Gwinnett Tech Forum: The Evolution of Wearable Technology

Using smart watch

Partnership Gwinnett hosts quarterly Technology Forums (http://www.gwinnettchamber.org/gwinnett-technology-forum/). I enjoy attending them because they always have interesting topics, knowledgeable speakers, and great networking with technology professionals. The last one I attended was called “The Evolution of Wearable Technology.” Panelists included Rick Erazo (RE), of AT&T Wearable IOT; Todd Charest (TC), Chief Innovation and Product Officer, Ingenious Med; and Peter Presti (PP), Research Scientist at Georgia Tech IMTC Georgia Tech. The panel was moderated by Robert McIntyre (RM), from the Wireless Technology Forum.

The discussion began with some introductory remarks and a history of wearable technology – where it came from up to where it is now. The moderator then presented a series of questions for each panelist regarding how they use the technology, what are the trends and obstacles they see, and how they believe this technology will change employer and consumer behavior. Below I have put some highlights form the discussion.

Check their website for future Forum dates.

Hurdles for wearable technology?

Size, battery life, and consumer behavior.

Factors of adaptability of wearable technology?

Health, productivity, safety and security.

Interesting stats:

  • 10% of wearable devices will be working on a cellular network.
  • 24 million devices were in use by end of 2015.
  • A 36% annual growth is expected in this market through 2017.
  • By 2018 it will be a $12 billion range market.

There is a difference between non-traditional OEM’s of wearable technology and enterprise wearable technology.

Non-Traditional OEM Enterprise
Concerned with how the device “looks” on the body

Personal preferences, tastes, personality traits of the wearer, fashion, lifestyle

 

Concerned with how the device “functions” and affects productivity

Ex. Google glass flopped with consumers but has been taken up by service providers

  1. Why are wearables taking off?
    • Mass adoption of smart phones. (RE)
    • There are better user interfaces and user experiences now. (RE)
    • A wearable is not just the device but also an infrastructure. (PP)
    • We are understanding better behavior change – behavioral engineering – so now we can collect data passively and do something with the data to make lives better. (TC)
  2. Is the wearable the extension of the human or is the human the extension of the wearable?
    • We start with the human first. (TC)
    • We may be transitioning in to a “Borg Lab” (from Star Trek) where humans and wearables will co-evolve (like clothes). (PP)
    • An extension of the human 0 that fashion element that represents who you are to the world – like luxury items. (RE)
  3. How will wearables enhance and challenge the workplace?
    • Wearables can work very well in certain areas – like manufacturing – like id badges – for authentication and to provide access. (RE)
    • Any job that needs interaction with a terminal can use a wearable. (PP)
    • We are collecting a vast amount of data today – information overload – we need to learn how to make sense of it. It will not be fashion but usability that will determine a higher adoption rate in the workplace. (TC)
  4. What about privacy and security?
    • These are the biggest challenges in this market. How do we strike a balance? What is the younger generation’s understanding of privacy, etc.? (TC)
    • What happens to the data collected by the wearable beyond health – photos, etc.? Regulatory policy will come into this space within the next 5-10 years. (PP)
    • These are critical to adoption multi-faceted approach through every step in the use of the wearable for security. We each need to access our risk. Need to look at mobile device management – and update IT policy to include wearables and IoT; especially bio-data of employees. (RE)
  5. Which wearable is your favorite and why?
    • Google Glass – a massive social experiment of what people are willing to accept and not to accept. Fashion vs. form vs. function – what is the right way to build these things? (PP)
    • Samsung Gearup 2 and Timex Metropolitan (RE)
    • Need to look at the breath and depth; my smartphone, Apple Watch (convenience and social acceptability), Fitbit (social norms) (TC)
  6. Which wearable technology company should we buy stock in?
    • Fashion name brands like The Fossil Group which just acquired Misfit. (RE)
    • Small start-ups; Pulse Wave monitoring company (PP)
    • Companies working with cognitive computing; self-driving cars; insurance companies (DC)
  7. Other comments:
    • Problem with Google Glass is that its battery life is too short so it is not good for constant and long-term monitoring (PP)
    • Empowered patients – “sitting (not moving) is the new smoking” – this is a public health concern; we need to get employees moving (PP)
    • This will be a competitive space, but a big challenge is that the data collected in one device is not transferable to different platforms. (TC)
    • Who owns the data? Will you be beholden to a certain brand because they have your data (not ideal). The user should own the data. (PP)
    • It will be a crowded space (RE)

