Archive for December, 2013

News: Draft RFP for NIST/NCCoE Research and Development Center Now Available

Two government agencies (the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE)) are looking for input regarding the establishment of a Federally Funded Research and Development Center. Recently, the two agencies released a draft RFP (request for proposals).

According to Federal Business Opporunities, “the purpose of this partial Draft RFP is to improve the understanding of Government requirements and industry capabilities, thereby allowing potential offerors to judge whether or how they can satisfy the Government’s requirements, and enhancing the Government’s ability to obtain quality services at reasonable prices, and increase efficiency in proposal preparation, proposal evaluation, negotiation, and contract award.”

Interested parties are encouraged to respond to the notice in accordance with the attached “Attachment 1- Partial Draft RFP Instructions to Interested Parties.” You can find all of that information on the FBO website.

In addition, The National Institute of Standards and Technology (NIST), National Cybersecurity Center of Excellence (NCCoE) will be hosting an Industry Day on January 8, 2014 for parties interested in the proposed Federally Funded Research and Development Center to engage vendors and federal employees in a discussion about the proposed requirement, the NCCoE, and the forthcoming Draft Request for Proposals (RFP) for the requirement.

The event will be held in Rockville, Maryland and you can find more information about that right here.

According to a release, The Industry Day will focus on the mission of the NCCoE and ongoing and future projects of the NCCoE, along with the Draft RFP for the FFRDC requirement. The Industry Day will also allow vendors to market their relevant capabilities to others in attendance. The Industry Day will first provide all attendants information on the NCCoE, its objectives and its direction.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

30

12 2013

News: Target Woes Continue After Data Security Breach

It keeps getting worse for retailer chain Target. After the loss of account information for over 40 million people, it has know been revealed that thieves managed to gain secret PIN code numbers in addition to the previous security breach. In an article on the Huffington Post, it was revealed that Target’s reputation among consumers has taken a huge hit.

The company’s “Buzz score,” a measurement of brand popularity developed by polling site YouGov, dropped by 35 points to -9 on Dec. 20, the day after Target announced that hackers may have gotten access to 40 million customers’ credit and debit card information. On Monday it fell even further to -19. Scores range from 100 to -100.

Currently, the Justice Department is investigating the data breach. Customers affected by the Target breach complained that they had to cancel credit and debit cards just as they were rushing to buy holiday gifts. Millions of others faced bank-imposed limits on how much cash they could take out at ATMs or spend on their debit cards.

In the wake of the recent revelation that the Target data breach was worse than first reported, many customers have started to take legal action against the retailer. According to a report by CNN Money, Target is facing lawsuits from almost two dozen consumers.

Customers in from California, Oregon and Washington to Louisiana, Massachusetts and Rhode Island have filed would-be class actions in federal courts, alleging Target was negligent and did not protect their card information.

Plaintiffs in several states alleged Target “failed to implement and maintain reasonable security procedures and practices.”

Robert Ahdoot, a lawyer for the California plaintiffs, said he spoke to customers who claimed unauthorized ATM withdrawals had been made from their accounts.

“Target has an obligation to provide adequate security for the financial information they collect,” Ahdoot said.

Some suits also alleged negligence, and claimed customers would not have purchased from Target if they knew of the breach, which lasted from Black Friday through mid-December but was not disclosed until last week.

Snyder, the Target spokeswoman, said the company doesn’t “comment on pending litigation.”

In related news, the New York Times reported last week Brian Krebs, the security blogger who first broke the news that Target had been breached, said he believed he had identified a Ukranian man who he said was behind one of the primary black market sites now selling Target customers’ credit and debit card information for as much as $100 a piece.

If customers do return to Target after this massive security lapse, I can assume many will be using cash.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

30

12 2013

News: EPA Chief Thinks China Is Poised For A Green Revolution

According to the United States Enviornmental Protection Agency, China may be the newest kid on the block joining the ‘green’ revolution. In an article on the Huffington Post this week, Kate Sheppard reported on Environmental Protection Agency Administrator Gina McCarthy’s talk at the Center for American Progress, in which she said China was on the “cusp of a major push for environmental action.”

Like the previous generation of environmental activism in the U.S., which led to the creation of the Environmental Protection Agency and the passage of laws like the Clean Air Act and the Clean Water Act, a “significant public outcry” is confronting the Chinese government, said McCarthy. “We have been there before. The U.S. has faced these challenges. We have faced them well, we have faced them over time. We know what planning can do.”

