US DoD And Huawei Officials Cross Swords At Cybersecurity Panel

Cnet | February 26, 2020

  • The US Department of Defence official, Katie Arrington insisted that it had good reason to remove Huawei products from government use.

  • Huawei USA Chief Security Officer Andy Purdy however said the government was following a policy of "rip and replace."

  • The panel on stage were discussing supply chain security.


Things were tense at the RSA Conference in San Francisco on Wednesday, when a Huawei executive and US Department of Defense official got into a heated argument on stage. Katie Arrington, an official in charge of acquisition at the Defense Department, insisted that lawmakers and President Donald Trump had good reason to remove Huawei products from government use. Huawei USA Chief Security Officer Andy Purdy said the decision was the wrong approach.


Purdy said the government was tearing useful technology from the hands of government workers serving US citizens by following a policy of "rip and replace." He also said that the government can observe the manufacturing process more closely to build trust.


Arrington countered that removing Huawei technology from government use was the only option, "because the risk is so high." The US can't consider conveying control of sensitive information to another country, Arrington said, "end of story, period."


The panel on stage was discussing supply chain security, or the process of making sure security flaws don't get introduces into tech during the manufacturing process. There are countless ways bugs can wind up in your tech since phones, computers and other devices are made in overseas factories, overseen by complex contractors. The question of whether the bugs were put there on purpose, and by whom, can lead to an international relations crisis.


READ MORE: US turns up heat on Huawei with 23-count indictments


Moderating the panel was Craig Spiezle, a consultant at Agelight Advisory Group who focuses on increasing trust in tech and addressing ethics. Tech policy experts Bruce Schneier of the Harvard Kennedy School and Kathryn Waldron of the R Street Institute think tank was also on the stage.


Schneier said, until recently, the US government didn't mind that devices were insecure because its spy agencies were the best at using those vulnerabilities to gain intelligence. As other countries came to match the United States' ability to spy, the government has become more concerned with patching up flaws. That's going to decrease everyone's ability to spy, he said.



“Security will come at the expense of surveillance."

- Bruce Schneier, Tech Policy Expert, Harvard Kennedy School


Waldron said that Chinese tech companies are closely tied to the Chinese government and the US government's decision to ban Huawei tech has cemented that idea and the association can't be undone at this point.


"All countries are engaged in spying. I don't think that's a surprise to anyone."

- Kathryn Waldron, R Street Institute

The US has its history if putting vulnerable communication devices out into the world.  A recent report from the Washington Post detailed how the CIA secretly ran a cryptography company, selling machines with backdoors to governments around the world under the auspices of Crypto AG.


READ MORE: US charges Huawei with stealing trade secrets

Spotlight

Challenge. A leading long-range U.S. electric utility company was stuck with a costly, expensive and insecure infrastructure that made it difficult to scale with and protect the needs of its customers. Solution. The U.S. electric utility company purchased a Tegile hybrid array to build a secure, fast and affordable virtualized infrastructure for its customers.

Spotlight

Challenge. A leading long-range U.S. electric utility company was stuck with a costly, expensive and insecure infrastructure that made it difficult to scale with and protect the needs of its customers. Solution. The U.S. electric utility company purchased a Tegile hybrid array to build a secure, fast and affordable virtualized infrastructure for its customers.

Related News

SOFTWARE SECURITY

Cybermaxx Cybersecurity Provider partners with Logi Analytics to strengthen MAXX Data Defense Systems Suite data analytics capabilities.

