Tech Update Summary from Blue Mountain Data Systems April 2018

Blue Mountain Data Systems
Tech Update Summary
April 2018

For CTOs, CIOs & CISOs
Visit Blue Mountain Data Systems
https://www.bluemt.com

For CTOs, CIOs & CISOs
Every business day, we publish a Daily Tech Update for Federal & State CTOs ,CIOs & CISOs on the Blue
Mountain Data Systems Blog. We hope you will visit our blog for the latest information.
You can also receive these updates via email. Click here to subscribe.
Here’s the summary of the Daily Tech Updates for April 2018. Hope the information and ideas prove
useful.
Best,
Paul Vesely
President and Principal Architect
Blue Mountain Data Systems Inc.

Network Security
VIRTUALIZATION: What is Microsegmentation? How Getting Granular Improves
Network Security. Microsegmentation is a way to create secure zones in data
centers and cloud deployments that allow you to isolate workloads and protect
them individually. Read more
[NETWORKWORLD.COM]
CLOUD: Defense Department’s Secret Weapon for Network Security. Lessons
civilians—or other organizations—can learn from how the military approaches
cybersecurity. Read more
[NEXTGOV.COM]

Network Security
OPINION: Blurred Lines Between Networking and Security. Not so long ago,
networking and security were largely separate entities. Traditionally, networks
were constructed on standard building blocks such as switches and routers and
security solutions such as perimeter firewalls or intrusion prevention systems
applied afterwards. Each had its own set of tools, strategic approaches and
dedicated operational teams. IT security departments typically focused on the
delivery of time-honored threat detection methods and perimeter-based security
defense mechanisms, as well as incident response and remediation. Networking
teams spent time on issues around latency, reliability and bandwidth. However, the
move to hybrid networks means traditional approaches cannot cope with the
scale, automation requirements or the rate of change. So what are the reasons for
this evolution? Read more.
[INFOSECURITY-MAGAZINE.COM]

Network Security
FEDERAL GOVERNMENT: Proposal for Federal Wireless Network Shows Fear of
China. Today’s mobile networks are known as “4G” networks because they are the
fourth generation of wireless technologies. Carriers are already planning “5G”
networks. But a presentation and memo by the National Security Council disclosed
by Axios proposes that the government build a nationalized 5G network out of
fears of falling behind China both economically and militarily. Read more.
[WIRED.COM]

Encyption
FEDERAL GOVERNMENT: Lawmakers Question FBI’s Push for Backdoors in
Encrypted Devices. A bipartisan crew of 10 House lawmakers took FBI Director
Christopher Wray to task Friday following an inspector general report that found
the bureau rushed to court to force Apple to help it break into the encrypted
iPhone used by San Bernardino shooter Syed Farook in 2015 without exploring
other options. Read more
[NEXTGOV.COM]
CISCO: Malware and Encrypted Traffic Will Challenge Federal Agencies. Hackers
will continue to give U.S. government agencies headaches in the coming months
thanks to an evolving malware market and their use of encryption to evade
detection, Cisco declared in a new report. Read more
[CYBERSCOOP.COM]

Encyption
AGENCIES: Crypto Crumpling Could Solve the Encryption Conundrum. The battle
between the federal government and tech companies over encryption heated up
again recently when the Trump administration renewed a push to require
companies to provide a “back door” into encrypted devices and applications. Read
more.
[GCN.COM]

Encyption
FEDS: Pushing New Plan for Encrypted Mobile Device Unlocks via Court Order.
The Department of Justice is pushing for a new industry proposal that would grant
law enforcement access to encrypted digital devices with a warrant, according to a
new report by The New York Times. For years, top federal law enforcement officials
have advocated for a way to overcome what they call the “going dark” problem—
the occasional inability to access data kept on an encrypted smartphone or tablet
even when a judge has granted that authority. In recent months, the FBI director,
among others, has emphasized the problem’s severity. Read more.
[ARSTECHNICA.COM]

Databases
HOW TO: Connect RazorSQL Database Client to Your MySQL Server. Here’s how to
connect the RazorSQL database client to a remote MySQL server, so you can gain
even more power and efficiency with your database admin tasks. Read more
[TECHREPUBLIC.COM]
TUTORIAL: Optimizing Data Queries for Time Series Applications. You understand
what time series data is and why you want to store it in a time series database. Yet
you now have a new challenge. As with any application, you want to ensure your
database queries are smart and performant, so here’s how you can avoid some
common pitfalls. Read more
[THENEWSTACK.IO]

Databases
MICROSOFT: Boosts Azure SQL Database Migration Features. Microsoft recently
launched previews of new Azure SQL Database improvements that are aimed at
helping organizations move their workloads into the Azure cloud from on-premises
database management systems. Read more.
[RCPMAG.COM]
GRAPH DATABASES: Does Graph Database Success Hang on Query Language? If
the history of relational databases is any indication, what is going on in graph
databases right now may be history in the making. Read more.
[ZDNET.COM]

More About Blue Mountain
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S.
Dept. of Labor, Employee Benefits Security Administration. Responsible to the
Office of Technology and Information Systems for information systems
architecture, planning, applications development, networking, administration and
IT security, supporting the enforcement of Title I of the Employee Retirement
Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for
design, development and support for its various enforcement database
management systems, as well as all case tracking and customer service inquiry
systems. Blue Mountain also provides IT security services to the EBSA, in the form
of FISMA Assessment and Authorization, System Security Plans, Risk and
vulnerability assessments, monitoring and investigation support. Read more.

