Blue Mountain Data SystemsTech Update Summary

October 2017

For CTOs, CIOs & CISOs

Visit Blue Mountain Data Systems https://www.bluemt.com

For CTOs, CIOs & CISOs

Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue

Mountain Data Systems Blog. We hope you will visit our blog for the latest information.

You can also receive these updates via email. Click here to subscribe.

Here’s the summary of the Daily Tech Updates for October 2017. Hope the information and ideas prove

useful.

Best,

Paul Vesely

President and Principal Architect

Blue Mountain Data Systems Inc.

Network Security

Network Security

CISO: Convincing Employees to Care About Network Security. Employees remain the biggest source of corporate cyber risk. According to the “IBM X-Force 2016 Cyber Security Intelligence Index,” staff members are responsible for 60 percent of all digital attacks endured by enterprises. In most cases, there’s no malicious intent. Employees may subvert network security by opening infected email attachments, falling for well-crafted phishing attacks, accessing compromised third-party apps or accidentally posting confidential information on social media sites. Read more[SECURITYINTELLIGENCE.COM]

Network Security

FEDERAL GOVERNMENT: Consolidating Federal Networks Could Lead to New Security Holes. For years, one of the chief aims of the IT modernization movement has been replacing the federal government’s outdated architecture. Before truly tapping into the transformative power of new software and security tools, the thinking goes, government must first scrap its ancient patchwork networks for a new unified IT infrastructure. Read the rest[FCW.COM]

OPINION: Why Chipmakers are Taking IoT Security Into Their Own Hands. As the IoT and chip industry both continue to grow more chipmakers will come to understand the importance of putting security and privacy first. Read more[NETWORKWORLD.COM]

Network Security

STATES: Federal Government Notifies 21 States of Election Hacking. The federal government has told election officials in 21 states that hackers targeted their systems before last year’s presidential election. The notification came roughly a year after U.S. Department of Homeland Security officials first said states were targeted by hacking efforts possibly connected to Russia. The states that told The Associated Press they had been targeted included some key political battlegrounds, such as Florida, Ohio, Pennsylvania, Virginia and Wisconsin. Find out more[USNEWS.COM]

Encryption

Encyption

NEWS: Attack Renders Popular Encryption Hardware Vulnerable. Popular chips used to encrypt smart cards and other hardware have security flaws rendering the encryption easy to crack. The software library for the latest-generation Infineon brand chips has a problem in its implementation of the RSA encryption standard, first discovered by researchers at the Centre for Research on Cryptography and Security. Companies including Google, Microsoft, Fujitsu, HP and Lenovo use the chips. Read more[THEHILL.COM]

Encyption

FYI: Serious Flaw in WPA2 Protocol Lets Attackers Intercept Passwords and Much More. Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol. Find out more[ARSTECHNICA.COM]

Encyption

DOJ: ‘Responsible Encryption’ is the New ‘Going Dark’. The DOJ calls for ‘responsible encryption’ to comply with court orders. Plus, there’s more bad cybersecurity news for banks, and Accenture data in AWS gets exposed. Read the rest[SEARCHSECURITY.TECHTARGET.COM]

HOMELAND SECURITY: Orders Federal Agencies to Start Encrypting Sites, Emails. Three-quarters of the federal government uses encryption. Homeland Security says that isn’t enough. Find out more[ZDNET.COM]

Databases

Databases

MongoDB: Wall Street Likes Databases, as MongoDB Soars Over 30 Percent in its IPO. MongoDB built and currently maintains an open-source database that rode the wave of interest in NoSQL databases over the last several years, as companies looking to create and deploy software applications at a faster pace looked for databases that were more flexible than the SQL databases traditionally used in enterprise computing. MongoDB charges money for a supported version of database and has built a few other products for monitoring as well as developer tools. Read more[GEEKWIRE.COM]

Databases

EVALUATE: NewSQL Databases Rise Anew — MemSQL, Spanner Among Contenders. The NewSQL database was almost hidden when Hadoop and NoSQL arose. Now, as more big data teams move toward production, MemSQL, Cloud Spanner and similar products may get a second look. Read the rest[SEARCHDATAMANAGEMENT.TECHTARGET.COM]

REPORTS: Microsoft Kept Quiet on Details of 2013 Cyber Breach. A secret, internal database that Microsoft uses to track bugs in its software was compromised by a hacking group more than four years ago, according to five former employees who spoke with Reuters. Find out more[THEHILL.COM]

Databases

NEW: Microsoft Ignite: SQL Server 2017 for Linux Goes Live; or Windows, If You Want. The preview Docker image has already been fetched 2 million times. Find out more[ARSTECHNICA.COM]

More About Blue Mountain

BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech

Federal Tech

FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape, Modernize Government Technology. The size and scope of the federal government’s information technology landscape only continues to grow and in a way that makes it incredibly difficult to change. In the Federal Chief Information Officers Council’s latest study, the current state of government IT is described as monolithic. And, it is not meant as a compliment. Read more[FEDERALNEWSRADIO.COM]