prnewswire | November 02, 2020

Today, Logi Analytics, the main supplier of installed examination answers for programming groups, and CyberMaxx, the pioneer in network protection tasks administrations for medical care associations, report another organization incorporating Logi Info into CyberMaxx's MAXX Data Defense Systems set-up of oversaw security administrations and arrangements. CyberMaxx will be revealing the new information examination capacities beginning November second, 2020. Progressed information examination is a higher priority than any time in recent memory for network safety tasks groups – especially with cyberattacks expanding year-over-year for organizations, all things considered. For MSSPs like CyberMaxx, which is totaling information from various sources at the same time, viable representations and revealing is basic to guaranteeing their security administrations stay on top of things so their clients can settle on speedy choices and decrease their danger of a break. Presently with Logi Info, CyberMaxx is improving its information investigation and detailing capacities while as yet holding the innovative adaptability that has made it a powerful online protection accomplice to undertakings for more than 15 years. "Enterprises are dealing with an increasing volume of threats, and MSSPs entrusted with protecting these firms can't afford to lose their knowledge advantage – or else breaches will only continue," says Brett Hansen, CMO at Logi Analytics. "With the Logi Symphony suite of services – including Logi Info – CyberMaxx is now able to embed powerful data analytics, reporting, and visualization capabilities into their MAXX suite of managed services – equipping their security team and customers with the threat visibility and actionable data insights that are the difference between partner safety and business disruption." CyberMaxx has been giving overseen security administrations to endeavors for over 15 years, zeroing in on the three mainstays of individuals, cycle, and innovation to forestall, recognize, and react to cyberattacks. Eminently, CyberMaxx gives specific oversaw security administrations to endeavors in the medical care, money related administrations, and retail areas – requiring chief network safety skill as well as an intensive comprehension of the specific consistence needs every area requires. It's all day, every day/365 security activities place (SOC) and network safety group are more basic than any other time in recent memory for these organizations, and with Logi Info CyberMaxx can give clients will more noteworthy danger knowledge and announcing highlights that will forestall, distinguish and react to breaks quicker than at any other time. "CyberMaxx is constantly pushing forward to anticipate our customers' needs and provide the highest level of service in our industry, which is evidenced today by our 99% customer retention rate. The partnership with Logi and the combined force of the CyberMaxx and Logi teams have delivered an innovative data analytics platform with powerful dashboards that will help our customers prevent costly breaches." said Thomas Lewis, CEO of CyberMaxx. CyberMaxx can utilize Logi Info as a component of its more extensive Logi Symphony membership – which furnishes the MSSP with admittance to the full Logi Analytics programming suite for a solitary, set cost. As CyberMaxx's investigation needs develop over the long haul, they'll have the option to exploit the full broadness of Logi Analytics' bleeding edge implanted examination instruments effortlessly and cost-effectiveness. Logi Analytics' insight and comprehension of installed examination is basic to network safety activities for organizations in 2020 and past. These instruments help improve perceivability of dangers and new or disregarded assault vectors, while making it simpler for IT experts to dissect and follow up on the information without disturbing application work process. For MSSPs, these capacities are taking on consistently expanding significance as endeavors move a greater amount of their IT activities to the cloud while the quantity of endpoint gadgets increments essentially – especially in the wake of the COVID-19 pandemic and the more extensive move to far off work thus. About Logi Analytics Logi Analytics empowers the world's software teams with the most intuitive, developer-grade embedded analytics solutions and a team of dedicated people, invested in your success. Logi leverages your existing tech stack, so you can quickly build, manage and deploy your application. And because Logi supports unlimited customization and white-labeling, you have total control to make the application uniquely your own. Over 2,200 application teams have trusted Logi to help power their businesses with sophisticated analytics capabilities. About Cybermaxx CyberMaxx prevents, detects, and responds to cyberattacks for healthcare organizations. CyberMaxx equips its customers with a 24/7/365 security operations center with services including endpoint threat detection and response, network-based threat detection and prevention, security information and event management (SIEM) with advanced data analytics, vulnerability risk management, and incident response services.

Read More

ENTERPRISE SECURITY

AE Industrial Partners Acquires PCI, a Leading Provider of Cybersecurity IT Solutions for the Intelligence and Defense Communities

