202 Advisors / Partners 'None of us is as smart as all of us'

The need for law & policy expertise in an effective cyber workforce

CyberMD
The sixth annual Cyber MD conference was a success, bringing together customers, vendors and speakers including the heads of NSA, DISA and Secretary Chertoff.

The need to address people, process AND technology for effective cyber security was a recurring theme among keynote speakers and panelists.

One of the panels addressed the growing importance of
technical and non-technical skills in an effective cyber workforce with a special focus on the importance of legal and policy expertise in the cyber security field.

The panel was a lively one on closing the gap between lawyers and technologists.

Many questions were taken from the floor, especially around the new area of cybersecurity law and policy training, for example, in certificate, Masters, JD and LLM
programs from U-Maryland Law.

Another theme of the conference was the graver potential consequences of cyber attack to IoT systems with the potential for property damage, bodily injuries and even deaths.

Imagine the consequences of DDOS or ransomware attack on computers controlling medical devices, public or fleet vehicles on the roads, or industrial infrastructure, from power plants to dams.

Legal and policy questions in general and cyber security in particularly are especially important with
emerging technology and early markets.

Legal, regulatory and privacy concerns aren't simply business as usual compliance questions for companies like Uber, Airbnb or Google's Nest but potentially existential ones as society, cities, industries and lifestyles are transformed by new norms of transport, accommodation and living space management created by new technologies and the new types business models they enable.

In a recent
NPR interview, the head of AirBnB talked about legal push back being part and parcel of innovation, from ATM machines, to VCR recorders, to cars, all of which were strongly opposed in the beginning.

Even for mature companies in mature markets, geopolitical events such as the collapse of "Safe Harbor" or the UK's "Brexit" can upends business and technology decisions around cloud architectures.

The rise of end-to-end encryption and its effect on
law enforcement and national security is an ongoing societal debate that closely ties to law and policy, with even the WSJ now caveating reviews of new smartphones such as the Google Pixel with discussions of their data privacy handling.
Comments

Crawl, walk, fly

Pasted Graphic

From 1903 Flyer to NCC 1701

Kitty Hawk, NC, is an aviation shrine. It was the scene of Orville and Wilbur Wright’s first powered flight in 1903.

It has been an inspiration for generations of inventors, engineers, pilots, astronauts and writers such as Star Trek’s Gene Rodenberry.

That first flight was the culmination of three years of intensive R&D by the two brothers, between the then remote Outer Banks location and their bicycle shop in Dayton, OH.

The Kitty Hawk location was chosen for its combination of high winds, soft sands and relative privacy.

A piece of the 1903 Flyer’s wing fabric was later carried to the moon and back by another Ohio native, Neil Armstrong, in Apollo 11.

Standing on the shoulders of giants

The Smithsonian carefully describes the 1903 Flyer flight as "the first powered, heavier-than-air machine to achieve controlled, sustained flight with a pilot aboard".

That such a clumsy phrase is needed illustrates a truth in innovation – there are many groups around the world chasing the same goals, with the same inspirations and knowledge bases.

Many can legitimately claim firsts in various categories and sub categories from different approaches and cannot simply be dismissed as “me too” or “fast followers”.

The Wright’s themselves began by searching out existing information from the Smithsonian, the Weather Bureau, and aviation pioneers around the world, just as modern innovators search out information from peers, analysts, specialized events, journals and the web.

At the time, the Smithsonian was no impartial outside observer, itself in receipt of DoD-funding for aviation research in competition with the Wrights.

The situation is analogous today, where web information can be little more than advertorial and analysts’ framing is shaped by its vendor relationships as much as the marketplace itself.

Crawl-Walk-Run

The problem of practical flight rather than demonstrations consists of three areas – lift, power and control - all of which are required.

In 1900, progress had been made in all three areas but no one had successfully put them altogether.

The wing was known for lift, there were powered model planes, and 2 of the 3 modern control surfaces - the rudder and the elevator – were known (think of movement around the X, Y and Z axes).

The Wright’s R&D followed the classic crawl-walk-run progression, from tests on kites, to gliders, to generations of flyers.

