Technology Sectors

Market Sectors

<div style="text-align:center"> <p>"Mass Notification Profiles"</p> <p>Ideas and strategies<br><br /> from leading vendors</p> <p>Prepared exclusively<br><br /> for GSN Magazine<br><br /> by:</p> <p><a href="http://www.gsnmagazine.com/node/30557?c=communications">LRAD Corporation</a></p> <p><a href="http://www.gsnmagazine.com/node/30559?c=communications">Desktop Alert</a></p> <p>Available in Print or Online</p> </div>

IT Security

Telco Systems Wins Follow-On Cybersecurity Contract From Prominent National Defense Agency

Telco Systems, the leading provider of innovative SDN/NFV, CE 2.0, MPLS and IP solutions, today announced that the company has been awarded a significant follow-on contract to supply a cybersecurity communications solution to a national defense agency customer.

Telco Systems won this follow-on project for the ability of its cybersecurity technology to efficiently detect and investigate suspicious network activity and secure sensitive communications networks.

This follow-on project represents Telco Systems' fourth major customer in the government sector.

Telco Systems reports that the company is experiencing increasing demand from its solutions across numerous market segments, including the company's cybersecurity solution from government organizations, Carrier Ethernet solutions from network operators and NFV solutions from telcos and managed service providers.

"We are proud that this national defense agency customer has extended its relationship with us and see it as an expression of trust and confidence in our company's ability to deliver the benefits of our innovative technologies," stated Ariel Efrati, CEO at Telco Systems. "At the same time, we have strong expectations for continued growth across numerous market segments for both our cybersecurity and communications networking offerings."

 

About Telco Systems 

Telco Systems delivers an industry-leading portfolio of Carrier Ethernet and MPLS-based demarcation, aggregation, NFV and vCPE solutions, enabling service providers to create intelligent, service-assured, CE 2.0-compliant networks for mobile backhaul, business services and cloud networking. Telco Systems' end-to-end Ethernet, SDN/NFV-ready product portfolio delivers significant advantages to service providers, utilities and city carriers competing in a rapidly evolving telecommunications market. Telco Systems is a wholly owned subsidiary of BATM Advanced Communications (LSE: BVC).

To learn more, visit Telco Systems at http://www.telco.com or follow Telco Systems on Twitter, LinkedIn and Facebook.

Crystal Group partners with Intel, VMware, and DC Systems to Deliver Robust Compute Solution for Smart Grid Modernization

Hiawatha, Iowa, – Crystal Group Inc., a leading designer/manufacturer of rugged computer hardware, is joining forces with industry partners Intel®, VMware®, and DC Systems to help utilities monitor, manage, and modernize critical power infrastructures. Crystal Group is demonstrating its new RS37AS17 3U Rugged Server – engineered to consolidate compute, storage, and networking in a single, scalable system capable of withstanding harsh environments – in Crystal Group’s booth #3228 at DistribuTECH conference and exhibition January 23 – 25 in San Antonio, Texas.

“Crystal Group’s RS37AS17 answers the growing demand for a quick, painless way to modernize and streamline power generation and distribution substations, boost efficiency and security, reduce costs, minimize downtime, and meet current and future requirements,” says Jim Shaw, Crystal Group executive vice president of engineering. “A true server-class powerhouse in a compact footprint, the Crystal Group RS37AS17 3U Rugged Server converges key data-handling capabilities – including high-performance processing, storage, and networking – in a single rugged, reliable server designed to bring military-grade durability and reliability to power substations everywhere.”

The Crystal Group RS37AS17 can replace multiple aging devices with a single, compact solution to reduce size, weight, power, and cooling overhead, as well as streamline maintenance. The new rugged server is fully customizable to ease the transition to a more modern, reliable, and capable system, and is modular and scalable to support evolving requirements and technologies over a long operational life. The versatile RS37AS17 is completely configurable with four drive bays, three PCI Express (PCIe) slots, support for up to 1TB of memory, and flexible I/O. Compute, storage, and networking capacity can be added quickly and easily to accommodate future upgrades and expansion.

Crystal Group engineers tap decades of experience developing field-tested, combat-proven rugged hardware that meets or exceeds strict industry standards to craft the RS37AS17 3U Rugged Server specifically for critical power infrastructure applications. High-quality components are stabilized in a rugged aluminum enclosure with advanced thermal management to boost system reliability, availability, and survivability in the face of challenging conditions and extreme environments, including shock and vibration, extreme temperatures, humidity, and more at even the most remote power substations – where consumer grade systems may fail. The RS37AS17 is designed and tested to meet or exceed the IEC 61850-3, IT-65, IEEE 1613 (surge only), and MIL-STD-810 standards, and complies with Export Control Classification Number (ECCN) 5A992.c.

