Security

A View of the Cyber Security Summit

October 12, 2016 By Steve Borsch

The Cyber Security Summit 2016 was this week and Minnov8 covered the event. Cyber security is more important now than ever before, and this event reflected heightened interest in this topic and the information presented didn’t disappoint.

The Summit is a public-private collaboration, whose founding partner was the University of Minnesota’s Technological Leadership Institute, and is an event which enjoys strong support from industry, government, and university leaders who gather from across the U.S. to pool their knowledge. It was started at a time when ”cybersecurity” was not yet a household word. In 2011, Minnesota thought leaders saw that the issue needed to be addressed. That prediction has proven prescient, and as a result the Summit has grown significantly since it was founded.

The Summit started on Tuesday with a Cyber Security Town Hall, a time to have a discussion about strategies, opportunities and obstacles with cyber security. It was followed by a VIP reception for those who had purchased the all-access pass. Wednesday and Thursday were sessions were a number of keynotes with focus on such topics as: privacy vs. security; assuming you’re breached so now what do you do?; how to attract and retain talent; and several sessions and talks on the size, scale and scope of cyber attacks by a myriad of experts on the subject.

Still, the afternoon on Tuesday dedicated to small business and cyber security was a welcome addition. This “Small Biz Forum” saw the U.S. Small Business Administration’s district director speak about the need for diligence about cyber security, a good overview of how to keep your business free of viruses, scams and breaches, a session on cyber insurance, and ending with a panel answering questions from the audience (very informative). It was a lot more practical than the more “big picture” general session keynote talks and there was a lot of positive buzz during and afterwards about this afternoon.

Though all of the talks were interesting and enlightening, I’d actually expected breakout sessions that would enable we attendees to deep-dive in to specific cyber security areas which would have provided more solution-oriented information. There were few best-practice presentations, specific step-by-step action lists or mentions, and most of the talks were fairly general in tone.

Bob Stasio, Worldwide Senior Product Manager for IBM Cyber Threat Intelligence SME

Bob Stasio, Worldwide Senior Product Manager for IBM’s i2 Enterprise Insight Analysis & Cyber Threat Intelligence SME

That said, just one example of an interesting and enlightening presentation was by Bob Stasio, Worldwide Senior Product Manager for IBM’s i2 Enterprise Insight Analysis & Cyber Threat Intelligence SME and a guy from the private sector who used to head up threat intelligence programs at Bloomberg and global financial firms, and someone with deep government experience having held positions at NSA’s Cyber Center, U.S. Cyber Command, U.S. Army’s Signals Intelligence Corps, the FAA, and NASA.

Listening him layout their capabilities and offerings, one begins to appreciate the scope, scale and cost of fending off cyber attacks. There is a lot at stake and it was a bit stunning to learn that most compromised corporate networks have, on average, attackers who have been in the network for nearly one year before being discovered. Based on all that he’s been involved in and privy to with respect to cyber security, I would have loved to buy him a beer and talk for a few hours!

Like most conferences of this type much of the beneficial activity occurs during networking sessions and in the exhibitor space and this Summit was no exception. Some of the most profound and deeply interesting discussions had were talking to presenters or attendees in the hallway or exhibitor representatives in the trade show area. This was worth going to the Summit in-and-of-itself.

It’s really great to see a Summit of this caliber right here in Minnesota and you are encouraged to consider it for 2017!

Secured2 at Cyber Security Summit

October 13, 2015 By Steve Borsch

Serial entrepreneur Daren Klum‘s company Secured2 will be participating in the Cyber Security Summit 2015 here in Minneapolis on October 20-21. This is a great opportunity for you to learn first-hand about Secured2’s solutions and also delve in to this growing cybersecurity category and hear from thought leaders in various areas. Looks to be a strong event.

Below is a press release on their participation in the summit.

Secured2 Brings its Thought Leadership and Unhackable,
Disaster-Proof Data Security Solution to Cyber Security Summit 2015

Minneapolis, MN (October 13, 2015) – In joining Minnesota’s efforts to establish a multi-stakeholder consortium for improving the state of cyber security on a national and international level, Secured2 Corporation will participate in Cyber Security Summit 2015, which is taking place October 20-21 in Minneapolis.

Daren Klum

Secured2 CEO Daren Klum will join Minnesota’s C-level executives, technology leaders, public policy makers, and other industry pundits to discuss the pitfalls of traditional backup / recovery methods, and present Secured2’s “shrink > shred > secure” methodology which mitigates hacking.

Secured2 is a data security company whose patented process and technology reduces data by more than 90% while simultaneously converting it into a secure format. It then randomly shreds the data into multiple locations, such as multiple clouds, hybrid or local storage environments. Its security solution has been tested, vetted, and refined in lab and real world environments, and is currently in operational assessment by healthcare, financial services and contract manufacturing companies.

Secured2 recently partnered with LiquidCool Solutions, marrying its data security software with LiquidCool’s Rugged Terrain (RT) liquid-cooled, high performance, ruggedized computing system. The combination of the two technologies provides protection from any form of catastrophe whether environmental or well-entrenched hacker groups.

“Cyber security threats that become more plentiful and sophisticated is an ongoing trend, and encryption simply isn’t enough,” said Klum. “Secured2 offers a technology that has not been seen before. Our Shrink>Shred>Secure process, which shrinks data and defeats hackers is rigorously tested, vetted and 3rd party validated by FBI-trained teams.”

