Securing the Critical Internet Infrastructure is an ongoing challenge for operators that require collaboration across administrative boundaries. Last September something exceptional happened in Ecuador, a small South American country. The entire local network operation community got together to be pioneers in securing its local Internet infrastructure by registering its networks in the Resource Public Key Infrastructure (RPKI) system and implementing secure origin AS validation. This project is a great example on how a global technology change can be accelerated by maximizing its value to local communities.
The global inter-domain routing infrastructure depends on the BGP protocol that was initially developed in the early 90s. Operators know that a number of techniques are needed to improve BGP security (a good reference can be found here). Although these improvements, it is still possible to impersonate the entity with the right of use of Internet resources and produce a prefix hijack as the famous attack in 2007. The IETF, vendors and Regional Internet Registries have been working inside the SIDR working group to create technologies that allow the cryptographic validation. The initial outcomes of this effort have been the RPKI and the BGP origin AS validation; two complementary technologies that work together to improve inter-domain routing security.
Read More »
Tags: BGP, BGP Security, Inter-domain, Internet edge, internet security, IXP, LACNIC, Peering, routing, RPKI, security, Service Provider, SIDR
I’ve been in Australia this week visiting customers, speaking at conferences, and meeting with peers and colleagues in the security space. With Australia poised to take the G20 leader’s chair in just over two weeks (December 1, to be specific), my visit here could not have been better timed.
On this tour, I have been appearing with Melissa Hathaway, president of Hathaway Global Strategies, LLC and former White House cyber security chief, as she launches a new study entitled “The Cyber Readiness Index 1.0.” The study looks at the top 35 countries that have embraced Information and Communications Technology (ICT) and the Internet, and then evaluates each country’s maturity and commitment to cyber security across five essential elements that include: national strategy, incident response, e-crime law enforcement, information sharing, and investment in R&D. The study calculates a Cyber Readiness Index (CRI) based on these performance factors.
Read More »
Discovering a breach where ePHI has been stolen certainly falls into the ‘not a good day at work’ category. It can be catastrophic for some, especially if the compromise occurred months ago and wasn’t detected. Or if a 3rd party discovered the breach for you, which occurs more often than we think, 47-51% from 2010 – 2012 based on the Ponemon Institutes 3rd Annual Benchmark Study on Patent Privacy and Data Security.
On our list of 9 HIPAA Network Considerations, we are onto topic #8, Breach discovery times: know your discovery tolerance.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Ignorance is not bliss
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Breach discovery times: know your discovery tolerance
- Your business associate(s)must be tracked
From the 2013 Verizon Data Breach Investigations Report, two thirds of the compromises were not discovered for months, or longer. What is your tolerance for “not knowing?” Can that discovery time tolerance be justified through reasonable due diligence, or are you back at the “ignorance is bliss” phase (blog #4), which could be interpreted as Willful Neglect in the case of a breach of PHI?
Source: Verizon 2013 Data Breach Investigations Report
Read More »
Tags: healthcare, HIPAA, PCI Compliance, security
When we think of the term “collaboration” we can often get trapped in the cycle of thinking that it only applies to IT departments and the bottom line. However, it’s important to consider how the role of the enterprise is shifting thanks to the consumerization of IT. For example, how can IT leaders satisfy new user demands while unleashing the power of a sound mobile strategy?
With today’s technology-driven global economy, enterprise mobility and collaboration tools need to be about connecting communities, not just companies. Never has there been a time when more business processes extend beyond headquarters. Organizations need to enable all types of connections: From the mobile worker to the teleworker, from other businesses to target consumers, from traditional branch offices to the cloud. This any-to-any type of collaboration is no longer keeping the enterprise at the center. Instead, the future is driven by all types of users.
It’s clear that users expect to collaborate anywhere, on any device, with any workload. They want to collaborate like they’re in the office regardless of their location. IT leaders must keep user demands top-of-mind when working to deploy a BYOD policy. This can create challenges and opportunities in five key areas:
Join the conversation on Twitter, #CiscoYourWay
Read More »
Tags: business collaboration, byod, Cisco, cloud, collaboration, enterprise mobility, mobility, security
Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.
The following is an excerpt from a recent post by Patrick Finn, Senior Vice President of Cisco’s U.S. Public Sector Organization, that focuses on the threat of data breaches impacting government organizations and provides some guidelines for how these organizations can assess and remediate these threats.
“Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can.”
For more on this topic please visit Patrick Finn’s entire post over on the Cisco Government Blog.
Tags: byod, cybersecurity, data breach, govtech, mobile security, security