ATON IT Professional Earns Nursing Informatics Certificate

SOMERVILLE, NJ – Linda Van Der Veen, an Information Technology professional at ATON COMPUTING, INC, has earned her Certification in Nursing Informatics.

Nursing Informatics (NI) integrates nursing science with multiple information and analytical sciences including computer science, information management, archival science, and mathematics to identify, define, manage, and communicate data, information, knowledge, and wisdom in nursing practice and information technology.

The American Nurses Association Scope and Standards of Practice states that in addition to improving overall health of the general population, NI supports activities including the identification of issues and the design, development, and implementation of effective informatics solutions and technologies within the clinical, administrative, educational and research domains of practice.

“Linda’s certification adds another dimension to the services offered by ATON Computing,” according to ATON principal Walter Hansen. “In addition to the numerous IT technical certifications that ATON employees have earned, we now have an ability to address healthcare and prevention issues for the public and private sectors clients that we serve.”

ATON focuses the expertise of its 9-person professionally trained staff on computer networking, business continuity, cloud computing solutions, and cyber security/risk management, providing hands-on hardware & software integration specifically configured to meet the technology needs of government and the private sector.

ATON web site at www.atoncomputing.com focuses on the core values of the staff and the range of services that includes custom Microsoft network design and installation, software program implementation, cyber security, and training that enhances efficiency, provides protection, and results in a positive return on investment.

In addition to the NI Certification, the staff of IT professionals maintain current technical credentials including: Microsoft MCSE, MCSA, MCTS & MCP; Cisco CCNA, VMware’s VCP, A+ Core Services; numerous hardware & software product certifications.

For information on ATON Computing, Inc. services, access the web site at www.atoncomputing.com or call 908-725.3700.

Cybersecurity Tech Accord Sets New Privacy Standards for Tech Companies

Thirty-four technology companies have signed the “Cybersecurity Tech Accord,” a document that declares that the signatories will protect all of their customers from threats and will not “help governments launch cyber attacks against innocent citizens and enterprises from anywhere.” 

The signatories include Microsoft and Facebook, Dell, VMware, HP and HP Enterprise, Cisco, Avast, CloudFlare, F-Secure, Symantec, Trend Micro, BT, Juniper Networks, and Telefonica, among others. Notably missing from the list are Google, Apple, and Amazon.  

The accord, available here, has four key components: 

  1. We will protect all of our users and customers everywhere. 
  2. We will oppose cyber attacks on innocent citizens and enterprises from anywhere. 
  3. We will help empower users, customers, and developers to strengthen cybersecurity protection 
  4. We will partner with each other and with like-minded groups to enhance cybersecurity. 

The accord is being referred to as a “digital Geneva Convention” to mirror the rules of engagement in technology in the same way that the Geneva Convention sets standards for conduct in war.  

The issue is one of trust—”Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust.” 

The Accord is intended to prevent situations similar to the current Facebook scandal involving Cambridge Analytica and related organizations harvesting user data en masse and using it for psychologically tailored political advertising.  

Read full article here.

Modernizing Government IT Systems

government programming code with laptop background

Take a Lesson from the Federal Government on Modernizing IT Systems

Reprint from the 2017 Report to the President on Federal IT Modernization

 

This report outlines a vision and recommendations for the Federal Government to build a more modern and secure architecture for Federal IT systems.3 Agencies have attempted to  modernize their systems but have been stymied by a variety of factors, including resource prioritization, ability to procure services quickly, and technical issues.  

Recommendations to address the aforementioned issues are grouped into two categories of effort: the modernization and consolidation of networks and the use of shared services to enable future network architectures. In addition to specific recommendations, this report outlines an agile process for updating policies and reference architectures to help the Government more rapidly leverage American innovation.   

Network Modernization and Consolidation. 

