Spring World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 29, Issue 1

Full Contents Now Available!

Jon Seals

Thursday, 04 February 2016 00:00

Setting the Stage for Storage Innovation

When I started to write this article, I expected to launch immediately into innovative products and vendors because innovation, like adventure, is out there. But the deeper I got, the more I realized that innovation is very much in the eye of the beholder, and I was going to have to define my terms and assumptions.

Any storage company that is still in business is trying to innovate. If innovation means a new and improved approach to a problem, then very few storage vendors are stuck in place just waiting for the market to pass them by.

Sure, the start-ups define themselves as innovators – some may even be innovative. They are looking to create a market and ride that momentum. But the established vendors are busy innovating too, and they have a customer base to sell to that the startups do not.

...

http://www.enterprisestorageforum.com/storage-management/setting-the-stage-for-storage-innovation.html

Thursday, 04 February 2016 00:00

Where to go During a Communications Shutdown

If you’ve been in meetings and exercises that simulate a total communications loss, you’ve likely wondered what you would do in the event of a catastrophic failure that takes down cellular, Internet, power, and even your own systems.
 
Haiti, Jan. 12, 2010. Within a few days after the quake, a team of amateur radio operators from WX4NHC at the National Hurricane Center was called upon to serve as the main source of medical communications. Over the next five weeks, the team manned a 24-hour net connecting Haiti field hospitals, the University of Miami Medical Center and the U.S. Navy hospital ship Comfort, relaying on-the-spot medical advice from stateside doctors, relaying medical supplies, charter airplane flight schedules and helping coordinate emergency helicopter and fast boat evacuations.

In Joplin, Mo., May 22, 2011. The hospital, two local fire stations and the town took a direct hit by an F5 tornado. All normal communications were down for weeks. Regional amateur radio operators were called in to help establish communications.

...

http://www.emergencymgmt.com/disaster/Where-to-go-During-a-Total-Communications-Shutdown.html

(TNS) —  Public health officials are considering steps to protect the blood supply from contamination with Zika virus, including barring patients who have traveled to affected areas from donating blood for up to 28 days.

Discussions of blood donations and other questions swirling around Zika took on new urgency Monday as the World Health Organization declared the virus and its complications a public health emergency. Dr. Margaret Chan, the organization's director general, said the cluster of Zika-linked birth defects, known as microcephaly, "constitute an extraordinary event and a public health threat to other parts of the world."

Chan called for an international response to minimize the threat in infected countries and reduce the risk of international spread. In addition to highlighting the seriousness of the problem, the emergency declaration can trigger action and funding from governments and nonprofits around the world, the New York Times reported. It elevates the WHO to the position of global coordinator and gives its decisions the force of international law.

...

http://www.emergencymgmt.com/health/Authorities-seek-to-protect-blood-supply-from-Zika-virus.html

(TNS) - Eastern Kentucky University began seeing the benefits of its new LiveSafe mobile app even before it was launched, free for anyone to download, on Monday.

The app was introduced by the university’s Student Government Association (SGA). It is available for download on both the Apple and Android platforms and puts various services at the fingertips of users, who can now more easily:

...

http://www.emergencymgmt.com/safety/EKU-launches-campus-safety-app.html

Previous efforts are languishing in limbo.


As the growth in the capability and sophistication of cyber bad actors continues to threaten national and economic security in the United States, confusion reigns and a lack of clarity exists as to who is in charge and how to deal with a significant cyber event that could become an incident of national or even global consequence. No strategic blueprint provides high level direction, nor do any operational plans articulate roles and responsibilities for government, industry and other stakeholders during various thresholds of escalation throughout a significant cyber event. To this day, the United States does not have an approved national cyber incident response plan that provides documented, predictable and sustainable procedures and protocols for addressing what is characterized as one of the most serious threats facing the safety and security of our nation. It is more than a fair question to ask: How can that be and what are we doing about it?