Federal Tech
FEDERAL GOVERNMENT: APIs, Shared Services Can Reshape,
Modernize Government Technology. The size and scope of the
federal government’s information technology landscape only
continues to grow and in a way that makes it incredibly difficult to
change. In the Federal Chief Information Officers Council’s latest
study, the current state of government IT is described as monolithic.
And, it is not meant as a compliment. Read more
[FEDERALNEWSRADIO.COM]

Federal Tech
OPINION: Government Efforts to Weaken Privacy are Bad for Business and
National Security. The federal government’s efforts to require technology and
social media companies to relax product security and consumer privacy standards
– if successful – will ultimately make everyone less safe and secure. Read the rest
PUBLIC SAFETY: Rapid DNA Technology Gives Law Enforcement Access to Your
DNA in 90 Minutes. Before recently-passed legislation, law enforcement agencies
had to send DNA samples to government labs and wait for it to get tested, which
could take days or even weeks. Find out more
[GOVTECH.COM]

Federal Tech
MODERNIZATION: Making Modernization Happen. Now more than ever before,
comprehensive IT modernization for federal agencies is a real possibility. The
question that remains is whether President Donald Trump’s words and actions
during his first months in office will be sustained by the administration and
Congress in the months and years ahead. Read more
[FCW.COM]

State Tech
SURVEY: Cybersecurity Concerns May Keep One in Four Americans
from Voting. Cybersecurity concerns may prevent one in four
Americans from heading to the polls in November, according to a
new survey by cybersecurity firm Carbon Black. The company
recently conducted a nationwide survey of 5,000 eligible US voters to
determine whether reports of cyberattacks targeting election-related
systems are impacting their trust in the US electoral process. The
results revealed that nearly half of voters believe the upcoming
elections will be influenced by cyberattacks. Consequently, more
than a quarter said they will consider not voting in future elections.
Read more
[HSTODAY.US.COM]

State Tech
ALASKA: Unique Challenges in IT Consolidation. The Last Frontier is
centralizing IT operations under Alaska’s newly created Office of
Information Technology. But consolidating IT in a sprawling state like
Alaska offers challenges not found in other environments, says the
state’s new CIO Bill Vajda. Read the rest
[GCN.COM]
ALABAMA: Acting CIO Jim Purcell Is a Man on a Mission for Smarter
State IT. Jim Purcell wasn’t expecting a call from Alabama’s new
governor, Kay Ivey, and he certainly wasn’t expecting her to ask him
to head up the Office of Information Technology (OIT) – but that’s
exactly what happened last week. Find out more
[GOVTECH.COM]

State Tech
ILLINOIS: Inside a State Digital Transformation. Hardik Bhatt, CIO of the State of
Illinois, sought to become the nation’s first Smart State – a process that required
reorganizing its 38 IT departments into one, improving government services, and
finding new sources of innovation to apply to its revenue model. Within 18
months, Illinois rose in national rankings from the bottom fourth of state
governments to the top third. Read more
[ENTERPRISERSPROJECT.COM]

Electronic Document Management

CFPB: Looks to Embrace Cloud for Email, Office Application Needs. The Consumer
Financial Protection Bureau wants to move to a public cloud setup for some of its
core enterprise apps. The financial watchdog agency recently sent out a Request
for Information (RFI) on the process, technical requirements and costs of moving to
cloud services in fiscal year 2017. CFPB wants to establish a more complete
understanding on the costs associated with moving fully to a cloud solution for
email and office applications (e.g., documents, spreadsheets, presentations,
SharePoint and more).Read the rest
[FEDTECHMAGAZINE.COM]

ROI: 4 Ways Business Document Management Software Can Save You Money. Lisa
Croft, Group Product Marketing Manager at Adobe Document Cloud, talks about
the many ways business document management can save your company time,
space, and more importantly, loads of money. Here are the four most obvious ways
these tools provide excellent return-on-investment. Read more
[PCMAG.COM]

Section 508 Compliance & WCAG 2.0
ACCESSIBLE PDFs: Crawford Technologies Launches New E-commerce Site for
Creating Accessible PDFs. AccessibilityNow.com is a convenient and affordable e-
commerce service for anyone to upload PDF files and receive back a properly
formatted Accessible PDF document. Developed by Crawford Technologies Inc., a
recognized leader in automated accessibility software and remediation services,
the site leverages Auto Tagger for Accessibility, our ground-breaking software
program that automatically tags PDF files. Read more
[ACCESSIBILITYNOW.COM]

ASSOCIATIONS: Good Counsel: Is Your Website Open to All? As public
accommodations under the Americans with Disabilities Act (ADA), associations
must provide people with disabilities “full and equal enjoyment” of the services
and advantages they offer. Although associations often consider this obligation
primarily in the context of their events, accessibility also applies to another core
aspect of association activities: their websites. Read more
[ASSOCIATIONSNOW.COM]
BUSINESSES: Even Internet Entrepreneurs Need to Make Their Businesses
Handicap Accessible. Disabled users have sued businesses over website
accessibility. The Americans With Disabilities Act applies to online businesses. Find
out what you have to do. Read more
[YELLOWFINBI.COM]

PRIVACY: GDPR for Marketing: The Definitive Guide for 2018. The General Data
Protection Regulation (GDPR) is a new digital privacy regulation being introduced
on the 25th May, 2018. It standardizes a wide range of different privacy
legislation’s across the EU into one central set of regulations that will protect users
in all member states. It will also affect U.S. organizations. Time to get ready now.
Read more
[SUPEROFFICE.COM]

Security Patches
ESSENTIAL PHONE: Essential Phone Update Brings April Security Patch, Bluetooth
5.0, Performance Gains. Essential may be a bit slow to major system updates, but
the company has always been pretty quick to monthly security patches. After
landing on Pixel devices earlier this month, the Essential Phone is now picking up
April’s security patch. Read more
[9to5GOOGLE.COM]
WINDOWS: Get the March Patches for Your Windows Machines Installed, but
Watch Out for Win7. With the latest Patch Tuesday, it’s time to salvage the fixed
parts of March’s patches and get them applied. Win7/Server 2008 R2 customers
have to choose between a gaping security hole and even more bugs. Here’s what
you need to know. Read more
[COMPUTERWORLD.COM]