This report envisions a modern Federal IT architecture where agencies are able to maximize secure use of cloud computing, modernize Government – hosted applications, and securely maintain legacy systems. Specific actions in this report focus on the first two areas, where securely maintaining legacy systems is addressed in other areas of EO 13800. These actions enable agencies to move from protection of their network perimeters and managing legacy physical deployments toward protection of Federal data and cloud – optimized deployments. The report also emphasizes a risk-based approach that focuses agency resources on their highest value assets, per OMB’s authorities provided by the Federal Information Security Modernization Act of 2014 (FISMA)4 and OMB Memorandum M-17-25, Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The report addresses current impediments or obstacles to adopting modernized cloud technologies by piloting new implementation approaches, and using these test cases to inform rapid policy updates. The report also focuses on consolidating and improving acquisition of network services so that management of security services for networks are consolidated where possible and managed to high standards. Specific actions include:

1. Prioritize the Modernization of High-Risk High Value Assets (HVAs).
Prioritize modernization of legacy IT by focusing on enhancement of security and privacy controls for those assets that are essential for Federal agencies to serve the American people and whose security posture is most vulnerable.

2. Modernize the Trusted Internet Connections (TIC) and National Cybersecurity Protection System (NCPS) Program to Enable Cloud Migration.
Use real world implementation test cases to identify solutions to current barriers regarding agency cloud adoption. Update relevant network security policies and architectures to enable agencies to focus on both network and data-level security and privacy, while ensuring incident detection and prevention capabilities are modernized to address the latest threats.

3. Consolidate Network Acquisitions and Management.
Consolidate and standardize network and security service acquisition to take full advantage of economies of scale, while minimizing duplicative investments in existing security capabilities. Shared Services to Enable Future Network Architectures.

 

The following section of this report lays out an approach to enable, with ongoing Government- wide category management efforts, the Federal Government to shift toward a consolidated IT model by adopting centralized offerings for commodity IT. The recommendations detail steps to address current impediments in policy, resource allocation, and agency prioritization to enabling the use of cloud, collaboration tools, and other security shared services. For the purposes of this Report and its implementation, shared services is the provision of consolidated capabilities or functions (services and/or IT systems) that are common across multiple agencies. Shared Services can enable agency efficiency by reducing duplication and costs through consistent delivery of standardized capabilities or functions in ways that make the most of innovative processes and commercial solutions. Specific actions include:

1. Enable use of Commercial Cloud.

Improve contract vehicles to enable agencies to acquire commercial cloud products that meet Government standards.

2. Accelerate Adoption of Cloud Email and Collaboration Tools.

Provide support for migration to cloud email and collaboration suites that leverage the Government’s buying power. Define the next set of agencies to migrate to commercial email and collaboration suites.

3. Improve Existing and Provide Additional Security Shared Services.

Provide consolidated capabilities that replace or augment existing agency-specific technology to improve both visibility and security.

Resourcing Federal Network IT Modernization.

In order to implement the Federal IT modernization efforts outlined in this report, agencies will need to realign their IT resources appropriately using business-focused, data-driven analysis and technical evaluation. OMB will inform agencies that agency Chief Information Officers (CIOs) work with their Chief Financial Officers (CFOs) and Senior Agency Officials for Privacy (SAOPs), in consultation with OMB, to determine which of their systems will be prioritized for modernization, identifying strategies to reallocate resources appropriately. In accordance with the terms of agency contracts and consistent with law, agencies should consider evaluating ongoing and planned acquisitions that further develop or enhance legacy IT systems identified that need modernization to ensure consistency with broader IT strategies outlined in this report. Agencies should also emphasize reprioritizing funds and should consider “cut and invest” strategies that reallocate funding from obsolete legacy IT systems to modern technologies, cloud solutions, and shared services, using agile development practices and the best practices within GSA’s Unified Shared Services’ Modernization and Migration Management Framework,5 where appropriate.

Taken together, these recommendations will modernize the security and functionality of Federal IT, allow the Federal Government to improve service delivery, and focus effort and resources on what is most important to customers of Government services.

3. Not to include national security systems as defined in Section 3552(b)(6) of Title 44, United States Code.

4. Federal Information Security Modernization Act of 2014 (Pub. L. No. 113-283, 128 Stat. 3073), as amended. 5 Introduction to Modernization and Migration Management (M3), Unified Shared Services Management.