Many working in the cybersecurity realm today are not aware that efforts actually began in 2008, when industry leaders in the private sector critical infrastructure community learned the Bush Administration was considering the creation of such a plan but wholly within government. Given the fact that approximately of 80 percent of the nation’s critical infrastructure is owned, operated or controlled by the private sector, a number of industry leaders objected to the notion of a government-only effort and instead advocated for a collaborative approach between government, industry, and other stakeholders.

- See more at: http://www.afcea.org/content/?q=Blog-when-will-united-states-have-national-cyber-incident-response-plan#sthash.tDeQRlDE.dpuf
Previous efforts are languishing in limbo.

As the growth in the capability and sophistication of cyber bad actors continues to threaten national and economic security in the United States, confusion reigns and a lack of clarity exists as to who is in charge and how to deal with a significant cyber event that could become an incident of national or even global consequence. No strategic blueprint provides high level direction, nor do any operational plans articulate roles and responsibilities for government, industry and other stakeholders during various thresholds of escalation throughout a significant cyber event. To this day, the United States does not have an approved national cyber incident response plan that provides documented, predictable and sustainable procedures and protocols for addressing what is characterized as one of the most serious threats facing the safety and security of our nation. It is more than a fair question to ask: How can that be and what are we doing about it?

Many working in the cybersecurity realm today are not aware that efforts actually began in 2008, when industry leaders in the private sector critical infrastructure community learned the Bush Administration was considering the creation of such a plan but wholly within government. Given the fact that approximately of 80 percent of the nation’s critical infrastructure is owned, operated or controlled by the private sector, a number of industry leaders objected to the notion of a government-only effort and instead advocated for a collaborative approach between government, industry, and other stakeholders.

- See more at: http://www.afcea.org/content/?q=Blog-when-will-united-states-have-national-cyber-incident-response-plan#sthash.tDeQRlDE.dpuf

Robert Reynolds, a former environmental consultant at a chemical distributor was sentenced to three years’ probation and fined $10,000 for a 2014 chemical spill in West Virginia that polluted the drinking water supply of 300,000 people. Reynolds was the first of six former Freedom Industries officials to be sentenced, the Associated Press reported.

The incident began on Jan. 9, 2014 when authorities discovered that 7,500 gallons of chemicals—mostly 4-methylcyclohexane methanol (MCHM) and PPH (polyglycol ethers), both used to clean coal—had leaked from an aging storage tank owned by Freedom Industries into the nearby Elk River.

Questions arose concerning the tank’s close proximity to a water treatment plant and, after the West Virginia American Water Company reported that its water supply had become contaminated, Gov. Earl Ray Tomblin issued a State of Emergency for Boone, Cabell, Clay, Jackson, Kanawha, Lincoln, Logan, Putnam and Roane counties. “West Virginians in the affected service areas are urged NOT to use tap water for drinking, cooking, washing or bathing,” Tomblin said in a statement.

...

http://www.riskmanagementmonitor.com/sentencing-begins-in-2014-w-va-chemical-spill-disaster/

COEUR D’ALENE, Idaho – Local crews worked around the clock to restore power and clear roads after severe winter storms in December brought heavy snow and frigid temperatures to northern Idaho. As a result of President Obama’s February 1 disaster declaration, the Idaho Bureau of Homeland Security (IBHS) and the Federal Emergency Management Agency (FEMA) will be working to reimburse eligible applicants for costs incurred in keeping citizens safe and in cleaning up and repairing afterward.

State agencies, local governments and certain private nonprofit utilities in Benewah, Bonner and Kootenai counties may be eligible for funding from FEMA’s Public Assistance (PA) program as a result of the declaration for the Dec. 16-27, 2015, storms.

This is the second federal disaster declaration for northern Idaho in about six weeks. On Dec. 23, 2015, the president issued a major disaster declaration making federal Public Assistance available to eligible applicants in Benewah, Bonner, Boundary and Kootenai counties and the Coeur d’Alene Tribe. That declaration was the result of the severe storm and straight-line winds in the area on Nov. 17, 2015.