Federal Tech

OPINION: Government Efforts to Weaken Privacy are Bad for Business and National Security. The federal government’s efforts to require technology and social media companies to relax product security and consumer privacy standards – if successful – will ultimately make everyone less safe and secure. Read the rest[INFOSECURITY-MAGAZINE.COM]

PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies had to send DNA samples to government labs and wait for it to get tested, which could take days or even weeks. Find out more[GOVTECH.COM]

Federal Tech

MODERNIZATION: Making Modernization Happen. Now more than ever before, comprehensive IT modernization for federal agencies is a real possibility. The question that remains is whether President Donald Trump’s words and actions during his first months in office will be sustained by the administration and Congress in the months and years ahead. Read more[FCW.COM]

State Tech

State Tech

SURVEY: Cybersecurity Concerns May Keep One in Four Americans from Voting. Cybersecurity concerns may prevent one in four Americans from heading to the polls in November, according to a new survey by cybersecurity firm Carbon Black. The company recently conducted a nationwide survey of 5,000 eligible US voters to determine whether reports of cyberattacks targeting election-related systems are impacting their trust in the US electoral process. The results revealed that nearly half of voters believe the upcoming elections will be influenced by cyberattacks. Consequently, more than a quarter said they will consider not voting in future elections. Read more[HSTODAY.US.COM]

State Tech

ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is centralizing IT operations under Alaska’s newly created Office of Information Technology. But consolidating IT in a sprawling state like Alaska offers challenges not found in other environments, says the state’s new CIO Bill Vajda. Read the rest[GCN.COM]

ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter State IT. Jim Purcell wasn’t expecting a call from Alabama’s new governor, Kay Ivey, and he certainly wasn’t expecting her to ask him to head up the Office of Information Technology (OIT) – but that’s exactly what happened last week. Find out more[GOVTECH.COM]

State Tech

ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of Illinois, sought to become the nation’s first Smart State – a process that required reorganizing its 38 IT departments into one, improving government services, and finding new sources of innovation to apply to its revenue model. Within 18 months, Illinois rose in national rankings from the bottom fourth of state governments to the top third. Read more[ENTERPRISERSPROJECT.COM]

Electronic Document Management

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer Financial Protection Bureau wants to move to a public cloud setup for some of its core enterprise apps. The financial watchdog agency recently sent out a Request for Information (RFI) on the process, technical requirements and costs of moving to cloud services in fiscal year 2017. CFPB wants to establish a more complete understanding on the costs associated with moving fully to a cloud solution for email and office applications (e.g., documents, spreadsheets, presentations, SharePoint and more).Read the rest[FEDTECHMAGAZINE.COM]

Electronic Document Management

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about the many ways business document management can save your company time, space, and more importantly, loads of money. Here are the four most obvious ways these tools provide excellent return-on-investment. Read more[PCMAG.COM]

508 Compliance

Section 508 Compliance

WEBSITE AUDITOR: The Hot Job Title You Want. “The web accessibility compliance auditor is a field that every computer science and information systems student should think of pursing,” says Dr. James Logan, who is the quality assurance manager for Georgia Institute of Technology’s Enterprise Information Systems. “It really is just an extension of information systems. The field has so many opportunities for web developers.” Read more[BLACKENGINEER.COM]

Section 508 Compliance

FYI: Web Design to Accommodate the Dyslexic Reader. Of people with reading difficulties, 70-80% are likely to have some form of dyslexia. It is estimated that between 5-10% of the population has dyslexia, but this number can also be as high as 17%. Here are some CSS tips to consider when designing web content for dyslexics. Get the CSS tips. [ACCESSIBLEWEBSITESERVICES.COM]

WCAG 2.0: Checklists. It’s extremely useful to have a WCAG 2.0 checklist on hand when you’re working through the guidelines. A WCAG 2.0 checklist helps you to check your web accessibility progress, record how far you’ve come and set your targets out for the future. Find out more[WUHCAG.COM]

Section 508 Compliance

HOW-TO: 17 Website Adjustments You Can Make Today for Better Accessibility. In order to assure that websites and web applications are accessible to and usable by everyone, web designers and developers must follow the Web Content Accessibility Guidelines (WCAG 2.0) published by the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C), the main international standards organization for the Internet. It covers an expanded range of disabilities: blindness and low vision, deafness and hearing loss, learning disabilities, cognitive limitations, limited movement, speech disabilities, and photo sensitivity. Here are 17 adjustments you can make to your website now to make it more accessible. Read more[ACCESSIBLEWEBSITESERVICES.COM]

Security Patches

Security Patches

MICROSOFT VS. GOOGLE: Microsoft Hits Back at Google’s Approach to Security Patches. Microsoft’s Windows security team haven’t been happy with Google for the past year. While the pair are bitter rivals for a number of different reasons, Google disclosed a major Windows bug before Microsoft was ready to patch it last year. It irritated the company so much that Windows chief Terry Myerson authored a blog post criticizing Google for not disclosing security vulnerabilities responsibly. That resentment still remains today. Read more[THEVERGE.COM]