Crystal Group’s RS37AS17 leverages the latest, industry-leading commercial off-the-shelf (COTS) technologies such as Intel® Xeon® Scalable Processors, VMware virtualization software, and DC Systems’ human-machine interfaces (HMI).

See live demonstrations of the complete, turnkey power substation solution in action and talk with Crystal Group, Intel, Vmware, and DC Systems  representatives in Crystal Group’s booth #3228 during DistribuTECH 2018 at the Henry B. Gonzalez Convention Center in San Antonio, Texas, on January 23 through 25.
 
About Crystal Group Inc.
Crystal Group Inc., a technology leader in rugged computer hardware, specializes in the design and manufacture of custom and commercial off-the-shelf (COTS) rugged servers, embedded computing, networking devices, displays, power supplies, and data storage for high reliability in harsh environments. An employee-owned small business founded in 1987, Crystal Group provides the defense, government and industrial markets with in-house customization, engineering, integration, configuration management, product lifecycle planning, warranty, and support services.

Crystal Group products meet or exceed IEEE, IEC, and military standards (MIL-STD-810, 167-1, 461, MIL-S-901); are backed by warranty (5+ year) with in-house support; and are manufactured in the company’s Hiawatha, Iowa, USA, facility certified to AS9100C:2009 and ISO 9001:2008 quality management standards.

Peraton Names Former DHS Under Secretary Reginald Brothers as Executive Vice President and Chief Technology Officer

HERNDON, VA – Peraton has announced the appointment of Dr. Reginald Brothers as executive vice president and Chief Technology Officer, effective February 19, 2018.

As Chief Technology Officer, Brothers will lead a new organization responsible for strategic planning, technology solutions, business development, and mergers and acquisitions (M&A) for the company.

Most recently, Brothers was a principal with The Chertoff Group, a premier global advisory firm focused on security and risk management. Prior to that role, he served as Under Secretary for Science and Technology, Department of Homeland Security, where he was responsible for a science and technology portfolio that included basic and applied research, development, demonstration, testing and evaluation with the purpose of helping DHS operational elements and the nation’s first responders achieve their mission objectives.

From 2011 to 2014, he served as the Deputy Assistant Secretary for Research, Department of Defense, where he was responsible for policy and oversight of the Department’s science and technology programs and laboratories. Earlier in his career, Brothers held senior technology leadership roles in the Defense Advanced Research Projects Agency (DARPA) and the Communications and Networking business area at BAE Systems.

“Reggie brings a truly unique perspective to Peraton,” said Stu Shea, Peraton CEO. “From his successful career in government and the private sector, he possesses a deep understanding of the mission and technology requirements of our DoD and homeland security customers. We will look to Reggie to further strengthen, differentiate, and align Peraton’s technology development, customer engagement, and M&A activities across the markets we serve.”

He earned a B.S. in electrical engineering from Tufts University, an M.S. in electrical engineering from Southern Methodist University, and a Ph.D. in electrical engineering and computer science from the Massachusetts Institute of Technology.

 

About Peraton

Peraton provides innovative, reliable solutions to the nation’s most sensitive and mission-critical programs and systems. Peraton has significant experience providing highly differentiated space, intelligence, cyber/SIGINT, defense, homeland security, electronic warfare and secure communications solutions, and has become a trusted partner on missions that are critical to the security priorities of the United States. Capabilities include complex software and technology services and solutions, as well as end-to-end mission operations capabilities, including software systems development, offensive and defense cyber operations, modeling & simulation, mission management, and Quick Reaction Capabilities (QRC) / Research & Development. The company is headquartered in Herndon, VA, with approximately 3,500 employees across the U.S. and Canada.

LRAD® Corporation Acquires Location-Based Mass Messaging Solutions Provider, Genasys Holding S.L.

SAN DIEGO, CA – January 19, 2018 – LRAD Corporation (NASDAQ: LRAD), the world’s leading provider of acoustic hailing devices (“AHDs”) and advanced mass notification systems, today announced the acquisition of Genasys Holding S.L. (“Genasys”), a leading software provider of advanced location-based mass messaging solutions for emergency warning systems and workforce management.

