April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
ABINGDON, MD June 15, 2017 SafeNet Assured Technologies, LLC, a U.S. based provider of government high assurance data security solutions, today announced the release of its latest high assurance certificate-based USB authenticator, sKey3250. sKey3250 is manufactured, sold, and supported in the U.S. exclusively by SafeNet Assured Technologies.
sKey3250 provides users with simplified access to sensitive networks and workstations through a single authentication device. It offers U.S. Federal agencies an alternative solution to traditional smart card authenticators. sKey3250’s USB form factor eliminates the need for smart card readers thus enabling the solution to be easily deployed on a wide variety of platforms.
With sKey3250, users can securely authenticate to multiple independent networks (i.e. domains), each requiring its own set of unique private keys, credentials, and certificates. The combination of the sKey3250 and SafeNet Assured Technologies’ High Assurance Client (SHAC) middleware enables secure separation of all keys and certificates per network so appropriate access levels and network policies are enforced.
sKey3250 delivers on-board cryptographic processing including Suite B operations. It securely stores users’ credentials, such as digitally-signed certificates, private keys, and network login credentials while also seamlessly supporting secure key generation, secure key storage, encryption/decryption, and digital signature processing (sign and verify). sKey3250 is capable of performing all private and public key cryptographic functions directly on the device, thus eliminating potential threats resulting from private key exposure.
“sKey3250 is designed to meet the highest security standards,” says Kirk Spring, President, SafeNet Assured Technologies. “It employs the same proven technology used in our Smart Card 650, currently used to access U.S. Department of Defense networks, in a USB form factor. sKey3250 enables U.S. Federal Government agencies to utilize the same high assurance authentication technology deployed in DoD networks for their own use,” says Spring.
To learn more about skey3250, visit http://www.safenetat.com/skey3250.
About SafeNet Assured Technologies, LLC.
SafeNet Assured Technologies, LLC protects the U.S. Federal Government’s most sensitive information systems. As a U.S. based company, SafeNet Assured Technologies’ mission is to provide high assurance data security products and technologies to the Federal Government. Defense, intelligence, and civilian agencies trust SafeNet Assured Technologies to provide encryption-based identity and authentication solutions, secure sensitive data and networks, and enable assured information sharing. Visit http://www.safenetAT.com for more information.
Kaazing introduces IBM MQ service for Kaazing WebSocket gateway to modernize enterprises’ IT infrastructures
SAN JOSE, CA June 13, 2017 – Kaazing, the leader in scalable, end-to-end application-to-application integration for the enterprise, today introduced Kaazing IBM MQ Service, a major enhancement to the company’s flagship solution, Kaazing WebSocket Gateway (KWG). Simplifying and streamlining integration, the new service offers full support for IBM MQ messaging middleware within KWG, and the result is the industry’s highest performance solution for connecting IBM MQ infrastructure to web and mobile clients. Through Kaazing IBM MQ Service and KWG, Kaazing is enabling Global 2000 enterprises to deliver next-generation mobile apps to millions of users by seamlessly connecting their back-end systems to web and mobile clients.
Today’s enterprises face significant challenges created by their increasingly complex IT infrastructures. Companies require highly scalable cloud solutions that can serve millions – not hundreds or thousands – of mobile users to keep up with today’s 24/7 pace of business, innovation imperatives and customer demands. Established integration approaches are too rigid, slow and cumbersome to support these goals: The infrastructure technologies necessary to serve enterprises’ next-generation mobile, web and chat-enabled products need to be reliable, agile and scalable. They must also be sufficiently secure to ensure that enterprises’ increasingly distributed networks are protected.
Enterprises such as major banks and logistics companies have tried various combinations of disparate middleware technologies to provide access to legacy data, all too often attempting to accommodate conflicting critical requirements. The result is costly, inefficient and non-integrated IT infrastructures that do not scale to support enterprises’ needs as they evolve into digital businesses delivering the real-time experiences that consumers and employees now demand.
The introduction of Kaazing IBM MQ Service provides enterprises with a secure, cost-efficient extension for their middleware implementations. Not only that, but Kaazing IBM MQ Service is the highest-performing solution in the industry. It has been designed to fit directly into existing architectures without requiring prohibitively costly, time-intensive and risky “rip and replace” operations. Kaazing IBM MQ Service provides fully integrated support for IBM MQ messaging middleware, seamlessly extending KWG with IBM MQ and its accompanying legacy data, enabling low-latency access to legacy assets from web and mobile clients. As a result, enterprises can develop and deliver scalable, high performance and innovative mobile solutions that would not have been viable using their existing IBM MQ installations.