Security Patches

HOW TO: Fix the KRACK Wi-Fi Security Hole in Your Phone or Laptop. Researchers have announced that they had found a gaping security hole in WPA2, one of the most popular Wi-Fi communications encryption standards. But the exploit they uncovered that could allow hackers to steal even encrypted wireless data, dubbed KRACK, can be foiled by software updates. And the major tech hardware and software vendors quickly started announcing those fixes. Click here for key takeaways. [FORTUNE.COM]

Security Patches

ORACLE: Swats 252 Bugs in Patch Update. Hundreds of different products are affected by a range of vulnerabilities tackled in the update. Find out more[ZDNET.COM]

WINDOWS 10: Excel, Access, External DB Driver Errors Linked to this Month’s Patches. If you’re seeing new “Unexpected error from external database driver” error messages, chances are good you recently installed KB 4041681 (Win7), KB4041676 (Win10 1703), or any of this month’s Windows security patches. Read more[COMPUTERWORLD.COM]

CIO, CTO & CISO

For the CIO, CTO & CISO

CTO: FCC Names New CTO. Eric Burger was named chief technology officer of the Federal Communications Commission on Oct. 2. Burger previously served as director of the Security and Software Engineering Research Center, based in Muncie, Ind. The center focuses on telecommunications issues, including robocalling, access by people with disabilities and network stability. It represents researchers, faculty and students drawn from three institutions of higher learning: Ball State University, Virginia Tech and Georgetown University. Read the rest[FCW.COM]

CISO: Think About How Your Customers Actually Use Your Mobile Apps. It’s not every day that a veteran chief information security officer writes a book that blasts the mobile community for torpedoing enterprise security. Find out more[COMPUTERWORLD.COM]

CIO, CTO & CISO

CIO: 5 State CIOs Discuss Priorities, Share Recommendations. At NASCIO’s annual conference, five CIOs were given five minutes each to revisit their respective priorities and make recommendations based on their own experiences. Read more[GOVTECH.COM]

CISO: McDonald’s New CISO Shares Insights on Talking to the Board. What advice does the new CISO of fast-food giant McDonald’s, who has served as CISO at two other major corporations, have for how to communicate with the board of directors? Tim Youngblood says the key is to know that the board’s role is “to understand what is the risk to our organization and are we doing the right things to address that risk.” Read more[BANKINFOSECURITY.COM]

CIO, CTO & CISO

CISO: The Security Leader’s Expanding Role: Seven Priorities to Drive CISO Success. Some of the security leader’s tasks are project-based, but because the job is ongoing, CISOs need to remain cognizant of a set of priorities that can’t be left to chance. Here are seven priorities can help today’s CISOs stay on top of their game and keep their companies secure. Find out more[SECURITYINTELLIGENCE.COM]

Penetration Testing

Penetration Testing

DIGITAL GOVERNMENT: Security, Privacy, Usability – The 3 Legs of Login.gov Platform. The government’s fourth attempt to build a single sign-on identity management capability for federal services is off to a better start than its predecessors. The General Services Administration launched the Login.gov platform in April. The platform, which already has five agencies ready to test it out, experienced a spike of user accounts in October. Joel Minton, the director of the Login.gov platform run by GSA’s 18F organization, said they are driving privacy, security and usability to give citizens confidence in using federal services. Read more[FEDERALNEWSRADIO.COM]

Penetration Testing

SECURITY: The White Hat Brigade. The fight against cybercriminals involves a whole range of different offensive and defensive measures, from devices with built-in smart security to intelligent analytics tools that can watch the network for aberrant behaviour. Who might suspect, however, that one of the strongest weapons in the battle against hackers might be, well, other hackers? Whether they’re expert security professionals with a deep understand of how hacking works, or reformed ‘bad’ hackers who now use their powers for good, the white hat brigade is here to stay. Read more. [ITPRO.CO.UK]

Penetration Testing

INTERVIEW: Life in the Trenches: a Penetration Tester Speaks. The fear of a loss of reputation is the primary motivator for organisations to seek penetration testing of their networks, to find out how secure they are against likely intruders, according to a senior penetration tester with security firm SecureWorks. Find out more[ITWIRE.COM]

STATE GOVERNMENT: Securing the Government Cloud: Tips for Screening SaaS Products. Some vendors mislead their customers when it comes to cybersecurity. Everlaw CEO AJ Shankar shares a few questions that should be asked to keep them honest. Read more[STATESCOOP.COM]

Open Source

Open Source

MOZILLA: Funds Open Source Projects with Half a Million in Grants. Mozilla has announced the latest recipients of its Open Source Support grants, totaling $539,000. The web tech company regularly helps out smaller projects, and this round in particular favored ones aimed at safety and security. Read more[TECHCRUNCH.COM]

DHS: Says Kaspersky Decision Based on ‘Open Source’ Information. The Department of Homeland Security’s (DHS) decision to bar federal agencies and departments from using Kaspersky Lab software was primarily based on open-source information, a department official said Tuesday. “That determination was based on the totality of evidence, including on the most part open-source information,” said Christopher Krebs, a senior cybersecurity official at DHS, during a House Homeland Security Committee hearing. Read the rest[THEHILL.COM]

