July 28, 2012 By Dan Lohrmann
I have some time sensitive information for network and security administrators around the country:
Don’t be lulled to sleep by the lack of network traffic at work from the Olympic Games opening ceremony.
The remarkable opening ceremony for the 2012 Summer Olympics in London was broadcast on NBC last night using the decades old approach – tape delayed at 7:30 PM on one traditional television channel. There was an NBC blackout of the live opening ceremonies in the USA on both TV and the Internet. (Critics were hitting hard at NBC for their decision to blackout live coverage of the opening and closing ceremonies, but let’s move on.)
The 2012 Summer Olympic Games are here, and the five to eight hour time difference between the mainland USA and the UK may be just the right combination (perfect storm) to bust your work network(s). According to numerous sources, NBC will be airing over 3500 hours of live Olympic coverage. There will also be plenty of next-day highlight videos to watch as well. This means that all those badminton-lovers out there will be able to get their fill of the sport via the Internet.
Seriously, this issue is a real threat to the survival of some company and government networks over the next few weeks. This opportunity comes, at most, every four years. The 12-15 hour time difference between the USA and China makes comparisons to the 2008 Beijing Summer Olympics almost meaningless.
We know from the past that the live streaming of sports can be a network killer. Businesses around the USA discover this fact during March Madness (basketball) games if the local team is playing on a Thursday or Friday afternoon. I have spoken with some companies that even shut down work during such popular sporting events, and others use the opportunity for a team-build event watching the game. However, that “if you can’t beat them join them” strategy won’t work for two weeks of Olympic sports.
For the sports enthusiast, the opportunities to watch Olympic competitions seem almost endless. New issues this time around include the mobile device problem along with company BYOD policies. So even if you filter sports or limit live streaming into company networks, could employees be running up bills on company-owned smartphones or iPads? Computerworld ran a story on this topic entitled: IT’s Olympic Challenge: Live Streaming Employees. Here’s an excerpt:
“Employers say, minimally, they'll be monitoring networks and will be prepared to cut off streaming access if they must. Some IT managers are reminding staff about network corporate policies.
Another problem is the potential for out-of-control mobile costs. Many employers support far more streaming-capable devices today than they did for the 2008 Olympics in Beijing…
Daniel Rudich, the senior vice president in charge of real time expense management at Tangoe, said the Olympics could have a 5% to 10% impact on their overall mobile budgets if users aren't prepared for it….
Brandon Jackson, the CIO of Gaston County, N.C., said the county's current default ‘is to block streaming media sites for most of our 1,200 users.’ However, he said exceptions are made for those workers who have "a documented business case" for accessing streaming media….”
Here are seven questions to ask executives and/or things to keep in mind:
1) What is your policy regarding personal use of computers, sports and filtering? Can you enforce the policy? What controls are in place?
2) Is watching live sports (or other personal entertainment) videos or streaming media allowed? (For companies that say they just trust their employees to get work done, some extra reminders and oversight may be required in the next few weeks.)
3) Can you limit bandwidth for video or live streaming, if necessary? Are the tools in place to adequately monitor network performance? (Again, special attention may be needed right now.)
4) What is the policy for “inappropriate use” of personally-owned devices? Even if the company network may not be impacted, worker productivity can still be a problem.
5) Watch out for Olympic-related malware and spam links. Warn users as necessary. Remember that global or national headlines provide opportunities for the bad guys as well, since users will be intrigued.
6) Turn lemons into lemonade - Take this opportunity to train staff and reinforce policies. When everyone is watching, it is often easier to get their attention in meaningful ways.
7) Beyond the London Olympics, think longer term and develop “what if?” scenarios for a variety of sports and/or other entertainment events. Test your controls.
One final thought. If a “not so stellar” employee suddenly starts coming into work early over the next few weeks to “get caught up.” You may want to check the network traffic – and the Olympic beach volleyball schedule.
July 22, 2012 By Dan Lohrmann
The countdown clock began long ago. We’re now under a week to go until the 2012 Summer Olympic Games begin in the United Kingdom (UK). But sadly for security pros preparing for this massive undertaking, the unflattering headlines pretty much summed up ongoing security problems. Here are a few samples:
Wall Street Journal: An Olympic Security Mess
“Last week, global security contractor G4S, which had contracted to provide 10,400 temporary security staff, announced that it could not meet its target. It now hopes it can provide some 7,000, but remains thousands short of even that.
G4S's failure has forced the British government to call in the Army and police from around the country to make up the difference. It has also led, predictably, to a round of condemnation not only for the private firm responsible, but for private contracting by public bodies.”