Security Patches
SONY: Delivers Yet Another On-Time Security Patch for X Performance. Sony
Mobile has updated the firmware for the X Performance, delivering the device’s
April 2018 Android security patch. The build number is 41.3.A.2.107, coming from
41.3.A.2.99 previously (which was released in March). The update is around
111.7MB and users haven’t noticed any other tangible changes apart from the
patch. Read more.
[MOBILESYRUP.COM]
MICROSOFT: Issues Security Patch to Fix Meltdown CVE-2018-1038 Flaw.
Microsoft has issued a new security patch to fix the earlier security update that
was released in January to tackle the Meltdown vulnerability found in microchips
from Intel and other chipmakers. The flaw “CVE-2018-1038” was found in the first
patch that was issued to protect Windows 7 x64 or Windows Server 2008 R2 x64
systems from the Meltdown vulnerability. Read more.
[GADGETS.NDTV.COM]

For the CIO, CTO & CISO
CIO: 2018 State of the CIO – IT vs. the Business No More. CIO.com has published
its “State of the CIO” results, which offer a peek into the day-to-day priorities of IT
leaders and the evolving CIO role. CIO.com also surveys line of business leaders
alongside IT leaders to gain insight into how the CIO role is perceived across the
organization. Read more
[ENTERPRISERPROJECT.COM]
CTO: New York City CTO Miguel Gamiño Departs for Private Sector. Miguel
Gamiño, New York City’s chief technology officer, is leaving for the private sector
after a year and a half in the role. He’s not yet prepared to say what he’s going to be
doing, but he said it’s going to be very much along the lines of what he’s been doing
in the public sector. Read more
[GOVTECH.COM]

CIO, CTO & CISO
CISO: HHS CISO Chris Wlaschin to be Replaced by Deputy CIO from CMS. Chris
Wlaschin, who has served as chief information security officer (CISO) at HHS
since January 2017, will leave the post at the end of March amid allegations
cybersecurity vendors had given gifts and privileges to lower-level government IT
leaders involved with the Healthcare Cybersecurity Communications and
Integration Center (HCCIC). Taking over the CISO role will be Janet Vogel, deputy
chief information officer at CMS. Vogel previously led the Financial Management
System Group within CMS and worked in tech departments of both the
Department of Transportation and the U.S. Agency for International
Development. Read more.
[HEALTHEXEC.COM]

CIO, CTO & CISO
FEDERAL CIO: Women in Government Tech Have ‘One Bad-Ass Mission,’ New
Federal CIO Says. Suzette Kent highlighted the power of women in government
in her first address as federal CIO. Read more.
[NEXTGOV.COM]

Penetration Testing
SECURITY: 3 Reasons Why CIOs Will Feel More Heat in 2018. Rep. Will Hurd (R-
Texas) is putting more pressure on agencies to make better use of the Homeland
Security Department’s security architecture reviews and risk and vulnerability
assessments, or obtain similar services from contractors to discover and mitigate
cyber vulnerabilities. “When it comes to penetration testing, a passive scan is
not a penetration test. A good best practice is to use on a regular basis a third-
party security folks to come in and do a technical vulnerability or penetration
test,” said Hurd. “That level of engagement is not happening as much as I
previously thought.” Read more

Penetration Testing
NEXT-GEN: Where Should Pen Testing and Source Code Review Fit into Your Dev
Lifecycle? Pen testing and source code review are integral to strengthening your
application’s security backbone. Here’s a quick breakdown of why and where they
might fit into the lifecycle. Read more
FEDERAL GOVERNMENT: Agencies Could Be Graded On More Than FITARA Under
New Scorecard. At least one lawmaker wants to transition the scorecard to have a
wider focus beyond FITARA but not everyone is ready to move on. Read more.
[NEXTGOV.COM]
PROBLEM SOLVING: Three Pen Test Tools for Free Penetration Testing. Nmap,
Nessus and Nikto are penetration testing tools that security operators can use to
conduct pentests on their networks and applications. Read more.
[SEARCHMIDMARKETSECURITY.TECHTARGET.COM] [REGISTRATION REQUIRED FOR ACCESS]

Open Source
DOD: Amid Congressional Mandate to Open Source DoD’s Software Code,
Code.mil Serves as Guidepost. In February, code.mil underwent a “relaunch,”
changing it from a GitHub-hosted, text-only, how-to guide to what its managers
say is both a code repository and a full-fledged toolset for software program
managers who need guidance on how to engage in open source practices within
the government. Read more
FEDERAL GOVERNMENT: Cloud.gov Open-Source Platform Speeds
Development, Requirements Process. IT development in the federal
government has earned its reputation for being a painfully slow process but
Cloud.gov, the government’s cloud application platform, is helping to change
that by standardizing the application lifecycle and helping to document it every
step of the way. Read more
FEDWEEK.COM]

Open Source
BUG BOUNTIES: Here’s What Government Gets Wrong About Bug Bounties. Bug
bounties are hot in government right now, but the craze may be outpacing the
contests’ actual usefulness, according to bug bounty practitioners. Read more.
[NEXTGOV.COM]
MACHINE INTELLIGENCE: A New Strategy for Machine Intelligence. As machine
intelligence makes its way out of the lab and onto the battlefield, experts are calling
for a national strategy that simultaneously advances and harnesses the technology.
Read more.
[GCN.COM]

Business Intelligence
CLOUD: The State Of Cloud Business Intelligence, 2018. 86% of Cloud BI adopters
name Amazon AWS as their first choice, 82% name Microsoft Azure, 66% name
Google Cloud, and 36% identify IBM Bluemix as their preferred provider of cloud BI
services. Read more
[FORBES.COM]
SOFTWARE PLATFORMS: Modern Business Intelligence Platforms Enable Citizen
Analysts. Top analytics and business intelligence platforms have been making it
easier for end users to get self-service insights. The next step in their evolution is
augmented analytics, according to market research firm Gartner. Read more
[INFORMATIONWEEK.COM]

TRENDS: The Key Trends That I Think Will Dominate the BI Industry in 2018.
According to Glen Rabie of YellowFinBI, there are five key trends in the BI industry
that he believes will take center stage in 2018. Find out what they are. Read more
[YELLOWFINBI.COM]
DISCOVER: 5 Business Intelligence Mistakes That Can Cost You Dearly. According to
Gartner, ‘There still remains a 70% likelihood that a BI project will fail to meet
expectations.’ And that means it is very important to learn the various mistakes that
hinder the successful implementation of BI solutions. Read more
[INSIDEBIGDATA.COM]