Open Source

READ: PostgreSQL, Open Source Software Bringing Security, Innovation, Performance and Savings. Federal agencies continue to be caught between the need to innovate and reduce costs, all while maintaining performance and strong security. This conundrum has driven the adoption of open source software in government, which not only saves money for the government, but also offers more reliability and agility – and better security. Find out more[FEDSCOOP.COM]

INDUSTRY INSIGHT: Open Source and the Public Sector. The U.S. government continues to devote resources to advancing the country’s technology by utilizing a mixture of “proprietary, open source, and mixed source code” when building out federal solutions, according to the Federal Source Code Policy. Read more[GCN.COM]

Business Intelligence

Business Intelligence

READ: 12 Ways to Empower Government Users with the Microsoft Business Intelligence (MBI) Stack. Are your organization’s Federal IT resources under constant pressure, with no end in sight? Your agency is not alone. With limited access to dedicated information technology resources, non-technical end users often play the waiting game, relying on IT staff to do simple tasks like generating custom queries and embedding them within applications. Your department’s need to generate on demand, ad hoc reports gets pushed to the back burner while IT resources respond to more pressing matters. Implementing a self-service approach alleviates your IT staff from such tasks, affording them more time to focus on solving high impact problems. Read more[BLUEMT.COM]

Business Intelligence

REPORT: 2017 State Of Business Intelligence And Predictive Analytics. Insights gained from interviews with Dresner Advisory Service’s research community of over 3,000 organizations, in addition to vendor customer community interviews. 57% of respondents are from North America, 31% from Europe, the Middle East & Africa, with the remaining 12% from Asia-Pacific (8%) and Latin America (4%). For additional details regarding the methodology, please see page 11 of the study. Industry interest in advanced and predictive analytics grew sharply in 2017, with business intelligence experts, business analysts, and statisticians/data scientists being the most prevalent early adopters. Click here for key takeaways. [FORBES.COM]

Business Intelligence

READ: Business Intelligence vs. Business Analytics: Where BI Fits Into Your Data Strategy. While BI leverages past and present data to describe the state of your business today, business analytics mines data to predict where your business is heading and prescribe actions to maximize beneficial outcomes. Find out more[CIO.COM]

U.S. GOVT FINANCE: 11 Ways to Speed Up Government Procurement. Buying with public money is difficult by design, but are there fair ways to fix it? Read more[GOVTECH.COM]

Operating Systems

Operating Systems

NEWS: All Operating Systems Are Susceptible to This WiFi Attack. With so many consumers relying on mobile devices these days, it is no surprise criminals continue to look for new ways to take advantage. A new exploit recently uncovered by researchers shows how assailants can read WiFi-based traffic between devices. Around 41% of all current Android devices are susceptible to such an exploit. This issue goes well beyond mobile devices, although Linux-based devices are most prone to attack. Read more[THEMERKLE.COM]

Operating Systems

APPLE: Operating Systems Vulnerable to Password Theft. Apple released a new macOS operating system Monday, but already security experts are saying it is vulnerable to a zero-day exploit that puts users’ passwords at risk. Read the rest[CONSUMERAFFAIRS.COM]

MICROSOFT: Has Already Fixed the Wi-Fi Attack Vulnerability. Microsoft says it has already fixed the problem for customers running supported versions of Windows. “We have released a security update to address this issue,” says a Microsoft spokesperson in a statement to The Verge. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.” Microsoft says the Windows updates released on October 10th protect customers, and the company “withheld disclosure until other vendors could develop and release updates.” Find out more

[THEVERGE.COM]

Operating Systems

DHS: Mandates New Security Standards for Federal Networks. The Department of Homeland Security is requiring agencies to use new email and web security guidelines that address man-in-the-middle attacks. A binding operational directive from DHS gives federal agencies 90 days to implement a pair of tools, Domain-based Message Authentication Reporting and Conformance (DMARC) and STARTTLS. DMARC is an email authentication tool designed to prevent email spoofing and provide data on where a forgery may have originated. STARTTLS helps protect against passive man-in-the-middle attacks by allowing for email encryption while data is in transit. The directive also requires agencies to switch all publicly accessible federal websites to HTTPS and HSTS-secure connections within 120 days. Doing so could potentially eliminate a large swath of security flaws that affect most federal government websites. Find out more[FCW.COM]

BYOD

BYOD

INDUSTRY INSIGHT: BlueBorne and Wireless Risk…Going Beyond NIST and Standard Frameworks. Security frameworks such as the National Institute of Standards and Technology SP 800-53, 800-121, and Department of Defense 8500 security requirements rely mostly on FIPS 140-2 and are stringent and unforgiving to insecure protocols such as wireless — specifically, Bluetooth and other 802.15 protocols. Unfortunately, these requirements are frequently overlooked and the features get included in phones. The other overlooked peripherals that pose risk are 2.4 GHz keyboards and mice. Thankfully, bring-your-own-device policies have not caught on or been encouraged in the public sector to the degree they have in the private sector. This type of cost-cutting strategy can end up costing the organization more money in the long run when it must address compromises on unmanaged BYOD devices containing enterprise data. Read more[GCN.COM]