“Forward-thinking enterprises understand that in order to remain competitive, they need to modernize their IT infrastructures to take advantage of cloud economies and mobile technologies – and sooner rather than later,” said Holger Mueller, Principal Analyst and Vice President, Constellation Research. “To achieve this goal, it’s highly recommended that enterprises utilize vendor-agnostic application integration technologies that can ‘bridge the gap’ between legacy middleware and scalable modern systems. Enterprises that take this approach will be well-positioned to simultaneously embrace digital transformation and deliver the rich mobile experiences that customers now require.”
Kaazing currently has more than 60 Global 1000 customers that are using KWG with a variety of message brokers including TIBCO, AMQP Redis, and Rabbit MQ to integrate more than 500,000 applications worldwide. By adding full native support for IBM MQ, Kaazing is uniquely positioned to provide a complete end-to-end solution to more than 90 percent of message broker requirements of Global 1000 enterprises.
Key features of Kaazing IBM MQ Service include:
- Property-Based Routing: Through the property-based routing capabilities of Kaazing IBM MQ Service, hundreds of thousands of virtual queues can all share the same physical queue in IBM MQ Queue Manager, with KWG providing a single subscription to that queue. This dramatically reduces the resources required and provides a significant performance improvement, as messages can be delivered to individual users with minimal impact on the MQ.
- Shared Topic Wildcard Subscription: This feature allows a single subscription from KWG to a wildcard topic name to serve thousands of the KWG clients subscribing to different individual topics.
- Optimized Queue Receivers Handling: Kaazing IBM MQ Service allows multiple messages to be sent to each client before they are acknowledged. This read ahead capability enables optimized handling of queue receivers using IBM MQ’s native API.
- KWG Integration & Optimization: With Kaazing IBM MQ Service, the configuration of KWG is easier than ever before. Connections from KWG to IBM MQ can be fully secured, and the addition of Kaazing Enterprise Shield enables an application to access data with no open firewall ports. Furthermore, a key differentiator of Kaazing IBM MQ Service’s support is the ability to deliver optimal performance even with a high latency connection between KWG and the Queue Manager. Finally, KWG was specifically designed to deliver optimal performance under high latency conditions, and can therefore be seamlessly run on leading cloud platforms (such as AWS and Microsoft Azure) by connecting to customers’ existing infrastructures.
“The message we’ve consistently heard from our customers across the financial services and logistics sectors – which are highly dependent on the secure exchange of real-time data to huge user bases – is that they need technologies that can help them keep up with the speed of business,” said Bob Miller, CEO, Kaazing. “Big banks, for example, realize that in order to compete with fintech startups that aren’t encumbered by both bricks-and-mortar branches and sprawling legacy IT infrastructures, they need secure, real-time mobile solutions that can reach their customers anywhere and at any time. With the wide range of integration capabilities of the new Kaazing IBM MQ Service, we are enabling enterprises to deliver those solutions by fully leveraging all of their legacy data without making any changes to their backend systems. Furthermore, with Kaazing IBM MQ Service we are addressing the vast majority of the ESB and MQ market that has a critical need for a modernized solution that can leverage mobile and cloud technologies.”
Kaazing IBM MQ Service is available now, and to learn more, please contact us: https://kaazing.com/contact/
To learn more about Kaazing’s product portfolio, including the new Montage Studio app authoring platform added through Kaazing’s acquisition of Montage Studio announced today, please visit: https://kaazing.com/products/
Kaazing is the leader in scalable, end-to-end application-to-application integration for the enterprise. With Kaazing’s enterprise-grade solutions, including an integrated application development environment, customers can securely and cost-effectively respond to digital consumers’ demand for personalized services and support via real-time web and mobile apps. Furthermore, with Kaazing, customers can dramatically reduce the IT costs and time associated with merging and securing systems, and can move their services from on-premise to cloud to containers without requiring changes to their applications. Kaazing customers include one of the world’s largest energy-producing and trading companies, three of the world’s top ten banks, one of America’s top three professional sports franchises, one of Europe’s most sophisticated rail transportation networks and one of the top three transportation companies in the United States.