Genasys, headquartered in Madrid, Spain, has an experienced group of developers with over 200 man years of software development and a strong, international technical sales, service, and support team. Genasys currently has two main product offerings: news – a reliable solution for sending SMS-based warnings of public safety hazards to affected populations with industry-leading speed; and, haz – a low cost, easy-to-use solution for remotely monitoring employees, planning tasks, and managing workplace incidents.

“The acquisition of Genasys enables LRAD to significantly enhance its advanced mass notification capabilities and pursue broader geolocation based mass messaging projects and services,” stated Richard S. Danforth, Chief Executive Officer of LRAD Corporation. “Many of the mass notification opportunities we target, including universities, cities, and countries, require an integrated location-based mass messaging service. With this acquisition, LRAD expects to generate revenue on initial installations and recurring revenue from long-term support contracts for updating and maintaining the messaging service over the life of the installations.”

“I am eager to leverage LRAD’s worldwide sales channels to seek accelerated growth of the Genasys mass notification software solutions,” remarked Pablo Colom, Genasys’ Chief Executive Officer. “Genasys has a solid track record of location-based mass messaging integrations and deployments, which include solutions for small workgroups to fully integrated country-wide systems. The synergies of Genasys’ push notification products and LRAD’s award-winning mass notification systems will provide state-of-the-art solutions to communicate potentially lifesaving information to those affected by severe weather, man-made and natural disasters and other emergencies.”

Revenues for Genasys in calendar 2017 (unaudited) were €1.9 million. Total consideration for the acquisition is €3.1 million, which includes a €1.9 million purchase price and the assumption of €1.2 million of debt.

Management will host a conference call to discuss the Genasys acquisition on Monday, January 22, 2018, at 12:00 pm U.S. EST. To access the conference call, dial toll-free 888.567.1602 from the U.S., or international at +1.404.267.0373. A webcast will also be available at the following link: https://www.webcaster4.com/Webcast/Page/1375/24207. A replay of the call will be available approximately four hours after the call concludes, and remain available for 90 days at the aforementioned webcast link. Questions to management may be submitted before or during the call by emailing them to [email protected].

About LRAD Corporation

Using advanced technology and superior voice intelligibility, LRAD Corporation’s proprietary Long Range Acoustic Devices® and revolutionary ONE VOICE® mass notification systems are designed to enable users to safely hail and warn, inform and direct, prevent misunderstandings, determine intent, establish large safety zones, and resolve uncertain situations. LRAD systems are in service in more than 70 countries around the world in diverse applications including mass notification and public address, fixed and mobile defense deployments, homeland, border, critical infrastructure, maritime, oil & gas, and port security, public safety, law enforcement and emergency responder communications, asset protection, and wildlife control and preservation. For more information, please visit www.LRAD.com.

About Genasys Holding S.L.
Genasys Holding S.L. is backed by Adara Ventures and Caixa Capital Risc, and is a leading software provider of advanced location-based mass messaging solutions for Emergency Warning Systems and Workforce Management. For more information, please visit www.LRAD.com/genasys.

Forward Looking Statements

Except for historical information contained herein, the matters discussed are forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934. You should not place undue reliance on these statements. We base these statements on particular assumptions that we have made in light of our industry experience, the stage of product and market development as well as our perception of historical trends, current market conditions, current economic data, expected future developments and other factors that we believe are appropriate under the circumstances. These statements involve risks and uncertainties that could cause actual results to differ materially from those suggested in the forward-looking statements. These risks and uncertainties include those associated with the integration of Genasys into the Company’s business, that the anticipated benefits and synergies of the transaction may not materialize as expected, that customer demand for the integrated product offerings may not meet expectations, and other risks and uncertainties identified and discussed in our filings with the Securities and Exchange Commission. These forward-looking statements are based on information and management’s expectations as of the date hereof. Future results may differ materially from our current expectations. For more information regarding other potential risks and uncertainties, see the “Risk Factors” section of the Company’s Form 10-K for the fiscal year ended September 30, 2017. LRAD Corporation disclaims any intent or obligation to update those forward-looking statements, except as otherwise specifically stated.

Company Contact

E. Brian Harvey
Director, Investor Relations and Capital Markets
858.753.8974
[email protected]

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

On January 5, 2017, the U.S. Department of Commerce and the U.S. Department of Homeland Security released a draft report to President Trump in response to the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure issued on May 11, 2017.

The report, which was created with broad input from stakeholders and experts, summarizes the opportunities and challenges in reducing the botnet threat, and offers supporting actions to be taken by both the government and private sector in order to reduce the threat of automated cyber-attacks.

