Tech News for June 6

Can Vendor Scorecards Cut Down on IT Project Failures?

When NASCIO surveyed its members about IT procurement in 2015, almost 50 percent had negative opinions about the process and 70 percent of vendor partners were moderately to very dissatisfied with state IT procurement processes. This February NASCIO proposed several actions states could take to improve procurements, including removing unlimited liability clauses in terms and conditions and introducing more flexible terms and conditions. One idea absent from the list is an approach being piloted in California: creating vendor performance scorecards on IT projects for use in future procurements. In June 2014, the California Department of Technology (CDT) began work on a Contractor Performance Evaluation Scorecard. A workgroup made up of staff from the State Technology Procurement Division within the Technology Department, the Department of General Services, other state departments and volunteer members of the vendor community met several times to provide input and work out the details. Pilot projects are expected to begin this year.

[] 6/3

California Lawmakers Pass Series of Cybersecurity Bills

Lawmakers this week took steps intended to safeguard California’s IT systems from hackers, providing key votes to bills that call for a statewide cybersecurity plan, clear reporting of cybersecurity spending and criminal penalties for those who install ransomware. Tired of waiting for the Brown administration to complete a statewide cybersecurity plan, the Assembly on Tuesday voted 79-0 for legislation that would require a statewide response plan for cybersecurity threats on critical infrastructure by July 1, 2017. “Ensuring that these preparations are made for cybersecurity will make our state networks more resilient, improve response coordination, reduce recovery time and costs and ultimately limit the damage that is done,” bill author Assemblymember Jacqui Irwin, D-Thousand Oaks, said on the Assembly floor.

[] 6/3

FireEye Caught Sneaky Malware Targeting Siemens Industrial Systems

Here’s a worrisome observation: Hackers are learning to design malicious software that goes after critical infrastructure and evades capture. Computer security researchers at the cybersecurity firm FireEye FEYE 0.71% said on Thursday that they discovered malware that targets industrial control systems, machines that undergird the operations of utilities and manufacturing plants. The malware, dubbed “irongate,” affects simulated Siemens siemens-ag computing environments, the team said. FireEye’s researchers stumbled upon the code on the site VirusTotal, a Google-owned GOOG -0.67% search engine that checks malware samples against antivirus scans, in late 2015. Two unidentified sources uploaded two separate versions of the malware a year earlier; neither of the samples triggered an alarm at the time, the team said.

[] 6/3

The First 48 Hours: How to Respond to a Data Breach

Given the period of chaos that follows immediately after a breach, and the long-term ramifications, responding to an event without a plan is like treating an amputated limb with plasters – messy and ineffective. The first few hours after a breach are critical in asserting control of the situation and, as such, businesses must have a comprehensive incident response plan in place that enables them to react immediately should the worst happen. Target has become the high profile case study of how not to handle a data breach. The retailer experienced a massive breach in 2013 which resulted in up to 40 million customer payment cards being compromised. The world learned about the breach from Brian Krebs, who broke the news on his blog after discovering stolen card details for sale on the dark web. In the days following, Target failed to communicate with banks about which payment cards were stolen, while customers were unable to reach the company due to a jammed customer service line. Consequently, Target’s share price fluctuated, both the CIO and CEO resigned, and the company estimates it has spent almost £200 million in relation to the breach.

[] 6/3

HSAC wants DHS cross-sector cybersecurity plan

The Homeland Security Department and Homeland Security Advisory Council are exchanging summer homework, respectively asking for recommendations for the presidential transition and a plan for coordinating cross-sector cybersecurity responses. During the council’s June 2 meeting, DHS Secretary Jeh Johnson urged members to come up with suggestions for the agency’s transition plan by the council’s October meeting. “Transition planning is well under way, but I would like to know in preparation for that [meeting], what this committee believes are some of the agenda items that are ongoing that the next administration should focus on in homeland security,” Johnson said. “Some of the things we’ve begun, some of the things we’ve been unable to complete, or some of the things that we — perhaps in all candor — should focus on where we haven’t. It’ll be a time of transition, it will be on everybody’s mind.”

[] 6/3

IBM and Cisco Team on Internet of Things, Watson Tech

Cisco routers are about to get a big upgrade, thanks to an agreement with IBM to add its Watson Internet of Things (IoT) business analytics technology to the hardware. The global partnership will allow organizations in remote locations to access IBM’s artificial intelligence (AI) technology without having to upload heavy data sets to the cloud, the companies said.
“The way we experience and interact with the physical world is being transformed by the power of cloud computing and the Internet of Things,” said Harriet Green, general manager for IBM Watson IoT, Commerce & Education, in a statement. “For an oil rig in a remote location or a factory where critical decisions have to be taken immediately, uploading all data to the cloud is not always the best option.”

