Enough Blame to Go Around

Software makers invariably leave security vulnerabilities in their products. They take pains to remove bugs and most test the software thoroughly to reveal shortcomings. They rarely catch all the potential problems even when they apply a lot of time, skill and money. Those who claim software can be thoroughly debugged and vulnerability-free reveal their inexperience […]

In Cybersecurity, Some Regulations May Hike Productivity

Cyberattacks are distressingly common.  Chronicles of these criminal attacks against US government institutions and corporations are much alike — private information for thousands or millions of victims is exposed to misuse by criminals who are seldom identified or caught.  The database operator offers its regrets to the consumer victims and as penance pays for a […]

ACI in Forbes: Cybersecurity Alert … Your GPS Works, but Not For Long

On September 1, 1983, Korean Airlines Flight 007 accidentally strayed into the Soviet Union’s airspace and was shot down by a Soviet Su-15 Interceptor, falling into the Sea of Japan and killing 269 passengers and crew, including about two dozen children and U.S. Congressman Larry McDonald. Ridiculously, the Soviets initially denied it, but later claimed […]

Cybersecurity–Our Worst People Can Defeat Best People

Most of us presume that official intelligence agencies run with deep paranoia, rarified sophistication, and beyond the control of laws that apply to the public at large.  Their target is to harvest warnings of enemy penetrations of our security and to discover our enemies’ capabilities and activities.  We cannot be sure how well they perform […]

Cyber-Attack Detection is Difficult, Needs Monitoring

Despite cyber-prowess and a staggering and secret budget, US intelligence agencies appeared unable to halt a deep and sustained invasion of sensitive federal information.  In May, an attack hit the IT system of the Office of Personnel Management (OPM) and its data stored at the Department of the Interior’s data center. Information for about 4 […]

ACI in the HILL: Chip/PIN, Best Near-term Solution

A recent piece in The Hill’s Congress Blog missed some important points on the security benefits that chip and PIN technology provides. While I agree with the author’s view that there is no silver bullet for preventing all credit card fraud, chip and PIN is the best available near-term solution to protect American consumers from […]

It’s No Longer Safe to Ignore Cybercrimes

The nation-state hackers breaching our government and private information systems are the same enemies we face in the physical world.  They are the same countries that demonstrate no respect for human life, and certainly none for privacy.  Although our laws give the military and law enforcement a monopoly on fighting back against cybercriminals, the weakness […]

Cyber Security Might Begin With Modest Legislation

  Several data security bills are afoot in the House.  They identify obligations triggered by a cyber-breach of entities who collect and maintain personal information of individuals.  A congressional bill, H.R. 1770, defines personally identifiable information (PID) and requires notification of consumers whenever there is an important breach of PID that is stored by a […]

ACI Statement on the Upcoming Cybercrime Hearing

On January 27, the House Subcommittee on Commerce, Manufacturing and Trade will host a hearing to discuss solutions to the ever-growing problem of cybercrime. The Committee has recognized the need for a solution that could help alleviate the consequences consumers face in the event of a data breach. Chip and PIN technology is one such […]

Sony, North Korea, the US, and the Mistake of Hackers

Consumers were alerted to the cyber-attack on Sony evidently conducted by North Korea (NK) in return for a stoner movie called The Interview.  As it stands, the US seems to be doing little and Sony has round-filed the offending movie.  Sony executives had let their sharp tongues overrun their good judgment in emails that criticized […]