ERPScan Announces Threat Map to Simplify Protection of SAP Systems at the Gartner Security & Risk Management Summit
SAP Cybersecurity was an important topic for years but now it deserves increased attention. An SAP system introduces more risks than businesses assume. In the era of growing number of connected devices, which provide access to the system from anywhere, network and organizational boundaries are blurring. So an SAP software is changing. From a legacy system available only inside the company and known by financial&HR departments, it has transformed into a global IT platform with Cloud&Mobile features and 300k+ customers interconnected into a global chain. Another reason is that attackers have shifted their focus; instead of hacking endpoints, they target business applications - since 2012, cyberattacks on SAP occur annually.
Besides, according to the ERP Cybersecurity Survey 2017, 89% of security professionals anticipate that the number of attacks on SAP systems will increase. The average damage of an SAP breach is estimated at $5 million.
Only the cutting-edge technologies can protect SAP systems from the sophisticated threats. ERPScan is happy to announce the latest enhancements to its flagship product, ERPScan Security Monitoring Suite, that are focused on improving visibility&risk prioritization based on overall impact.
A new patent-pending technology dubbed Threat Map is aimed to optimize protection of SAP applications by providing a scheme of all interconnected SAP systems within an organization and their security issues. Threat Map automatically identifies potential attack vectors and, unlike traditional tools which can provide only network topology, creates an interactive map of attacks on the application layer.
ERPScan's advanced algorithm calculates all possible attack paths (via unpatched vulnerabilities, misconfigurations, default passwords) and presents them as a map.
A common SAP installation is a dozen of Systems with hundreds of connections. The tool can predict a typical attack scenario when hackers break into a non-productive system, decrypt a password and use it in another system responsible for the core business.
A customer will also receive a list of systems sorted by the remediation priority status – a unique metric combining criticality of SAP System, criticality of all connected systems, the number and weight of all the system's connections and the number and severity of vulnerabilities in the selected system. The listed features help find the weakest link to be patched first.
We welcome all attendees to visit our booth 1032, have a look at the updates and receive a free copy of SAP Cybersecurity Framework based on Gartner's PPDR Framework, which can help align SAP Cybersecurity into overall Cybersecurity initiative.
About the Gartner Security&Risk Management Summit
The premier gathering of security, risk management, and business continuity management leaders, the Gartner Security & Risk Management Summit delivers the insight organizations need to secure a digital business future. The comprehensive agenda addresses the latest threats, flexible new security architectures, governance strategies, the chief information security officer role, and more. The summit offers a unique opportunity to reinvent security and risk for the digital age, based on Gartner's trusted independent research and practical recommendations.
Earning a spot at the top, Northrop Grumman was named among the best places to work for Cyber Ninjas, according to a recent report issued by the SANS Institute, a global leader in information security training.
“Cyber Ninjas” are defined as those cybersecurity experts whose day-to-day tasks require higher-level technical skills. The report features interviews with employees from the top-rated government system integrators who discussed what they deemed most critical for recruiting and retention.
“Our goal is to show there are a bunch of companies doing it really well,” said Alan Paller, director of research, SANS Institute. “That should maximize the pressure on others to try to be more like the leaders and thereby improve productivity across the cybersecurity field.”
Told through the eyes of the employees, the interviews show the "how and why" of effective recruiting and retention. “The most important thing to me is being able to do challenging and engaging work,” said Jack Baker, Northrop Grumman cyber professional working on the company’s cyber threat assessment and awareness team. “The mission is a bonus - doing challenging projects for the right purpose is really great.”
“Look at their leadership - you want to see diversity, technical experience and leaders who engage with their employees for constant feedback,” said Lauren Mazzoli, a Northrop Grumman cyber systems engineer, responding to a question about assessing potential employers. “You want to know the organization is made up of people who are willing and able to help you, support you and get you where you want to go.”
In 2016, the Center for Strategic and International Studies (CSIS) report, Recruiting and Retaining Cyber Ninjas, published results of an in-depth survey of 284 cybersecurity professionals that identified key factors that characterize employers of choice for cyber ninjas. This follow-up report by SANS provides an initial answer to the question many potential employees ask: which employers provide the best environment to get the most out of top-performing cybersecurity professionals.
The report ranked employers on their success in recruiting and retaining a critical mass of cyber ninjas, names leaders in that ranking among federal IT contractors and adds substance to the CSIS findings by initially naming two of the best places to work and publishing interviews with ninjas who work for those leading employers.