Highlights of their innovations for the missing steps in the path to practical flight include:

  • Introducing wing warping as the missing 3rd control surface, a forerunner of modern ailerons
  • Building a wind tunnel to generate accurate data for efficient design
  • Understanding the propeller as a kind of wing rather than as a marine screw
  • Building an aluminum motor with high power and low weight, something COTS vendors were not willing, or able to share
  • Refining methods for controlled flight using wing warping, the elevator and rudder together

The Wright’s were uniquely gifted with
  • The skills, tools, time and money to invest in R&D, without partners or funding from government, academia, or sponsors
  • The mindset to persevere in an endeavor where 99% success was still crashing, the common attitude was “man was not meant to fly” and competitors were seemingly better appreciated in the press, funded and qualified

The next phase of the Wright’s career is much less well known.
  • They gained enormous press but also fueled competitors with teams better able to build on their innovations
  • After initial missteps, they sought professional advice around patents, which later assured their wealth
  • They turned to the US Government to fund further development, leading to the establishment of the College Park Airport, MD, as part of trials around Washington, DC
  • WWI massively expanded the market for airplanes, making it big business
  • The Wright’s withdrew from the scaling market, worn down by their single-handed struggles for funding, patent battles and the different skillset needed to grow large businesses

What can we learn

Dream big but realize that even engineering genius can benefit from expertise and experience in other “swim lanes” such as sales, marketing, finance and legal.

Startups and emerging technology is a different business from the business administration of mature products in mature markets.

Companies used to grow and IPO but many more are acquired for their IP, with their founders and backers able to go on and fund more R&D as serial entrepreneurs, or rest on their laurels.

Industry leaders from eBay, to Google, Microsoft and Apple bought in outside technology to kickstart some of their most well-known products from PayPal, to Earth, Android, Windows, Word, Skype, Mac OSX and iTunes from smaller companies.

Perhaps most famously, Cisco tried to formalize this approach with so-called spin-ins.

About us

Simon is a FAA registered pilot and recently made the pilgrimage to Kitty Hawk.

202 is a boutique enterprise software sales consultancy for startups and mature IT companies, focusing on product launches and growth hacking. 202 was founded in late 2014 by industry veterans Peter Laitin and Simon Hartley, together with decades of expertise and successful experience in cybersecurity, mobility and IoT sales hunting, marketing and product management. 202 specializes in emerging technology and early markets such as government, healthcare, finance and automotive. Customers include RunSafe Security, Kaprica Security, Spectrum Comm and others. 202 is headquartered just outside Washington, DC, in North Bethesda, MD. Learn more at 202partnersllc.com.


Photo Credit

First flight of the Wright Flyer I, December 17, 1903, Orville piloting, Wilbur running at wingtip.

John T. Daniels - This image is available from the United States Library of Congress's Prints and Photographs di

Comments

Software automation key to clearing gridlock from highways to cybersecurity

202 Partners Samsung FedScoop
I live in the Washington, DC, Metro area.  Every day, I drive roads choked with vehicles around the beltway.   Arriving at weekday destinations, I run into IT staff choked with manual tasks like configuring mobile devices, or sifting thru masses of false positive data from app vetting, to security logs.
If it’s not possible to keep on widening roads to accommodate more and more cars, or to keep on hiring more and more expert staff and contractors to deal with more and more cybersecurity threats then what is the answer?

Clearing gridlock

The answer is software automation.  Software is smart and can be affordably and reliably scaled, hardware is powerful and ubiquitous.  Peoples’ time is the most valuable commodity of all.   Automation isn’t about replacing people it is about enabling people to act more productively, to focus on proactive priorities, not simply miring them in reactive or busy work.

Tuning up trucks & cars

The writing is on the wall for the future of motor vehicles, with each model year adding more connectivity, as well as advanced driver assist systems (ADAS) from automated braking to parking, to crowdsourced traffic routing with tools like Waze.
The promise of full or even partial automation is more time for everyone, with efficient traffic flows, shorter commutes, less accidents, and a new freedom for underserved groups like those with disabilities, the elderly, or just ordinary people whose passion isn’t driving but their family and work activities.  Driving for pleasure will live on in rallies and race tracks, just like horse riding.