Resources:

NACCSE Women in Cyber Technology Panel 2016

mechanical-gears-background-with-businesswomen_g12edjjo_l

I attend various cyber-security related events throughout the year so I can keep myself updated on the latest in the industry as well as keep up with colleagues and meet new people. The Netherlands American Chamber of Commerce South Eastern Region (http://www.naccse.org) has been organizing a series of panels regarding women in various industries – predominately technology and leading edge. This past panel – their 11th – was on “Women in Cyber Technology” and was held at L’Alliance Française in Atlanta, Georgia in August. The panel was co-hosted by the French American Chamber of Commerce – Atlanta (FACC-Atlanta) British-American Business Council of Georgia, GACC, and Women in Bio Atlanta. Panelists included: Marci McCarthy, CEO of T.E.N; Major Rodriguez Head of the Army Cyber School; Deborah Johns, Technology Recruiter; and the moderator Allison of Turner BCI Global.

The panel discussed issues related to being employed in the sector – what skills and training are required, what can women expect when working in the industry, why is the industry booming, and resources to help women get, maintain, and thrive in this male-dominated industry. Although they wanted to broaden their discussion on cyber technology, it quickly narrowed down to cyber-security, and for obvious reasons considering the recent headlines regarding personal, professional, and national threats due to online attacks.

Below I have listed some quotes and highlights from the panel as well as some of the resources shared by the panelists.

  • “In technology the salary is higher.”
  • “Cyber security is about priorities – you need to understand the risks and re-prioritize continuously.”
  • “What role models did you have while growing up? Did they look like you? Did you see yourself in that role?”
  • “Security clearances are an asset to your marketability – in and outside of the military.”
  • “Top concern on cyber security is the unknown threat because you do not know where it is coming from or sometimes when it has even hit.”
  • “Security professionals are paid to be paranoid.”
  • “To be successful in this field it is good to have a business acumen or business degree background – how is this going to affect my business.”
  • “There is no regular day in cyber security/cyber technology – an attack can happen 24/7.”
  • “You need to be a great communicator and have good relationships throughout the organization.”
  • “Build strong security awareness programs for your organization.”
  • “You need to have great knowledge of the security arena.”
  • “Remind people of cyber hygiene – like don’t click on an attachment or links.”
  • “The first CISO was Steve Katz at CISCO in 1999. We’ve come a long way since then.”
  • “This is a self-selected industry.”
  • “You need logic, to understand how things work.”
  • “Today everything runs off apps – and the more apps the more security issues you have.”
  • “This industry is taxing on your family – you need an understanding spouse.”
  • “There is high burnout – and you need to be comfortable that there may not be life-work balance.”
  • “You need an amazing tem around you.”
  • “The CISO is the James Bond of IT.”
  • “Always have a succession plan in place – a backup – or you will never get a break.”
  • “You need to be dedicated – you WILL work hard.”
  • “You don’t need to for some jobs in the field but it is good to learn to code – Udacity is a good resource. Think of it as learning another language – and knowing another language makes you more valuable.”
  • “You need to know about networking, technical aspects, encryption, governance, risk, and compliance.”

 

Key Information Security Organizations:

ISSA – http://www.issa.org

ISACA – https://www.isaca.org/Pages/default.aspx

ISC(2)- http://isc2.org

TAG Information Security Society – http://www.tagonline.org/chapters-and-societies/information-security/

ICMCP – https://icmcp.org

SANS – https://www.sans.org

 

Key publications and information sources:

SC Magazine – http://www.scmagazine.com

Dark Reading – http://www.darkreading.com

IT Security Planet – http://www.itsecurityplanet.com

Search Security by TechTarget – http://searchsecurity.techtarget.com

T.E.N. and ISE Programs Knowledgebase – http://www.ten-inc.com/knowledgebase.asp

 

2015 TAG Legislative Roundtable Cyber-security, Drones, and the Naked Entrepreneur

Chris Mathers, Cyber-security & Crime Expert

Chris Mathers, Cyber-security & Crime Expert

Note:  This post was a little delayed but the information it conveys is as timely as ever.