Northrop Grumman’s Jack Baker and Lauren Mazzoli represent two of the four candidates highlighted in this first set of interviews.
Northrop Grumman is a leading provider of full-spectrum cyber solutions to the United States government and to allied nations around the world. The company builds cyber into every system, platform, and product that it produces in order to enhance mission assurance and resiliency, while investing both in innovative technology and cyber talent of the future. For information about careers in cyber, go to http://www.northropgrumman.com/careers .
To hear more from our professionals about employment with Northrop Grumman, click here: https://www.themuse.com/companies/northropgrumman/people/lauren.
The Industrial Internet Consortium and Plattform Industrie 4.0 Host IIoT World Tour Event on June 19, 2017 in Turin, Italy
Industrial Internet of Things (IIoT) technologies and processes are expected to generate remarkable business outcomes that will impact the global economy across all industry sectors. To foster worldwide collaboration, the Industrial Internet Consortium (IIC) and Plattform Industrie 4.0 are presenting a World Tour series to accelerate the digitalization of industrial production.
The two organizations have partnered with Italian-based, multinational company, Comau S.p.A., to co-host an event on June 19, 2017 in the Congress Centre Industrial Union, Turin, Italy. The event is designed to highlight the collaboration with Italian initiative Piano Industria 4.0, which is investing significant public resources in the technological and digital transformation of production with more than 13 billion euros of public commitment through automatic tax incentives for companies investing in Industrie 4.0 solutions and increasing R&D expenses.
“The IIoT World Tour leverages the cross-industry knowledge of the Industrial Internet Consortium and the manufacturing expertise of Plattform Industrie 4.0 to help advance the digitalization of industrial systems,” said Dr. Richard Mark Soley, Ph.D., Executive Director, Industrial Internet Consortium. “We have a full agenda of expert speakers followed by anecdotal data on IIoT applications proven through testbeds, test labs and competency centers to help drive IIoT innovation."
Stefano Firpo, Director General for Industrial policy, competitiveness and small and medium enterprises at the Ministry of Economic Development, said, "The combination of super and hyper amortization schemes, tax credit on R&D and a special regime on income coming from the exploitation of patents and intangible assets puts the Italian tax system among the most favorable in the world to support investment in innovation and digitalization."
“We are delighted to have the opportunity to work together with Italian companies to further promote international cooperation in the area of Industrie 4.0. The exchange across national and company borders is essential to set common standards and develop security concepts,” said Henning Banthien, Secretary General, Plattform Industrie 4.0.
The event will feature executive speakers, including, among others:
Comau S.p.A., Bosch Software Innovations, and SAP SE, who will highlight the benefits of global collaboration on IIoT technologies and processes.
GE Digital, who will talk about the era of Cyber Physical Systems, detailing the advanced technologies and new alliances and business models they require.
Siemens, who will provide the keynote on behalf of Plattform Industrie 4.0
The Italian Ministry of Economic Development, who will provide a keynote on behalf of Piano Industria 4.0.
Qualical, who will offer a case study on IIoT in the lime industry.
Leveraging its 40 plus years of experience in the production of advanced automation systems and products for the industry, Comau has been engaged in giving a concrete form to a “new era of automation” characterized by a safe synergistic collaboration between man and robot. Mauro Fenzi, CEO of Comau, a member of FCA Group, said, “In Comau’s vision, Industrial Internet of Things is characterized by the direct collaboration between man and machine, a concept we define as ‘human manufacturing.’ For the first time, industrial robots are no longer confined within the barriers that enclose their area of use and work alongside operators inside the production line.”
In the morning, an executive panel will give their views on the direction for IIoT, which will include speakers from Comau S.p.A., ABB Italy, SAP SE and ST Microelectronics. A panel of speakers – Politecnico di Torino, Bosch Software Innovations, Siemens AG, and SAP SE - will discuss accelerating IIoT through testbeds, test labs and competence centers in the afternoon. This will be followed by briefing sessions with top-level experts from industry on security, testbeds, standardization, interoperability, and architecture.
To register for the event, click here.