McCarthy said that in the face the public’s demand for cleaner air and a new focus on climate change, China has been slow to change but is making progress, citing the recent example of the Beijing municipal government releasing its own air quality data, which has created more reporting on pollution issues in the capital.

China faces major problems combatting pollution from power plants, heavy industry, automobiles and trucks. In recent weeks, the country has seen school closures andwarnings of public health threats due to dangerous levels of smog.

According to a Wall Street Journal article, the Chinese government had previously published PM10 pollution levels — that is, pollutants measuring between 2.5 and 10 micrometers in diameters.

However, they didn’t previously release data for smaller PM2.5 pollutants, which are smaller and seen by some experts as more harmful to human health.

China hasn’t yet released targets for average annual PM2.5 levels, though the state-run Xinhua news agency in an article on Saturday said the the national standard could be set at 35 micrograms per cubic meter on average per year, citing hearings at the environment ministry from earlier this month.

In an October article on Yahoo!, Joe McDonald reported on China’s recent action to cleanup the recycling industry by enforcing tougher rules at home and for shipments into the country.

The Chinese campaign is aimed at enforcing standards for waste imports after Beijing decided too many were unusable or even dangerous and would end up in its landfills. Under the crackdown dubbed Green Fence, China has rejected hundreds of containers of waste it said were contaminated or that improperly mixed different types of scrap.

It is abruptly changing a multibillion-dollar global industry in which China is a major processing center for the world’s discarded soft drink bottles, scrap metal, electronics and other materials. Whole villages in China’s southeast are devoted to processing single products, such as electronics. Household workshops break down discarded computers or appliances to recover copper and other metals. Some use crude smelters or burn leftover plastic and other materials, releasing lead and other toxins into the air. Green Fence is in line with the ruling Communist Party’s pledges to make the economy cleaner and more efficient after three decades of breakneck growth that fouled rivers and left China’s cities choking on smog.

McDonald says since American and European recyclers send a significant part of their business to China stricter scrutiny has slowed imports and raised their costs.

The decline in the number of traders buying scrap to ship to China has also depressed prices American and European recycling companies can get for their plastic and metals.

China’s recycling industry has boomed over the past 20 years. Its manufacturers needed the metal, paper and plastic and Beijing was willing to tolerate the environmental cost. Millions of tons of discarded plastic, computers, electronics, newspapers and shredded automobiles and appliances are imported every year from the United States, Europe and Japan.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

17

12 2013

NIST: The Development of Trusted Identities to Secure Critical Infrastructure

In a post on the White House blog, Michael Daniel (a Special Assistant to the President and the Cybersecurity Coordinator recently explained why “the country’s system of passwords as it exists today is hopelessly broken” and what the  the National Strategy for Trusted Identities in Cyberspace (NSTIC) is doing to fix it.

The NSTIC, Daniel says, has called for the creation of an Identity Ecosystem – an online environment in which individuals can trust each other because they follow agreed-upon standards to authenticate their digital identities.

What this means for individual users is that they will be able to choose from a variety of more secure, privacy-enhancing identity solutions that they can use in lieu of passwords for safer, more convenient experiences everywhere they go online.

The NSTIC also helps multiple sectors in the online marketplace, because trusted identities provide a variety of benefits: enhanced security, improved privacy, new types of transactions, reduced costs, and better customer service. The National Institute of Standards and Technology (NIST) is leading implementation of the NSTIC.

In October, the NIST released a preliminary version of the Cybersecurity Framework, which aims to reduce cyber risks to critical infrastructure.  Daniel explains the framework alongside an executive order from President Obama (Executive Order 13636Improving Critical Infrastructure Cybersecurity,” ) are a pathway to ultimately fixing the problem of identity theft.

While the Executive Order focuses on critical infrastructure, managing identities is a foundational enabler for cybersecurity efforts across all sectors. The NSTIC complements the goals and objectives of President Obama’s Executive Order by promoting the use of trusted identity solutions in lieu of passwords, which will help strengthen the cybersecurity of critical infrastructure. Trusted identities offer owners and operators of critical infrastructure more secure, privacy-enhancing, and easy-to-use solutions to help secure IT systems from potential attack.

This could mean in the future you’d be asked to sign in for any number of accounts or sites using anything from retinal scans, fingerprint-based passwords or most recently thrust into the spotlight with the iPhone 5, facial recognition. The ideas aren’t new, what is is the framework, currently being developed and commented on.

