Posts

The Role Of The CIO: What’s Really at Stake

The Chief Information Officer (CIO) has become as important as the CEO. It’s a pivotal position that often can make or break the success of a corporation. As criminal hackers have launched various campaigns against numerous organizations, the CIO has become much more than an information officer. They are the guardian of corporate secrets, instrument of progress and the pulse of all communications and connectivity.

Securitymanagement.com recently reported the global cybersecurity market is expected to reach $120.1 billion by 2017. This is nearly twice its current size of $63.7 billion, according to a report by MarketsandMarkets, a Dallas-based research and consulting firm. The increase would represent an annual compound growth rate of 11.3 percent from 2012 to 2017.

Cyberspace is becoming an ever-important part of people’s lives. It’s also powered by a gamut of devices and applications that have made it vulnerable to threats from people and groups including students, spies, hackers, propagandists, and terrorists. Cybersecurity is also becoming an important aspect of the military realm. This has helped make battles “fought in cyberspace as imperative as battles occurring on the ground.”

As a result, as reported by CIO magazine,“the IT leader will still be the nucleus of any company, working closely with business executives and strategizing about future technology directions, leading a staff of highly trained professionals and championing streamlined technical operations. The position will still require a mix of analytical foresight and management prowess over the next decade.”

Going forward the role of the CIO will be critical not only to the organization, but to the public who does business with it and the governments who rely on it.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Boosting Healthcare Security with Smart Cards

The Smart Card Alliance has put together a list of frequently asked questions about how smart cards work in a healthcare environment, and provided excellent answers. A smart card resembles a typical credit card, but is embedded with a small microprocessor chip, which makes it “smart.” That chip is a powerful minicomputer that can be programmed in different ways to boost security.

Data and applications can be securely stored and accessed on the chip, enabling secure data exchange. Smart card technology provides high levels of security and privacy protection, making it ideal for handling sensitive information such as identity and personal health information.

One of the frequently asked questions addressed by the Smart Card Alliance is how a smart card-based healthcare ID can help patients. The answer, in part, is that this technology allows medical providers to authenticate patients’ identities. “Accurate identification of each person that receives healthcare” is “the cornerstone of quality medical care and good health systems management.” This benefits patients in several ways, including:

Decreases medical errors. Optimal medical care requires that a healthcare provider have access to all relevant medical history and know what medications have been prescribed. A validated patient identity can be linked to a healthcare organization’s medical records. Using a smart card also allows the storage of patient record numbers

Reduces medical identity theft and fraud. Medical identity theft and fraud is a growing concern to healthcare consumers and providers. Using smart card technology enables the addition of security elements such as a picture, personal identification number (PIN) or biometric (e.g., a fingerprint) so that a lost or stolen healthcare ID card cannot be used or accessed by anyone else. The data kept on the card can also be encrypted so that no one can access your data without your permission.”

You can find more information on smart health cards and the benefits to using them on JustAskGemalto.com, but in short, smart card-based technology can help you, as a patient, get better quality healthcare, delivered faster and more cost-effectively. And that’s good for everybody.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How the “National Strategy For Trusted Identities in Cyberspace” Benefits Consumers

In May 2009, the President’s Cyberspace Policy Review called for the development of “a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.”

That “vision and strategy” came to fruition in the form of the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), which calls for an “Identity Ecosystem” that would be “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.”

Online anonymity has fueled fraud to the point where billions of dollars are lost every year. As people become less trusting of the Internet, many are pulling back. Methods of authentication that rely on usernames and passwords are broken and ineffective. Viruses infect personal and business PCs and allow criminals to remotely control the infected devices and access sensitive data and accounts.

We need a system that doesn’t grant access based solely on a password. Establishing trusted identities will provide enhanced security, improved privacy, and economic benefits. Ultimately, this system will enable new types of secure transactions, offer more control of personal information, and thwart cybercrime and identity theft.

President Obama explained the thinking behind the White House’s strategy:

“Giving consumers choices for solving these kinds of problems is at the heart of this new strategy. And it is one that relies not on government, but on the private sector, to design the technologies and tools that will help make our identities more secure in cyberspace and to make those tools available to consumers who want them. It asks companies to pursue these solutions in ways that will not impinge on the vitality and dynamism of the web, or force anyone to give up the anonymity they enjoy on the Internet.”

Want more information? You can also hear from Michael Garcia, Cybersecurity Strategist for the Department of Homeland Security on the NSTIC program and its many benefits.

Sounds like a good plan to me. Sign me up!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How Important is Cyberspace

Cyberspace has become as essential to the function of daily modern life as we know it, as blood is to the function of our bodies. And I don’t believe that’s an overstatement. If the Internet suddenly vanished, there would be deaths as a result.

Our dependency on the Internet has long since passed the point of turning back, and I think we’ve made a mistake in that approach. Fortunately, it’s extremely unlikely that the Internet will go down entirely.

The U.S. and most other developed countries are thoroughly electrically and digitally dependent. Critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack, we’d be back to the dark ages in an instant. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about what happens when the power goes out for a few hours. We’re stymied.

Wired op-ed by Deputy Secretary of Homeland Security Jane Holl Lute and Bruce McConnell, a Senior Counselor at the department, points out that no single individual or entity has the capacity to protect the Internet, not would we want to rely on one entity. They stress the necessity of collaboration among, private citizens, corporations, and government.

The most important part:

While America is deeply reliant on cyberspace, the health of this critical ecosystem is itself a work in progress. Indeed, tomorrow’s threats and defensive capabilities have probably not yet been invented. Government must engage: to secure government systems, assist the private sector in securing itself, enforce the law, and lay the policy foundation for future success. Where industry lags, policy change can incentivize key actions. Today’s environment does not, for example, adequately incentivize companies to write secure software. This must change.”

What this is saying is, essentially, “This ain’t no dress rehearsal.” This is the time to act, particularly for those companies that are engaged in commerce or in support of our critical infrastructures.

Robert Siciliano, personal security expert contributor to iovation, discusses the possibility of an Internet crash on Fox Boston. (Disclosures)