About the Plattform Industrie 4.0
Plattform Industrie 4.0 is the central network to advance digital transformation towards Industry 4.0 in Germany. In close cooperation with politics, industry, science, associations and trade unions, it develops and coordinates information and networking services in order to make
Industrie 4.0 solutions better known among companies and to deploy them on site. As one of the largest international and national networks, it supports German companies – particularly medium-sized companies – in implementing Industrie 4.0. It provides companies with decisive impulses through examples of company practices from across Germany as well as concrete recommendations for action and test environments. www.plattform-i40.de
About the Industrial Internet Consortium
The Industrial Internet Consortium is the world’s leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT). The IIC delivers a trustworthy IIoT in which the world’s systems and devices are securely connected and controlled to deliver transformational outcomes. The Industrial Internet Consortium is a community of the Object Management Group (OMG). For more information, visit www.iiconsortium.org.
By Katherine Teitler-When it comes to securing an organization’s network, there is no shortage of basic blocking and tackling to be done. Companies’ IT infrastructures have become so complex and interconnected that many security departments aren’t entirely aware of all the systems and people that might have network access, much less maintain the ability to monitor and act upon every alert or anomaly. As a result, and as we’ve learned through the many highly publicized breaches and security incidents, cybercriminals need not be terribly wily or sophisticated to successfully hack into targets’ networks and steal, modify, corrupt, or otherwise abscond with the information they’re after; the typical enterprise offers plenty of low-hanging fruit for free.
Organizations don’t have to work extra hard at rolling out the proverbial red carpet for attackers. Thousands of vulnerabilities are disclosed every year, and the average time to patch is somewhere between 100-120 days. Though securing everything which needs securing—hardware, software, applications, data, people—is by no means a light lift, the security team’s ability to focus on eliminating low-hanging fruit will raise the “cost” of an attack for cybercriminals. In many cases, this means your adversary will turn his attention elsewhere. If your company is a high-value, singled-out target, erecting better barriers means the attacker has to elevate his game, and you’ll have a better chance of identifying an attack earlier in the cycle…so long as you don’t “set and forget.”
I was working part time in a five-and-dime
First things first. To understand what your low-hanging fruit is, you must identify everything you have: hardware, software, devices, applications, partners/partner networks, authorized individuals and connections, data, etc., basically everything mentioned above as a challenge. Once you have a grasp on all of the assets that require security’s attention, the next step is prioritization. Which data and systems contain the most valuable assets—the “crown jewels,” if you will—that would devastate the company if compromised? With this information in hand, you can now go about building a strategy to eliminate some of the most commonly exploited vulnerabilities.
At the heart of it, says Information Security Analyst Tim Krabec, keeping the bad guys away from your low-hanging network fruit boils down to the three most foundational goals of information security: Confidentiality, integrity, availability. With everything on the security team’s plate, even with all assets accounted for, the enormity of the situation can become overwhelming if it’s scrutinized piecemeal. Fitting action items into these three big categories provides a roadmap for the security program, simplification, and a way to make sure each action has a purpose, i.e., you’re not misstepping and distracting attention away from the desired end state. For instance, Krabec says, “Least privilege, zero trust models, and encryption give us confidentiality; patching and monitoring help ensure integrity; and backups provide availability in case of a disaster or incident.”
Least privilege is, of course, one of the basic principles the security industry talks about a lot, yet system administrators continue to get away with not only unrestricted network and file access, but also compounding the problem by using default and replicated passwords. “This is so easy to fix,[i]” exclaims Paul Asadoorian, CEO of Security Weekly and Offensive Countermeasures. And if you consider that, according to the Verizon Data Breach Investigations Report (DBIR), “81% of hacking-related breaches leveraged either stolen and/or weak passwords,” keeping access and authentication in check should be one of every security organization’s top priorities.
My boss was Mr. McGee
Getting back to those pesky vulnerabilities, Asadoorian advises organizations to revisit patching programs. As we saw with WannaCry, patching can cure many ills, but “just patch” isn’t always the answer. Organizations can run up against production and availability issues if patching isn’t rolled out or tested correctly. Therefore, it’s best practice to understand your organization’s current architecture, highest risks, and backup and redundancy capabilities, along with a realistic understanding of the criticality of the patch and the potential ramifications should you choose not to patch when one becomes available.
