April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

IT Security

The chemistry behind the Flint Water Crisis: Corrosion of pipes, erosion of trust

By George Lane
GSN Columnist

When Flint, Michigan changed its water supply in 2014, it initiated a cascade of chemical reactions inside decades-old water pipes that caused Lead to leach into its drinking water, triggering a major public health crisis. When Flint used its own river as a water supply, drinking water contained a staggering 13,200 parts per billion (ppb) Lead, almost 900 times higher than the 15 ppb regulatory limit set by the Environmental Protection Agency (EPA). Some water samples exceeded the EPA criteria for Lead concentration in hazardous waste, 5,000 ppb.

Although Lead pipes have been used for water distribution for over two thousand years beginning with the Romans, the use of Lead pipes carrying water in the United States on a major scale began in the late 1800s, particularly in larger urban cities. By 1900, more than 70% of cities with populations greater than 30,000 used Lead-lined pipes for drinking water.

The use of Lead pipes to carry drinking water was recognized as a cause of Lead poisoning by the late 1800s in the United States. In 1890 the Massachusetts State Board of Health advised the state’s cities and towns to avoid using Lead pipes to transport drinking water. By the 1920s, many cities and towns were prohibiting or restricting their use. To combat this trend, the Lead industry carried out an effective campaign to promote the use of Lead pipes, affecting public health and delaying the replacement of Lead water pipes.

Normally water managers add chemicals to water, such as orthophosphates, to prevent corrosion. Orthophosphates bond with Lead in pipes, creating a protective coating between Lead and water. When that shield is intact, corrosive chemicals like Dissolved Oxygen (DO) can’t interact with the Lead; however, orthophosphates have to be added continually or the barrier breaks down. If the barrier does break down, DO combines with Lead atoms, oxidizing them. Oxygen takes electrons from Lead, grabs its Hydrogen protons, turning into water, and allows Lead to leach into drinking water. Once oxidized, Lead dissolves into the water instead of sticking to the pipe.

Flint’s water treatment plant did not add orthophosphates, allowing the pipes to corrode, and Lead quickly contaminated the drinking water. Additionally, Flint River water had high levels of chlorides, which accelerate corrosion. There were two other sources of chloride: Ferric chloride used in Chlorine disinfection of water and road salt applied during tough Michigan winters. Switching from Detroit’s Lake Huron to Flint River water created a perfect storm for Lead leaching into Flint drinking water.

A complex brew of acids, salts, Chlorine and many other chemicals were involved in oxidizing Flint’s metal pipes and releasing Lead. High levels of Lead in Flint drinking water weren’t reported to the public for 18 months; however, the corrosion happened quickly, especially in the warmer summer months. Without effective treatment to control corrosion, Flint’s water leached high levels of Lead from the city’s pipes into city drinking water. Following the switch, E. coli bacteria was also found in the water.

To combat E. coli, extra Chlorine was added as a disinfectant to remove it. Ferric chloride was also added as a coagulant to remove organic matter from the water, initiating a domino effect of chemical causes and effects. Flint’s water quality problems were also caused by corrosion in both the Lead and Iron pipes that distribute water. When city residents began using the Flint River as its water source, the water’s ability to corrode those pipes wasn’t adequately controlled. This led to high Lead levels, rust-colored tap water, and the growth of pathogenic microbes.

When Flint changed its water supply, the city didn’t adequately control corrosion. Flint isn’t the only city susceptible to these problems. The pipes in its old distribution system had seen the same water for decades, similar to many other cities. Switching water supplies changed the chemistry of the water flowing through those pipes.

When a switch like this happens, the chemistry in the water system moves toward a new equilibrium. In Flint the change was catastrophic. Flint was getting its water from the Detroit Water & Sewerage Department, which would draw water from Lake Huron and then treat it before sending it to Flint.

To lower the city’s water costs, in 2013 Flint officials decided to take water from another source which was building its own pipeline from the lake. Shortly after that, Detroit told Flint it would terminate their original long-term water agreement within a year and offered to negotiate a new, short-term agreement. Flint declined the offer. While waiting for the new pipeline to be finished, Flint began taking water from the Flint River and treating it at the city plant.

Problems with the city’s tap water started the summer after the switch in 2014. First, residents noticed foul-tasting, reddish water coming out of their taps. In August, the city issued alerts about E-coli contamination and told people to boil the water before using it. A General Motors plant in Flint stopped using the water because it was corroding steel parts.

In early 2015 Lead reached Flint’s University of Michigan campus. Researchers sampled water from 252 Flint homes and reported the results (www.flintwaterstudy.org). Hurley Children’s Hospital in Flint released data showing that since the water change, the number of Flint children with elevated levels of lead in their blood had increased from 2.4% to 4.9%.

Lead is neurotoxic, causing behavioral problems and decreased intelligence. The Blood Brain Barrier limits the passage of ions, but because it has not formed in children, they can absorb from 40% to 50% of water-soluble Lead compared with 3% to 10% for adults.