Alert (TA18-004A) Meltdown and Spectre Side-Channel Vulnerability Guidance

Systems Affected

CPU hardware implementations

Overview

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown(link is external) and Spectre(link is external)— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Description

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware. Meltdown affects desktops, laptops, and cloud computers.  Spectre is a flaw that an attacker can exploit to force a program to reveal its data. The name derives from speculative execution—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, cloud servers, and smartphones. Many of these security issues are remediated through the Kernel Address Isolation to have Side-channels Efficiently Removed (KAISER) patch described in detail in an academic paper named “KASLR is Dead: Long Live KASLR.” While this paper identifies a fix for Linux operating systems, the exploit concepts in the article can apply to other operating systems.

More details of these attacks are described in detail by

Impact

An attacker can gain access to the system by establishing command and control presence on a machine via malicious Javascript, malvertising, or phishing. Once successful, the attacker’s next attempt will be to escalate privileges to run code on the machine. Running code will allow the attacker to exploit the Meltdown and Spectre vulnerabilities. Sensitive information could be revealed from a computer’s kernel memory, which could contain keystrokes, passwords, encryption keys, and other valuable information.

Solution

NCCIC encourages users and administrators to refer to their hardware and software vendors for the most recent information. In the case of Spectre, the vulnerability exists in CPU architecture rather than in software, and is not easily patched; however, this vulnerability is more difficult to exploit. 

MICROSOFT

Microsoft has temporarily halted updates for AMD machines. More information can be found here: https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices(link is external)

For machines running Windows Server, a number of registry changes must be completed in addition to installation of the patches.  A list of registry changes can be found here: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution(link is external)

ANTIVIRUS

Microsoft has recommended that third-party antivirus vendors add a change to the registry key of the machine that runs the antivirus software. Without it, that machine will not receive any of the following fixes from Microsoft:

  • Windows Update
  • Windows Server Update Services
  • System Center Configuration Manager 

More information can be found here: https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software(link is external).

MITIGATION

Mitre has published Common Vulnerability and Exposure (CVE) notes for Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).

NCCIC recommends administrators review CISCO TALOS Snort SIDs: 45357 – 45368  and apply the necessary updates. These twelve rules were released as an emergency update on January 4, 2018, to cover the detection of Meltdown and Spectre side-channel vulnerabilities, and relate to CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. These signatures cover the specific proofs of concept and sample code outlined in the Spectre and Meltdown whitepapers. While these signatures have the potential to detect variants, they may not work for all cases.

The table provided below lists available advisories and patches. As patches and firmware updates continue to be released, it is important to check with your hardware and software vendors to verify that their corresponding patches can be applied, as some updates may result in unintended consequences. Note:Download any patches or microcode directly from your vendor’s website.

NCCIC recommends using a test environment to verify each patch before implementing.

After patching, performance impacts may vary, depending on use cases. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect, if possible.

Additionally, users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.

 

Vulnerability Note VU#584653

__________________________________________

CPU hardware vulnerable to side-channel attacks

__________________________________________

 

 

 

 

Overview

CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.

Description

Note: This Vulnerability Note is the product of ongoing analysis and represents our best knowledge as of the most recent revision. As a result, the content may change as our understanding of the issues develops.

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These attacks are described in detail by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz) and Anders Fogh. The issues are organized into three variants:

  • Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
  • Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
  • Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load, memory access permission check performed after kernel memory read

Spectre

Spectre attacks take advantage of a CPU's branch prediction capabilities. Modern CPUs include a feature called branch prediction, which speculatively executes instructions at a location that the CPU believes it will branch to. Such speculative execution helps to more fully utilize the parts of the CPU, minimizing the time waiting, and therefore improving performance. When a branch is successfully predicted, instructions will retire, which means the outcomes of the instructions such as register and memory writes will be committed. If a branch is mispredicted, the speculatively-executed instructions will be discarded, and the direct side-effects of the instructions are undone. What is not undone are the indirect side-effects, such as CPU cache changes. By measuring latency of memory access operations, the cache can be used to extract values from speculatively-executed instructions.

With Spectre variant 1 (CVE-2017-5753), the instructions after a conditional branch are speculatively executed as the result of a misprediction. With Spectre variant 2 (CVE-2017-5715), the CPU executes instructions at a location determined by a mispredicted branch target.