Currently, the NSTIC is facilitating the work of a private sector-led Identity Ecosystem steering group, which is working to develop an Identity Ecosystem Framework in which different market sectors can implement convenient, interoperable, secure, and privacy-enhancing trusted solutions for digital identity, including within critical infrastructure. This group currently has more than 200 members.

Guess what. They’re looking for your input on the preliminary Cybersecurity Framework. You can go to the Federal Register to comment by Dec. 13. (Click here for more information on how to submit comments.)

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

 

11

12 2013

10 tips to protect yourself against identity theft

With identification theft becoming more common and ID thieves becoming more ingenuous, protecting yourself is more important than ever. Over at AZCentral, Robert Anglen and Russ Wiles compiled a handy list for keeping your private information private.
With identification theft becoming more common and ID thieves becoming more ingenuous, protecting yourself is more important than ever. Over at AZCentral, Robert Anglen and Russ Wiles compiled a handy list for keeping your private information private.- Routinely check credit reports. Look for unauthorized activity or accounts that you did not open.

– Safeguard hard copies of sensitive documents (including those from family members). Shred documents, including bills and payment stubs, before throwing them away. Drop outgoing mail in secure mailboxes only.

Set up automatic transaction alerts on bank and credit-card accounts. That way, you will learn quickly if someone is attempting to use one of your accounts.

Avoid clicking on e-mail attachments from strangers. Phishing scams use unsolicited e-mail messages aimed at encouraging recipients to respond and divulge sensitive information. The messages are becoming more targeted, often involving a reference to somebody you know or an activity you’re engaged in. Phishing scams are also used to plant computer viruses.

Use strong passwords. They should involve a mix of numbers, special characters and both upper- and lowercase letters. Protect smartphones with passwords and anti-virus or malware software.

Don’t provide personal information to telephone solicitors. Phone callers promise trips, computer service or winning prize offers to get you to divulge personal information.

Be cautious with social media. Interactions on Facebook, Twitter and other sites can be used to target you.Seemingly innocent information that consumers or employees post on these websites can provide insights that criminals can then exploit.

Verify information anytime someone asks you to pay them using a wire transfer. Thieves use wire transfers in scams far more often than credit cards.

Protect your computers and laptops. Don’t leave laptops with sensitive customer records unattended. Don’t click on suspicious computer attachments.

Check your children’s credit. ID thefts involving the personal information of children often go undetected for years. Victims might not discover a problem until they are old enough to apply for a car or student loan.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your dataPC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

08

12 2013

Data Security News: Is Your Personal Online Information Safe?

Data thieves are becoming smarter and harder to track every year. Recently, a school district in Arizona reported a major security breach in which 2.4 million people were affected. If that wasn’t bad enough, it took the Maricopa County Community College District seven months to notify those individuals.

According to a report from AZCentral.com, those impacted were current and former students as well as employees and vendors. Here are a few snippets from the article:

The district’s governing board has already approved several million dollars for repairs, which are still being made, and on Tuesday agreed to spend up to $7 million more to notify everyone who is potentially affected, spokesman Tom Gariepy said Wednesday.

Letters will be sent to current and former students, employees and vendors of the district’s 10 colleges going back at least several years to alert them that their information could have been seen, Gariepy said.

Among the vulnerable data were employees’ Social Security numbers, driver’s-license numbers and bank-account information, he said.

Students’ academic information also may have been exposed, but not their personal information.

There is no evidence that any information actually was looked at or stolen, Gariepy said.

According to the article, the district was notified by the FBI when they discovered a website that was advertising personal data from the districts database for sale.  Measures were taken immediately to stop the spread of the information (the site was shut down), but their reasoning for it taking so long to report was that the district wanted to investigate the extent of the exposure.

In the meantime the Maricopa Community Colleges Faculty Association released a statement saying they will do what is necessary to adequately protect students and MCCCD employees, now and in the future. Last week, a $7 million notification process was approved by the district governing board Tuesday night.

The money will go to an outside consultant, who will send the notification letters to everyone whose information was exposed. It just goes to show how severe a breach can be in relation to data exposure and cost of cleanup and repair.  Ongoing risk assessments and audits would have caught the obvious weak points in their network and could have avoided all of this.  Also, being properly insured for this type of disaster would have helped to offset the $7 million+ it will cost to rectify this situation.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your dataPC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

08

12 2013