So why did the switch to Flint’s river water cause this catastrophe? As water travels through the miles of pipes in a city’s distribution system, molecules of contaminants in the water react with the pipes themselves, acting as a geochemical reactor. There are miles and miles of pipes, some Iron, some Copper, some Lead, that got corroded. Corrosion occurs when oxidants, such as DO or Chlorine, react with elemental metals in the pipes.

Cities no longer install lead pipes. But older cities such as Flint still rely on them, usually as water mains in the street to a home’s water meter. Because of Lead pipes, some states regulate the corrosivity of water to deposit a protective coating on the pipes. A 1990 report from the American Water Works Association estimated there are over 3 million Lead-lined pipes transporting drinking water in the Northeastern U.S. alone. According to EPA, nationwide over 10 million American homes and buildings receive water from Lead-lined pipes.

So why is Lead used in water pipes? The answer can be found literally thousands of years ago in the first “plumbing” systems, named for the word “Lead” in Latin, “plumbum”. Tap water in ancient Rome had 100 times more Lead than local spring waters. Lead piping was used because of its unique ability to resist pinhole leaks while still malleable enough to be formed into shapes that deliver water. Lead was used in many other common products, such as Tetra Ethyl Lead in gasoline and Lead-based paint, until scientific advancements in the 20th century demonstrated its toxicity. With passage of the Safe Drinking Water Act Amendments of 1986, installation of Lead water pipes was finally prohibited nationwide.

Today utilities treat their water to maintain a mineral crust on the inside surfaces of their pipes. This so-called “passivation layer” protects the pipes’ metal from oxidants in the water. The coatings consist of insoluble oxidized metal compounds produced as the pipe slowly corrodes.

If the water chemistry isn’t optimized, the passivation layer may dissolve and allow mineral particles to flake off of the pipe’s crust. This exposes bare metal, allowing the Iron, Lead, or Copper to oxidize and leach into the water. Flint water chemistry was not optimized to control corrosion. Most importantly, the treated Flint River water lacked one chemical that the treated Detroit water had: Phosphate. Cities such as Detroit add orthophosphates to their water as part of their corrosion control plans because of the formation of Lead phosphates, which are largely insoluble and add to the passivation layer.

The entire Flint water crisis could have been avoided if the city had added orthophosphates, commercially available chemicals, used in Detroit. After just five weeks in the Flint water, the pipes leached 16 times as much Lead as those in the Detroit water, demonstrating just how corrosive the treated Flint water was. But orthophosphates aren’t the only corrosion solution. Some water utilities treat water so it has a high pH, a high alkalinity. These conditions decrease the solubility of Lead carbonates, which also contribute to the pipe’s protective mineral layer.

The pH drop over time indicates that plant operators in Flint didn’t have a target pH as part of a corrosion plan. Water utilities usually find a pH that’s optimal for preventing corrosion in their system. For example, in Boston, another city with old Lead pipes, average water pH held steady around 9.6 in 2015, according to reports from the Massachusetts Water Resources Authority.

Problems with Flint’s pipes started quickly. The rust color and bad taste of the water coming out of residents’ taps in the summer of 2014 was a sign that the passivation layer on was dissolving into the water. Iron corrosion also encourages the growth of pathogens in the distribution system. As the mineral layer in iron pipes falls off, it exposes bare iron that can reduce free Chlorine added to the water as a pathogen-killing disinfectant. One home with Lead levels almost 900 times higher than the EPA limit had no detectable Chlorine levels over 18 days of monitoring.

Although Flint has switched back to the Detroit water, it may take years for pipes to regain their passivation layers for corrosion to slow to normal levels, and for Lead concentrations to drop back into an acceptable range. However Joel Beauvais, Deputy Assistant Administrator of EPA's Office of Water, emphasizes “EPA’s position is there is no safe level of lead exposure.” While the drinking water crisis has focused on Flint, almost 2,000 additional water systems in all 50 states have shown excessive levels of Lead contamination over the past four years.

The lesson from Flint is to continually monitor water chemistry, especially when switching water supplies. Water utility officials were already collecting all the data they needed, pH, alkalinity, chloride levels, to determine if the water was too corrosive. The message is to consider the connections between the stability of the water infrastructure and the chemistry of the water flowing through that infrastructure. That will inevitably control the water quality at the tap.

By not adding a corrosion inhibitor, Flint expected to save about $140 per day. But the human costs of the errors made in Flint will reverberate through the community forever and their magnitude will dwarf the original planned savings. According to Flint Mayor Karen Weaver, replacement of Flint’s Lead water lines is now estimated to cost up to $1.5 billion.

On December 20, 2016, Michigan's Attorney General announced felony charges against two former Flint emergency managers and two other former city officials linked to the city's disastrous decision to switch water sources, which resulted in widespread and dangerous Lead contamination of Flint drinking water. These latest charges bring the total number of people charged to thirteen.