With both variants of the Spectre attack, the impact is that a process may leak sensitive data to other processes on a system. Spectre may also allow one part of an application to access other parts of the same process memory space that would otherwise not be permitted.

While the Spectre attack itself does not cross a user/kernel memory privilege boundary, depending on the configuration of the target platform, the Spectre attack may indirectly allow a user-space application to access kernel memory. For example, the Project Zero blog post describes a scenario that uses eBPF to exfiltrate kernel memory contents into user-space code. This is made possible because eBPF JIT allows for userspace applications to inject code that is executed in kernel space. While this code is verified by the kernel, eBPF-compliant code will be allowed to execute with kernel permissions. The exploit described by Project Zero leverages eBPF to execute the Spectre attack in kernel space, while exfiltrating the data to user space. It is possible that other technologies that allow in-kernel code execution may also possibly be leveraged to leak kernel memory using Spectre.

Meltdown

Meltdown is related to the Spectre attack in that it also uses a cache side channel to access data that otherwise wouldn't be available. The main difference is that it leverages out-of-order execution capabilities in modern CPUs. Like speculative execution due to branch prediction, as used by Spectre, out-of-order execution on a CPU is a technique for ensuring fullest utilization of the CPU's parts. Although instructions may appear sequentially in the machine language, a CPU that supports out-of-order execution may execute instructions in a non-sequential manner, which can minimize the time that a CPU spends idle.

Meltdown leverages insecure behavior that has been demonstrated in Intel CPUs and may affect CPUs from other vendors. Vulnerable CPUs allow memory reads in out-of-order instruction execution, and also contain a race condition between the raising of exceptions and the out-of-order instruction execution. The Meltdown attack reads a kernel memory value, which raises an exception because code running with user-space privileges are not permitted to directly read kernel memory. However, due to the race condition, out-of-order instructions following the faulting instruction may also execute. Even though instructions appear after the faulting instruction, out-of-order execution allows them to execute, using data retrieved from the instruction that raises the exception. By the time the exception is raised, some number of out-of-order instructions have executed. Although the raised exception causes the CPU to roll back the out-of-order instructions, the cache state is not reverted. This allows data from out-of-order instructions to persist beyond the point when the exception has been raised.

The impact of Meltdown is that a process running in user space is able to view the contents of kernel memory. Meltdown may also allow Spectre-like memory content leaking that does not cross the user/kernel privilege boundary.

The Linux kernel mitigations for Meltdown are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages. Because the Spectre attacks do not cross user/kernel boundaries, the protections introduced with KAISER/KPTI do not add any protection against them.

 

 

Impact

An attacker able to execute code with user privileges can achieve various impacts. The Meltdown attack allows reading of kernel memory from userspace. This can result in privilege escalation, disclosure of sensitive information, or it can weaken kernel-level protections, such as KASLR. The Spectre attack can allow inter-process or intra-process data leaks.

To execute code locally, an attacker would require a valid account or independent compromise of the target. Attacks using JavaScript in web browsers are possible. Multi-user and multi-tenant systems (including virtualized and cloud environments) likely face the greatest risk. Systems used to browse arbitrary web sites are also at risk. Single-user systems that do not readily provide a way for attackers to execute code locally face significantly lower risk.

 

 

 

Solution

Apply updates

Operating system, CPU microcode updates, and some application updates mitigate these attacks. Note that in many cases, the software fixes for these vulnerabilities will have a negative affect on system performance. Also note that Microsoft Windows systems will no longer receive security updates via Windows Update if they are not running compliant anti-virus software. As with deploying any software updates, be sure to prioritize and test updates as necessary.

Consider CPU Options

Initial reports from the field indicate that overall system performance is impacted by many of the available patches for these vulnerabilities. Depending on the software workflow and the CPU capabilities present, the performance impact of software mitigations may be non-trivial and therefore may become an ongoing operational concern for some organizations. While we recognize that replacing existing CPUs in already deployed systems is not practical, organizations acquiring new systems should evaluate their CPU selection in light of the expected longevity of this vulnerability in available hardware as well as the performance impacts resulting from the various platform-specific software patches. Deployment contexts and performance requirements vary widely, and must be balanced by informed evaluation of the associated security risks. Contact your system vendor to determine if the CPU and operating system combination will experience a performance penalty due to software mitigations for these vulnerabilities.

