a valuable commodity, like oil in the 20th century. Here’s how
companies should be using it. Find out more
[ENTREPRENEUR.COM]
HOW: Big Data and Digital Transformation – How One Enables the Other.
Drowning in data is not the same as big data. Here’s the true definition of big data
and a powerful example of how it’s being used to power digital transformation. Find
out more about the study results
[ZDNET.COM]

Personal Tech

Personal Tech
DOWNLOADS: Resolutions for the Big (and Small) Screens. When it comes to
streaming and downloading movies, find out the difference between standard
definition and the high-definition versions. Read more
[NYTIMES.COM]
TECH TRAVEL: Checking Voice Mail While Abroad. Find out how to check voice mail
on a smartphone when traveling in Europe. Read more.
[NYTIMES.COM]

Personal Tech
STAY ALERT: Technology Can Be A Threat To Your Physical Safety. Discover the
personal safety habits you can practice to stay safe at home and on the go. Find out
more
[FORBES.COM]
HOW TO: Schedule Your Smartphone for a Little Peace and Quiet. Have you signed
up for alerts from a bunch of news sites on your iPhone to keep up with the
headlines, but now they’re waking you up at night with their sounds and turning on
the phone screen? Find out how to mute the noises and phone screen light before
bed without turning off the phone’s alarm clock. Read more
[NYTIMES.COM]

Mobile Applications

Mobile
EMM: Enterprise Mobility Management Explained. The EMM market is evolving to
provide ever more comprehensive (and specific) services for device and application
management. Here’s a look at what it is and how it can meet the divergent needs of
different companies. Read more
[COMPUTERWORLD.COM]
MICROSOFT: Gives Up on Windows 10 Mobile. Microsoft appears to have
abandoned its smartphone operating system ambitions. The company’s Windows
10 chief has tweeted that developing new features and hardware for the Mobile
version of the OS was no longer a “focus”. Read the rest
[BBC.COM]

Mobile
FEDERAL GOVERNMENT CLOUD: Standardizing and Securing Navy Systems in the
Cloud. One of IT modernization’s biggest challenges is breaking down the many
technology fiefdoms within an organization. When every group has its own way of
doing something, effecting change is hard and guarding against cyberthreats is even
harder. “All our bases around the world…had their own websites,” said Raven
Solutions CEO Ryan Pratt, who led the transition to the cloud for the Commander,
Navy Installations Command (CNIC) Fleet and Family Readiness (N9) program.
“People were getting hacked at the headquarters level.” Find out more
[GCN.COM]

Mobile
GOOGLE: Shuts Down Fetch As Google for Mobile Apps. Google has quietly
announced on Google+ that it will be killing off some of the App Indexing features
within the Google Search Console. Specifically, Google is turning off the Fetch As
Google for Apps feature to “avoid unnecessary duplication” with what is available
within the Firebase help documentation. Find out more about the study results
[SEARCHENGINELAND.COM]

Programming & Scripting Development
Client & Server-Side

Programming & Scripting Development
Client & Server-Side
JAVASCRIPT: Sheet, a Spreadsheet Program in 217 Bytes of Javascript. The code
for Sheet fits in one of those newfangled 280-character tweets with room to spare:
at 218 bytes, it’s the most amazingly compact spreadsheet app committed to
screen. Read more
[BOINGBOING.NET]
JSX: An Introduction to JSX. When React was first introduced, one of the features
that caught most people’s attention (and drew the most criticism) was JSX. If
you’re learning React, or have ever seen any code examples, you probably did a
double-take at the syntax. What is this strange amalgamation of HTML and
JavaScript? Is this even real code? Read the rest
[SITEPOINT.COM]

Programming & Scripting Development
Client & Server-Side
JAVA: Java EE 8 Takes Final Bow Under Oracle’s Wing. Long-delayed update adds
support for modern web tech. Here’s what’s new. Find out more
[THEREGISTER.CO.UK]
PYTHON: Don’t Constrict Your Cyber Potential in 2017 – Upskill With Python. The
Python programming language is the top choice among cybersecurity professionals
due to the vast number of powerful third-party libraries available. The ability to
use these libraries to do the heavy lifting greatly reduces the time required to
piece together scripts and develop applications. Python is also highly versatile:
Security professionals can use it to write software for penetration testing, web
development, applications or to simply throw a quick script together. Read more
[SECURITYINTELLIGENCE.COM]

Programming & Scripting Development
Client & Server-Side
PYTHON: How to Set Up and Learn Python Coding on a Mac. Python is one of the
most popular programming languages. Students use Python to learn coding; data
scientists use Python to crunch numbers. Discover how to set up and learn Python
coding on a Mac, including the best Python text editors and the best Python
training courses. Find out more
[MACWORLD.CO.UK]