BYOD

SECURITY: Why Agencies Need to Protect Their Endpoints, and Not Just Their Networks. As agencies deploy more mobile devices, their users out in the field and away from their desks become targets for hackers and cybercriminals. Click here for key takeaways. [FEDTECHMAGAZINE.COM]

HEALTHCARE: 5 Tips to Lockdown Security for Internet of Things Medical Devices. Segmented networks, authorization protocols, device behavior are a few strategies that execs should adopt today. Find out more[HEALTHCAREITNEWS.COM]

Incident Response

Incident Response

HOW: An Effective Incident Response Plan Can Help You Predict Your Security Future. Chief information security officers (CISOs) understand that their enterprises will be subject to a breach, or at least an attempted attack, at some point. While they can’t predict the future, they can learn a lot about would-be attackers’ motivations and methods just by developing a thorough incident response strategy. This plan is crucial because it informs your actions, helps you create a positive outcome, and minimizes data loss and operational disruption in the event of a breach. Here are five key questions to consider when developing your incident response plan. Read more[SECURITYINTELLIGENCE.COM]

Incident Response

BREACH PREPAREDNESS: Incident Response Insights from US Army Medicine CISO. The recent Equifax mega-breach demonstrates how essential it is to have a robust, well-tested incident response plan in place that includes a strong public relations component, says Heath Renfrow, CISO at U.S. Army Medicine. Read the rest[BANKINFOSECURITY.COM]

SECURITY: Federal IT Security Leaders Push for More Training to Boost Cybersecurity Response. The Trump administration’s executive order on cybersecurity gives agencies enough direction to guide investments in education and training, officials say. Find out more[FEDTECHMAGAZINE.COM]

Incident Response

ENDPOINT: How Businesses Should Respond to the Ransomware Surge. Modern endpoint security tools and incident response plans will be key in the fight against ransomware. Find out more[DARKREADING.COM]

Cybersecurity

Cybersecurity

MICROSOFT: A Pictorial Walk-Through Of Microsoft’s New Cybersecurity Tools. Cybersecurity should be on every person’s mind in 2017, and certainly every lawyer’s. Here’s why…Read more[ABOVETHELAW.COM]

FEDERAL GOVT: U.S. Government Cybersecurity Lags Behind That of a Fast Food Joint, Say Analysts. The American federal government and countless state and local governments throughout the U.S. are more vulnerable to cyberattacks than your local McDonald’s. A new study ranking the cybersecurity of 18 industries “paints a grim picture” with the U.S. government 16th when it comes to protecting its computer systems and data from hackers. Read the rest[NEWSWEEK.COM]

Cybersecurity

DATA: The Piece of Cybersecurity Feds Can No Longer Ignore. The Trump administration needs to work with Congress to fully fund the Department of Homeland Security’s Continuous Diagnostics and Mitigation program. Find out more[FEDTECHMAGAZINE.COM]

STATE & LOCAL GOVERNMENT: Annual Cybersecurity Review for State and Local Government Approaches. Non-federal agencies still ride low on the maturity benchmark, but the increased political attention around cybersecurity could improve results in the coming survey period. Find out more about the study results[STATESCOOP.COM]

IT Management

IT Management

READ: All Management Is Change Management. Change management is having its moment. There’s no shortage of articles, books, and talks on the subject. But many of these indicate that change management is some occult subspecialty of management, something that’s distinct from “managing” itself. This is curious given that, when you think about it, all management is the management of change. Read more[HBR.ORG]

NARA: Improvements Seen in Federal Records Management, but ‘There is Work to be Done’. Compliance, collaboration and accountability are the themes of the National Archives’ recommendations to agencies for improving how they handle paper – and electronic – trails. That’s according to NARA’s 2016 Federal Agency Records Management Annual Report. Read more. [FEDERALNEWSRADIO.COM]

IT Management

FINANCIAL: Washington State’s Strategy for Tracking IT Spending. The state of Washington’s first efforts to bring technology business management to its IT spending practices began in 2010 when the legislature mandated annual reports and specific evaluation requirements for investments. As interest grew in monitoring the cost of IT along with the business services IT provides, officials in the Washington’s Office of the CIO worked to refine the strategy through the creation of a state TBM program. Find out more[GCN.COM]

IT Management

HR: A Blueprint for Improving Government’s HR Function. Government, at its core, is its employees and their commitment to serve the country. That fact is too often overlooked. While technology enables employees to make better, faster decisions, until artificial intelligence replaces the acquired knowledge of employees, agency performance will continue to depend on the skill and dedication of government workers. As such, civil service reform is increasingly important because workforce rules and regulations are out of sync with current management thinking. To use a basketball analogy, government is still shooting two handed set shots. Read more[GOVEXEC.COM]