For follow-up information: www.atoncomputing.com

Full report here.

Remote Access to Computers can be a RISKY Business

Remote desktop access through the internet represents a substantial risk to network security and should be avoided whenever and wherever possible.

If remote access is required, available options including LogMeIn, TeamViewer, Chrome remote desktop, etc. should be used only after taking precautions to improve security.

1) Your router/firewall should be configured to restrict access to only the necessary public IP addresses. This is the best way to secure the connection.

2) Default Network accounts with usernames such as “Admin” and “Administrator” should be disabled.

3) Configure Active Directory to lock out accounts after 3 or 5 failed sign-in attempts.

4) Ensure that all computers/servers being remotely accessed require strong/complex passwords (a minimum of 8 characters, including 1 upper case letter, one lower case letter, a number, and a special character).

5) Ensure that remote access to computers/servers be limited to authorized users specifically requiring connectivity to that machine.

Or, contact ATON Computing, Inc. at www.ATONComputinginc.com of at 908-725-3700 or your IT Professional for expert solutions to your IT issues.

The Impact of Net Neutrality Changes on Local Governments

What is Net Neutrality?
The idea, principle, or requirement that Internet service providers should or must treat all Internet data as the same regardless of its kind, source, or destination. – Merriam-Webster Dictionary

Why is Net Neutrality an issue?
Despite public opposition, the Federal Communications Commission voted to rescind rules intended to ensure net neutrality in December of 2017. The rules prevented the prioritization of content by Internet providers and is expected to benefit telecommunications companies.

What are the options?
There now appears to be interest in developing methods of accessing the Internet without requiring the centralized services of corporate ISPs by developing community- based locally owned Internet service. The service allows users in a “neighborhood” to share and Internet connection at no charge without discriminating or blocking content.

Another option is municipal broadband, owned and operated by local government, mimicking the Internet access provided by corporate ISPs, yet more responsive to customers on their issues. Caution must be exercised as these efforts can lose money or result in failure with political repercussions. In addition, several states have laws that ban municipal broadband. New Jersey is NOT one of them.

The New Jersey Office of Information Technology (NJOIT) has created a broadband map to support and expand broadband access and provide businesses and consumers with relevant information needed to make decisions related to high speed Internet options.

What does it have to do with local government?
Municipal broadband service is owned and operated by local government and essentially mimics the Internet access provided by corporate ISPs. Because they are locally owned, they are more responsive to customers on issues, including net neutrality.

Considerations
Is there a need and will there be public support for the proposal?
Who in the community can directly benefit- contractors, local IT consultants? What are the costs of building, equipment, and operation?
Will the politics of the municipality allow moving forward with the project? Is grant funding or foundation money available?
Is it more cost efficient to operate local broadband?
Is it a service that taxpayers deserve?

Caveat
Historically, most local governments that have tried municipal broadband have failed. The build-out cost and the maintenance/support has been prohibitive. Muni broadband is often seen as an integral part of the Smart Cities initiative.

Everything You Wanted to Know About Cyber Attacks on Municipal Government

What is a Cyber Attack

A Cyber Attack is initiated by a person or a group of people against a website, computer system, or individual computer that compromises the confidentiality, integrity, or availability of the system or information stored on it. –  BitSentinal

A Cyber Attack is deliberate exploitation of computer systems, technology-dependent enterprises, and networks.

Cyber Attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft. – Techopedia

Where Does a Cyber Attack Come From?

  • Cyberspace and its underlying infrastructure are vulnerable to a wide range of risks stemming from both physical and virtual threats and hazards.
  • Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.
  • US Department of Homeland Security

Why Would a Municipal Government Be A Target?

  • It is at the state and local levels of government that the preponderance of programs and services are administered, requiring the storage of extensive amounts of personal information.
  • The use of web technologies to facilitate government services continues to rise.
  • The result is increased opportunity for the criminal and vulnerability for the local government.