Bureau of Prisons Tests Micro-Jamming Technology in Federal Prison to Prevent Contraband Cell Phones

 

On January 17, 2018, the Federal Bureau of Prisons (BOP), in collaboration with the National Telecommunications and Information Administration (NTIA) and the Federal Communications Commission, conducted a test of micro-jamming technology at the Federal Correctional Institution at Cumberland, Maryland.  The test was conducted to determine if micro-jamming could prevent wireless communication by an inmate using a contraband device at the individual cell housing unit level. 

Prior to this test, the BOP had conducted a limited cellphone jamming demonstration with NTIA in 2010, at the same field site in Cumberland supporting NTIA’s congressionally-mandated study of cellphone interdiction technologies.  

As part of the Jan. 17 test, NTIA conducted an independent evaluation of micro-jamming technology to determine its efficacy and interference potential with Radio Frequency communications.  The BOP and NTIA will review the data and analysis results from both BOP’s and NTIA’s testing and develop recommendations for strategic planning and possible acquisition.

“Contraband cell phones in prisons pose a major and growing security threat to correctional officers, law enforcement officials, and the general public,” said Assistant Attorney General Beth Williams of the Justice Department’s Office of Legal Policy.  “As criminals increase their technological capacity to further criminal activity from within prisons, we must also explore technologies to prevent this from happening.  This test is part of our ongoing efforts to find a solution.” 

Contraband cellphones have been an ongoing correctional security and public safety concern for the BOP as well as for state and local correctional agencies across the country.  Contraband phones are used to further ongoing criminal activity, including threats to public officials, intimidation of witnesses, and continuance of criminal enterprises.  

The BOP will continue to evaluate cell phone detection technologies and work with its federal partners and Congress to achieve cost-effective options to combat this threat to corrections and public safety.  The agency does not endorse any specific vendor or product. 

BlackRidge Technology Forms Government Advisory Board and Appoints Four Proven Leaders

RENO, Nev., Jan. 17, 2018 -- BlackRidge Technology International, Inc. (OTCQB: BRTI), a leading provider of next generation cyber defense solutions, has formed a Government Advisory Board and named David L. Peed, Kevin Carroll, Rhett A. Hernandez, and Cindy E. Moran to the board. The BlackRidge Government Advisory Board was created to add expert executive perspective and insights into the specific network and cyber security needs of the U.S. Department of Defense (DoD) IT environment as well as mission-critical federal government networks. BlackRidge products have completed the rigorous testing process required for use in DoD information networks.

The BlackRidge Government Advisory Board inaugural appointees are


    •    David L. Peed, who will chair the advisory board. Mr. Peed is currently Vice President and General Manager of Equinix Government Solutions responsible for shaping and executing Equinix's Americas Public Sector strategy. Previously he was the President of ITekFED of which he co-founded. Mr. Peed is the former VP & GM for Ciena Government Solutions, Inc. (CGSI) where he was instrumental in the growth of the organization during his nine-year tenure with Ciena. Under his leadership, CGSI became a major player in critical networks for the U.S. Department of Defense, Internet2, as well as many others in the government community. Mr. Peed has more than 30 years of experience in the telecom industry.


    •    T. Kevin Carroll, President of The Kevin Carroll Group from 2007 to the present. Mr. Carroll provides consulting advice to information technology companies on Federal Government acquisitions, with key focus on the Department of Defense, Veteran Administration and Army procurements. Previously he was the Army Program Executive Officer, Enterprise Information Systems (PEO EIS), responsible for the program management of the DOD and Army business and combat service support systems, as well as related Army communication and computer infrastructure. Mr. Carroll has over 30 years in government service, primarily in leading Army information technology procurement and contracting organizations.


    •    Rhett A. Hernandez, LTG, Retired,who served nearly 40 years in the United States Army as a Commander, Senior Staff Officer and Strategist, focusing on combat operations and cyber security. His last active duty assignment was as the first Commander of Army Cyber Command, where he was responsible for the daily operations, defense and risk management of all Army networks. Mr. Hernandez also served in numerous command and key staff assignments, including Deputy Chief of Staff for Army Operations, Commander Human Resources Command and Operations Division, and senior military advisor to Ambassador Saudi Arabia. He currently serves as the West Point Cyber Chair to the Army Cyber Institute and as President, CyberLens, LLC, which focuses on leadership, strategic planning, and risk management.