“Our first responders and utilities worked day and night, and at great expense, to keep folks safe during those back-to-back storms late last year,” said IBHS Director Brad Richy. “We are working closely with FEMA to help reimburse applicants for their costs for the November storm, and we will do the same for the December events.”

Under the Public Assistance program FEMA reimburses applicants for 75 percent of their eligible expenses, while the other 25 percent is the nonfederal share. The federal portion is paid directly to the state, which then makes disbursements to the local and tribal jurisdictions and nonprofit organizations that incurred costs.

“IBHS has been an outstanding partner in support of applicants in northern Idaho,” said Federal Coordinating Officer Dolph Diemont of FEMA. “With the personnel and processes already in place, we will be able build on those relationships and provide prompt assistance to all eligible applicants.”

In addition to Public Assistance grants, additional funds will be available in Idaho under FEMA’s Hazard Mitigation Grant Program (HMGP).

The HMGP, administered by the state, is also a cost-share program, with FEMA providing 75 percent of the funds. This program provides supplemental financial assistance to public entities and certain private nonprofits to reduce the risk to life and property in future disasters.

Additional information is available online at FEMA Public Assistance, PA in Idaho, Hazard Mitigation Grant Program-FEMA and  HMGP in Idaho.

Additional information for the December storms, including funds obligated to the state, is available at www.fema.gov/disaster4252. For the latest on the severe storms that occurred Nov.17, 2015 go to www.fema.gov/disaster/4246.

 
State/Tribal Government or Region: 
Related Disaster: 
Thursday, 04 February 2016 00:00

BCI: Flipping the economics of attacks

​Flipping the economics of attacks

Our news channels are constantly filled with stories of large organizations that have suffered the consequence of a cyber attack, either their networks are taken down or data stolen. The reputational damage is high and the fines are sometimes astronomical. Cyber attacks on Adobe, JP Morgan and Sony were all estimated to have cost the companies in excess of $1 billion and even the Business Continuity Institute's latest Horizon Scan Report identified cyber attack as the number threat according to business continuity professionals.

The costs may not be as high as first thought however, according to new study by the Ponemon Institute carried out on behalf of Palo Alto Networks which found that the average hacker makes only $15,000 on average per attack and generates an income of less than $29,000 per year, a quarter of what a cyber security professional could make during the same period.

Flipping the economics of attacks, the result of a survey carried out among the 'attacker community', found that 72% of respondents won’t waste time on an attack that will not quickly yield high-value information, and that a similar percentage of respondents believe attackers will stop their efforts when an organization presents a strong defence. The vast majority (73%) stated that attackers hunt for easy, cheap targets.

An increase of approximately two days (40 hours) in the time required to conduct successful cyber attacks can eliminate as much as 60% of all attacks. On average, a technically proficient attacker will quit an attack and move on to another target after spending approximately a week (209 hours) without success. It takes double the amount of time (147 hours) for a technically proficient cyber attacker to plan and execute an attack against an organization with an ‘excellent’ IT security infrastructure versus 70 hours for ‘typical’ security.

Davis Hake, director of cyber security strategy at Palo Alto Networks, commented: “As computing costs have declined, so too have the costs for cyber adversaries to infiltrate an organization, contributing to the growing volume of threats and data breaches. Understanding the costs, motivations, payouts, and finding ways to flip the cost scenario will be instrumental in reducing the number of breaches we read about almost daily and restoring trust in our digital age.

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, added: “The survey illustrates the importance of threat prevention. By adopting next-generation security technologies and a breach prevention philosophy, organizations can lower the return on investment an adversary can expect from a cyberattack by such a degree that they abandon the attack before it’s completed.

The report presents a number of recommendations including that organizations should make themselves a 'hard target'. Adopting a security posture with a breach prevention-first mindset, instead of a detection and incident response approach, can slow down cyber attacker enough for them to abandon the attack in favour of an easier target.

Thursday, 04 February 2016 00:00

FEMA to Evaluate Readiness of Virginia

PHILADELPHIA - The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) will evaluate a biennial Radiological Emergency Preparedness Exercise at the North Anna Power Station. The exercise will take place during the week of February 8, 2016 to assess the ability of the Commonwealth of Virginia to respond to an emergency at the nuclear facility.