CBC News (Canada): Olympics security chief admits firm humiliated Britain
“The chief executive of the G4S security group acknowledged today in London that his company's failure to live up to its Olympic obligations has turned into a country-wide humiliation.
Quizzed by a panel of angry British lawmakers Tuesday over his company's failure to recruit enough people to guard the Games, Nick Buckles gave a grovelling mea culpa.
‘It's a humiliating shambles for the country, isn't it?’ asked Labour lawmaker David Winnick.
‘I cannot disagree with you,’ Buckles said.”
CBS News (US): Olympic security shortfall called “absolute chaos”
“G4S, one of the world's largest private security firms, says it has recruited more than 20,000 staff for the games. But its failure to have them all trained and deployed, two weeks before the July 27-Aug. 12 Olympics begin, has left British officials scrambling to plug the gaps.
There are very few security bright spots so far. This fiasco is clearly that kind of negative press that security leaders hope to avoid when preparing for major world-wide events. This series of events is also a far-cry from the positive Olympic security attention received at the Vancouver Winter Olympics Games in 2010. In general, security pros “win” when they stay out of the news.
British security teams have quickly moved to “Plan B” with local police taking on the duties that their private sector partners could not perform, such as becoming venue guards.
Perhaps even more embarrassing, if that is possible, was the announcement last week that two G4S security guards who were recently hired were arrested on suspicions of being illegal immigrants.
“The men, who are believed to be from Pakistan, had secured jobs with the under-fire firm to work at the City of Coventry stadium, which is due to host 12 matches.
Officers swooped on the venue after their alleged bogus status is said to have been revealed in an accreditation check by G4S, which has been criticised after failing to provide enough staff for the Games.”
As might be expected, British Prime Minister David Cameron vowed to go after G4S for the extra costs to the public.
The Games Must Go On
But despite all this bad news, the excitement is building around the world as we prepare for the Friday, July 27, 2012, opening ceremony and a packed two weeks of sports competition. (Side note: more events than ever will be online. So expect a people to be watching events at work and on vacation.)
The Olympic Torch has now reached “sky-Eye” central London, and I suspect that most people are ready for the real (sports) action. It was announced that Bob Costas will pay respects to the victims of the 1972 Munich Massacre during the opening broadcast. And this historic story offers a potential path for redemption for the current security mess, I think.
The real security test comes during the next three weeks. Will any bombs go off? Will all athletes and spectators be safe? Will protests cause major disruptions? Was London, a high-profile target for terrorism, a bad choice for this globally-watched series of sporting events?
If all goes well, without a significant terrorist incident or major security headline during the games, the lasting security damage can still be minimal in my view – when compared to Munich, 1972.
What I mean is that the world is excited about the opening and closing ceremonies, our gymnasts, track and field events, swimming world records, the personal journey for athletes and so much more. If things get back on track this week, all may still be forgiven – with a few inevitable lawsuits. So while gold may be out of reach, the security teams can still go for the silver lining.
Could most of this security trouble have been avoided? No doubt. Do the authorities need to hold G4S accountable? For sure. Will there be “lessons-learned” reports on security for future Olympic cities? Absolutely.
Nevertheless, this chief security officer remains somewhat optimistic. I’m hoping that, as our friends from India are saying: It’s okay London.
July 14, 2012 By Dan Lohrmann
e-Discovery, information management and the legal aspects associated with enterprise data are hot topics for technology leaders to address with their business customers. But what information governance strategies are legally defensible? What compliance approaches work best in the long run? How can enterprises reduce risk when they save or delete data?
To answer these questions, along with several related security topics, I recently interviewed Jim McGann, who is VP of Marketing for Index Engines, a leading electronic discovery provider based in New Jersey.
Dan: Can you briefly describe your background and overall experiences dealing with e-Discovery?
Jim: In my over 20 years of specializing in information management, in which I frequently write and speak on topics that impact legal and compliance on corporate data, I have seen some paradigm changes in the way that organizations regulate and manage their data. In the last 5 years I have seen a shift in organizations to clean up the “data lake” that has been generated and to become more proactive in managing their data assets. It is important to defensibly delete data that no longer has business value and archive what is needed for legal purposes.
Within the first 15 years of my career, I worked with organizations on deploying technology aimed at generating information faster and storing large volumes. Back then, organizations could save anything and easily hide the content that could become a liability, but that won’t work these days. Lawyers and judges are more tech savvy and they won’t accept excuses about complexity and cost issues anymore.
Dan: What is Defensible Deletion and why is it important?
Jim: Defensible Deletion is a process within an overall information governance strategy that applies value-based decisions against organizations’ content. It aims to segregate the content between what is useful to the agency and what is not. This methodology guides disposal of valueless content to meet business, legal and regulatory requirements.