Operating Systems
SOFTWARE: Chrome 66 is Being Launched for Windows and Other Operating
Systems. Google has announced that the new Chrome 66 is now ready to be
installed on Windows, Mac, Linux, Android and iOS. The updated browser is
currently tested and will be released in the next few weeks. It has some interesting
new features like media auto-play changes, the ability to fix several security issues
and to export passwords. Read more
[TECHNOBEZZ.COM]
MICROSOFT & LINUX: A Linux Kernel at the Heart of a New Microsoft OS. In a slew
of security news, Microsoft unveiled an operating system product — not an internal
system, but an operating system product — that it will release with a Linux kernel.
Read more
[REDMONDMAG.COM]

Operating Systems
BUSINESSES: Zoho at a Crossroads: Stepping up Means Stepping Out. Zoho has
been one of the great successes in the world of small business technologies. Few
companies have been able to succeed with a similar business model, yet Zoho has
been wildly successful. But they are also enshrouded in mystery. Read on to see
what’s under their veil and what they have to do next — if they want to. Read more.
[ZDNET.COM]
ORACLE: Put Your Oracle Database In the Oracle Cloud. The “Cloud” has become a
popular location for many things, and Oracle databases are in that list. Oracle
Corporation provides Cloud services to create, migrate and manage databases
there, and once a subscription is in hand the provided Cloud dashboard can make it
fairly easy to migrate single instance and RAC databases to Cloud storage and
services. Let’s look at what is available in the Cloud and get an overview of moving a
database from on-premises storage to the Cloud. Read more.
[DATABASEJOURNAL.COM]

BYOD
SECURITY: Why BYOD Authentication Struggles to be Secure. A recent Bitglass
study pointed out some interesting statistics: Over a quarter (28%) of organizations
rely solely on user-generated passwords to secure BYOD, potentially exposing
countless endpoints to credential guessing, cracking and theft. 61% of respondents
also had reservations about Apple’s Face ID technology. Given that the general
concept in security has always been to eliminate passwords and use MFA, the
results are surprising, so why the disconnect? Read more

BYOD
DOD: ‘Wrong Trajectory’ in Mobile Strategy Stifles Marines’ BYOD Ambitions. The
Marine Corps has been talking about implementing a bring-your-own-device
strategy for more than three years as one way to cut costs and speed up its
adoption of commercial smartphone technology. But the service’s chief information
officer says the goal is still a long way off, and the Marines are still struggling to
bring aboard the most modern mobile devices, even when they’re owned by the
government. Read more.
TEXTBOOKS OPTIONAL: What Unbundling and BYOD Mean for Learning
Technology. Today, schools across the country look to educators to customize
learning for their unique classrooms. Here is how educators are accomplishing this
through unbundling and BYOD. Find out more
[ESCHOOLNEWS.COM]

BYOD
FEDERAL GOVERNMENT BYOD: The Mobile Security Conundrum. There are
currently more than 7.7 billion mobile connections around the world. Thanks to the
Internet of Things, it is predicted that the number of connected devices will reach
an astounding 20.8 billion by 2020. With the average number of mobile devices
owned per person currently estimated at 3.64, those devices are becoming
necessary equipment for today’s workers. Yet while the private sector has been
quick to establish Bring-your-own-device policies, the public sector has lagged
behind because of security and privacy concerns. Despite several initiatives —
including a White House-issued BYOD toolkit and two National Institute of
Standards and Technology documents (800-124 and 800-164) giving guidance on
securing devices that connect with government networks — many federal agencies
are still reluctant to establish BYOD policies. Read more
[GCN.COM]

Incident Response
CYBERSECURITY: Incident Response…What Needs to Be in a Good Policy.
Organizations need an incident response policy, and — perhaps most importantly —
a number of playbooks that allow them to think through a variety of different
incident scenarios. Read more
[ZDNET.COM]
RANSOMWARE: Puts Pressure on Incident Response. Cyber attackers switched
focus to ransomware attacks in 2017 putting pressure on incident response, while
human error was responsible for two-thirds of compromised records, a study
shows. Read more
[COMPUTERWEEKLY.COM]

Incident Response
SERVICES: IBM Security Looks to Incident Response Services for Growth. While
IBM has made significant investments in acquiring cybersecurity vendors in recent
years, the company now is turning its attention to security services like incident
response. Read more.
[SEARCHSECURITY.TECHTARGET.COM]
FEDERAL GOVERNMENT: DHS Cyber Incident Response Teams Closer to Becoming
Permanently Codified. The House approved a bill that would make the Department
of Homeland Security’s cyber incident response teams a permanent fixture within
the agency. The DHS Cyber Incident Response Teams Act would codify the agency’s
“cyber hunt and incident response teams,” which provide support to organizations
running critical infrastructure. The teams often respond to cyber incidents and help
organizations mitigate cybersecurity risks. Read more.
[CYBERSCOOP.COM]

Incident Response
FEDERAL GOVERNMENT: Agencies Should Prioritize Data-Level Protections to
Secure Citizen Information. Americans share numerous pieces of data about
themselves every day with companies and government agencies, including
personally identifiable information like Social Security numbers and health care
information. With all this personal information being shared, protecting an
organization’s network and infrastructure is no longer sufficient to protect this data.
Government now needs to secure each piece of data at a document level to fully
protect against cyber risks. Read more.
[NEXTGOV.COM]

Cybersecurity
CYBERSECURITY: How to Devise a Winning Strategy. Cybersecurity incidents and
breaches can seriously damage a company, making it imperative that security risk
management is integral to corporate governance. Read more
[ZDNET.COM]
IN PLAIN SIGHT: Why Military Veterans Are a Great Fit for Cybersecurity Careers. A
2017 report from the IBM Institute for Business Value (IBV) proposed a “new collar”
approach to recruiting. This strategy means recruiting professionals who lack
traditional college degrees but possess the technical skills and aptitudes of
explorers, problem solvers, students, guardians and consultants. One sector where
these attributes can be found in abundance is the military. Read more
[SECURITYINTELLIGENCE.COM]