Application Development

Application Development

INDUSTRY INSIGHT: 4 Steps to Agile Success. There’s a noticeable shift toward agile development taking place within the federal government. Driven by a need for accelerated application development and meeting internal customers’ needs on the very first attempt, agencies like the General Services Administration and Department of Homeland Security have begun to move away from traditional waterfall project management frameworks and toward iterative, agile frameworks like scrum. Read more[GCN.COM]

Application Development

IT MODERNIZATION: 3 Strategies for Building Successful Agile Teams. Is the federal government truly ready to embrace agile software development? Successful agile environments do not start with technology; they start with creating the right team. This can be harder than it may first appear, because agile challenges preconceived norms of how federal IT teams should be structured and the way they approach projects. Agile teams are typically a combination of individual contributors (particularly those from development and quality assurance backgrounds) who rarely work together but must now collaborate to achieve common goals. Read the rest[NEXTGOV.COM]

ENTERPRISE: Air Force Intelligence Unit Goes Agile. The US Air Force is determined to get more agile to produce applications that can be useful in times of conflict. Find out more[INFORMATIONWEEK.COM]

Application Development

PEOPLE & CAREERS: Sloughing Off the Government Stereotypes. What are CIOs doing to lure millennials into government IT? Government CIOs across the board are being forced to confront the retirement wave that’s about to decimate their ranks. But does the next generation of IT pros want the jobs their parents and grandparents are leaving behind? Read more[GOVTECH.COM]

Big Data

Big Data

NGA: Wants to Swap Years of Government Data for Industry Know-How. The National Geospatial-Intelligence Agency is in talks with Capitol Hill to find legal ways to achieve a unique barter agreement between the government and industry: swapping potentially years’ worth of data locked in the agency’s archives for expertise and new computational techniques from the private sector. Read more[FEDERALNEWSRADIO.COM]

E-COMMERCE: IT Convergence Trend Alters Approach to Federal Market. Federal agencies have begun using an emerging information technology tool to manage the huge amount of data the United States government generates and stores. Federal IT managers recently have embraced the concept of convergence, which has been gaining traction in the private sector. Agencies also have indicated that the approach may be useful for other federal IT applications. Read the rest[ECOMMERCETIMES.COM]

Big Data

NEWS: In the Next Wave Of Innovation, Big Data Is Your Competitive Advantage. Data is becoming a valuable commodity, like oil in the 20th century. Here’s how companies should be using it. Find out more[ENTREPRENEUR.COM]

HOW: Big Data and Digital Transformation – How One Enables the Other. Drowning in data is not the same as big data. Here’s the true definition of big data and a powerful example of how it’s being used to power digital transformation. Find out more about the study results[ZDNET.COM]

Personal Tech

Personal Tech

DOWNLOADS: Resolutions for the Big (and Small) Screens. When it comes to streaming and downloading movies, find out the difference between standard definition and the high-definition versions. Read more[NYTIMES.COM]

TECH TRAVEL: Checking Voice Mail While Abroad. Find out how to check voice mail on a smartphone when traveling in Europe. Read more. [NYTIMES.COM]

Personal Tech

STAY ALERT: Technology Can Be A Threat To Your Physical Safety. Discover the personal safety habits you can practice to stay safe at home and on the go. Find out more[FORBES.COM]

HOW TO: Schedule Your Smartphone for a Little Peace and Quiet. Have you signed up for alerts from a bunch of news sites on your iPhone to keep up with the headlines, but now they’re waking you up at night with their sounds and turning on the phone screen? Find out how to mute the noises and phone screen light before bed without turning off the phone’s alarm clock. Read more[NYTIMES.COM]

Mobile Applications

Mobile

EMM: Enterprise Mobility Management Explained. The EMM market is evolving to provide ever more comprehensive (and specific) services for device and application management. Here’s a look at what it is and how it can meet the divergent needs of different companies. Read more[COMPUTERWORLD.COM]

MICROSOFT: Gives Up on Windows 10 Mobile. Microsoft appears to have abandoned its smartphone operating system ambitions. The company’s Windows 10 chief has tweeted that developing new features and hardware for the Mobile version of the OS was no longer a “focus”. Read the rest[BBC.COM]

Mobile

FEDERAL GOVERNMENT CLOUD: Standardizing and Securing Navy Systems in the Cloud. One of IT modernization’s biggest challenges is breaking down the many technology fiefdoms within an organization. When every group has its own way of doing something, effecting change is hard and guarding against cyberthreats is even harder. “All our bases around the world…had their own websites,” said Raven Solutions CEO Ryan Pratt, who led the transition to the cloud for the Commander, Navy Installations Command (CNIC) Fleet and Family Readiness (N9) program. “People were getting hacked at the headquarters level.” Find out more[GCN.COM]

Mobile

GOOGLE: Shuts Down Fetch As Google for Mobile Apps. Google has quietly announced on Google+ that it will be killing off some of the App Indexing features within the Google Search Console. Specifically, Google is turning off the Fetch As Google for Apps feature to “avoid unnecessary duplication” with what is available within the Firebase help documentation. Find out more about the study results[SEARCHENGINELAND.COM]

