WHY THE FEAR OVER UBIQUITOUS DATA ENCRYPTION IS OVERBLOWN

By: Michael Chertoff Mike McConnell & William Lynn
 
More than three years ago, as former national security officials, we penned an op-ed to raise awareness among the public, the business community and Congress of the serious threat to the nation’s well being posed by the massive theft of intellectual property, technology and business information by the Chinese government through cyberexploitation. Today, we write again to raise the level of thinking and debate about ubiquitous encryption to protect information from exploitation.
Read more

OPM BREACH LEAVES THREATS HIDDEN IN PLAIN SIGHT

Source: Fedscoop.com
 
The data breach of the Office of Personnel Management could affect more than 20 million Americans. Yet the true magnitude of this breach lies not in the number of individuals affected, but in the seemingly infinite ways it has compromised our national security.The risk of widespread identity theft or other uses of personally identifiable information for financial gain is not to be taken lightly. But, in my view, it pales in comparison to how it has jeopardized our national security workforce, both in government and the private sector, and degraded the integrity of our security clearance system. Quite simply, it is a national security risk unlike any I’ve seen in my 50 years in the intelligence community.
Read more

Complying with FBI Cloud Policy

By: Paul Rosenzweig and Michael Keating
Source: American City & Country
 

All cloud products sold to law enforcement must comply with the FBI’s Criminal Justice Information Services (CJIS) Security Policy. Unfortunately, a recent study showed that half of law enforcement officials have no knowledge or are not familiar with CJIS rules and requirements. The International Association of Chiefs of Police (IACP) conducted the study and to help has issued a report,“Guiding Principles on Cloud Computing in Law Enforcement.”

GPN reached out to Paul Rosenzweig, senior advisor to the Washington, D.C.-based Chertoff Group, who offers his views on the topic. Michael Chertoff is one of the founders of the firm and is a former secretary of the U.S. Dept. of Homeland Security.

Read more

BIG BROTHER IS WATCHING EU

 
A strange — and strangely unnoticed — trend is emerging in the evolving global response to massive 2013 leaks about US surveillance activities. While our European cousins talk privacy reform, the United States is actually moving ahead with it, albeit more slowly than many would like. As the American side of the Atlantic inches toward self-restraint, many European governments are seeking sweeping new spying powers. Europe is at risk of falling behind the US in privacy reform. 
 
Read more

THE VAST AMOUNT OF PERSONAL INFORMATION (PII) STORED IN THE CLOUD NEEDS TO BE BETTER SECURED

By: Paul Rosenzweig

Source: Government Security News 

State and local law enforcement hold vast quantities of personally identifiable information (PII) about their citizens.  Arrest records; conviction records; finger prints; mug shots - all of them are collected by police departments around the country.  And, increasingly, this information is stored in a digital form with a cloud service provider.  How secure is that cloud storage?  Jennifer Lawrence and other celebrities know that the answer is "not necessarily as secure as we might hope."  And therein lies an alphabet soup of rules and standards.  Cloud data privacy is an alphabetic minefield of confusing three letter acronyms (TLAs to those of us in the know).  State and local law enforcement who don't make the effort to get to know these acronyms and what they mean do so at their own peril - at least insofar as they collect and store data about their citizens in cloud-based storage systems.

Read more

CONVERGENCE, REEMERGENCE, OR CONVERGENCE 2.0 

By: Mark Weatherford and Brian Harrell

Source: Intelligent Utility

A little over a decade ago, the term convergence was de rigueur when talking about bringing the disciplines of physical security and IT security together to solve the challenges of stove-piped security.  Fast forward to 2015 and the challenges remain mostly the same, except the conversations are now about how to bring three disciplines-physical security, cybersecurity (formerly called IT security) and operational technology security (industrial control system/SCADA security)-together to manage the threats facing the electric utility industry.

Read more