    •    Cindy E. Moran, a highly regarded expert within the defense information systems field having spent nearly 30 years working for the DoD with communications networks. Ms. Moran is currently the President and managing partner for Pikes Way LLC, an IT consulting firm specializing in strategic planning and management in the telecommunications sector. Her post government experience has her serving as a director on public and private boards. She previously served as the Director for Network Services, Defense Information Systems Agency (DISA), where her responsibilities included systems management of all DISA terrestrial and satellite communications networks supporting the DoD Information Network (DODIN). Ms. Moran has held multiple positions in support of DoD information technology systems, including hands-on network and system administration roles.
"The BlackRidge Government Advisory Board appointees bring extensive experience and strategic insights to BlackRidge, to help us advance the company as a trusted provider of world-class cyber security solutions to public sector customers," said Bob Graham, Chairman and CEO of BlackRidge Technology. "We look forward to working with these outstanding individuals who are proven leaders and have extensive backgrounds in building and securing highly sensitive networks."


About BlackRidge Technology


BlackRidge Technology provides an adaptive cyber defense solution that enables our customers to deliver more secure and resilient business services in today's rapidly evolving technology and cyber threat environments. The BlackRidge Adaptive Trust solution provides end-to-end security that proactively isolates cloud services, protects servers and segments networks. Our patented First Packet Authentication™ technology authenticates user and device identity and enforces security policy on the first packet of network sessions. This new level of real-time protection blocks or redirects unidentified and unauthorized traffic to stop attacks and unauthorized access. BlackRidge was founded in 2010 to commercialize its military grade and patented network security technology. For more information, visit www.blackridge.us.

Dragos Announces New 5-Day, Hands-On Industrial Control Systems Cybersecurity Course on Assessing, Monitoring and Hunting Industrial Threats

HANOVER, Md., Jan. 17, 2018 -- Industrial control systems (ICS) cybersecurity company Dragos, Inc. announced today the addition of a new, 5-day ICS cybersecurity course: "Assessing, Monitoring, and Hunting ICS Threats." The course is hosted at Dragos' state-of-the-art training center in Hanover, Maryland and is aimed to help information technology (IT) and operational technology (OT) security professionals increase their industrial cybersecurity best practices expertise, expand their knowledge of industrial environments, and more effectively secure their environments. The course also leverages the team's software technology, the Dragos Platform, to better enable customers and introduce them to complex environments and attacks outside of those they might face at their own organizations.

"Assessing, Monitoring, and Hunting ICS Threats" offers students:

  • 5 days of in-depth training on ICS basics, best practices, environment assessments, threat hunting, and industrial network monitoring
  • Access to ICS cyber ranges and individual training stations equipped with control system kits
  • Immersion into real-world ICS scenarios through various hands-on labs and exercises
  • Instruction from Dragos' team of ICS experts and practitioners who have boots-on-the-ground experience securing industrial control systems and surrounding infrastructure

"The industrial community faces shortages of both the talent and technology required to keep pace with threats and the methods they use," said Robert M. Lee, Dragos CEO and Founder. "Dragos training classes are a key element of Dragos' response to these challenges and just one of the ways we transfer our team members' knowledge and experience as ICS defenders back into the community."

The next class is scheduled for February 26, 2018. More details about the course can be found at www.dragos.com/training/.  Contact [email protected] for more information.

About Dragos
Dragos applies expert human intelligence and threat behavioral analytics to redefine industrial control system (ICS) cybersecurity.  Its industry-first, ICS cybersecurity ecosystem provides industrial security practitioners with unprecedented situational awareness over their environments, with comprehensive threat intelligence, detection, and response capabilities.  Dragos' solutions include the Dragos Platform, software providing ICS-specific asset discovery, threat detection, and response capabilities; Dragos Threat Operations Center, providing ICS threat hunting, incident response services, and ICS cybersecurity training; and Dragos ICS WorldView, providing global, ICS-specific threat intelligence in the form of weekly reports.  Headquartered in metropolitan Washington DC, Dragos' team of ICS cybersecurity experts are practitioners who've lived the problems the industry faces hailing from across the U.S. Intelligence Community to private sector industrial companies.   For more information, please visit dragos.com.

HID’s Statement about Security Flaws “Meltdown” & “Spectre”

Last week, cyber security researchers revealed two major security flaws that allegedly affect processing chips in a large number of devices.  The world was taken by surprise, and virtually every tech company has had to look at the potential impact of these flaws on their products.  Taking the security of HID products extremely seriously, we are in the process of doing a thorough investigation of these flaws, which are known as “Meltdown” and “Spectre.”