Patching, though, isn’t the only way to mitigate vulnerabilities and pick off low-hanging fruit. A February 2017 study by the Australian government indicates that 85% of known vulnerabilities can be stopped by deploying the Top 5 CIS Controls. Not so coincidentally, the first two recommended critical controls tackle assets:
Inventory of authorized and unauthorized devices
Inventory of authorized and unauthorized software
The next two address technology implementations and maintenance:
Secure configurations for hardware and software
Continuous vulnerability assessment and remediation
The last control goes back, once again, to locking down the admin environment:
Controlled use of administrative privileges
It’s funny how everything circles around, isn’t it? Or perhaps it’s ironic? Or unsettling, because we keep returning to the same remedies…?
He told me several times that he didn’t like my kind
Milestone Systems, the globally leading open platform company in networked video management software (VMS), has released XProtect Essential+ as a free entry product to the company’s portfolio.
“XProtect Essential+ is a game changer for our open platform community. Essential+ allows anyone to start right. Any user can now benefit from the power of add-on solutions from our partners,” says Bjørn Skou Eilertsen, Chief Technical Officer, Milestone Systems.
“Developers can use our rich programming environment now to create tomorrow’s add-on solutions to XProtect. They can install Essential+ and get our Software Development Kit for free. Add cameras and you are good to go. It’s that simple to start developing solutions for this rapidly growing business segment.”
Developers benefit from true open platform
By including the Milestone open platform programming environment in the free Essential+, Milestone is handing over the keys to future innovation to developers. The software and SDK can be downloaded at no cost from the Milestone website. Documentation, eLearning courses and an online developer forum are just some of the resources to which open platform software developers gain free access.
XProtect VMS products are built on Microsoft and other industry standards, so any Microsoft-certified developer can start developing value-adding business video solutions right away.
Milestone also offers marketing support for developers, as solutions can be entered in the online Milestone Solution Finder that showcases the integrations to a global audience. The Milestone alliance partner team also offers certification of solutions with testing and documentation.
Users gain from top-end features
Making XProtect Essential+ a free offering gives thousands of new users the chance to take advantage of Milestone’s award-winning software for use in businesses, organizations and at home. XProtect Essential+ is designed to provide a professional-grade security experience as a stand-alone video business solution. Users have access to their system from anywhere via three easy-to-use clients.
Highlights of the free XProtect Essential+ 2017 R2:
Supports up to 8 cameras from more than 6,000 supported devices. This enables the user to freely pick and mix the perfect camera models and brands for their needs.
All Milestone clients are supported with full functionality: XProtect Smart Client, XProtect Web Client and Milestone Mobile.
The software supports hardware acceleration: processor-intensive video decoding can be offloaded to the graphics card. This can save up to 80% in processing power.
The full Milestone programming environment (MIP SDK and advanced rules engine) are supported. This includes metadata handling for advanced analytics.
Upon installation, the users of the free XProtect Essential+ will gain access to the Milestone online support community dedicated to XProtect Essential+ at no cost.
XProtect Essential+ can easily be upgraded to XProtect Express+ or other advanced XProtect products if the need arises for extra functionality for interconnecting systems, encrypting video recordings or simply more advanced features.
If 2016 was the year hacking went mainstream, 2017 will be the year hackers innovate, said Adam Meyer, chief security strategist at SurfWatch Labs. Meyer analyzes large and diverse piles of data to help companies identify emerging cyber-threat trends. "2017 will be the year of increasingly creative [hacks]," he said. In the past, cybersecurity was considered the realm of IT departments, Meyer explained, but no longer. As smart companies systematically integrate security into their systems, the culture hackers too will evolve.
"Cybercriminals follow the money trail," Meyer said, and smart companies should adopt proactive policies. Ransomware attacks grew quickly, he said, because the attacks are "cheap to operate, and many organizations are not yet applying the proper analysis and decision-making to appropriately defend against this threat."
SEE: How risk analytics can help your organization plug security holes (Tech Pro Research)
It's equally cheap to identify internal vulnerability to hacks and to apply preventative best practices, Meyer said. But for many companies it's not as easy to understand the cybersecurity threats most likely to impact business. To help, TechRepublic spoke with a number of prominent security experts about their predictions for near-future cybersecurity trends likely to impact enterprise and small business in 2017.