How Do You Know That You Have Been Infiltrated?

  • It’s not always immediately obvious that your systems have been breached but detection and response are critical. Immediate detection reduces the average cost of recovery dramatically .
  • When dealing with a Distributed Denial of Service (DDoS) attack it can be challenging to even determine if your website is down due to legitimate traffic or an attack. The key to telling the difference lies in the length of time the service is down – if slow or denied service continues for days, it is time to start to look into what’s going on.
     (DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a   Trojan, are used to target a single system causing a Denial of Service (DoS) attack. WeboPedia)
  • If you detect an abnormality in content or operation, infiltration by Internet, malware, or hacking may be the cause.

Cyber Attack Prevention

  • Develop an Information Security Management Plan (ISMP) and test various scenarios so you are ready when an attack happens.
  • Invest in technology that allows you to know and monitor your network’s normal behavior.
  • Make sure you maintain sufficient server capacity for best performance under high load.
  • Know how to use your defensive strategy. Practice defensive actions to get it committed memory.
  • If necessary, outsource to a managed Domain Name System (DNS) provider who can redirect site visitors to hosts with advanced features. The (DNS) translates Internet domain and host names to IP addresses and vice versa.
  • Preparation is the key. Determine the financial impact and reputation damage of an attack to evaluate the size of the investment in prevention. The cost of an attack is usually far greater that the preventative investment.

In Case It Happens – Recovery Methods

  • An incident response plan, prepared prior to an attack, is an outlined course of action to establish a framework for the internal and external actions to be taken during and after a digital security breach.
  • One individual should be designated to lead the crisis response, overseeing a “response team” comprised of both internal and external personnel.
  • Response steps include:
    • IDENTIFY the problem.
    • CONTAIN the attack.
    • INVESTIGATE the crime and submit evidence to law-enforcement and investigators.
    • FOLLOW-UP the incident, notifying employees, residents and other government entities.
    • REMEDIATE the attack by changing company practices to prevent another breach.

Rules for Cyber Awareness

  • In order to provide essential public services, all levels of government must  ensure their cyber infrastructure is safe, secure, and resilient.
  • Join fellow government users in United States Computer Emergency Readiness Team (US-CERT) collaboration groups and programs to facilitate information and resource sharing on cybersecurity issues
  • Visit the Multi-State Information Sharing and Analysis Center (MS-ISAC) for cyber threat prevention, protection, response, and recovery for the nation’s state, local, territorial and tribal (SLTT) governments.
  • The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) at www.cyber.nj.gov is the State’s one-stop shop for cybersecurity information sharing, threat analysis, and incident reporting.
  • Share information an best practices through the National Institute of Standards and Technology (www.NIST.gov) Federal Agency Security Practices (FASP).
  • US Department of Homeland Security

Meltdown & Spectre

When You Hear About Meltdown & Spectre – DON’T PANIC! They have been around for years.

The fact is, the main chip in most modern computers has a hardware bug. Meltdown and Spectre are two related families of hardware flaws that are capable of negatively impacting the Central Processing Unit (CPU) of any computer. Both have been around for years but not everyone is familiar with them. They are only now becoming potential targets for attack.

The simple explanation of the problems that each creates are as follows:

  • Meltdown breaks down the separation between what you are doing (user app) and what the computer is doing (Operating System), enabling the app to steal data that it should be unable to access.
  • Spectre is more insidious, breaking the connection between different concurrently running apps to reach the same end.

By exploiting these vulnerabilities, hackers can gain access to passwords, emails, instant messages, and business-critical documents by reading data used by other programs operating concurrently Devices impacted by Meltdown and Spectre include desktop computers, personal computers, mobile devices, and the cloud.

This silent information thief cannot be detected by the average user and it is unlikely that traditional anti-virus software will detect the intrusion.

But, DON’T PANIC. There are patches against Meltdown for Linux, Windows, and OS X. Additionally, there is ongoing research to harden software against Spectre. The best route to take is to update and patch all machines on the computer network while educating all operators in the network to be vigilant and thinking before clicking.