Catch 22 of auto automation

The catch for that automated future is that modern vehicles aren’t just tablets on wheels but data centers on wheels, with a lots of connectivity constituting large attack surfaces, as the FBI, DOT and NHTSA recently warned.
Cyberattacks whether individualized or generalized could put a severe dent in our commutes, or even be a threat to national security where Just in Time (JIT) deliveries for restaurants and grocery stores mean cities are just ‘9 meals from anarchy’.  A modern vehicle has 100-300 million lines of code and around 50 processors, the elephant in the room of Internet of Things (IoT) systems.
The old way of addressing cybersecurity issue would be armies of experts to inspect and re-engineer the code, libraries and examine the network logs (CAN bus or J1939) … arriving back at the IT gridlock mentioned previously.
The answer for auto cybersecurity is again automation – machine learning of what are good and bad traffic on the CAN bus network and automated hardening of embedding systems, along with all the defense in depth systems described in NIST’s CsF and the SAE’s cyber auto recommendations (J3061).

Tuning up IT cybersecurity

The story of the automated car is the same for traditional IT.
Need to setup 10,000 tablets or smartphones?  Automation is the key.   Gartner found that 75% of mobile security breaches weren’t about ‘shiny squirrel’ new security technologies on mobile devices but plain old misconfiguration.  This shouldn’t be surprising when the coolest, latest smart phones and tablets have 100s of settings and even the most basic enterprise rollouts integrate apps from half a dozen vendors.
Need to comb 1,000s of security logs?   Need to vet 1,000s of lines of code?   Once again automation and machine learning.  Smart software automation products are all about doing more with less.

What are
some automated solutions?

RunSafe Vehicle Guardian
– Automated Intrusion Prevention System (IPS)/Firewall for cars (Runsafesecurity.com)
RunSafe App & OS Guardian –  Automated hardening for apps & OSes (Runsafesecurity.com)
Kaprica Tachyon – Automated setup/updating for enterprise Samsung mobile devices (Kaprica.com)
Spectrum Comm Go-Box – Automated kiosk-based management of mobile devices (Go-box.com)
Exabeam – Automated user behavior analytics (UBA) for security (Exabeam.com)
Plurilock Pluripass - Automated interaction capture for unique biometric signatures (Plurilock.com)
MobiChord – Automated telecom expense management software (TEMS (MobiChord.com)
ViiMed - Automated healthcare tele-medicine workflows (Viimed.com)

About 202 Partners

202 is a boutique enterprise software sales consultancy for startups and mature IT companies, focusing on product launches and growth hacking.  202 was founded in late 2014 by industry veterans
Peter Laitin and Simon Hartley, together with decades of expertise and successful experience in cybersecurity, mobility and IoT sales hunting, marketing and product management.  202 specializes in emerging technology and early markets such as government, healthcare, finance and automotive.  Customers include RunSafe Security, Kaprica Security, Spectrum Comm and others.  202 is headquartered just outside Washington, DC, in North Bethesda, MD.  Learn more at 202partnersllc.com.
Podcast
Comments

Cybersecurity needed to reap benefits of IoT ... not the whirlwind

VSP Cruiser

We've attended some interesting conferences in the last month on the intersection of cybersecurity and the Internet of Things (IoT) - Auto Cybersecurity, TU Auto Cybersecurity in Detroit and  the National Labs on Critical Infrastructure Protection in Virginia.

The benefits of IoT are clear to everyone.

Hackers have brought familiarity with data breaches and identity theft to tens of millions of Americans, most of which are remedied with a year of credit reporting, a few fines and a payout from cyberinsurance.  None of this has much troubled company stock prices or their brands.

IoT cyber attacks, however, could be much, much more damaging, including property damage, bodily injury and even death, affecting insurance premiums and likely driving industry re-defining lawsuits and mandatory cyber regulations.

Both the benefits and
potential / theoretical drawbacks of IoT are most visible in the auto industry, where new IoT technologies once confined to concept cars or only the most deluxe models are  increasingly to be found in popular, attractive and mass market new models.

The software platforms that drive infotainment systems, Automated Drive Assist (ADAS) technologies and full automation make modern vehicles not just smartphones with wheels but data centers on wheels, with 100 to 300 million lines of code (
IEEE), on scores of processors from a wide supply chain tied to satellite, cell, Wi-Fi, BlueTooth and physical connections such as the OBD-II diagnostics port.

