Tag Archives: cybersecurity

Gartner’s strategic tech trends for 2021 turn pragmatic

Posted on October 24, 2020 by | 2 comments

Gartner thinks companies are finally starting to take security and protection of data seriously, and will focus more on the very practical improvements to operations they can make using IT. Big data, AI and other tech will play a role, but in service to other goals.

This is a good trend. For years we’ve known that cybersecurity requirements were preventing the full realization of computing’s ability to change how we work. Finally people are putting more effort into real solutions. If it works, it will be a giant step ahead.

Focusing on making sure customers and workers can mprove their productivity will also yield big benefits. If we use AI and data-driven decisions for that, and adopt the agile, experimental approach, great strides can be made.

AUTHOR Naomi Eide @NaomiEide PUBLISHED Oct. 19, 2020

Gartner’s strategic tech trends for 2021 turn pragmatic | CIO Dive

2 Comments

Posted in Advanced Computing

Tagged , ,

Quote

Checking for vitals: Inside the Quest Diagnostics, LabCorp supply chain breach

Apparently, healthcare is among the worst industries in terms of breaches of data security. And this is despite the dramatic increase of attention the HIPAA law has focused on their behavior with data.

In this case it was two diagnostic laboratories, Quest and LabCorp, whose data were allowed to be stolen. the data stolen consisted of financial information, such as credit card information, bank account information, and medically identifiable information such as social security numbers, as well as names, addresses dates of birth, dates of service, and balance information. No diagnostic results were stolen.  And why would anyone want them except for blackmail, a hard way to earn money.

Apparently the breach was due to both firms’ use of AMCA, a billing collector for both firms. Over 12 million customers were affected.  The breach of security went on for over 7 months in 2018 and 2019 before being spotted.

Health systems are often cobbled together using a variety of sources of software, and it isn’t a surprise that there might be chinks in the armor.  On average, healthcare systems thke 36 days to pass between intrusion and detection.  They take on average 10 days to contain the problem.  An analyst at Gartner said “I think this is a hopeless situation.”  A re-architecture of health care data is required that puts security first.  But then it will be much harder for us to find out our test results or status.

There’s a tradeoff between security and accessibility that is a major issue for supply chains, and whenever there is a need for cooperation, as between patient and her health care providers.  Computer scientists and information technologists have needed for 20 years to spend serious resources on developing a sound practice that meets both needs.

screenshot-CIO Dive 2019-06-06  via Checking for vitals: Inside the Quest Diagnostics, LabCorp supply chain breach | CIO Dive

written by

1 Comment

Posted on June 6, 2019 by in Advanced Computing, Logistics, Supply Chains

Tagged , ,

Quote

BIMCO launches new cybersecurity clause

BIMCO is one of the leading standardization forces in the world of shipping. Here is an example related to cybersecurity.

How do you write a contract that binds participants to provide an appropriate level of cybersecurity?  As the article makes clear, cybersecurity has been an issue in several recent shipping incidents.  Cyber attack is very real, and shipboard systems are great targets; they have low-speed interfaces to the network, there are relatively few kinds of content transmitted, and they operate in international waters where there is no specific enforcement.  And cybersecurity can be expensive, though it is low-cost compared to the damage that could result from just one incident.

Standards are needed.  BIMCO springs to the task.  The drafting team consisted of a law firm, shipowners, P&I clubs, and Klaveness, a maritime investment firm.  There’s a two-fold notification process; immediate notification of an incident, and then a detailed notification once an incident has been investigated.

The parties are required to share the information throughout. This last point is important, because cyber events often require joint resolutions for mitigation and future prevention.

The contract element also requires any third parties employed by the participants to have adequate cybersecurity, and makes the primary firms responsible for seeing to it.

Now we will have to see whether the clause catches on in the contracts we see written.  There is always a risk with a top-down driven standard; it may miss the issues the market needs to address.

Research has shown (albeit in other contexts, such as health care) that top-down standard initiation often does not produce the penetration of results that flexible evolution of a standard does.  However, someone has to start the ball rolling, and here we have a credible effort.

Let’s now see more innovation in this area of contracting, and let’s see the results in the open, so the best combination of terms emerges and gets global acceptance.

screenshot-Digital Ship 2019-05-24  via BIMCO launches new cybersecurity clause – Digital Ship – The world leader in maritime IT news

2 Comments

Posted on May 24, 2019 by in Logistics, Shipping, Strategy, Supply Chains, Sustainability

Tagged , , , , , ,