@williamlweaver, I am still not a fan of government regulation into the security aspects of private business. (Businesses contracting for the goverment, being granted special access to goverment property, or dealing with control substances / products are a differnt case). It is up to individual businesses to secure their data as they see fit - just like they are responsible for their own own physical security. A Fortune 500 company might need a different plan than Joe's Corner Panel Shop.
Well stated, @Jack. Perhaps what I am thinking about is more like a voluntary ISO certification for security practices. That way business could evaluate potential suppliers and partner firms based on their level of security vulnerability. My thoughts are also affected by our security practices here at our university. Each Fall semester, the school welcomes over 5,000 devices that need to access the school's network to complete their studies. Each device must pass a configuration test and download security software before it is able to connect to the network. In this scenario, the school acts as the regulatory authority... there are lots of regulatory levels we could get to before we need to engage the federal government. =]
williamlweaver, thanks for telling about your school's security procedures. I did some industry research in security a few years ago, after several rather public scandals involving lost or stolen mobile devices containing highly private, personal and/or compromising data (financial and otherwise). At that time, mobile devices were considered one of the number one unsecured holes in corporations, so it's good to know that recognition of that problem has reached universities.
Hi Ann, there have been some growing pains since our first wireless hub that we hung up in the lab back in the the late 90's, but the security steps we have taken are common-sense procedures. Our school has done away with our anonymous WiFi. All users must now provide their school log-on credentials to access the network. It is of course not fool proof, especially when phones and tablets that have remembered passwords are stolen. At the very least, access is role-based with students, faculty, and administrators all having different levels of accesses. When students physically plug into their dorm rooms with cable (must faster than saturated WiFi), their devices must be running the anti-virus software provided for free by the university, have all of the latest OS security patches installed, and be running a small app provided by the university that evaluates the security-level of the device. With so many laptops returning from the Summer break, it is difficult to keep the number of viruses running through the network in check, but IT does a great job.
My other concern mirrors the scandals involving lost or stolen mobile devices. Not permitting sensitive data to be saved or transmitted would be a nice technological trick, but it appears feasible to require multi-component verification when logging on, especially from a new location or device. Similar to how Google requires a password and a PIN sent to your mobile device, I imagine we could go a long way in production floor security if parameter or code changes needed to be approved by another set of eyes on-call --- that at least would cut down on the number of disgruntled former (or soon to be former) employees that place time-bombs in systems before they leave. With such a push for collaboration, I'm kind of surprised that so many individuals can make un-reviewed software changes on their own...
Richard--Excellent article. I live in a community of approximately 50,000 people. In a city of that size, you would definitely not expect an issue with hacking BUT, we have had such an event occur with our local water and sewage facilities. It seems the hackers were not necessarily bent on impeding the performance of the facilities because there were no viruses downloaded to interrupt operations. They did it simply because they could. Maybe it was a "trial run", who knows. No damage done but the "city fathers" certainly had their wake-up call. Prior to my retiring from GE, our IT guys were working on protecting the factory floor. The computer component of the business has been protected for years but the production facilities were not really considered vulnerable until a few years ago. Again, great post.
williamlweaver, thanks for that description. Sounds like your school has hired good security consultants/staff and has carefully thought out the whole process--or let the experts do it. One other thing might be to insist on the use of laptops with a ton of security features on them, such as Fujitsu's LifeBooks aimed at corporate users, although they tend to be too pricey for students
The first Tacoma Narrows Bridge was a Washington State suspension bridge that opened in 1940 and spanned the Tacoma Narrows strait of Puget Sound between Tacoma and the Kitsap Peninsula. It opened to traffic on July 1, 1940, and dramatically collapsed into Puget Sound on November 7, just four months after it opened.
Noting that we now live in an era of “confusion and ill-conceived stuff,” Ammunition design studio founder Robert Brunner, speaking at Gigaom Roadmap, said that by adding connectivity to everything and its mother, we aren't necessarily doing ourselves any favors, with many ‘things’ just fine in their unconnected state.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.