On November 12, 2015, The Technology Association of Georgia (www.tagonline.org) hosted its annual TAG Legislative Roundtable. According to TAG this is an “annual event focused on bringing legislators, researchers, and industry representatives together to discuss emerging science and technology policy issues in Georgia. I was able to participate this year and wanted to share a few insights from the event.

The first speaker was Dr. Sean Wise, host of The Naked Entrepreneur on the Oprah Winfrey Network (http://nakedentrepreneur.blog.ryerson.ca). His presentation was called “Unicorn Hunting in the 21st Century.” Dr. Wise used Aileen Lee of Cowboy Ventures’ definition that “a unicorn company is a young company that has received a valuation of $1 billion or more from private investors, public markets, or a corporate acquisition. They are commonly made in markets that are adjacent to or completely different from the dominant incumbents but that represent a very large market opportunity for private investors.” He reviewed what a unicorn looks like, some example unicorns, why unicorns are important in our innovation economy, and what can a community do to encourage and nurture unicorns to develop in their location so they can reap the benefits.

Next up was the “Unmanned Aerial Systems Policy Panel” which discussed privacy, law enforcement, operations, and business and commercial use of UAS. The panel consisted of Captain Sharif Chochol of the Columbia County Sheriff’s Office (http://www.columbiacountyso.org); Mario Evans, Interim Airport Director of Peachtree DeKalb Airport (http://www.pdkairport.org); William E Lovett, Managing Director of Unmanned Systems at Phoenix Air Group (http://phoenixair.com/home.html); and Elizabeth Wharton, attorney at Hall Booth Smith, PC (http://www.hallboothsmith.com/component/attorney/attorney?attid=531). These four gave a comprehensive overview of the different aspects of UAS that their respective fields are dealing with. The first message they wanted to make clear is that “drones” is not the correct terminology for what we are talking about. The Federation Aviation Administration (FAA) classifies the use of UAS in the national airspace as public (non-military), civil (commercial), and hobbyist (model aircraft). The presenters emphasized the safety concerns of these UAS especially during a holiday season where more than 1.2 million would be sold. Resources offered included the FAA website http://www.faa.gov/uas/ and an infographic for the public as to what can they do with their devices that you can find at http://knowbeforeyoufly.org.

Following a break, Chris Mathers (http://www.chrismathers.com) a crime, terrorism and security expert from Canada, gave an overview of cyber-threats and other security issues relating to data and information from a government standpoint. Mr. Matthews worked undercover for the Royal Canadian Mounted Police and has a colorful history as well as an engaging style.

The rest of the afternoon was the Georgia Senate and House Science & Technology Cyber Security Study Committee. Presentations included Akamai, Cisco, Dell Secureworks, NHS, Secure ID Coalition, Georgia Tech, and others. For more information contact Heather Maxfield at heather@tagonline.org.

 

 

2015 Cyber-security Summit Atlanta

IMG_5067

On July 15, 2015, the US Chamber of Commerce (https://www.uschamber.com) partnered with the Georgia Chamber of Commerce (https://www.gachamber.com), the Georgia Institute of Technology (http://www.gatech.edu), and the Technology Association of Georgia (http://www.tagonline.org), to present the Atlanta Cyber-security Summit (https://www.uschamber.com/event/georgia-2015-cybersecurity-summit).

The event is part of a nationwide tour stopping at various cities throughout the US to promote awareness and preparedness of companies regarding cyber-security risks and threats, as well as resources and strategies to prevent, manage, and recover from them. The half-day event included various speakers from local and national FBI, Secret Service, Department of Homeland Security, NIST, US Army Cyber Protection Brigade, and corporate representatives. Their presentations were full of valuable information – some new and some as refreshers, but all good components of a business cyber security toolkit.