prnewswire | October 26, 2020

AE Industrial Partners, LP , a private value firm specializing in Aerospace, Defense and Government Services, Power Generation, and Specialty Industrial markets, declared today that it has obtained PCI , a main supplier of cybersecurity, PC network operations , cloud, systems designing, enterprise IT, and information analytics to the knowledge and defense communities. Terms of the transaction were not disclosed. The acquisition of PCI represents AEI's ninth stage investment in AE Industrial Partners Fund II, LP, which closed in 2018 with $1.36 billion in value commitments, and the thirteenth transaction closed by AEI in 2020. PCI is an exceptional stage investment for AEI as the firm continues its energy and ongoing success in the Defense and Government Services market, and will furnish PCI with extra venture into the defense, knowledge, and public security communities. PCI is an innovation focused organization that provides cybersecurity and CNO, cloud designing and IT infrastructure, information analytics, and system designing solutions and services. PCI is a trusted advisor to the U.S. Insight Community, Department of Defense, and Federal Government, creating driving edge mission solutions using rising technologies and demonstrated practices to solve the most intricate cybersecurity, cloud, and enterprise IT challenges of its customers. Established in 2008 via Sean Battle, Don Whitfield, Josh Kinley, and Vance Mitzner, PCI is based in Columbia, Maryland, with extra operations all through the United States and all around the world. The Company has been named a best work environment by the Baltimore Sun, selected for the 2020 Inc. 5000 list of fastest-developing privately owned businesses in America, and has also been perceived for its responsibility to network inclusion and commitment. "PCI is a trusted provider of critical technology services in support of some of the most enduring national security missions across the federal government," said Jeffrey Hart, a Principal at AEI. "Cyber threats faced by the defense and intelligence communities are at an all-time high, and the government can't afford to lag our adversaries in critical technology domains such as cyber and computer network operations, where PCI excels. We believe that PCI, with its full spectrum of solutions and premier relationships, is well-positioned and aligned with the national security community's most strategic priorities. We look forward to working closely with the world-class team at PCI." "With the backing of AEI, we will have the resources to invest in the technology and talent required to meet the growing needs of our customers," said Sean Battle, CEO of PCI. "AEI knows our sector well, and we are confident that PCI will reach its next level of growth with their guidance, relationships, and partnership." "We are very excited to partner with Sean and the rest of the PCI team," said Kirk Konert, Partner at AEI. "They have built a great platform in their core intelligence and defense end markets and have a depth of experience supporting customers on missions critical to national security. We look forward to working with PCI and accelerating the growth of the business." Kirkland and Ellis LLP served as lawful advisor, and Ernst and Young LLP served as budgetary advisor to AEI. Miles and Stockbridge P.C. served as legitimate advisor, and Aronson Capital Partners served as money related advisor to PCI. About PCI Founded in 2008, PCI is a technology-focused company that provides cybersecurity and CNO, cloud engineering and IT infrastructure, data analytics, and system engineering solutions and services to the federal government and intelligence community. Based in Columbia, Maryland, and with a corporate office and training facility in Lexington, Massachusetts, PCI operates in 14 states and internationally. For more information About AE Industrial Partners AE Industrial Partners is a private equity firm specializing in Aerospace, Defense & Government Services, Power Generation, and Specialty Industrial markets. AE Industrial Partners invests in market-leading companies that can benefit from our deep industry knowledge, operating experience, and relationships throughout our target markets.

Read More

DATA SECURITY

Vulcan Cyber to Introduce Risk Scoring Platform for Businesses

Vulcan Cyber | June 19, 2021

The only risk remediation platform of developers of the industry, Vulcan Cyber®, has announced a new for IT security organizations to measure risk compliance through IT asset health scores across logical business groupings. For the first time, this enables enterprise cybersecurity teams to track remediation progress against prioritized risks to measure business risk against customizable security compliance KPIs. This will help businesses protect themselves from various exploits such as ransomware attacks and data breaches. Other approaches lack many aspects in vulnerability risk prioritization and often only the risks at the individual, atomic, and asset levels. Customers of Vulcan Cyber now benefit from the ability to control custom risk parameters and improved vulnerability prioritizing scores weighted with industry asset data. These newest additions to the Vulcan Cyber risk model improve the industry's only threat remediation orchestration platform and are an indispensable second step after susceptibility scanning. Practically all subjugated vulnerabilities are known by IT and security teams in advance; they are exploited at the occurrence. As a result, the windows for vulnerability remediation presently span much time giving bad actors an intolerable amount of time to abuse businesses with significantly less capacity to protect themselves. Vulcan Cyber helps get the proper remedies to the right people, prioritize vulnerabilities, automate remediation tasks at scale, integrate with dozens of best-of-breed tools, and measure risk across the complete process to get it fixed finally. About Vulcan Cyber Vulcan Cyber developed the industry's first vulnerability remediation orchestration platform, which was built to help various businesses reduce the online threat risks using application security and measurable cloud. By curating and delivering the best remedies, prioritizing vulnerabilities, and automating processes and fixes via the last mile of remediation, the platform of Vulcan orchestrates and tracks the remediation lifespan from scan to fix. Vulcan Cyber platform’s unique capability has garnered Vulcan Cyber recognitions.

Read More