“These drills are held every other year to evaluate government’s ability to protect public health and safety,” said MaryAnn Tierney, Regional Administrator for FEMA Region III.  “We will assess state and local emergency response capabilities within the 10-mile emergency-planning zone as well as the adjacent support jurisdictions within the Commonwealth of Virginia.”

Within 90 days, FEMA will send its evaluation to the Nuclear Regulatory Commission (NRC) for use in licensing decisions.  The final report will be available to the public approximately 120 days after the exercise.

FEMA will present preliminary findings of the exercise in a public meeting at 10:00 a.m. on

February 12th, 2016 at the Four Points by Sheraton, 9901 Midlothian Turnpike, Richmond, VA 23235.  Planned speakers include representatives from FEMA, the NRC, and the Commonwealth of Virginia.

At the public meeting, FEMA may request that questions or comments be submitted in writing for review and response. Written comments may also be submitted after the meeting by emailing FEMAR3NewsDesk@fema.dhs.gov or by mail to:

MaryAnn Tierney

Regional Administrator

FEMA Region III

615 Chestnut Street, 6th Floor

Philadelphia, PA 19106

FEMA created the Radiological Emergency Preparedness (REP) Program to (1) ensure the health and safety of citizens living around commercial nuclear power plants would be adequately protected in the event of a nuclear power plant accident, and (2) inform and educate the public about radiological emergency preparedness.

REP Program responsibilities cover only “offsite” activities, that is, state and local government emergency planning and preparedness activities that take place beyond the nuclear power plant boundaries. Onsite activities continue to be the responsibility of the NRC.

Additional information on FEMA’s REP Program is available online at FEMA.gov/Radiological-Emergency-Preparedness-Program.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

As part of an effort to make it simpler to identify illicit activities such as fraud, Hewlett-Packard Enterprise (HPE) unfurled today a hosted service that combines archiving, compliance, software and machine learning to automatically detect patterns and anomalies in structured and unstructured data.

Robert Patrick, director of product management for Big Data Advanced Analytics at HPE, says HPE Investigative Analytics, launched at the LegalTech 2016 conference, is specifically designed to reduce the number of false positives that other approaches to compliance typically generate. In fact, Patrick notes that the rate at which those false positives are generated by legacy approaches to compliance is one of the primary reasons such offerings have not thus far been widely deployed. While the risks associated with violating compliance regulations may be high, Patrick says most organizations can’t afford the paralysis associated with tracking down every alert generated about a potential infraction.

In contrast, Patrick says HPE Investigative Analytics first combs through historical data to determine what processes and conversations represent normal business as usual. It then only flags behavior that is anomalous to patterns that have been well-defined. Patrick says the end result is an approach to mitigating risks that is much more in tune with how the business actually functions.

...

http://www.itbusinessedge.com/blogs/it-unmasked/hpe-brings-big-data-analytics-service-to-risk-management.html

NEW YORK – Hewlett Packard Enterprise (NYSE: HPE) today announced the availability of HPE Investigative Analytics, a new hosted software solution that enables financial institutions and other highly regulated organizations to identify and analyze risk events and to take action to prevent them.

Financial services organizations are under more regulatory pressure than ever before.  According to a new 2015 Morgan Stanley report, global financial institutions have paid $260 billion in fines since 2009.  Regulators are now on high alert and new compliance guidelines and directives are being imposed on organizations every day. Failure to meet these regulations can result in significant material damage to the firm, in the form of multibillion-dollar fines and potential criminal prosecution.

However, meeting compliance requirements and stopping fraud is no small task for today’s global organizations. Financial institutions process billions of transactions and communications daily, producing massive volumes of information that lives in silos throughout the company. Legacy analytics software is incapable of understanding and recognizing irregularities in data that is scattered across multiple data types.

...

http://corporatecomplianceinsights.com/hp-enterprise-introduces-new-software-to-help-organizations-tackle-high-stakes-compliance-risk/