While unmanned aerial systems (UAS or drones) are banned from flying over military bases, there isn’t much legally that the military can do to stop a drone intruder. However, if they were given the authority to stop these intruders, surely the market for anti-drone technology and tools would explode. Market research firm, Frost & Sullivan, estimates that the anti-drone industry is worth between $500 million and a billion right now—and Frost & Sullivan aren’t the only market researchers with that estimate. Other market research firms project estimates of $1.5 billion by 2023. These estimates are based largely on military acquisitions.

Of course, with the current legal state, these anti-drone technologies are currently useless. Counter drone systems range from trained attack eagles to radio jammers directed to energy systems like lasers. And some of these systems are expensive. For example, Blighter Surveillance Systems new anti-drone system, which was purchased by the Spanish military, costs about $1 million. Of course, that system includes a 24-hour, all-weather system with visible and thermal imagery capabilities, acoustic detection, and radar with a 10 kilometer range. When a drone is targeted by this system it sends a jam signal that disables the intruder drone. Most anti-drone systems work by attacking a drone’s radio transmissions or taking complete control of the drone and initiating a forced landing. However, none of these systems are legal in the United States because they interfere with legal radio transmissions such as wireless computer networks, which puts the jammer in the sights of the Federal Communications Commission (FCC).

There are other more brute force methods—a net fired by a bazooka-type launcher, attack drones (i.e., a ‘dog fight’ between drones)—but these methods are not permitted under the Federal Aviation Administration (FAA) because drones are afforded the same legal protections as manned aircraft. Brining a drone down is a felony regardless of how or why it is done. So, downing a drone even over a military base is treated the same way as if it had been a civilian aircraft.

A new study by Google, the University of California Berkeley and the International Computer Science Institute has concluded that email users are being threatened by massive credential theft and phishing schemes are the primary way hackers are stealing credentials.

According to the study, phishing victims are 400 times more likely to have their email accounts hijacked compared to regular Google users. Victims of data breaches are 10 times more likely to have their email addresses hijacked and keylogger victims are 40 times more likely to become victims of email hijacking.

How the attacker acquired the victim’s credentials is directly linked to whether the email account can be hijacked. 7 percent of those whose information was breached in a third party data breach had their gmail account password exposed, compared to 12 percent of keylogger victims and 25 percent of phishing victims.

What this says to me is that it is very important to change your password to access your email account any time you are advised that you have been involved in any type of compromise, and even if you don’t get notice, change the password on your private email account frequently. Remember to use pass phrases, as they are easier to remember [related blog post about passwords].

Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require longer and more complicated login user names and passwords. I can barely remember my name as it is….let alone the now at least 25 unique user names and passwords I have to keep in a notebook. I have security fatigue! Continue Reading Do You Have “Security Fatigue”?

Michigan Governor Rick Snyder has signed into law the Cyber Civilian Corps Act, which established the Michigan Cyber Civilian Corps, dubbed MiC3, which has been in existence for three years, but not statutorily deployed.

The law, which was effective on October 26, provides authority for the Governor to reach out to a cadre of cyber experts to assist when the state is the victim of a cyber attack and to assist with any security incidents. The law allows the corps to provide voluntary technical and other assistance, and can include members from the government, nonprofits, businesses, higher education, and other stakeholders to come together to assist with the cybersecurity needs of the state. Michigan describes it as similar to volunteer firefighters.

What a great idea!

The Consumer Financial Protection Bureau(CFPB) recently issued principles for the access and disclosure of sensitive data in the financial services industry. The CFPB referred to the guidelines as principles instead of regulations so fintech and other firms can innovate while protecting consumers’ information, and give consumers the ability to consent to the sharing of information in order for products and services to be offered to them.

According to its press release, the CFPB “seeks to ensure a workable data aggregation market that gives consumers protection and value.”

The principles are designed to protect consumers as the market for services using consumers’ data develops. The principles center around “data access, data scope and usability, control of the data and informed consent, payment authorizations, data security, transparency on data access rights, data accuracy, accountability for access and use, and disputes and resolutions for unauthorized access.”

The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018.

The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name along with: a driver’s license number, Social Security number, financial account number, credit or debit card number (with a security code, expiry date or password that would allow the card to be used) or taxpayer identification number. Continue Reading Maryland Data Breach Notification Law Updated: Effective 1/1/18

Beazley has published a report outlining data breaches in the first nine months of 2017. The report notes that the highest cause of a data breach in 2017 so far are unintended disclosures, which accounted for 41 percent of all incidents. Beazley stated: “We urge organizations not to ignore this significant risk and to invest time and resources towards employee training.”

Although we hear about the healthcare industry being attacked with hacking, malware and ransomware, the report notes that they accounted for 19 percent of breaches between January and September. Phishing and social engineering attacks have increased, particularly with fraudulent instruction incidents and W-2 phishing scams.

Consistent with our experience, insider threat by employees continues to rise, with employees looking in others’ records or sending information to their personal email accounts or taking information off premises. According to the Beazley report, these incidents account for 15 percent, up from 12 percent last year. These numbers are helpful to the health care industry in determining risk

Stating the obvious, college is one of the most important and expensive investments Americans make. In addition to tuition costs, from a consumer perspective, other factors should be important in deciding on a college, including graduate employment prospects, average student loan debt, and average number of semesters taken to complete a degree. If you were making a decision on buying a car, you would have access to a tremendous amount comparative information, some generated and collected by the federal government, and other information coming from the manufactures themselves.

Despite the fact that vast amounts of very detailed consumer information exists regarding colleges that could be used by students for comparison purposes, the Higher Education Act currently prevents the collation and publication of this otherwise useful comparative data. As a result of the Higher Education Act, students are left with incomplete and inconsistent data to base their college decision on.  Continue Reading Empowerment or Intrusion? The College Transparency Act of 2017

It’s that time of the year again, budget season. A time when organizations set priorities on how to strategically spend their money in 2018. In the information technology (IT) world this can be a daunting task for any CIO.

According to Gartner, artificial intelligence (AI), machine learning, and tools such as conversational platforms, digital twins and blockchain should be at the top of the list. Continue Reading A CIO Budget Playbook for 2018

In the wake of the national opioid overdose crisis, the Office for Civil Rights (OCR) has provided clarification on when covered entities are permitted to disclose patient information during opioid emergencies.

The OCR commented that some health care providers believe that they must have the patient’s consent in order to share information with family members about a patient’s opioid overdose.

The OCR has clarified that health care providers may share limited protected health information in natural disasters and during drug overdoses, if sharing the information could prevent or lessen a serious and imminent threat to a patient’s health or safety. Continue Reading OCR Clarifies Privacy Rule for Sharing PHI on Opioid Overdoses