Continued Klum, “As Minnesota collaborates on framework and program-based security approaches for threat intelligence, we’re certain Secured2 will stand out as the disruptive technology of choice.”

About Secured2 Corporation
Secured2 Corporation is a data security software company based in Minneapolis, Minnesota. Secured2 is the pioneer of new data security technology utilizing a ‘shrink > shred > secure’ methodology combined with new compression technology that reduces the size of data by up to 90%. The core product “Data Shredder” shrinks, shreds, secures and converts data into a random format. It then encrypts each shred using NIST certified encryption and randomly distributes the encrypted shreds across any multi-location storage a customer chooses (multiple clouds, hybrid locations or local storage destinations). Secured2’s simple solution: imagine a thief gets into your business and opens your safe. What they will find with Secured2 is shredded information. Your data is safe. Period. Secured2 continues to redefine the data security landscape and is in the process of rolling out several new products based on our core methodologies of data conversion, data shredding, randomized delivery of shreds into diverse storage and instant data restoration after multi-factor authentication. With over 17 patents Secured2 will continue driving innovation for its customers that require 100% security of their most critical and important data assets.

Why Encrypt Your Voice Calls End-to-End?

December 19, 2014 By Steve Borsch

As if it wasn’t already bad enough that our own National Security Agency (NSA) is collecting everything digital that we produce online (e.g., emails; SMS; metadata; Facebook posts), now German researchers have discovered a flaw that could let anyone listen to your mobile phone calls!

From the Washington Post article:

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.

While the German researchers didn’t analyze U.S. mobile carriers (though did call out the German-owned T-Mobile USA as one that is vulnerable) the article did point out that simply encrypting ones communications may not be enough: “Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption.”

This is especially true since the NSA has their $2 billion digital collection and analysis facility in Utah where they are archiving the encrypted communications and files they’re gathering with their mass surveillance and can’t yet crack…until they get their new quantum computers online, no doubt.

With obviously zero awareness of the irony, the NSA has this page touting their Utah facility and in it is a photo of their sign, welcoming visitors. It says, “Welcome to the Utah Data Center. If you have nothing to hide, you have nothing to fear.” A bogus argument, at best.

Fortunately there is no shortage of ways to keep your voice communications private and secure, at least until they can be cracked quickly and there is actual, warrant-based reasons to decrypt some person’s encrypted communications. Until the mobile phone providers implement truly secure, end-to-end encryption for voice—and not like what Verizon did with their app that put an NSA-friendly ‘backdoor’ in their new Voice Cypher app.

While one, sweeping problem is the NSA collecting everything (both encrypted and unencrypted) it goes way beyond that because of what those German researchers found which is worth repeating: that anyone with the requisite skills and resources can hack the mobile networks and eavesdrop on (or record) mobile calls.

So how do you stay safe?

PROJECTS
There are a number of projects working on end-to-end encryption for voice calls. The two that stand out are the Zfone Project and the Guardian Project.

The former is led by the guy that created the world’s top email encryption, Pretty Good Privacy, Phil Zimmerman and the latter which has delivered a phone app integration called Ostel, which works with apps for Android, iPhone, Blackberry, Nokia, Windows, Mac OS X and GNU/Linux. Read more about its app integration here. While still not as straightforward to implement as it would be if end-to-end encryption for voice was built in to the phone, there are some good approaches and apps that should make it easy for you.

APPS & APPROACHES
There are no shortage of apps for both iOS and Android. One that stands out (and one I personally trust) is from a company called Silent Circle setup by the aforementioned Phil Zimmerman and a team of savvy technologists and cryptologists.

Silent Circle offers two key products you might be interested in if you want secure, end-to-end, encrypted voice calls:

Silent Phone (iOS and Android): The app is free but requires a Silent Circle encrypted calling plan. The cool thing? Like other app-to-app calling solutions, calling to another subscriber using the app is free (and there is a desktop app too). Otherwise you buy a monthly subscription for a number of “out-of-circle” minutes (so you can call regular phones).

Silent Circle also has a full, secure, Android-based smartphone called the Blackphone.

Other apps:
- Signal: Free and open source. Can make free encrypted calls to both Signal users and Android users (who are using RedPhone, the free calling app). Note that, unlike Silent Phone, calls can be made or received ONLY to those using Signal or RedPhone. Both use Wifi or Data for voice call connections.
- Acrobits Softphone for iOS and Android: $6.99 plus $24.99 for secure calls and another $9.99 if you want the best audio codec. Requires a SIP account like from Anveo (plans), Phonepower, or RingTo, and many, many others.
- Groundwire for iOS: $9.99 plus $24.99 for secure calls and another $9.99 if you want the best audio codec.Requires a SIP account like from Anveo (plans), Phonepower, or RingTo, and many, many others.

While many journalists, security bloggers and social media users seem tickled that the FBI director James Comey came out with his deep concern that the new iOS8-based iPhone 6 was encrypting emails, pictures and contacts making it ‘impossible’ for law enforcement to gain access, there might be more to it than it appears. It is highly likely this is all “theater” to help Apple be positioned to sell in countries like China who threatened to block sales of the new phone due to the ‘threat’ to their national security and China’s (and other countries) concerns has nothing to do with voice. It is highly doubtful any U.S.-based, mainstream maker of mobile phones or devices, will implement end-to-end voice encryption. So you’re on your own….for now.

Good luck out there. Stay safe and secure.