Given this complex situation that has shaken the world of computer security, we have analyzed all HID products for these two vulnerabilities in processors, and we present our initial findings here.  While we design defense-to-attack into our product development practices and the vast majority of our products are not vulnerable to Meltdown or Spectre, the third-party operating systems that are beyond our control may be.  Consequently, we urge customers to be sure to install the latest patches for the operating systems of their devices. 

We would encourage all customers to review the following information carefully.  HID’s Technical Support team is available if you have any questions or require further clarifications.  For detailed technical conversations, you can also email [email protected].  If you want to communicate something in a confidential manner, we urge you to visit the security pages at www.hidglobal.com/security-center where you will find HID’s guidelines and responsible disclosure policy.

We have arranged the following information in generic “product groupings” and have addressed specific areas.  If you cannot locate your product of interest, please do not hesitate to contact us.

All HID products, drivers, etc installed on Windows, Linux or MacOS

All products, drivers, interfaces, applications etc. that HID has authored rely on the underlying operating system principles of third-parties, and the associated processor hardware, and, therefore, MAY be vulnerable to Spectre and Meltdown, depending on the platform that you have installed these on.  We urge you to contact the developer of the operating system to obtain and install the latest patches provided.

All HID products, drivers, etc installed on iOS or Android

All “apps” that HID has authored rely on the underlying operating system principles of a third-party, and processor hardware, and therefore MAY be vulnerable to Spectre and Meltdown, depending on the platform that you have installed these on.  We urge you to visit your device manufacturer website for their input on next steps you should take.

All HID products delivered through Web Presence

All of our hosted infrastructure has industry-standard best practices applied, preventing malware of any kind from being applied and/or installed.  For the Spectre or Meltdown vulnerabilities to be exploited, malware would have to be installed into our systems.  Despite our defense in depth, we are actively working with our vendors to understand patching approaches to the underlying third-party computing platforms to providing protection from Spectre and Meltdown vulnerabilities

We utilize industry-standard security modules (HSM) and we are working with our vendors to understand their position.   We will update customers in the event we have relevant information, but at this stage we are a “closed system” and the attack surface is small and heavily protected.

All HID products delivered as a Virtual Machine

HID products delivered as a virtual machine may be susceptible to Spectre and Meltdown vulnerabilities, because the virtual machine is running on a third-party virtualization platform.  Therefore, it is the third-party platform that will require patching and updating.  We urge you to contact the provider of your virtualization platform for further information and patches.

All HID Products delivered as an Appliance

All of our products delivered as appliances have industry-standard best practices applied in order to prevent malware of any kind being installed.  Malware would have to be installed for the Spectre or Meltdown vulnerabilities to be exploited.  Nevertheless, HID is actively working with our vendors to understand patching approaches to the underlying computing platforms and we will update this post in the event that have more information

Specific Point Product Discussions

HID Lumidigm Fingerprint Sensors

Our devices are not vulnerable to the Spectre or Meltdown attacks; however, the third-party operating system support in the connected host may be vulnerable depending upon your patch level.  We urge customers to ensure that the latest operating system patches available are installed in these upstream computing platforms.

HID Fargo Card Printers

Our current shipping printers are not vulnerable to Spectre or Meltdown attacks.

Cards and Credentials (including ActivID tokens)

None of our physical card or credential technologies are susceptible to either of Spectre of Meltdown

Controllers

The Spectre and Meltdown issues do not affect our “VertX Evo”, “EDGE EVO”, and “EDGE EVO Solo” controllers.

Similarly, our Mercury controller product lines are not vulnerable to Spectre or Meltdown attacks

Credential Encoders

HID credential encoders themselves are not vulnerable to either Meltdown or Spectre attacks; however, the host systems may be and we urge customers to upgrade to the latest patch level available.

Embedded Modules

None of our embedded range of products are susceptible to Spectre or Meltdown; however, because these are connected devices, any upstream devices may be vulnerable.  We urge customers who are using connected devices to check the patch level of the host device system and to make appropriate decisions on patching based on upstream third-party system processor platforms.

Readers – Physical Access

None of our physical access reader products are affected by the Spectre or Meltdown vulnerabilities. However, our reader products are connected upstream and we urge customers to check these upstream devices for vulnerability and to upgrade all third-party operating system patch levels to guard against any potential threats.

Readers – Logical Access

None of our logical access reader range of products are susceptible to Spectre or Meltdown. However, these are (typically) USB-connected devices and the host may be susceptible.  We urge customers to check the patch level of the host device system and to make appropriate decisions on patching based on upstream, third-party system processor platforms.

Pages

 

Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...