On December 30, the Louisiana Department of Health and Human Resources (DHHR) reported unsafe levels of Lead in the drinking water in over 20% of the homes and businesses of St. Joseph, a rural city in North Louisiana. Dr. Jimmy Guidry, Louisiana DHHR Director, warned citizens saying “The message to the folks who live there is not to drink the water.”

George Lane, a resident of Baton Rouge, Louisiana, has 25 years of experience in the development of chemical security systems, conducting research as a NASA Fellow at the Stennis Space Center and as a NASA Fellow. Lane was air quality SME for the University of California at Berkeley Center for Catastrophe Risk Management during the BP Oil Spill. He is currently Chemical Security SME for the Naval Post Graduate School Maritime Interdiction in the Center for Network Innovation and Experimentation.


Partnership incorporates iSign biometic technology into AAEON rugged tablets


LACEY, WA Jan. 2, 2017 AAEON and iSign Announce Partnership Enabling Rugged Tablet Computers with Biometric Signature Technology

AAEON Electronics, Inc., a leading manufacturer of rugged tablet computers, and iSign International Inc., a leader in biometric signature security solutions, today announced a technology partnership agreement. The partnership is a perfect marriage of AAEON’s rugged tablets and an unrivaled enterprise IT security solution for mobile device access. The biometric signature solution works on all of AAEON’s IP65 certified and MIL-STD-810G rugged tablet touch screens without the additional cost of optional biometric hardware. iSign’s technology is 99.999% secure and meets the most stringent mobile enterprise security standards.

AAEON rugged tablets range in size from 5.7” to 11.6” and offer a variety of optional accessories. The iSign software agent installs on the tablet and secures access to the device without the need for network connectivity. It automatically learns your biometric signature over time. The more you sign in to the device, the more accurately it recognizes a signature. IT policies can be configured for remote alerts and lock-down. Other security features includes iSign’s 2048 bit encryption, Dynamic PKI, and a proprietary GPS-based Biometric Signature.

“AAEON is extremely excited about this strategic partnership with iSign International” said Chuck Anderson, National Sales Manager of AAEON Electronic’s Rugged Mobile Division. “iSign’s biometric signature technology bundled with AAEON’s best-in-class rugged tablets is an affordable security solution for mobile device user verification. Securing corporate data and applications continues to be the #1 challenge for Enterprise IT mobile management. We’ve eliminated traditional biometric authentication hardware and complex VPN services while maintaining a 99.999% secure mobile platform.”

According to a Juniper Research report1 published in January, over 600 million mobile devices will have some form of biometric authentication by 2021, up from an estimated 190 million in 2016. The new research found that use cases for biometrics will transition from identification to verification where the biometric is stored on-device and alert notifications are sent to a service. A recent GCN article2 about mobile biometric authentication indicates that fingerprint and facial recognition biometrics are vulnerable. They can not only be hacked but have other cybersecurity vulnerabilities that include untrusted user interfaces and malware.

"iSign is excited to partner with a leading hardware manufaturer of rugged mobile devices" said Thien Pham, Chief Technology Officer. "iSign's unique approach to digital security with artificial intelligence allows us to create a cybersecurity game changing solution stack with unsurpassed protection against hacking."

About AAEON Electronics, Inc.

Established in 1992, AAEON is the industrial and embedded computing division of The ASUS Group of companies. Committed to innovative engineering, AAEON provides reliable, long-life computing platforms. These platforms include rugged tablets, industrial motherboards and systems, industrial displays, embedded controllers, network appliances, and integration services. As an Associate Member of the Intel® Internet of Things (IoT) Solutions Alliance, AAEON offers customized end-to-end services from initial product concept to board product design to mass manufacturing and after-sales service programs. AAEON is also a GSA government contract holder (#GS-35F-0470Y) serving Federal, State & Local government sectors. For more information on AAEON’s extensive breadth of products and services, please visit http://www.aaeon.com/.

About iSign International, Inc.

Established in 2016, iSign International is a private Texas corporation which has developed an original cyber security technology combining biometric signature recognition and projection, innovative devices pairing, Dynamic PKI encryption, GPS localization and univocal computer generated transactional password. iSign believes that its technology, which is covered by several patent pending claims, constitutes a game changing approach as it renders hacking practically impossible. Please visit http://www.isignintl.com to learn about our unsurpassed protection against hacking.

Crowley Government Services earns ISO/IEC certification

JACKSONVILLE, FL Dec. 28, 2016 Crowley Maritime Corp.’s government services group has achieved worldwide ISO/IEC 27001:2013 information security certification for enhancements made to the security of accessing, transmitting, processing and storing covered defense information related to its management of Military Sealift Command’s T-AGOS/T-AGM and BOBO vessels. ISO/IEC 27001:2013 is the most rigorous and recognized international standard for implementing and managing security controls to protect information assets. It complements the company’s existing ISO 9001, quality system and ISO 14001, environmental system certifications.