Cybersecurity
RANSOMWARE ATTACK: Three Cybersecurity Lessons From Atlanta. On March 22,
Atlanta’s city government was hit with a ransomware attack, with hackers
demanding six bitcoins in exchange for releasing the data. At the time of writing
this, that’s a demand for roughly $41,880. As a result of the attack, many systems in
Atlanta are offline. Some of the city’s services have been forced to return to the
“pen and paper” method of operation. This episode highlights the growing
dependence of state and local governments on information technology systems and
emphasizes how their cybersecurity (or more accurately, insecurity) can impact the
broader national security issues. Here are three quick takeaways from this episode,
each likely worthy of much more in-depth development. Read more.
[LAWFAREBLOG.COM]

Cybersecurity
CAREERS: McAfee Report Suggests Gamers Could Thrive in a Cybersecurity Career.
Cybersecurity firms are feeling the pressure from having to deal with increasingly
complex and voluminous cyberattacks. Compounding the issue is that many senior
security managers feel it is difficult to attract the kind of talent needed to deal with
emerging threats. The solution might be to focus on gamers, according to a new
report by McAfee. Read more.
[PCGAMER.COM]

Cybersecurity
LEADERSHIP: A Lack Of Cybersecurity Funding And Expertise Threatens U.S.
Infrastructure. Most leaders in infrastructure-related industries take cyber risk
seriously, but their public sector counterparts need to start addressing
vulnerabilities with more urgency. Many experts and pundits are already pressuring
lawmakers and regulators to take more decisive action across all of our physical
systems. Despite this pressure, there are a number of obstacles that need to be
addressed alongside the implementation of new policies. Read more
[FORBES.COM]
IRS: What the IRS Computer Crash Can Tell Us About Cybersecurity. Based on
what’s public information so far, there is no reason to believe that the Tax Day
computer crash which prompted the Internal Revenue Service to delay its filing
deadline was the work of hackers, foreign or domestic. Even so, one can identify a
few things of value to those dealing with cybersecurity in government. Read more
[THEHILL.COM]

Cybersecurity
IDAHO: State Government Beefs Up Cybersecurity. The state of Idaho has been
working since the appointment of Jeff Weak, director of information security, in
January to improve the security of its online information. Read more
[IDAHOBUSINESSREVIEW.COM]
VETERANS AFFAIRS DEPARTMENT: VA Must Show Sustained Progress with
Cybersecurity for Auditors to Give Their Seal of Approval. The Veterans Affairs
Department’s cybersecurity has been deemed a material weakness longer than the
Federal Information Security Management Act and its predecessor the Government
Information Security Reform Act (GISRA) have been in existence. And for the 19th
straight year, VA’s inspector general determined the agency’s progress was not
enough to bring it off the bad list. Read more

IT Management
READ: All Management Is Change Management. Change management is having its
moment. There’s no shortage of articles, books, and talks on the subject. But many
of these indicate that change management is some occult subspecialty of
management, something that’s distinct from “managing” itself. This is curious
given that, when you think about it, all management is the management of
change. Read more
[HBR.ORG]
NARA: Improvements Seen in Federal Records Management, but ‘There is Work
to be Done’. Compliance, collaboration and accountability are the themes of the
National Archives’ recommendations to agencies for improving how they handle
paper – and electronic – trails. That’s according to NARA’s 2016 Federal Agency
Records Management Annual Report. Read more.

IT Management
FINANCIAL: Washington State’s Strategy for Tracking IT Spending. The state of
Washington’s first efforts to bring technology business management to its IT
spending practices began in 2010 when the legislature mandated annual reports
and specific evaluation requirements for investments. As interest grew in
monitoring the cost of IT along with the business services IT provides, officials in
the Washington’s Office of the CIO worked to refine the strategy through the
creation of a state TBM program. Find out more
[GCN.COM]

IT Management
HR: A Blueprint for Improving Government’s HR Function. Government, at its
core, is its employees and their commitment to serve the country. That fact is
too often overlooked. While technology enables employees to make better,
faster decisions, until artificial intelligence replaces the acquired knowledge of
employees, agency performance will continue to depend on the skill and
dedication of government workers. As such, civil service reform is increasingly
important because workforce rules and regulations are out of sync with current
management thinking. To use a basketball analogy, government is still shooting
two handed set shots. Read more
[GOVEXEC.COM]

Application Development
FEDERAL GOVERNMENT: IT Modernization…Four Ways to Pay the Tab. The drivers
for modernizing federal IT systems are multiplying. From the escalation in citizen
expectations to the incoming mandates from the legislative and executive branch,
there is a real and emerging momentum. This is most evident in the recently
enacted Modernizing Government Technology Act of 2017, which helps bridge the
budget gaps that have stifled recent modernization efforts. The challenge now
facing agency CIOs is that dedicated MGT funding is insufficient to fully address the
decades of “technical debt” that has accumulated in federal systems, despite the
heightened expectations prompted by the law’s passage. Read more
[FCW.COM]

FEDERAL INSIGHTS: The Three As of Modernizing Agency Systems: Agile, APIs,
Automation. The growth and acceptance of agile or dev/ops to develop software
and tools across agencies is both surprising and welcome. Bloomberg Government
found in 2017 that spending on agile services increased to $368 million in fiscal
2016 from $242 million in 2015 among the 40 biggest contract vehicles. And we’ve
seen agencies such as the Transportation Security Administration, which plans to
transform more than 70 applications into a modern architecture through agile, or
the Food and Drug Administration, which is moving one step further than agile and
by moving to a micro-services architecture, dev/ops or iterative development is
catching on quickly. Read more