Cyber-offense and cyber-defense capacities will increase - Mark Testoni, CEO at SAP's national security arm, NS2
We will see an increased rate of sharing of cyber capabilities between the commercial and government spaces. Commercial threat intelligence capabilities will be adopted more broadly by organizations and corporations... High performance computing (HPC), in conjunction with adaptive machine learning (ML) capabilities, will be an essential part of network flow processing because forensic analysis can't stop an impending attack. HPC + adaptive ML capabilities will be required to implement real-time network event forecasting based on prior network behavior and current network operations... [Companies will] use HPC and adaptive ML to implement real-time behavior and pattern analysis to evaluate all network activity based on individual user roles and responsibilities to identify potential individuals within an organization that exhibit "out of the ordinary" tendencies with respect to their use of corporate data and application access.
Ransomware and extortion will increase - Stephen Gates, chief research intelligence analyst at NSFOCUS
The days of single-target ransomware will soon be a thing of the past. Next-generation ransomware paints a pretty dark picture as the self-propagating worms of the past, such as Conficker, Nimda, and Code Red, will return to prominence—but this time they will carry ransomware payloads capable of infecting hundreds of machines in an incredibly short timespan. We have already seen this start to come to fruition with the recent attack on the San Francisco Municipal Transport Agency, where over 2,000 systems were completely locked with ransomware and likely spread on its own as a self-propagating worm. As cybercriminals become more adept at carrying out these tactics, there is a good chance that these attacks will become more common.
As more devices become internet-enabled and accessible and the security measures in place continue to lag behind, the associated risks are on the rise. Aside from the obvious risks for attacks on consumer IoT devices, there is a growing threat against industrial and municipal IoT as well. As leading manufacturers and grid power producers transition to Industry 4.0, sufficient safeguards are lacking. Not only do these IoT devices run the risk of being used to attack others, but their vulnerabilities leave them open to being used against the industrial organizations operating critical infrastructure themselves. This can lead to theft of intellectual property, collecting competitive intelligence, and even the disruption or destruction of critical infrastructure. Not only is the potential scale of these attacks larger, most of these industrial firms do not have the skills in place to deal with web attacks in real-time, which can cause long-lasting, damaging results. This alone will become one of the greatest threats that countries and corporations need to brace themselves for in 2017 and beyond.
Last week we explored automation, the key trend at this year’s German American Chamber of Commerce’s Business Conference, World Port Development's Port and Terminal Technology Conference, Port Technolgy International's Container Terminal Automation Conference, and TOC Asia 2017. In part 2, we pick up where we left off and look at a few other interesting topics that may impact terminal operations in the future.
Mega Ships, Transshipment Hubs and Shorter Shipping Routes
In general terms, there were broader topics at individual conferences that are worth noting, including: mega ship infrastructure investments, transshipment “hub” ports, and decreasing shipping distances. Interesting, each of these topics are interrelated and build on each other.
Mega ships have been topical for some time now. What was new at these conferences was a view that not all ports should invest in mega ship infrastructure. It is expensive to upgrade a port to service mega ships. As one delegate put it, you can win big, but, you can also lose big. Increasingly, ports are discussing the downsides to investing in infrastructure designed to service mega ships.
This flows into the emergence of transshipment hubs. It is forecasted that the port industry is going to transition from a point-to-point shipping model to a hub model, where there are only a few major ports servicing mega ships. These hubs will be characterized by a high level of inland connectedness and be capable of servicing all types of vessels. Shippers will use competitive models and software that calculates the least expensive option to ship a container from point A to point Z. Just because point Y is closer to point Z, doesn’t guarantee that this will be the shipping option selected, as point M with rail transfer to point Z might be a better financial proposition for the shipper.
Finally, the Fourth Industrial Revolution is positioned to transform the manufacturing economies of the world. For the first time in modern history, we are likely to see a return of manufacturing to developed economies. Given that the cost in automated manufacturing technologies is so high, companies are going to want to invest in these technologies where there are stable economies and governments in place. After all, you wouldn’t want to have invested hundreds of millions of dollars in a plant just to have a foreign government seize it. This will lead to an increased need for hinterland connections in developed nations – it will also lead to shorter shipping routes for some goods.
Speaking of the Future
We'd be remiss if we didn't highlight some of the interesting predictions that were presented.. Each conference brought its own individual ideas for the future, whether it be smart ports, reverse container stacking, the Fourth Industrial Revolution, Hyperloop One, or how an Airbnb or Uber-style disruptive technology is imminent in the terminal industry. These lines of thinking challenge the industry's status quo while also offering participants the ability to escape the daily grind of operations; if only for 20 or 30 minutes at a time. At the core of all of these ideas is technology. And, not just any technology... you guessed it, automated technology.