Dan: How does Defensible Deletion control long term risk and liabilities?
Jim: Implementing a defensible deletion strategy and methodology not only mitigates long term risks and liabilities related to enterprise data assets, but also saves time and expense in supporting ongoing litigation and discovery efforts, while reducing budget used for storing and managing content that is no longer useful. A large volume of the “unknown” data, such as files and email from employees that left the organization years ago, or aged data that is no longer managed by the user who owns it, can be easily purged with no legal or regulatory implications.
Dan: How does Defensible Deletion help with always changing regulatory and compliance policies?
Jim: Government agencies are now facing new and complex information management challenges. Not only legal issues, but also regulatory requirements such as the Federal Records Act (FRA), Federal Data Center Consolidation Initiative (FDCCI) and Freedom of Information Act (FOIA) are causing issues for every information management executive in the industry. Managing these regulations and also supporting legal requirements is complex, especially when the large bulk of data are on networks and hidden in legacy backup tape archives, which are expensive and time consuming to rummage through.
Managing data according to ever-changing regulatory and compliance polices is difficult. Enormous volumes of sensitive files and email are scattered about every organization. This data flows through massive networks and is cloistered away in proprietary repositories and archives, which makes access even more of a challenge. As a result, information management strategies are nearly impossible to design and deploy. Understanding and profiling this data is essential and will drive efficiency and management of the content.
Dan: What are the most common and high risk types of content repositories?
Jim: Breaking down the corporate content environment by repository type simplifies the plan of attack towards a defensible deletion methodology. Data repositories can be desktops, network servers, email servers and even legacy backup tapes. Managing each of these repositories presents a significant challenge, especially if you need to manage all of them at once. However, by breaking down the enterprise content environment and prioritizing by data that represents the most risk and liability to the company, the organization can create tiered classifications based on storage capacity and presumed risk. The highest risk data environments are typically email servers and legacy backup tapes. Email is the most common source of evidence produced for litigation and regulatory requests. Legacy backup tapes are a snapshot of everything, including email and files. Using this approach can make a monumental task much more manageable.
Dan: What is Data Mapping and how can governments use it for tiered storage via data classification?
Jim: Creating a data map of content will provide a greater understanding of what data exists and where it is located. A data map can provide information such as age of the data, last accessed or modified date, owner, location, email sender/receiver and even sensitive keywords. A data map will deliver the knowledge required to make “keep or delete” decisions for files and email. An actionable data map can then help you execute on these decisions and defensibly delete what is no longer required, and archive what must be kept. Data mapping can also be utilized to determine how to best store and manage data assets. For example, as a cloud on-ramping platform, a data map can help find content according to policies and migrate it to cloud storage.
Dan: What one action can CIO and CISOs take that would reduce enterprise risk in this area?
Jim: One action a CIO or CISO can take to reduce enterprise risk is to develop a plan that is achievable and measurable. The plan should have small-scale, incrementally applied projects that allow the organization to get started. The biggest risk information governance programs face is getting overwhelmed with the process and methodology. Once the organization has developed a strong understanding of what information it has and where that information is stored, it can then develop an overall information governance strategy that defines what a reasonable deletion methodology should look like.
My advice is to start small and work up to a master plan. A place to start could be with purging ex-employee data, or determining what data has not been accessed in 5 years and could be migrated to less expensive storage such as the cloud, or can eventually be purged. Getting started is the biggest challenge in a defensible deletion program, however even with a small start the organizations’ risk and expenses are positively impacted.
Dan: Thanks Jim for sharing your insights related to managing enterprise data. For more information, you can contact Jim at: email@example.com. Or, feel free to leave a question or comment below.
July 7, 2012 By Dan Lohrmann
Over the past few weeks, global news outlets have been warning users about Malware Monday and the pending Internet shutdown on July 9, 2012, for computers still infected with the DNSChanger malware. While the issue is certainly real, this blogger believes many headlines were (and still are) too alarmist.
For example, I view much of this material as “Fear, Uncertainty and Doubt” (FUD):
NY Daily News: How to avoid Monday’s Malware Meltdown? (I like the picture of a dark room full of computers with one user PC working.)
ArticleCell.com : Could Your PC be Heading to Malware Armageddon on July 9? (Armageddon, really?)
Even, our own … Government Technology: Are you safe from Internet Doomsday?
I find most of these articles to be somewhat informative, attention-grabbing and overblown in spreading fear. I worry that we are using up our (very few) cybersecurity industry silver bullets on the wrong Internet “crisis.” There are plenty of very, very serious problems online right now, but I would not put Malware Monday at (or near) the top of the list.