During the certification process, the American Bureau of Shipping (ABS) verified that Crowley had a robust framework in place to assess information security risks, identify threats and rapidly respond to any issues related to the fleet.

“This comprehensive standard, which includes regular follow-up surveillance audits, ensures our partners around the world that we have rigorous information security controls in place to protect the confidentiality, integrity and availability of Crowley’s information,” said Mike Golonka, vice president government services, Crowley. “We are pleased to expand our global framework to include this certification, which elevates the security standard for the maritime industry.”

Crowley’s global ship management group was originally awarded the contract for operation and maintenance of the T-AGOS/T-AGM fleet for the Military Sealift Command in December 2014 and for the BOBO fleet in August 2015. For the T-AGOS/T-AGM fleet of seven, Crowley provides personnel; operational and technical support (ashore and afloat); and equipment, tools, provisions and supplies. For the BOBO-class prepositioning fleet of six, Crowley provides full turnkey operation and management, including crewing, and scheduled and unscheduled repair and dry-dockings.

Over the past 124 years, Crowley has developed a portfolio of services to support the U.S. government’s operations both domestically and abroad. The team is led by industry and military-veterans who combine the technical and professional capabilities of the company to offer best-in-class operations, engineering, and contract management support. Crowley provides bundled vessel management solutions for Military Sealift Command; the Maritime Administration, as part of the Government's Ready Reserve Force (RRF) Program; and Naval Sea Systems Command. The group also provides other services including custodial services for vessels seized by U.S. government agencies; naval architecture and marine engineering; project management; specialized towing operations; specialty cargo moves; full transportation logistics; and a host of other offerings tailored specifically for the diverse needs of the government. For more information, visit Crowley.com/government.

For information on parent company, Crowley Maritime Corporation, its subsidiaries and business, visit http://www.crowley.com.

CACI earns ISO certification for IT infrastructure and security policies, practices


ARLINGTON, VA Dec. 21, 2016 CACI International Inc (NYSE: CACI) announced today that it has been certified for the International Organization for Standardization (ISO) 27001 credential for information security policies and practices. The enterprise-wide certification is independent verification that CACI’s internal corporate information technology (IT) infrastructure and information security policies and practices adhere to the best practices defined in the ISO standard. This is the second enterprise-wide ISO credential the company has received, having been certified for the ISO 9001:2015 quality management credential in May. CACI’s ongoing success in meeting industry-recognized standards reflects the company’s commitment to delivering excellence and high quality in all its solutions and services.

The ISO 27001 certification is earned on the basis of an external audit. Auditors examined every aspect of CACI’s internal information security policies and practices – those internal processes developed to ensure corporate information technology infrastructure and policies are secure and compliant. The certification defines requirements for information security management systems and serves as an industry-recognized measurement of effective policies and practices.

Receiving the ISO 27001 certification is key to CACI’s strategy for achieving compliance with the National Institute for Standards and Technology (NIST) Special Publication 800-171, the federal government’s set of requirements to safeguard covered defense information and cyber incident reporting. The NIST 800-171 is currently required for all Department of Defense contracts and is anticipated to become a government-wide requirement by 2017.

CACI Chief Operating Officer and President of U.S. Operations John Mengucci said, “The ISO 27001 certification, along with the ISO 9001:2015 certification announced in May, is a reflection of CACI’s commitment to ensuring our internal IT infrastructure and policies and practices meet the highest industry and government standards.”

Ken Asbury, CACI’s President and Chief Executive Officer, said, “This enterprise-wide certification, with its increased emphasis on information security policies and practices, is a testament to the excellence that we pursue at CACI as our constant goal. We are pleased at the recognition the International Organization for Standardization has given us, as it acknowledges CACI’s focus on our internal security.”

CACI provides information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. A Fortune magazine World’s Most Admired Company in the IT Services industry, CACI is a member of the Fortune 1000 Largest Companies, the Russell 2000 Index, and the S&P SmallCap600 Index. CACI’s sustained commitment to ethics and integrity defines its corporate culture and drives its success. With approximately 20,000 employees worldwide, CACI provides dynamic career opportunities for military veterans and industry professionals to support the nation’s most critical missions. Join us! www.caci.com.

Red Hat earns nine federal certifications for Linux 7.1


RALEIGH, NC Dec. 13, 2016 Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1 has received nine Federal Information Processing Standard (FIPS) 140-2 security certifications from the U.S. federal government’s National Institute of Standards and Practices (NIST). These certifications, achieved in 2016, emphasize Red Hat’s focus on delivering a more secure foundation for mission-critical systems, building upon Red Hat Enterprise Linux 7.1’s recent achievement of a Common Criteria security certification at Evaluation Assurance Level (EAL) 4+ as the first certified operating system to offer Linux Container Framework Support.