QUESTION: What is DevOps? An Executive Guide to Agile Development and IT
Operations. To make the most of today’s containers, servers, virtual machines, and
clouds, you need to deploy DevOps in your enterprise. Or, you can let your rivals
put you out of business. It’s your choice. Read more
[ZDNET.COM]
DOD: Striking a Blow for Agile with DOD Weapons Systems. In a recent report,
called Design and Acquisition of Software for Defense Systems, the Defense
Science Board (DSB) has raised its influential voice on behalf of a move by the
Department of Defense towards greater use of agile development approaches for
software being developed for weapons systems. Read more
[FCW.COM]

Big Data
HEALTH: How Big Data Is Fueling This Company’s Digital War on Diabetes. Omada
Health pulled of something that was, especially at the time, highly unusual in the
ever-burgeoning yet still-fledgling digital health space: In 2016, the company scored
federal government reimbursements for its diabetes prevention program. It’s
continued to grow since then and shared results from nine different peer-reviewed
studies noting significant results for diabetes, cardiovascular disease, and obesity
patients—a case study in how at least one company in the sphere is using data to
try and fuel real world patient outcomes. Read more
[FORTUNE.COM]

Big Data
GOVERNMENT: The U.S. Needs a New Paradigm for Data Governance. The U.S.
Senate and House hearings last week on Facebook’s use of data and foreign
interference in the U.S. election raised important challenges concerning data
privacy, security, ethics, transparency, and responsibility. They also illuminated what
could become a vast chasm between traditional privacy and security laws and
regulations and rapidly evolving internet-related business models and activities. To
help close this gap, technologists need to seriously reevaluate their relationship
with government. Here are four ways to start. Read more
[HBR.ORG]

Big Data
BUSINESSES: Why They Are Failing to Reach Big Data Maturity. Enterprises have
been leveraging Big Data solutions to capture, store, analyze, organize and
transform their data for years; but despite the advancements made in this space,
they have still not reached a transformational level of maturity, a recently released
survey revealed. AtScale announced the results from its Big Data maturity survey,
and found only 12 percent of respondents have reached a high-level of maturity
when it comes to Big Data. This is up from 8 percent in 2016. Read more.
[SDTIMES.COM]
CLOUD: Over Three Quarters of Businesses to Use the Cloud for Big Data.
Changing diversity of working environments is slowing down the use of Big Data.
Can Hybrid Cloud be the answer? Read more.
[CBRONLINE.COM]

Internet of Things (IoT)
IoT: What is the IoT? Everything You Need to Know About the Internet of Things
Right Now. The Internet of Things, or IoT, refers to billions of physical devices
around the world that are now connected to the internet, collecting and sharing
data. Thanks to cheap processors and wireless networks, it’s possible to turn
anything, from a pill to an aeroplane, into part of the IoT. This adds a level of digital
intelligence to devices that would be otherwise dumb, enabling them to
communicate without a human being involved, and merging the digital and physical
worlds. Read more
[ZDNET.COM]

OPINION: Bringing Your Internet of Things Infrastructure into the Digital Age. Most
IoT projects are implemented in existing, brownfield environments with traditional
legacy systems, requiring an incremental approach. The goal of these gradual
integrations has been to optimize or automate processes, gain some efficiencies,
and move onto the next low-hanging fruit. But, this approach will not work if
businesses want to capture IoT’s true transformational value: the creation of new
business models, new revenue streams, new products and new markets. Read more
[NETWORKWORLD.COM]
MICROSOFT: Invests $5 Billion in the Internet of Things. Microsoft wants to prove
it is dedicated to the success of the Internet of Things with a new $5 billion
investment and updates to its IoT portfolio. The company announced it will invest
$5 billion into the IoT over the next four years. Read more.
[SDTIMES.COM]

RESEARCH: Using Blockchain to Secure the “Internet of Things”. The ability to
better track and distribute security software updates would help fortify insecure IoT
devices, which have already contributed to major cyber disasters. Read more.
[SCIENTIFICAMERICAN.COM]

Personal Tech
FACEBOOK: I Downloaded the Information That Facebook Has on Me. Yikes. When
The New York Times lead consumer technology writer Brian X. Chen downloaded a
copy of his Facebook data last week, he didn’t expect to see much. “My profile is
sparse, I rarely post anything on the site, and I seldom click on ads. (I’m what some
call a Facebook ‘lurker.’) But when I opened my file, it was like opening Pandora’s
box.” Read more
[NYTIMES.COM]
FUTURE TENSE: There’s a New Bill to Regulate Facebook and Google’s Data
Collection. Facebook may not be able to ride out its bad news cycle scot-free after
all. On Tuesday, Sens. Amy Klobuchar, a Democrat from Minnesota, and John
Kennedy, a Republican from Louisiana, released a sweeping new bill that, if passed,
would impose strong new regulations on companies like Facebook and Google that
collect data on users. Read more
[SLATE.COM]

Personal Tech
MICROSOFT: Tech Support Scams Ramping Up, Microsoft Warns. Staying safe
online is increasingly more difficult. Who you think is the friendly IT guy calling for
information could be a criminal looking for some easy cash. Scams like these that
rely on social engineering techniques are becoming more and more frequent,
ZDNet reported. Microsoft said it received 153,000 reports in 2017 from customers
who dealt with tech support scams. That’s a 24 percent increase from 2016. Such
incidents happened in 183 countries, and around 15 percent of them involved the
victim losing money—usually between $200 and $400—to the scammer. Read more
[NEXTGOV.COM]

Personal Tech
EDTECH: What Happens to Student Data Privacy When Chinese Firms Acquire U.S.
Edtech Companies? Between the creation of a social rating system and street
cameras with facial recognition capabilities, technology reports coming out of China
have raised serious concerns for privacy advocates. These concerns are only
heightened as Chinese investors turn their attention to the United States education
technology space acquiring companies with millions of public school users. Read
more
[EDSURGE.COM]

Mobile
ENTERPRISE: How Killing Net Neutrality Will Affect Enterprise Mobility. As the FCC
prepares to eliminate net neutrality rules, allowing ISPs to charge more for some
internet traffic based on speed of delivery, companies will have to rethink how
mobile apps are created and how they host content. Read more
[COMPUTERWORLD.COM]
FINANCIAL: Most Cryptocurrency Mobile Apps Are Vulnerable. Mobile
cryptocurrency app report finds that many apps are vulnerable to cybersecurity
threats after testing the Google Play Store’s Top 30 Financial apps. Read more.
[APPDEVELOPERMAGAZINE.COM]

