Press Release: First Annual Cybersecurity Summit for Health IT

Posted by Jacqui Dietrich on Thu, Apr 14, 2016 @ 11:04 AM

Colorado Corporations and Government Agencies Tackle Healthcare Cybersecurity in First Annual Summit

April 14, 2016, DENVER – More than 20 corporations are in Denver today to address a significant issue facing Colorado companies and consumers of healthcare: cybersecurity. Colorado’s first-annual Health IT Cybersecurity Summit, hosted by SecureSet, Prime Health and Western Cyber Exchange, was designed to address cybersecurity risks within the healthcare industry. Deborah Blyth, chief information security officer (CISO) for the State of Colorado, is kicking off the event at 8:30 a.m. this morning.

Specific topics at the summit include:

  • Healthcare information threats
  • Information vulnerabilities
  • Actionable mitigation strategies
  • Security for digital health start-ups
  • Improving healthcare operations
  • Addressing business risks
Read More

Topics: cybersecurity, information security, IT, privacy, apple, fbi, secureset, security, Health IT, AppleVsFBI, healthcare, Digital Healthcare

A Chance for Civil Discourse

Posted by Alex Kreilein on Thu, Mar 24, 2016 @ 17:03 PM

A game is being played with your privacy and with your security. The hype around the current controversy of Apple vs. FBI misleads the public with the sort of vapid technical detail that should alarm leaders in our community. This is not an issue the 24-hour news cycle will solve. It must be addressed by technical and legal scholars.

Read More

Topics: cybersecurity, information security, IT, privacy, apple, fbi, secureset, security, AppleVsFBI

Brute Force: Privacy & Security in the Age of Cryptography

Posted by Alex Kreilein on Mon, Mar 21, 2016 @ 16:03 PM

Alex Kreilein, Co-founder & CTO, SecureSet, & Austin Chambers, Attorney, Lewis, Bess, Williams & Weese

On February 16, 2016, the United States District Court for the Central District of California issued an order that required Apple to assist the FBI in the search of the iPhone used by one the the San Bernardino shooters. The Order requires Apple to comply with an FBI demand that Apple build and install software disabling the countermeasures on the iPhone 5c running iOS 9 that wipe the iPhone after 10 failed passcode attempts. The device belonged to the San Bernardino County Department of Public Health, which has given the government permission to search the phone.

The FBI in this specific circumstance is not requiring that Apple unlock this iPhone.  In this circumstance, the FBI is also not requiring Apple apply a new form of cryptography to this or other iPhones (we’ll get to this later). However, the FBI is requiring that Apple develop and install software on this iPhone to allow the Bureau to run possible passcode combinations until the phone unlocks without fear of triggering the security countermeasures that erase data on the device automatically.

Legal Standing

The legal arguments behind the Apple v. FBI1 case are the subject of intense scrutiny, although despite that scrutiny, the case itself is regularly mischaracterized. One side alleges the FBI is desperately seeking precedent necessary to unlock millions of devices through one of any manner of doors using only the antiquated All Writs Act of 1789 (“AWA”) as the key. Meanwhile the other side alleges Apple is preventing access to just a single phone—one belonging to a dead ISIS terrorist, no less—in what amounts to nothing more than a twisted marketing ploy. We believe both characterizations factually miss the mark, and in so doing, obscure the ramifications of the case itself.

The outcomes of this matter depend heavily on how the court interprets the powers and limits of the AWA. Apple raised interesting First and Fifth Amendment arguments, however, these are less likely to be deciding factors in the case, so we will leave those for others to assess. Ultimately, the court must decide two fundamental questions: Is the AWA applicable to this case, and if so, would the AWA allow a court to order Apple to create a new, but insecure, version of iOS?

Does the AWA apply?

The AWA was passed as part of the Judiciary Act of 1789, the same act that created the U.S. federal court system. The AWA provides that courts may issues all writs—or orders—that are necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law. In other words, courts can issue writs to “fill gaps” as necessary to give effect to various aspects of the judicial duties. The AWA appeared early in U.S. judicial history, even playing a part in the case Marbury v. Madison, a landmark case forming the basis for the exercise of judicial review. In the time since, it has been used in cases ranging from requiring custodians to bring a prisoner to court for their own appeal (filling a gap in the traditional writ of Habeas Corpus) to compelling phone companies to place a pen register on a phone line. Thus, the AWA has been both hero and villain in vindicating the constitutional rights of defendants, while also giving rise to contentious expansions of courts’ constitutional authority.

Read More

Topics: cybersecurity, information security, IT, privacy, apple, fbi, secureset, security, AppleVsFBI

Cybersecurity’s Perfect Storm: Increasing Threats and a Shortage of Talent

Posted by Jacqui Dietrich on Mon, Jan 25, 2016 @ 21:01 PM

Do you have a data breach response plan? If not, you should. According to Cybersecurity Market Report, cyber attacks cost businesses $400 billion to $500 billion a year. 

Read More

Topics: cybersecurity, cybercrime, jobs, information security, career opportunity, IT, job training

Cybersecurity Hero: Chris Calvert, Director of Solutions Innovation & Services Engineering at HP

Posted by Jacqui Dietrich on Tue, Jan 12, 2016 @ 09:01 AM

From the battlefront of cybersecurity, meet Chris Calvert. Chris leads the team charged with bringing cutting edge security solutions to market. He has led the design and build of many Global Fortune-20 Security Operations Centers. His methodology for Security Operations has been leveraged across 40+ SOCs and extensively throughout Europe, Asia and North America. Chris is a SecureSet Academy advisor and instructor. He speaks with us about the massive opportunities for professionals in the cybersecurity arena.

What are the most important job skills and qualifications that you are looking for in candidates applying to cybersecurity jobs out of school?

Calvert: Ok, the first two are always attitude and aptitude. After that, hands on experience, knowledge of technology, experience with various operating systems and platforms, understanding of the network but also the ability to think analytically is important.

Read More

Topics: cybersecurity, cybercrime, jobs, information security, career opportunity, IT, job training