The FIPS 140-2 certification program is a joint initiative between the U.S.-based National Institute for Standards and Technology (NIST) and the Communications Security Establishment (CSE) for the Government of Canada. This internationally recognized certification is mandated by national agencies in the U.S. and Canada and recognized in Europe and Australia. Information systems based on Red Hat Enterprise Linux 7 now have greater assurance that native cryptographic security systems, such as those used to encrypt data and provide more secure communications, have been formally evaluated to meet international cryptography standards.

Red Hat Enterprise Linux 7.1 has achieved FIPS 140-2 certification for the following modules:


  • OpenSSL
  • OpenSSH Server
  • OpenSSH Client
  • Libgcrypt
  • NSS
  • Libreswan
  • Kernel Cryptographic API
  • Kernel Cryptographic API with CPAFC
  • GnuTLS

The certified Red Hat Enterprise Linux 7.1 modules retain FIPS 140-2 certification when running on these hardware configurations:

  • HPE ProLiant DL380p Gen8 with PAA
  • HPE ProLiant DL380p Gen8 without PAA
  • IBM Power8 Little Endian 8286-41A
  • IBM z13 (single-user mode)

The U.S. Secretary of Commerce approves standards and guidelines that are developed by NIST for U.S. federal information systems. The FIPS 140 Publication Series coordinates the requirements and standards from cryptographic modules for hardware and software, and in order to achieve FIPS 140-2 validation, cryptographic modules are subjected to rigorous testing by independent, accredited test facilities.

The validation testing for today’s announcement was performed by atsec information security corporation’s Cryptographic and Security Testing Laboratory in Austin, Texas. atsec is an independent company with long-standing experience in international IT security standards.

Supporting Quotes

Paul Smith, vice president and general manager, Red Hat

“Protecting highly-sensitive data, from employee and customer financial data to national security details, is a critical need for modern IT departments, particularly those operating in the public sector. Red Hat understands the varied IT security needs of these organizations, and Red Hat Enterprise Linux’s FIPS 140-2 and Common Criteria EAL4+ certifications provide continued support of our commitment to deliver a highly-secure operating system for environments that require the strictest of protections.”

Yi Mao, manager, Cryptographic Security Test Laboratory, atsec information security

“Red Hat endeavors to keep assurances by having a third party lab working with them to perform code inspection and independent testing against rigorous standards in cryptography as well as product security. It has been a dramatic effort for Red Hat to take their stack of cryptographic libraries running on the operating system RHEL 7.1 through FIPS 140-2 validation. Their pursuit for greater security is demonstrated in the wide validation scope and deep understanding of security requirements, and we are honored to be Red Hat’s chosen lab for these FIPS 140-2 certifications and applaud their achievement.”

Additional Resources

Learn more about FIPS 140-2 compliance and Red Hat Enterprise Linux

Read more about Red Hat’s accredited and certified open source technologies

About Red Hat, Inc.

Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to provide reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As a connective hub in a global network of enterprises, partners, and open source communities, Red Hat helps create relevant, innovative technologies that liberate resources for growth and prepare customers for the future of IT. Learn more at http://www.redhat.com.

Zenoss wins IT software contract with U.S. Air Force


AUSTIN, TX Dec. 14, 2016 Zenoss Inc., the leader in hybrid IT monitoring and analytics software, today announced that the company has been awarded the multisite software contract for the United States Air Force Distributed Common Ground System (DCGS). Under the contract, Zenoss will also provide software and services for extensibility and integration with key technologies including Cisco, VMware, EMC and Windows.

What is the US Air Force DCGS?

DCGS, also referred to as the AN/GSQ-272 Sentinel weapon system, produces military intelligence for multiple military branches. It is the Air Force’s key system for intelligence, surveillance and reconnaissance (ISR) information and is used for collection, processing and exploitation, analysis, and dissemination (PCPAD). The Air Force DCGS is currently composed of 27 regionally aligned, globally networked sites and is capable of providing worldwide, near-real-time simultaneous intelligence to multiple theaters of operation through a robust reach-back communications architecture.

The Zenoss Hybrid IT Monitoring Platform for the US Air Force DCGS

The multiyear contract calls for Zenoss to provide IT service assurance across security echelons. The Zenoss hybrid IT monitoring platform provides complete visibility into cloud, virtual and physical environments for secure federal agencies and public sector organizations.

“The United States military requires the most innovative IT products and services that ensure the highest levels of communication and coordination in support of its missions,” said Greg Stock, Chairman and CEO at Zenoss. “We are proud to partner with the US Air Force to deliver the most advanced hybrid IT monitoring and analytics solution for the one of the world’s most sophisticated weapon systems.”

