Who is your IT outsourcing firm working for?

outsourcing-for-dummiesWhile the U.S. Government has been remarkably opaque about the recently discovered security breach at the Office of Personnel Management (OPM), we know that personal information on at least 21.5 million present, former, and prospective federal employees was lost. The Feds claim Chinese hackers are at the bottom of it, which is disputed by the Chinese government. This, to me, raises a number of questions, especially about the possible role of IT outsourcing firms and implications for organizations beyond OPM. Does IT outsourcing make your data more vulnerable? Yes, I believe it does.

It’s easy to blame the Office of Personnel Management for its own troubles. Oversight was lax. The agency failed a security audit and […]

IBM is so screwed

I’ve been working on a big column or two about the Office of Personnel Management hack while at the same time helping my boys with their Kickstarter campaign to be announced in another 10 days, but then IBM had to go yesterday and announce earnings and I just couldn’t help myself. I had to put that announcement in the context you’ll see in the headline above. IBM is so screwed.

Below you’ll see the news spelled-out in red annotations right on IBM’s own slides. The details are mainly there but before you read them I want to make three points. First, IBM’s sexy new businesses (cloud, analytics, mobile, social and security or CAMSS) aren’t growing — and probably won’t be growing — […]

Your PBX has been hacked!

phreakThis past week a very large corporation on the east coast was hacked in what seems to naive old me to be a new way — through their corporate phone system. Then one night during the same week I got a call from my bank saying my account had been compromised and to press #4 to talk to their security department. My account was fine: it was a telephone-based phishing expedition. Our phone network has been compromised, folks, and nobody with a phone is safe.

Edward Snowden was right we’re not secure, though this time I don’t think the National Security Agency is involved.

Here’s how this PBX hack came down. Step one begins with looking for […]

Where the money is… or was

fedcheckToday was Tax Day in the United States, when we file our federal income tax returns. This has been an odd tax season in America for reasons that aren’t at all clear, but I am developing a theory that cybersecurity failures may shortly bring certain aspects of the U.S. economy to its knees.

I have been writing about data security and hacking and malware and identity theft since the late 1990s. It is a raft of problems that taken together amount to tens of billions of dollars each year in lost funds, defensive IT spending, and law enforcement expenditures. Now with a 2014 U.S. Gross Domestic Product of $17.42 trillion, a few […]

The sky is falling and the FAA isn’t ready

S18According to a new report by the U.S. Government Accountability Office (GAO), the U.S. airspace system is incredibly vulnerable to hacking and a state-sponsored hacking effort could paralyze air traffic over North America. Very scary stuff. And as a licensed pilot for 45 years, I can tell you that it’s both true and not true, that the system is horribly hackable but that very vulnerability might be what we need to stimulate real airspace innovation.

Ask any American pilot how they feel about the U.S. Federal Aviation Administration (FAA) and you’ll get variations on the same negative theme. It’s not that pilots love-hate the FAA: there’s no love about it. […]