[] 6/2

California Senate Website Hit with Ransomware

A day after the state Senate approved legislation outlawing ransomware, the bill author’s website was hit. In a tweet Thursday, Sen. Bob Hertzberg, D-Van Nuys, showed a screen shot of his hijacked Senate website. “All of our shared drive files have been encrypted with software typically used in ransomware attacks,” Hertzberg spokesman Andrew LaMar wrote in an email to TechWire. “So we cannot access our shared files.”  The attack occurred between Wednesday evening and Thursday morning, he added. Computer technicians are currently working to resolve the problem. Lawmakers on Tuesday unanimously approved legislation by Hertzberg that would make it a crime for anyone to knowingly put ransomware on a computer’s system, network or data. The bill comes after a number of retailers and hospitals have fallen victim to software attacks demanding compensation to unlock their computer, device or data.

[] 6/3

San Francisco moves ahead with plan to equip all police with body cameras

San Francisco is moving ahead with a plan to equip its police officers with body cameras, after Mayor Ed Lee struck a deal with the city’s police union on a policy to govern the technology. Lee announced the agreement with the San Francisco Police Officers Association on Tuesday, and the city’s Police Commission — the board of political appointees who set policy for the city’s police department — approved the body camera policy Wednesday. Now, Lee is pushing for the city’s Board of Supervisors to pass his new biennial budget, which includes $6.2 million to fund the purchase of 1,800 body cameras and the rest of the program’s rollout.

[] 6/3

Peace Officer Standards and Training Commission Cancels $5.4M Exam System

The California Commission on Peace Officer Standards and Training (POST) has canceled development of a new exam system and instead will make enhancements to an existing legacy system. Conceived in 2011, the new $5.4 million testing system was going to procure a commercial off-the-shelf product, enabling the commission to correct “serious security deficiencies” in its current system, according to a Department of Technology summary. But the project was canceled in February as the system moved forward through the approval process. POST determined a better approach would be to make enhancements and cybersecurity improvements to its existing system, called the Testing Management and Assessment System (TMAS).

[] 6/6

State Needs Mainframe Management and Programming Instructors

The California Department of Technology is soliciting quotes from the vendor community to provide instructor-led training courses in mainframe training curriculum for state staff. The classes — with lectures and live demonstration in the lab — will be taught onsite at the department’s Training and Education Center in Rancho Cordova. The term of the contract will be for two or three years. Class topics include basic COBOL programming, introduction to JCL, ADABAS fundamentals, beginning DB2, Z/OS, and more.

[] 6/6

UC Berkeley Center Preps for the Future of Cybersecurity

Steven Weber wants you to envision a future in which Facebook, Twitter, even Google have just gone bankrupt — a future in which a tech failure makes the financial collapse of the last decade seem small. Think: “A memo goes from Mark Zuckerberg to the president of the United States, that mimics a memo that went from GM to the president,” said Weber, a professor at UC Berkeley’s School of Information, at a recent event in Washington. It says: “My company is responsible for 2 million jobs. My company is in financial distress. The only way I can keep those things going is to sell those data assets.” That data, in Facebook’s case, would include users’ names, birthdays, social connections — even the shapes of their faces, collected every time friends tag one another in photos.

[] 6/6

Professionals Unite to Promote Redding on Civic Hacking Day

More than 60 people came together at Shasta Venture Hub on Saturday afternoon for the National Day of Civic Hacking, and spent the day brainstorming ideas on how to put Redding on the map and increase community tools for its citizens. Those who attended the event, called #Hackforchange, were divided into three teams according to their skills and spent time either building a mobile application for the city of Redding, increasing the city’s social media presence, or going on travel review sites to insert more Shasta County locations that weren’t listed or reviewed. Megan Conn, development manager with Turtle Bay Exploration Park, worked with a team of five people to insert reviews on some North State locations and activities on internet sites such as TripAdvisor and LonelyPlanet.

[] 6/6

Bills Move Forward Authorizing New IT Systems in State Government

Several bills that would expand or create technology systems in California state government cleared their house of origin this week in the state Legislature. They still must win approval from either the Assembly or Senate before moving to the governor’s desk.

[] 6/3

Big Government Cozies Up to Silicon Valley

High costs, mountains of paperwork and long wait times often make working with the government a nightmare for entrepreneurs, but some agencies are trying to change that by promising startups faster and easier access to federal capital. The goal is to give the government better and cheaper access to cutting-edge innovation beyond Capitol Hill, but industry experts warn that the red tape that has traditionally hindered federal deals won’t disappear overnight. “In order to remain the … best Air Force on the planet, we have to be constantly innovating, and particularly when it comes to high-technology solutions, we’ve got to speed it up,” Secretary of the Air Force Deborah Lee James said in April during her second visit to Silicon Valley in four months. “And we’ve got to make ourselves accessible to more companies who can help meet our needs.”

[] 6/3


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s