An Important Article About Disaster Planning that appeared in NJBIZ

Business Conference

Think ahead for disaster planning: Business owners must have safeguards in place to prevent a costly Catch-22 situation

For New Jersey business owners, the series of hurricanes that recently struck Texas, Florida and other locations may have stirred painful memories of Superstorm Sandy, which rocked the Garden State in 2012.

If personal, income‐producing or business property is impaired or destroyed during a disaster, taxpayers may be able to claim a casualty loss deduction on their tax return, generally as an itemized deduction on Form 1040, Schedule A for individuals , and on Section B of Form 4684, Casualties and Thefts, for business or income-producing property.

But what if the books and records you need to compute and document your losses—not to mention carrying on your business post-disaster—get lost in the flooding, fire or other conditions that can accompany a disaster? Without the proper safeguards in place, a business owner could be in a costly Catch-22 situation.

“Some small businesses may have lot of paper-based documents that are at risk of exposure to fire and flood, yet they don’t have much in the way of backup copies,” warned Henry Rinder, senior forensic partner at the Fairfield-based CPA firm Smolin Lupin. “Most strategic plans incorporate some kind of offsite storage of critical, relevant documents and records. So if a fire, flood or another disaster occurs—like the time that Sandy slammed into New Jersey—and your records are destroyed, you will still be able to recover your vital data with offsite recordkeeping.”

In New Jersey, professional document service providers like Iron Mountain Inc. offer storage and protection of information assets like critical paper business documents as well as electronic and other information.

“If you transfer your records to the digital space, storage can be a lot easier,” added Rinder. “This way you can easily transfer data to an offsite cloud-based ‘storage facility’ like Google Drive, often in real time. Of course, when you’re talking digital, it’s important to protect your documents—as well as your entire network—from hackers.” October is National Cyber Security Awareness Month, he said, which is an annual campaign to raise awareness about the importance of cybersecurity, like being up to date with your antivirus software.

But putting backup and other security plans in place is only one step, Rinder said.

“Every business, regardless of its size, should have a strategic plan in place that’s communicated to all the employees,” he said. “Document the steps in your disaster recovery plan, and establish a chain of command in case of a disaster, like flooding or power outages. How will people communicate if phone lines are down, or if access to your office is blocked? Then test your plans, and run ‘fire drills’ with all of your staff to ensure that everyone understands what to do, and that the plan is effective.”

Cipolla & Co., a Franklin Lakes-based full-service CPA and financial services firm,  has back up generators that can power computers, lights and heat in an emergency, said Joseph Cipolla, the managing director. “We outsourced our record retention to a cloud-based provider, and everyone has a laptop and takes them off premises each night. Employees also have cell phones with their own ‘hot spot’ so they can work remotely regardless of where they’re located.”

When it comes to tax planning for a disaster, business owners may find that preparing for disasters is the biggest takeaway.

Things That We Think You Should Know But Are Too Busy to Research

ATON Computing continually provides technology “breaking news” that may be of value to employees of government agencies.

 

NJ GMIS Cybersecurity Awareness Event

Thursday, November 2 from 8:00 A.M. to 12:00 Noon

For the second year, New Jersey GMIS will be hosting a four-hour cyber incident case study.

There is no fee for public sector employees, however you must register to attend.

For more information and to register, click here.

 

Cyber Security Act of 2015 from Segal McCambridge Singer & Mahoney

For a brief overview of The Cybersecurity Act of 2015, click here.

 

Enterprise Architecture and how it can increase IT efficiency & lower costs from IT Today

The goal of enterprise architecture (EA) is to create a unified IT environment (standardized hardware and software systems) across all computer-related elements, with links to the business side of the organization. More specifically, the goals of EA are to create alignment and standardization, reuse of existing IT assets, and the sharing of common methods for project management and software development. The end result, theoretically, is that the enterprise architecture will make IT cheaper, more strategic, and more responsive.

For the full article, click here.