Cloud Computing

Cloud Computing
FEDERAL GOVERNMENT: The Pentagon Plans to Increase Its Use of Cloud
Computing in Security Push. After his recent trip to the West Coast to check out how
cloud tech companies are fending off cybersecurity attacks, U.S. Secretary of Defense
James Mattis plans to increase the use of cloud computing at Department of
Defense, according to a report. Read more
[GEEKWIRE.COM]
COMMENT: Making Sense of the IT Modernization Challenge. Government has the
chance to cut costs while also streamlining operations — but only if agencies
embrace a continuous innovation model. Click here for key takeaways.
[FCW.COM]

Cloud Computing
CLOUD COMPUTING: How Virtualization Helps Agencies Meet Their ‘Cloud First’
Promise. Six-and-a-half years after the Obama administration announced its “cloud
first” initiative, federal agencies have begun truly ramping up their cloud
deployment efforts. According to Deltek, federal cloud computing spending is
projected to grow to $6.4 billion in fiscal year 2021 — an impressive compound
annual growth rate of 15 percent since 2016. Find out more
[GCN.COM]
READ: Google, Microsoft Emphasize Cloud Security as Hacks Intensify and Big
Businesses Eye the Cloud. Security fears have been associated with cloud
computing ever since it began, and for the most part those fears have been
unfounded: the big cloud providers are way better at security than your average
enterprise. Still, there’s always more to be done, and Google and Microsoft unveiled
new services this week to give customers additional peace of mind. Read more
[GEEKWIRE.COM]

Cloud Computing
HOW: Cloud Computing Spending is Growing Even Faster Than Expected.Spending
on cloud computing services is growing faster then previously expected, with
software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) two of the most
rapidly expanding segments. Worldwide public cloud services revenues are expected
to grow 18.5 per cent in 2017 to a total $260bn, up from $219.6bn last year,
according to Gartner. Read more
[ZDNET.COM]
ADVICE: Don’t Be the Fool in the Cloud. Is it really that hard to keep from making a
security idiot of yourself? Read the rest
[COMPUTERWORLD.COM]

Cloud Computing
LEARN: How Cost Analysis Tools Can Prevent Cloud Computing Calamity. AWS and
other cloud computing giants have been enjoying bumper profits in recent years,
which means startups must be spending more on cloud computing. Indeed cloud
costs can jump massively if you don’t keep an eye on your budget. Casey Benko over
at SearchCloudComputing recommends investing in cloud cost analysis tools to keep
costs down. He gives you the lowdown on how the top tools, like CloudCheckr and
Cloudability, compare. Find out more
[PROGRAMMABLEWEB.COM]

Cloud Computing
FEDERAL GOVERNMENT: Key Ingredient for Modernization: Evolutionary
Architecture Using Microservices. IT modernization is one of the key focus areas
across the federal government these days. With so much emphasis on
modernization, there is little attention being paid to software architecture as means
to enable transformation. Most federal IT agencies are faced with a familiar
challenge: How do we modernize our software applications and take advantage of
the benefits enabled by cloud computing? Find out more
[FEDERALNEWSRADIO.COM]

Announcement

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity

IT Security | Cybersecurity
SECURITY: Why These Cybersecurity Researchers Are Automating Vulnerability
Assessments. System complexity is preventing humans alone from finding
vulnerabilities, so researchers in the UK and at CMU are working to automate an
online cybersecurity system support service to help analysts. Read more
[TECHREPUBLIC.COM]
ONLINE: Cybersecurity As Big a Challenge As Counterterrorism, Says Spy Chief.
Online security now as big a job as surveillance and counterterrorism, says GCHQ
boss. Read the rest
[ZDNET.COM]

IT Security | Cybersecurity
THREAT MAINTENANCE: Cybersecurity’s ‘Broken’ Hiring Process. New study shows
the majority of cybersecurity positions get filled at salaries above the original
compensation cap, while jobs sit unfilled an average of six months. Find out more
[DARKREADING.COM]
IoT: Cybersecurity Falls Short, Say City IT Leaders. A survey from nonprofit CompTIA
shows that most city government tech leaders are not confident in the cybersecurity
behind today’s “smart city” devices. Find out more about the study results
[STATESCOOP.COM]

From the Blue Mountain Data Systems Blog
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
29-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/
Business Intelligence
https://www.bluemt.com/business-intelligence-daily-tech-update-september-15-
2017/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-september-11-
2017/

From the Blue Mountain Data Systems Blog
Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/
Databases
https://www.bluemt.com/databases-daily-tech-update-september-21-2017/
Penetration Testing
https://www.bluemt.com/penetration-testing-daily-tech-update-september-26-
2017/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-september-14-
2017/

From the Blue Mountain Data Systems Blog
Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-september-22-
2017/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-september-20-
2017/
Encryption
https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/

From the Blue Mountain Data Systems Blog
Open Source
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
5-2017/
CTO, CIO and CISO
https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
5-2017/

From the Blue Mountain Data Systems Blog
Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

From the Blue Mountain Data Systems Blog
People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems Blog
Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

From the Blue Mountain Data Systems Blog
Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com