About Zenoss

Zenoss works with the world's largest, most secure organizations to ensure their IT services and applications are always on. As the global leader in hybrid IT monitoring and analytics software, Zenoss provides complete visibility for cloud, virtual and physical IT environments. Zenoss customers gain IT performance and risk insights into their unique IT ecosystems through real-time analytics that adapt to the ever-evolving data center and cloud, enabling them to eliminate disruptions and accelerate business. Zenoss Service Dynamics is available for Amazon Web Services (AWS) GovCloud. For more information, visit www.zenoss.com.

Healthcare information organization chooses Prevalent Synapse, Churchill & Harriman to protect against cyber threats

WARREN, NJ Dec. 8, 2016 Prevalent, Inc., the leader in Third-Party Risk Management and Vendor Threat Intelligence, and Churchill & Harriman, the recognized leader in enterprise risk management and third-party risk assessments, today jointly announced that NH-ISAC has chosen the purpose-built Prevalent Synapse™ platform and Churchill & Harriman's risk assessment services for the third-party risk management element of its mission to protect the nation's critical healthcare infrastructure from physical and cyber threats.

"Third-party risk is a valid concern for any organization in the healthcare ecosystem," said Denise Anderson, NH-ISAC President. "We are excited to be working with Prevalent and Churchill and Harriman to leverage the NH-ISAC community and offer risk assessment services via CYBERFIT that are both efficient and affordable."

Prevalent's Synapse platform is purpose-built to minimize the burden of controls, information collection and distribution among members of vertical networks, delivering built-in workflows, network moderator functionality, and questionnaire and risk-scoring flexibility - all in a secure SaaS environment. Prevalent is bringing the experience built in its Legal, Higher Education, Asset Management, and Mortgage industry networks to NH-ISAC's CYBERFIT vendor network, leveraging not only its next generation platform developed on the foundation of that experience base, but also the network management experience unique to Prevalent.

"There's no substitute for experience," added Michael Wagner, Sr. Director of Johnson & Johnson and a member of the NH-ISAC Board of Directors. "While organizations have tried, none have delivered a vendor risk, evidence-sharing network for healthcare and the platform to run it. Prevalent is doing it today in multiple verticals."

"The security of our health system and the criticality of the data at risk makes what we are doing extremely important," continued Jonathan Dambrot, Prevalent CEO & Co-Founder. "It is an honor to be selected to participate in this groundbreaking effort with such prestigious partners. Working in conjunction with CYBERFIT and the NH-ISAC, we are creating a new model to reduce risk, reduce cost, and ensure members have the information they need to maintain security and compliance in our ever-interconnected environment."

In addition to Prevalent's next generation platform, CyberFit is also leveraging the expertise brought by the recognized Third-Party Risk Management leader Churchill & Harriman (C&H), who will contribute evidence analysis, vendor interaction, and evidence validation in the CYBERFIT network.

"The healthcare industry depends on C&H for thorough and complete third party risk assessments. With our focus on third-party risk management services, we have a unique perspective on the industry and the tools available from virtually all the software vendors," observed Ken Peterson, CEO and founder of C&H. "Prevalent is clearly the leader in network platform technology, delivering a proven product, validated by actual users."

For more information on the Synapse platform and the CYBERFIT network, contact [email protected]

About Prevalent

Prevalent is the leader in third-party risk management and cyber threat intelligence, helping global organizations manage and monitor the security threats and risks associated with third and fourth-party vendors. With the release of Prevalent Synapse™, organizations now have a purpose-built, unified platform that reduces both risk and cost in a shared assessment model, leveraging standardized content, automation, and threat intelligence. For more information regarding Prevalent, please visit www.prevalent.net, email [email protected] or call 877-PREVALENT.

About Churchill & Harriman

Churchill & Harriman (C&H) is a privately-held enterprise risk management consulting corporation. C&H is a trusted partner and advisor to industry leading consortiums, governing bodies and corporations, providing end-to-end enterprise risk management advisory services and solutions for multinational clients worldwide. For more information regarding Churchill & Harriman, please visit www.chus.com, email [email protected] or call 609-921-3551.


NH-ISAC, a non-profit health sector-led organization is recognized by the nation's health sector, the US Department of Health and Human Services (HHS), the US Department of Homeland Security (DHS), the National Security Agency (NSA), FBI, and the National Council of ISACs (NCI Directorate) representing all national critical infrastructures. Headquartered at the Global Situational Awareness Center, Global Institute for Cybersecurity + Research, NASA/Kennedy Space Center, NH-ISAC is the tactical and operational arm advancing national healthcare and public health critical infrastructure resilience – all hazards (cyber and physical) security intelligence situational awareness analysis and reporting, secure trusted two-way information sharing, countermeasure solutions, incident response, leading practice and education. For more information, visit www.nhisac.org.

Iron Mountain, ITRenew offers secures technology equipment disposal for federal agencies


BOSTON Nov. 30, 2016 As U.S. Federal agencies plan to replace outdated technology equipment, it becomes increasingly important to deploy IT asset disposition (ITAD) programs that ensure data security and provide e-waste recycling and value recovery services. To help address this growing challenge, Iron Mountain Incorporated (NYSE: IRM), the global leader in storage and information management, and ITRenew, a leader in IT lifecycle management, today announced a partnership that combines ITRenew’s ITAD software and services with Iron Mountain’s secure chain of custody and logistics to serve government entities and federal agencies across the U.S.