One could even make the argument that this malware event is even self-imposed, in that the FBI is turning off servers which they could leave running a bit longer to avoid “Monday’s Malware Meltdown.” Note: I’m writing this article on Saturday, July 7, and the courts could still order more time before the FBI turns off the servers.
Indeed, I could argue this "hold off a bit longer" point from either side, and there are polls which ask if the FBI should allow more time. Almost 90% of those taking the survey think it is time for the FBI to pull the workaround plug – and several good articles give reasons why.
All signals point to an event Monday that will impact a few thousand people who haven’t been paying attention but not the majority of us. I will be shocked if any major U.S. companies are paralyzed or out of business on Monday morning because of DNSChanger malware problems.
How Should We Prepare?
I like the tone of National Public Radio (NPR), which led with the headline: Malware Monday Just Another Day on the Internet for Most of Us.
The article begins, “Beware of Malware Monday on the Internet, but don’t be too concerned.”
In Michigan government, we have been working this problem since last year, and we have been coordinating action with the FBI and MS-ISAC – like most state and local governments. We also sent out notices to our customers and agency public information officers (PIOs) about the situation and what to do in the event of a problem on Monday. We believe that we are ready.
What Can We Learn From Malware Monday?
I'm taking a bit of a chance by writing lessons learned about an upcoming event that hasn’t even played-out yet, but I believe that I can safely mention some items. I am making a few assumptions about what will likely happen, specifically that some people will lose Internet access, but most people will be fine online.
Nevertheless, here are seven enterprise takeaways from the handling of the overall DNSChanger situation:
1) DON’T be a laggard regarding known Internet fixes - Follow industry guidelines and accepted practices in resolving malware and you won’t have to worry about these fix deadlines. (Most companies resolved this issue many months ago and are not very concerned about this Monday.)
2) Workarounds may still be around (and last) longer than you think. Ask the FBI, who wanted to turn off their “temporary fix” back in March. These types of situations come up fairly often in large enterprises, especially if we are supporting legacy systems and older technology.
3) Beware public decrees of “Internet Doomsdays.” Cut back on internal FUD, where possible. Over time, these global pronouncements sound as if we are crying wolf, if we are not careful. Indeed, many of our customers already believe that we declare a crisis multiple times a year. They are starting to yawn.
4) DON’T – Over-react to headlines and claims. Do your homework. How will this affect your enterprise? Coordinate with all relevant parties to understand roles / responsibilities.
5) DO – use well-researched facts to calmly deliver timely messages to customers when needed. Help them understand the ramifications at both home and work. What can they do to resolve the situation? How can they prepare? What are you doing? What’s next?
6) DO – Communicate in informal and formal ways. Become a trusted partner who can decipher scary headlines for users. Make lemonade out of the lemons. Use the front-page stories to get your key messages out – while everyone is hearing about these topics on the front pages of USA Today and the Washington Post and on TV.
7) DO - Test plans, run exercises, use scenario planning and more to be ready in case the “what if” worst case does happen. Or, are you truly prepared for outages, disasters and more? Talk to your teams and various options and solutions.
In conclusion, I like this quote from Zig Ziglar. “Expect the best. Prepare for the worst. Capitalize on what comes.”
UPDATE: Monday, July 9, 2012 at 7 AM (EST) - So far there have been minimal reported disruptions online related to Malware Monday and DNSChanger. We are still too early for final judgments, but so far so good regarding the Internet's overall functioning. There continue to be scary headlines and articles being displayed this morning from global news organizations and newspapers, such as Malware on Monday Update: Internet Service Providers brace for shutdown calls. Top searches continue to lead to this article from July 6, from the United Kingdom: Could the Internet Really Shut Down?
UPDATE: Monday, July 9, 2012 at 6 PM (EST) - As expected, reports of impacts on the Internet from Malware Monday have been minimal - even a bit less than I anticipated overall. ISPs are playing down any service disruptions that have been experienced by their customers. It is now clear that the doomsday scenarios were hype regarding DNSChanger. Yes, the threats successfully received global press attention, but these widespread headlines may cause future (real) Internet alarms to be ignored. I certainly stand behind the above "lessons learned" - with even more conviction now.
FINAL UPDATE: Tuesday, July 10, 2012 at 6 AM (EST) - Malware Monday officially ended a few hours ago, and the LATimes reported that the DNSChanger Malware may have affected about 47,000 Americans -who had difficulty connecting to the Internet. The news surrounding the event was mostly hype, according many news sources. Time to move on to new topics.
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.