Programming & Scripting Development Client & Server-Side

Programming & Scripting Development Client & Server-Side

JAVASCRIPT: Sheet, a Spreadsheet Program in 217 Bytes of Javascript. The code for Sheet fits in one of those newfangled 280-character tweets with room to spare: at 218 bytes, it’s the most amazingly compact spreadsheet app committed to screen. Read more[BOINGBOING.NET]

JSX: An Introduction to JSX. When React was first introduced, one of the features that caught most people’s attention (and drew the most criticism) was JSX. If you’re learning React, or have ever seen any code examples, you probably did a double-take at the syntax. What is this strange amalgamation of HTML and JavaScript? Is this even real code? Read the rest[SITEPOINT.COM]

Programming & Scripting Development Client & Server-Side

JAVA: Java EE 8 Takes Final Bow Under Oracle’s Wing. Long-delayed update adds support for modern web tech. Here’s what’s new. Find out more[THEREGISTER.CO.UK]

PYTHON: Don’t Constrict Your Cyber Potential in 2017 – Upskill With Python. The Python programming language is the top choice among cybersecurity professionals due to the vast number of powerful third-party libraries available. The ability to use these libraries to do the heavy lifting greatly reduces the time required to piece together scripts and develop applications. Python is also highly versatile: Security professionals can use it to write software for penetration testing, web development, applications or to simply throw a quick script together. Read more[SECURITYINTELLIGENCE.COM]

Programming & Scripting Development Client & Server-Side

PYTHON: How to Set Up and Learn Python Coding on a Mac. Python is one of the most popular programming languages. Students use Python to learn coding; data scientists use Python to crunch numbers. Discover how to set up and learn Python coding on a Mac, including the best Python text editors and the best Python training courses. Find out more[MACWORLD.CO.UK]

Cloud Computing

Cloud Computing

FEDERAL GOVERNMENT: The Pentagon Plans to Increase Its Use of Cloud Computing in Security Push. After his recent trip to the West Coast to check out how cloud tech companies are fending off cybersecurity attacks, U.S. Secretary of Defense James Mattis plans to increase the use of cloud computing at Department of Defense, according to a report. Read more[GEEKWIRE.COM]

COMMENT: Making Sense of the IT Modernization Challenge. Government has the chance to cut costs while also streamlining operations — but only if agencies embrace a continuous innovation model. Click here for key takeaways. [FCW.COM]

Cloud Computing

CLOUD COMPUTING: How Virtualization Helps Agencies Meet Their ‘Cloud First’ Promise. Six-and-a-half years after the Obama administration announced its “cloud first” initiative, federal agencies have begun truly ramping up their cloud deployment efforts. According to Deltek, federal cloud computing spending is projected to grow to $6.4 billion in fiscal year 2021 — an impressive compound annual growth rate of 15 percent since 2016. Find out more[GCN.COM]

READ: Google, Microsoft Emphasize Cloud Security as Hacks Intensify and Big Businesses Eye the Cloud. Security fears have been associated with cloud computing ever since it began, and for the most part those fears have been unfounded: the big cloud providers are way better at security than your average enterprise. Still, there’s always more to be done, and Google and Microsoft unveiled new services this week to give customers additional peace of mind. Read more[GEEKWIRE.COM]

Cloud Computing

HOW: Cloud Computing Spending is Growing Even Faster Than Expected.Spendingon cloud computing services is growing faster then previously expected, with software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) two of the most rapidly expanding segments. Worldwide public cloud services revenues are expected to grow 18.5 per cent in 2017 to a total $260bn, up from $219.6bn last year, according to Gartner. Read more[ZDNET.COM]

ADVICE: Don’t Be the Fool in the Cloud. Is it really that hard to keep from making a security idiot of yourself? Read the rest[COMPUTERWORLD.COM]

Cloud Computing

LEARN: How Cost Analysis Tools Can Prevent Cloud Computing Calamity. AWS and other cloud computing giants have been enjoying bumper profits in recent years, which means startups must be spending more on cloud computing. Indeed cloud costs can jump massively if you don’t keep an eye on your budget. Casey Benko over at SearchCloudComputing recommends investing in cloud cost analysis tools to keep costs down. He gives you the lowdown on how the top tools, like CloudCheckr and Cloudability, compare. Find out more[PROGRAMMABLEWEB.COM]

Cloud Computing

FEDERAL GOVERNMENT: Key Ingredient for Modernization: Evolutionary Architecture Using Microservices. IT modernization is one of the key focus areas across the federal government these days. With so much emphasis on modernization, there is little attention being paid to software architecture as means to enable transformation. Most federal IT agencies are faced with a familiar challenge: How do we modernize our software applications and take advantage of the benefits enabled by cloud computing? Find out more[FEDERALNEWSRADIO.COM]

Announcement

Announcement

Blue Mountain Data Systems DOL Contract Extended Another Six MonthsThe Department of Labor has extended Blue Mountain Data Systems Inc. contract DOLOPS16C0017 for 6 months for network administration and application support.