Iron Mountain’s end-to-end Secure IT Asset Disposition service enables agencies to safely and securely dispose of their equipment, including PCs and laptops, servers, hard drives and mobile devices, with the peace of mind that such disposal complies with applicable data security and e-waste disposal regulations. Through the combination of Iron Mountain and ITRenew, outdated government IT equipment will be securely transported and tracked through Iron Mountain’s secure chain of custody and delivered to ITRenew’s refurbishing and recycling facilities. ITRenew’s ITAD processing services will include 100 percent sector-verified data erasure, asset remarketing, R2-certified recycling and regulation compliance reporting. Data erasure will be performed with Teraware, ITRenew’s proprietary data sanitization platform.

“Our relationship with ITRenew offers Federal agencies a unique combination of secure logistics and environmentally-sustainable IT asset disposition and remarketing, with Teraware – their industry leading data erasure and asset management workflow platform,” said John Sharpe, general manager of Secure IT Asset Disposition at Iron Mountain. “Federal agencies are facing many of the same IT asset disposition challenges as the private sector, made more complicated by both the nature of the data stored on the equipment and the stringent regulations surrounding the storage and destruction of that data. The combination of ITRenew’s powerful software, services that are ADISA certified for data sanitization at a forensic level, and Iron Mountain’s reputation as the trusted guardian of our customers’ most important assets will deliver peace of mind to Federal agencies. They will know that their data and IT assets are managed and disposed of properly and safely.”

“This is a natural fit between two industry leaders, leveraging each other’s strengths to fill a market need,” said Aidin Aghamari, vice president of corporate strategy, ITRenew. “ITRenew has the national footprint, scalable architecture and remarketing expertise necessary to process anything from PCs to mobile devices to mass-storage devices with equal levels of security, efficiency and value recovery.”

This joint service offering will enable Federal agencies to:

  • Customize a secure IT asset recovery and environmentally sustainable disposition solution to fit their needs.
  • Reclaim value from viable retired equipment, in which assets are wiped clean of sensitive data for a certificate of sanitization, then tested, repaired and resold.
  • Leverage proven processes that ensure sensitive data will not get into the wrong hands and that it has been certifiably destroyed according to DoD NISPOM and NIST standards – either electronically via ITRenew’s Teraware software or physically destroyed.
  • Maintain environmental responsibility by working with an R2 certified recycler, in which electronic waste is disposed of properly to repurpose materials for future use.

About ITRenew

Based in Silicon Valley, ITRenew specializes in complete lifecycle management for enterprise IT, mobile and data center equipment, processing millions of IT assets through a network of company-owned facilities. The independently-owned company has been recognized by Gartner as a Visionary in the 2014 Magic Quadrant for IT Asset Disposition, Worldwide.* Teraware, ITRenew’s proprietary data sanitization and asset management platform, has been adopted by the world’s largest cloud companies and is used to erase more than four million hard drives a year. Through an ADISA Claims Test, Teraware is the only solution to be certified to erase solid-state drives at a forensic level and has been recognized by Gartner as a competitive differentiator. All ITRenew facilities are 100 percent dedicated to ITAD services and have been R2, ISO 9001, ISO 14001 and OHSAS 18001 certified for secure asset recovery and data sanitization, environmental management, quality and occupational health and safety.

About Iron Mountain

Iron Mountain Incorporated (NYSE: IRM) is the global leader for storage and information management services. Trusted by more than 220,000 organizations around the world, Iron Mountain’s real estate network comprises more than 85 million square feet across more than 1,400 facilities in 45 countries dedicated to protecting and preserving what matters most for its customers. Iron Mountain’s solutions portfolio includes records management, data management, document management, data centers, art storage and logistics, and secure shredding, helping organizations to lower storage costs, comply with regulations, recover from disaster, and better use their information. Founded in 1951, Iron Mountain stores and protects billions of information assets, including critical business documents, electronic information, medical data and cultural and historical artifacts. Visit www.ironmountain.com for more information.

Israeli university researchers demonstrate malware that makes a computer become a spying device


BEER-SHEVA, Israel, Nov. 22, 2016 Researchers at Ben-Gurion University of the Negev (BGU) have demonstrated malware that can turn computers into perpetual eavesdropping devices, even without a microphone.

In the new paper, “SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit,” the researchers explain and demonstrate how most PCs and laptops today are susceptible to this type of attack. Using SPEAKE(a)R, malware that can covertly transform headphones into a pair of microphones, they show how commonly used technology can be exploited.

“The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,” says Prof. Yuval Elovici, director of the BGU Cyber Security Research Center (CSRC) and member of BGU’s Department of Software and Information Systems Engineering.