I have put down some highlights and thoughts below, as well as some of the resource URL’s that they shared with us. What are you doing from a business standpoint on the issue of cyber-security? Do you even know where to start? One myth that we should do away with right now is that size does not matter in this arena in terms of being a target – it matters in terms of the resources we have to protect our data and mitigate incidents. But it is not futile. As a business professional you do need to think about how to incorporate some security controls in your operations. Although the message was clear from this event that our adversaries (i.e. hackers, etc.) have their own rules that they play by and will not give up the attacks, it is also clear that there are resources and help out there from the US government, military and private sectors. So read a bit, check them out, and let us know if you have any questions.

Ann M Beauchesne, Senior Vice President of the US Chamber of Commerce began her discussion with a poignant statement “The Internet is infested” and “90% of all cyber attacks are done to private companies.” She added that the focus is now on health records – “that when stolen are worth their weight in gold.”   This was a recurring theme – the records do not weigh physically but they weigh heavily with value. Another recurring message throughout the day was the increased use of social media and social networking tools by cyber-terrorists to get their messages out, recruit new jihadists, and create a cyber-jihad army. One tool spotlighted for them – YouTube.

Ann was followed by Tino Mantella, CEO of the Technology Association of Georgia. Tino indicated that in Georgia alone the cyber-security industry consists of more than 10,000 jobs and has raised $4.7 billion in revenue. His emphasis was that cyber-security is a “growing national security challenge.” Tino introduced Jim Kerr, General Counsel of Southern Company (http://www.southerncompany.com), who spoke about how the electricity industry is approaching the cyber-security threat with cooperation and collaboration. Jim talked about how vital energy was for the “health and happiness” of people and so their systems must be reliable and resilient. The challenge of cyber-security is that “we do not necessarily see them coming” and in essence “we are under attack every day – millions of times a day – in fact, people are in our systems as I speak today.” He emphasized the importance of government and industry communication and collaboration. This message was also reiterated a number of times.

Next on the agenda was Adam Sedgewick, Senior IT Policy Advisor, for The National Institute of Standards and Technology (http://www.nist.gov). Adams spoke about the NIST Cyber-Security Framework (http://www.nist.gov/cyberframework/), describing its components and its usefulness for business of all sizes, but especially small-to-midsize businesses, to ensure cyber-security in their companies. The five main concepts include: identify, protect, detect, respond, and resolve. Adam ended with a brief statement of how the US is now introducing this framework internationally (EU, Japan, etc.) to begin the conversation of worldwide standards.

One of the main objectives of these summits is to introduce local businesses to local law enforcement who can assist them should they experience an incident. Murang Pak and Michael Anaya represented Georgia FBI (https://www.fbi.gov/atlanta), and Alan Davis represented Georgia Secret Service (http://www.secretservice.gov/ectf_atlanta.shtml). An important point brought up by Agent Anaya was the fact that “hacking” technology has progressed so much that you know have “unsophisticated hackers using tools developed by very sophisticated actors.” These actors could be criminals, nation states, individuals, etc. The agents agreed on that information sharing is so important when it comes to cyber-attacks since by reviewing and analyzing the data they can “identify a migration of threats from one company to another” and can warn the company to prevent the attack from happening or from causing extensive damage and/or loss.

Following the break, the private sector panel was bright up including Matthew Eggers of the US Chamber of Commerce, Dr. Steve Cross, Executive Vice President for Research, Georgia Tech, Sean Franklin, Vice President of Cyber Intelligence for American Express (https://www.linkedin.com/pub/sean-franklin/49/76/695), and Jeff Schilling, Chief Security Office of Firehost (https://www.firehost.com).   Their discussion ended up focusing on specific threat trends and security concerns of the Internet of Things. Dr. Cross offered two great resources form Georgia Tech, their annual emerging threat report (https://www.gtisc.gatech.edu/pdf/Threats_Report_2015.pdf) and APIARY, an automated framework for malware analysis and threat intelligence (http://apiary.gtri.gatech.edu). Jeff talked about the consequence of not knowing your own system as one of the causes of cyber-security failures. “Know they self, know thy enemy” he quoted. “Do you know your own system – its vulnerabilities and its strengths?” Sean took a humorous approach to IoT “my refrigerator keeps threatening my toaster.” But his statement is funny because so many see the future truth in it. We know there are millions of devices connected to the Internet now, what happens when they start talking to each other and telling our secrets?