U.S. Dept. of Labor, Employee Benefits Security Administration1994 to Present Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity

IT Security | Cybersecurity

SECURITY: Why These Cybersecurity Researchers Are Automating Vulnerability Assessments. System complexity is preventing humans alone from finding vulnerabilities, so researchers in the UK and at CMU are working to automate an online cybersecurity system support service to help analysts. Read more[TECHREPUBLIC.COM]

ONLINE: Cybersecurity As Big a Challenge As Counterterrorism, Says Spy Chief. Online security now as big a job as surveillance and counterterrorism, says GCHQ boss. Read the rest[ZDNET.COM]

IT Security | Cybersecurity

THREAT MAINTENANCE: Cybersecurity’s ‘Broken’ Hiring Process. New study shows the majority of cybersecurity positions get filled at salaries above the original compensation cap, while jobs sit unfilled an average of six months. Find out more[DARKREADING.COM]

IoT: Cybersecurity Falls Short, Say City IT Leaders. A survey from nonprofit CompTIA shows that most city government tech leaders are not confident in the cybersecurity behind today’s “smart city” devices. Find out more about the study results[STATESCOOP.COM]

From the Blue Mountain Data Systems Blog

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-september-29-2017/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-september-18-2017/

Business Intelligencehttps://www.bluemt.com/business-intelligence-daily-tech-update-september-15-2017/

Mobile Applicationshttps://www.bluemt.com/mobile-applications-daily-tech-update-september-11-2017/

From the Blue Mountain Data Systems Blog

Personal Techhttps://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/

Databaseshttps://www.bluemt.com/databases-daily-tech-update-september-21-2017/

Penetration Testinghttps://www.bluemt.com/penetration-testing-daily-tech-update-september-26-2017/

Incident Responsehttps://www.bluemt.com/incident-response-daily-tech-update-september-14-2017/

From the Blue Mountain Data Systems Blog

Security Patcheshttps://www.bluemt.com/security-patches-daily-tech-update-september-22-2017/

Operating Systemshttps://www.bluemt.com/operating-systems-daily-tech-update-september-20-2017/

Encryptionhttps://www.bluemt.com/encryption-daily-tech-update-september-19-2017/

Cloud Computinghttps://www.bluemt.com/cloud-computing-daily-tech-update-september-18-2017/

From the Blue Mountain Data Systems Blog

Open Sourcehttps://www.bluemt.com/programming-scripting-daily-tech-update-september-5-2017/

CTO, CIO and CISOhttps://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/

Programming & Scriptinghttps://www.bluemt.com/programming-scripting-daily-tech-update-september-5-2017/

From the Blue Mountain Data Systems Blog

Security Risks Most Prevalent in Younger Workershttps://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/

The Security World’s Maturationhttps://www.bluemt.com/the-security-worlds-maturation/

Data Breach Concerns Keep CISOs Up At Nighthttps://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/

Personalized Govt Equals Instant Gratification for Citizenshttps://www.bluemt.com/personalized-govt-equals-instant-gratification-for-citizens/

From the Blue Mountain Data Systems Blog

People-Centric Securityhttps://www.bluemt.com/people-centric-security/

Pentagon Tries BYOD To Strike Work/Life Balancehttps://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/

Open Source Model Considered for MS Windowshttps://www.bluemt.com/open-source-model-considered-for-ms-windows/

Open Internet: To Be or Not to Be?https://www.bluemt.com/open-internet-to-be-or-not-to-be/

From the Blue Mountain Data Systems Blog

Malware Stays A Step Ahead Infecting One Third of Websiteshttps://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-websites/

Machine-Generated Data: Potential Goldmine for the CIOhttps://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-cio/

Government Legacy Programs: Reuse vs. Replacementhttps://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/

It Takes a Whole Village to Protect Networks and Systemshttps://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-systems/

From the Blue Mountain Data Systems Blog

Governance For the CIOhttps://www.bluemt.com/governance-for-the-cio/

Help Desk Consolidation – Lessons Learnedhttps://www.bluemt.com/help-desk-consolidation-lessons-learned/

One Year Later, Companies Still Vulnerable to Heartbleedhttps://www.bluemt.com/one-year-later-companies-still-vulnerable-to-heartbleed/

Federal Projects Cultivate Worker Passionhttps://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US

Blue Mountain Data Systems Inc.

Blue Mountain Data Systems Inc. is dedicated to application and systems development, electronic document management, IT security support, and the automation of workflow processes.

Read more about our experience here:>> http://bluemt.com/experience

Recent Experience

U.S. Dept. of LaborEmployee Benefits Security Administration

1994 to Present

Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT

Paul T. VeselyFounder, President, CEO and Principal Architect

Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.

CONTACT US

Contact Us Today to Discuss Your Next IT Project

HEADQUARTERS

366 Victory DriveHerndon, VA 20170

PHONE 703-502-3416

FAX 703-745-9110

EMAIL

paul@bluemt.com

WEB

https://www.bluemt.com