Both the insurance industry and regulators are responding proactively.

Cyberinsurance is one of the fastest growing categories in the insurance industry,  expanding coverage from just data breach remediation, to include property and bodily injury (per the
Betterley Report).

The FBI, DoT and NHTSA recently put out a
Public Service Announcement around cybersecurity related safety risks with motor vehicles.

NIST is at the forefront of voluntary standards setting, with the Cybersecurity Framework (CsF) , building on NIST 800-53 rev 4, along with industry groups such as the Society of Automotive Engineers (SAE) and J3061.

RunSafe Security is one of the
many US and international vendors working with IoT companies, suppliers and integrators to build defense in depth for systems, following best practices and standards to mitigate the risk of cyber attack.

RunSafe's Vehicle Guardian addresses cybersecurity for existing fleets of vehicles with a plug-in solution.

RunSafe's App and OS Guardian automatically hardens embedded systems in future model year vehicles, or in more general IoT systems, against the most common type of cyberattack -- memory corruption (per the
MITRE CVE database of vulnerabilities).

NOTE - The Virginia State cruiser pictured was protected by Vehicle Guardian in recent
tests.
Comments

'Uber for tablets' - multi device sharing from a box

Go-Box
The sharing economy
Sharing of individual cars, homes and other resources has exploded over the last few years, driven by the ease-of-use and ubiquity of mobile devices and web-based tools.
Surprisingly, that sharing model has not reached mobile devices themselves.
That is up until now, with a new Newport News, VA-based company called
Go-Box.
The emphasis of mobile device makers, has traditionally been “
one each”, much as for cars, PCs, or indeed any consumer goods.  Have 100 or 1,000 people?  Easy, buy 100 or 1,000 devices!

Is sharing appropriate?
In fairness, neither individuals nor organizations want to share private and confidential information, wait for potentially slow OTA profile syncing, or struggle with the overheads of complex on-device software.
In the majority of consumer and organizational use cases, “
one each” is the right answer. However, there are a number of use cases in government and enterprise where sharing is appropriate, for example, where
  • Work is divided into shifts
  • Data is sensitive and needs to stay in the workplace and be securely managed
  • OTA connectivity is limited, or undesirable

Go-Box makes sharing tablets easy, delivering on-demand tablets with the apps, data and settings that users need.
Management is web-based.  Data confidentiality and syncing are managed as part of the charging cycle rather than with on-device software or OTA syncing.  After all, even Uber cars need to be refueled, or Airbnb homes cleaned.

Mobile devices are different in kind than PCs
The issues of sharing were successfully resolved decades ago for PCs. 
PCs are plugged into fast networks and wall outlets.  When Fred logs in, he sees his environment, apps and data.  When Sheila logs in, she sees hers and so on. 
Built-in profiles, Active Directory, virtualized environments, or similar tools solved the issue for Linux, Mac and Windows users.  The same ideas have been applied to mobile devices, from built-in profiles, to EMM, MDM, container or virtualization approaches.
However, mobile devices are different in kind than PCs in a number of key ways:
  • Storage space and security may be too limited for multiple on-device profiles and data
  • OTA bandwidth may not be sufficient for timely syncing of the data around changing profiles
  • The overhead of sharing software cannot be so high as to mar the user experience
  • Devices need to be regularly plugged in to charge
  • A new kind of mobile device sharing in a box
Go-Box realized that mobile sharing was not just about software tools but the wider context of technology, people and processes.
It combines in a box the functions of charging and fast syncing with secure storage of data.  The box can be configured in a number of ways
  • A collection of USB charging ports, in its simplest form
  • A kiosk that stores tablets
  • A vault that securely stores tablets, in its most full-featured form
    (as illustrated)
Now, it is Go-Box that is plugged into fast networks and wall outlets at one or more locations.  When Fred logs in at the Go-Box, it dispenses a tablet with his environment, apps and data.  When Sheila logs in, she sees hers and so on.  The boxed approach also simplifies IT support, especially in remote locations.

Contact
Go-Box, 1 BayPort Way, Suite 300, Newport News, VA USA Go-Box.com  .  info@go-box.com .  +1 (757) 224-7500
Podcast
Comments