"This is the reason people like Facebook Chairman and Chief Executive Officer Mark Zuckerberg tape up their mic and webcam," says Mordechai Guri, lead researcher and head of Research and Development at the CSRC. "You might tape the mic, but would be unlikely to tape the headphones or speakers."

A typical computer chassis contains a number of audio jacks, either in the front panel, rear panel or both. Each jack is used either for input (line-in), or for output (line-out). The audio chipsets in modern motherboards and sound cards include an option for changing the function of an audio port with software –a type of audio port programming referred to as jack retasking or jack remapping.

Malware can stealthily reconfigure the headphone jack from a line-out jack to a microphone jack, making the connected headphones function as a pair of recording microphones and turning the computer into an eavesdropping device. This works even when the computer doesn’t have a connected microphone, as demonstrated in the SPEAKE(a)R video.

The BGU researchers studied several attack scenarios to evaluate the signal quality of simple off-the-shelf headphones. "We demonstrated it is possible to acquire intelligible audio through earphones up to several meters away," said Dr. Yosef Solewicz, an acoustic researcher at the BGU CSRC.

Potential software countermeasures include completely disabling audio hardware, using an HD audio driver to alert users when microphones are being accessed, and developing and enforcing a strict rejacking policy within the industry. Anti-malware and intrusion detection systems could also be developed to monitor and detect unauthorized speaker-to-mic retasking operations and block them.

About American Associates, Ben-Gurion University of the Negev

American Associates, Ben-Gurion University of the Negev (AABGU) plays a vital role in sustaining David Ben-Gurion's vision: creating a world-class institution of education and research in the Israeli desert, nurturing the Negev community and sharing the University's expertise locally and around the globe. As Ben-Gurion University of the Negev (BGU) looks ahead to turning 50 in 2020, AABGU imagines a future that goes beyond the walls of academia. It is a future where BGU invents a new world and inspires a vision for a stronger Israel and its next generation of leaders. Together with supporters, AABGU will help the University foster excellence in teaching, research and outreach to the communities of the Negev for the next 50 years and beyond. Visit vision.aabgu.org to learn more.

AABGU, which is headquartered in Manhattan, has nine regional offices throughout the United States. For more information, visit www.aabgu.org.

AITC wins contract to support Army Intelligence Center of Excellence

WINTER SPRINGS, FL Nov. 15, 2016 Continuing to make headlines, Advanced IT Concepts (AITC) announced today that it has been awarded two new contracts to support the United States Army's Intelligence Center of Excellence (ICoE) in Fort Huachuca, Arizona. The contracts, with a combined Period of Performance (POP) of five years, will focus on the development of Unit Tasks Lists (UTL) and Collective Tasks Lists (CTL) for the Theater Intelligence Brigade (TIB) and other military intelligence units, in support of the Chief of Staff of the Army's (CSA) Initiative for Assessing and Reporting Training Readiness (ARTR). The TIB contract has four subject matter experts for a one-year data collection period and task analysis effort. The ARTR contract also has four subject matter experts for up to five years and will revise all military intelligence unit collective training tasks, create new tasks as required to comply with collective task standards and business rules established by the Chief of Staff of the Army.

This effort is being implemented with AITC's strategic partner, Intelligence, Communications and Engineering (ICE), Inc., located in Sierra Vista, AZ. The work will be primarily based at Fort Huachuca, AZ, along with some efforts at the seven TIB's located both inside and outside the continental U.S.

"Being awarded this contract is another significant achievement for AITC. It continues to boost our reputation as a trusted professional services provider for the federal government. It also translates to more work, program support staff and revenue for our company, spurring more success to our local economy and state. We are continuing to strive for success adding to our contract portfolio, "says Gabe Ruiz, AITC President & CEO.

The contracts provide direct support to the U.S. Army's Training and Doctrine Command (TRADOC) and the ICoE Training Development and Support Program based at Fort Huachuca. The total value of both contracts over five years (if all options exercised) is $3.9 million.

"The Army's intelligence community utilizes the latest technology and equipment, along with highly trained and skilled personnel to develop critical information and make operational decisions. AITC is proud to support this effort to advance the training and skill development that is central to future successful missions," says Wells Barlow, AITC Business Development Manager.

AITC was awarded the contract based on several years of exceptional past performance in a similar capacity. These were part of the 10 new contracts received by AITC in the last two months with a combined value of more than $13 Million, building the company's momentum after recently announcing the win of the $70 Million Army Medical Simulation Support Services (MS3) contract.

About Advanced IT Concepts (AITC):

AITC is an SDVOSB and SBA 8(a) certified IT systems integrator, value-added reseller and service provider to federal, state and local governments. For more than 10 years, AITC draws upon significant telecommunications and Information Technology proven experience to ensure customers' goals are met by delivering superior client services through a full suite of IT specialized services. For details, visit www.aitcinc.com.



Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...