Mobile
DIGITAL WORKSPACE: DOD Creates New Security Requirements for Mobile Apps.
The Defense Department has outlined baseline standards that mission-critical and
business mobile applications need to meet. Find out more
[FEDTECHMAGAZINE.COM]
LOCAL: App Brings SA Government Contract Leads to Local Bidders. A pair of U.S.
military veterans-turned-entrepreneurs in San Antonio are banking on big returns
from a app geared toward connecting small businesses with the government
procurement process — both for municipalities seeking bids from local companies
and for businesses looking to break into the market. Find out more
[BIZJOURNALS.COM]

Programming & Scripting Development
Client & Server-Side

JAVA: Oracle Sets Date for End of Java 8 Updates. Further clarifying its ongoing
support plans for Java SE (Standard Edition) 8, Oracle will require businesses to
have a commercial license to get updates after January 2019. Read more
[INFOWORLD.COM]
TYPESCRIPT: Everyone’s Type of JavaScript. TypeScript has a long list of
achievements under its belt; there is a reason why it is called the ‘undisputed’
leader of JavaScript despite being only 5 years old. DefinitelyTyped, a repository for
high-quality TypeScript type definitions, reached 4,600 contributors for over 3,600
packages in 2017. It was also declared #3 on Most Loved programming languages
in StackOverflow’s 2017 survey. Read more
[JAXENTER.COM]

PYTHON: How Python is Transforming the DevOps Landscape. As DevOps is an
approach for handling change and agility, engineers must master multiple
languages. The Python programming language is one of the most crucial
components of the DevOps toolchain. Many DevOps teams utilize it for building
web applications for visualizing custom data, building custom utilities and more.
Read more
[DEVOPS.COM]
JAVASCRIPT: What’s New in the Node.js 10 JavaScript Runtime. Node.js 10 arrives
with full support for N-API, LTS status to come, and more features under
consideration for 2018 and 2019. In addition to OpenSSL 1.1.0 support, there are
other new features in the Node.js 10.0.0 release. Read more
[INFOWORLD.COM]

Cloud Computing
FEDERAL GOVERNMENT: Google Cloud Targets Federal Government. Google wants
to compete with Amazon, Microsoft and other companies for a share of the
government’s massive cloud computing market. Read more
[NEXTGOV.COM]
MICROSOFT: To Offer Governments Local Version of Azure Cloud Service. Microsoft
Corp said it will soon make it possible for government clients to run its cloud
technology on their own servers as part of a concerted effort to make Azure more
appealing to local and federal agencies. Read more
[REUTERS.COM]

Cloud Computing
FYI: Defense Agency To Begin Moving Classified Data to Amazon’s Secret Cloud
After Protest. Microsoft withdrew a bid protest that allows U.S. Transportation
Command to begin migrating data to Amazon’s secret cloud region. Read more.
[NEXTGOV.COM]
PRODUCTIVITY: Microsoft 365 is Coming to the Government Cloud. Agencies will
soon be able to deploy Microsoft 365 cloud-based productivity suite in the
company’s government cloud environments that are dedicated to meeting U.S.
federal compliance and security standards. Read more.
[GCN.COM]

Cloud Computing
DOD: Pentagon’s Cloud-Computing Plans Spur Sharp Debate from Amazon Rivals.
The Pentagon’s plans for a huge cloud computing contract have spurred sharp
debate over the winner-take-all award that competitors say will favor Amazon. The
heated lobbying by companies is escalating as President Donald Trump fires a
barrage of tweets against Amazon. Read more
[SEATTLETIMES.COM]
PROBLEM SOLVING: Four Options to Manage Stateful Apps in the Cloud. Stateful
applications in the cloud pose an ongoing challenge for development and operations
teams. Review four ways to address those issues and keep your apps running
smoothly. Read more.
[SEARCHCLOUDAPPLICATIONS.TECHTARGET.COM] [REGISTRATION REQUIRED FOR ACCESS]

Cloud Computing
GOOGLE: Drone Uproar Could Hit Google’s Cloud-Computing Business. Google
parent Alphabet (GOOGL) is under pressure from its own employees to stop
providing the U.S. Department of Defense with artificial-intelligence tools in a
project involving drone technology. The uproar could derail Google’s efforts to build
up its government-related cloud-computing business vs. rivals Amazon.com (AMZN)
and Microsoft (MSFT). Google is the third-biggest provider of cloud-computing
services, behind Amazon Web Services and Microsoft’s Azure. Read more
[INVESTORS.COM]

Cloud Computing
NEW: Cloud Security – 10 Top Startups. Part of the difficulty with defending modern
IT systems is that enterprise networks no longer have a defined edge that
administrators can wall off and protect. Thanks to trends like cloud computing and
the Internet of Things (IoT), enterprise networks are wider than ever — and that
much more difficult to secure. To address this changing reality, many organizations
are turning to cloud-based security solutions. A large crop of startups is hoping to fill
this need. Here is a slideshow that highlights 10 of the most promising that have
been founded within the last five years and have received notable amounts of
funding from venture capital firms. Read more.
[DATAMATION.COM]

Announcement
Blue Mountain Data Systems DOL Contract Extended Another Six Months
The Department of Labor has extended Blue Mountain Data Systems Inc. contract
DOLOPS16C0017 for 6 months for network administration and application
support.
U.S. Dept. of Labor, Employee Benefits Security Administration
1994 to Present Responsible to the Office of Technology and Information Systems
for information systems architecture, planning, applications development,
networking, administration and IT security, supporting the enforcement of Title I
of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