Before lunch Thad Odderstol, Director of Industry Engagement for the Department of Homeland Security offered a number of tools and resources for combating cyber-attacks (http://www.dhs.gov/topic/cybersecurity) and Col. Donald Bray talked about the Army Cyber Mission Force and the new Cyber Security Branch the Army is starting. Col. Bray also discussed briefly the Army training in cyber-security initiative from the Army Cyber Institute at West Point (http://www.usma.edu/acc/SitePages/Home.aspx), to the US Cyber Command (http://www.arcyber.army.mil) to be consolidated in Fort Gordon, Georgia.

The luncheon keynote brought us Mark Guiliano, Deputy Director of the FBI. He used the recent cyber-attack on SONY as an example of cooperation between government and corporate. He outlined the “dark net” that we are combating and the agility of our adversaries. He also emphasized the importance of information sharing and spoke about the Cyber-security Information Sharing Act (https://www.congress.gov/bill/114th-congress/senate-bill/754) and why the government having access to encryption keys is so important. “Our job is to keep Americans safe. We can’t do that efficiently and effectively if we do not know what is going on” since right now so many criminal actors use encrypted channels to communicate and organize attacks. The Act is still being debated in Congress.

The Summit ended with the presentation of Dr. Phyllis Schneck, Deputy Undersecretary for Cyber security, National Protection, & Programs Directorate of DHS (http://www.dhs.gov/person/phyllis-schneck-nppd). Her message was two-fold. DHS number one priority is building TRUST with the private sector, and one way they will do that is to BUY new technology from them.

This half-day was packed with information and expertise. But what does it all mean. Some skeptics would say this summit was part of an organized propaganda campaign for CISA and DHS – to “educate” the private sector about the need for giving government the keys to their data and to start building the “trust” Dr. Schneck spoke about. Perhaps. But they still offered a lot of good resources and tools for small and midsize businesses, who may not have a political agenda, but do have a bottom line to protect and grow.

Did you attend the Summit in Atlanta or in another city? Share you experience and/or thoughts in the comment box below. One thing is for sure – the conversation about cyber-security will continue.

 

Managing Online Risk Chapter 10 Add. Resources

MP900387794

The Future of Online Security

These are resources are to help you apply some of the concepts, best practices, and lessons learned from the content in each chapter. Most of them are in addition to what are already listed in the book and serve to complement the highlighted resources in the chapters. Post in the comments others that you would recommend.

  1. CSO: Five thoughts on the future of online privacy and security as discussed on Twitter (Sept. 2013) http://www.csoonline.com/article/2136721/security-leadership/five-thoughts-on-the-future-of-online-privacy-and-security-as-discussed-on-twitt.html
  2. PBS Newshour: 15 predictions for the future of the Internet (Mar. 2014) http://www.pbs.org/newshour/rundown/15-predictions-future-internet/
  3. IBM: INFOGRAPHIC: The Future of Information Security (Aug. 2013) http://securityintelligence.com/infographic-the-future-of-information-security/#.VFvlKL4RV2Y
  4. DHS: Blueprint for a Secure Cyber Future (Mar. 2014) http://www.dhs.gov/blueprint-secure-cyber-future
  5. Forbes: The Role Of STEM Education In Shaping The Future Of Information Security (May 2014) http://www.forbes.com/sites/ciocentral/2014/05/06/the-role-of-stem-education-in-shaping-the-future-of-information-security/
  6. IGF: The Top Ten Trends in the Future of Security (2014) http://www.globalfuturist.com/about-igf/top-ten-trends/trends-in-security.html
  7. Future of Privacy Forum http://www.futureofprivacy.org
  8. WSJ: Richard Clarke on the Future of Privacy: Only the Rich Will Have It (July 2014) http://online.wsj.com/articles/richard-clarke-on-the-future-of-privacy-only-the-rich-will-have-it-1404762349