Smart ports focused on how the terminals of the future will be hyper-connected environments comprised of devices that all communicate with each other, sharing data in real-time; simultaneously improving knowledge, understanding, and productivity. In other words, it is “big data” combined with the Internet of Things (IoT). Either way you explain it, smart ports will play a central role in the success of terminal automation in the future.
The futuristic reverse container stacking concept by Navnautik relies entirely on "Autonomous Container Transporter's (ACT)" that replace all traditional yard equipment. The concept explores how stacking containers into silo-like vertical chutes improves space utilization. As a new concept, it is out there; that said, Navnautik’s science behind it does seem interesting and worth a look.
The Fourth Industrial Revolution, sometimes called "Industry 4.0" or "The Digital Industrial Revolution" is centered on how technology, specifically, automation through robots and artificial intelligence, will transform the world on a scale humans have never experienced before. While the jury is still out on whether this will be a good thing or not for humans, you can't argue against the fact that this topic is emerging as another big driver to port automation; watch this space.
Furthermore, the industry simply can’t ignore Hyperloop One. It promises to redefine the way people and goods (in our case goods) are moved. By offering the speed of air transportation at the cost of ground, it is poised to revolutionize the shipping industry. So much so, that DP World is a key investor and partner in the project, and sits on the board of directors for the company. That said, while the Hyperloop One team has grown from a small team working out of a LA garage in 2014 to a 200 strong team making steady headway, they are still some 4 years away from it being operational with a goal of opening in 2021.
Finally, disruptive "crowdsourced" technology innovations like Airbnb and Uber have been popping up in almost every industry from hotels and taxi transport, through to banking services. While no one presented a specific example of how a technology like this could establish itself in the port terminal space, as an industry, there was a consensus that ignoring it as a potential challenge isn't a proactive approach.
A Plug for Technology
All-in-all, technology is, and will, play a central role in how terminals grow and move forward into the future. Listening to the conversations held between sessions and speaking with delegates, you get a strong impression that terminals are embracing technology as a means to move their operations forward. Instead of traditional investment models centered on tangible assets, ports are seeing the benefits that software investments will deliver.
NOTE: Matthew Wittemeier is responsible for Marketing and Sales of INFORM's Logistics Division in Germany and is a colleague of Dr. Eva Savelsberg, a featured speaker at PORTCON LA-Long Beach (click here to read more). Mr. Wittemeier recently published an excellent two part series on Terminal Automation (click here to see original). The following is Part 2 of the series. Part 1 can be read by clicking here.
What do you think are the most important factors impacting container terminals today? What role will technology play in the future of container terminals?
These two states joined Delaware, the District of Columbia, Georgia, Hawaii, Maryland, Ohio, Utah and West Virginia in approving the merger. The merger also recently received regulatory clearance from Puerto Rico and Montana, joining Connecticut, Indiana, Louisiana, Nevada and Texas in granting regulatory clearance for the merger.
“More than 15 states and territories have approved or cleared the CenturyLink - Level 3 merger, showing that regulators understand this transaction will create a robust, resilient and secure network and improve the combined company’s ability to meet the ever-increasing demands of customers,” said CenturyLink Senior Vice President for Public Policy and Government Relations John F. Jones. “The strength of our combined network will help customers access higher bandwidth services in more locations and connect more businesses to customers around the globe.”
The merger, announced Oct. 31, 2016, should allow the combined company to offer enterprise and wholesale customers a broader and more complementary range of services and solutions, and position the combined company to enable the advanced technology and growing bandwidth needs of its customers, including small businesses, large businesses, large multinational enterprises and government entities.
In December 2016, CenturyLink began filing applications with the appropriate federal and state regulatory agencies. The transaction is subject to the company receiving various regulatory approvals and other customary closing conditions. The two companies continue to expect to receive the remaining state, federal and international approvals in time to complete the merger by Sept. 30, 2017.
CenturyLink (NYSE: CTL) is a global communications and IT services company focused on connecting its customers to the power of the digital world. CenturyLink offers network and data systems management, big data analytics, managed security services, hosting, cloud, and IT consulting services. The company provides broadband, voice, video, advanced data and managed network services over a robust 265,000-route-mile U.S. fiber network and a 360,000-route-mile international transport network. Visit CenturyLink for more information.