IT Security | Cybersecurity
SECURITY: 5 Things You Need to Know About the Future of Cybersecurity. Terrorism
researchers, AI developers, government scientists, threat-intelligence specialists,
investors and startups gathered at the second annual WIRED conference to discuss
the changing face of online security. These are the people who are keeping you safe
online. Their discussions included Daesh’s media strategy, the rise of new forms of
online attacks, how to protect infrastructure, the threat of pandemics and the
dangers of hiring a nanny based on her Salvation Army uniform. Read more
[WIRED.CO.UK]
IT MANAGEMENT: Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix
Them. Cybersecurity teams are largely understaffed and underskilled. Here’s how to
get the most out of your workers and keep your business safe. Read more.
[TECHREPUBLIC.COM]

FEDERAL GOVERNMENT: Rep. Hurd Champions Modernizing Federal Cybersecurity.
The federal government is and will continue to be a target of cyber crimes.
According to the Identity Theft Resource Center, U.S. companies and government
agencies suffered a total of 1,093 data breaches in 2016. Mid-year numbers for 2017
show 791 incidents as of the end of June – a 29 percent increase over the same
period in 2016. With that said, is the government doing enough to prepare for cyber
threats? On this episode of CyberChat, host Sean Kelley, former Environmental
Protection Agency chief information security officer and former Veterans Affairs
Department deputy chief information officer, spoke with Rep. Will Hurd (R-Texas)
about initiatives to modernize the federal cybersecurity space. Read more

STATE GOVERNMENT: To Simplify Cybersecurity Regulations, State Groups Ask
Federal Government for Help. A letter to the Office of Management and Budget
says that today’s regulatory environment “hampers” states in their pursuit of cost
savings and IT optimization. Find out more
STATESCOOP.COM]

From the Blue Mountain Data Systems Blog
Programming & Scripting
https://www.bluemt.com/programming-scripting-daily-tech-update-september-
29-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/
https://www.bluemt.com/business-intelligence-daily-tech-update-september-15-
2017/
Mobile Applications
https://www.bluemt.com/mobile-applications-daily-tech-update-september-11-
2017/

Personal Tech
https://www.bluemt.com/personal-tech-daily-tech-update-september-28-2017/
Databases
https://www.bluemt.com/databases-daily-tech-update-september-21-2017/
Penetration Testing
https://www.bluemt.com/penetration-testing-daily-tech-update-september-26-
2017/
Incident Response
https://www.bluemt.com/incident-response-daily-tech-update-september-14-
2017/

Security Patches
https://www.bluemt.com/security-patches-daily-tech-update-september-22-
2017/
Operating Systems
https://www.bluemt.com/operating-systems-daily-tech-update-september-20-
2017/
Encryption
https://www.bluemt.com/encryption-daily-tech-update-september-19-2017/
Cloud Computing
https://www.bluemt.com/cloud-computing-daily-tech-update-september-18-
2017/

Open Source
5-2017/
CTO, CIO and CISO
https://www.bluemt.com/cio-cto-ciso-daily-tech-update-september-6-2017/
Programming & Scripting
5-2017/

Security Risks Most Prevalent in Younger Workers
https://www.bluemt.com/security-risks-most-prevalent-in-younger-workers/
The Security World’s Maturation
https://www.bluemt.com/the-security-worlds-maturation/
Data Breach Concerns Keep CISOs Up At Night
https://www.bluemt.com/data-breach-concerns-keep-cisos-up-at-night/
Personalized Govt Equals Instant Gratification for Citizens
https://www.bluemt.com/personalized-govt-equals-instant-gratification-for-
citizens/

People-Centric Security
https://www.bluemt.com/people-centric-security/
Pentagon Tries BYOD To Strike Work/Life Balance
https://www.bluemt.com/pentagon-tries-byod-to-strike-worklife-balance/
Open Source Model Considered for MS Windows
https://www.bluemt.com/open-source-model-considered-for-ms-windows/
Open Internet: To Be or Not to Be?
https://www.bluemt.com/open-internet-to-be-or-not-to-be/

Malware Stays A Step Ahead Infecting One Third of Websites
https://www.bluemt.com/malware-stays-a-step-ahead-infecting-one-third-of-
websites/
Machine-Generated Data: Potential Goldmine for the CIO
https://www.bluemt.com/machine-generated-data-potential-goldmine-for-the-
cio/
Government Legacy Programs: Reuse vs. Replacement
https://www.bluemt.com/government-legacy-programs-reuse-vs-replacement/
It Takes a Whole Village to Protect Networks and Systems
https://www.bluemt.com/it-takes-a-whole-village-to-protect-networks-and-
systems/

Governance For the CIO
https://www.bluemt.com/governance-for-the-cio/
Help Desk Consolidation – Lessons Learned
https://www.bluemt.com/help-desk-consolidation-lessons-learned/
One Year Later, Companies Still Vulnerable to Heartbleed
https://www.bluemt.com/one-year-later-companies-still-vulnerable-to-
heartbleed/
Federal Projects Cultivate Worker Passion
https://www.bluemt.com/federal-projects-cultivate-worker-passion-2/

ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application
and systems development, electronic document management,
IT security support, and the automation of workflow processes.
Read more about our experience here:
>> http://bluemt.com/experience

Recent Experience
U.S. Dept. of Labor
Employee Benefits Security Administration
1994 to Present
Responsible to the Office of Technology and Information Systems for information
systems architecture, planning, applications development, networking,
administration and IT security, supporting the enforcement of Title I of the
Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue
Mountain is responsible for design, development and support for its various
enforcement database management systems, as well as all case tracking and
customer service inquiry systems. Blue Mountain also provides IT security services
to the EBSA, in the form of FISMA Assessment and Authorization, System Security
Plans, Risk and vulnerability assessments, monitoring and investigation support.

MANAGEMENT
Paul T. Vesely
Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems
architecture and delivery, having designed and
delivered many enterprise wide information and
document management solutions. Mr. Vesely’s history
includes 33 years experience in the information
systems industry, with Unisys, Grumman, PRC and a
host of clients in both government and private sectors.

CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS
366 Victory Drive
Herndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
EMAIL
paul@bluemt.com
WEB
https://www.bluemt.com

Tech Update Summary from Blue Mountain Data Systems April 2018

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Tech Update Summary from Blue Mountain Data Systems April 2018