Archives for June 2015

Exploring the Cybersphere

This week in our blog, we offer a cyber Tuesday option 3snapshot of cybersecurity, privacy and data security news of interest to the executive suite. Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

Preparation starts at the top —

Board rooms becoming more security-savvy
Dark Reading
Thirty-five percent say they discuss cybersecurity at every board meeting, a Veracode-NYSE survey says. Board rooms are becoming more sophisticated about cybersecurity, creating new opportunities for CISOs to lead, according to a recent survey of 200 directors of public companies, conducted by NYSE Governance Services and Veracode …

Phishing is good on the other side of the pond —

Employee credentials of half of European top 500 firms exposed online
Help Net-Security
Cyber attacks and data breaches very often start with phishing or spear-phishing. Access to good credentials is key – whether it’s for straight emailing or direct access to target email systems, etc. Web intelligence firm Recorded Future has recently scoured the Web’s underbelly, including paste sites and forums, for exposed corporate credentials (emails and passwords), and found that 49 percent of Europes’s largest companies have had credentials belonging to their employees exposed online …

And here as well —

The race to outsmart corporate phishing attacks
CS Monitor
Companies are constantly seeking new – and expensive – ways to protect against criminal hackers. But even the most advanced software can’t keep unwitting employees from endangering corporate networks …

As for what motivates cyber criminals, not surprisingly, cyber crime does pay,

Cybercrime can give attackers 1,425% return on investment
Dark Reading
While security professionals often find it difficult to prove return on investment, a standard ransomware campaign could earn an attacker a 1,425 percent ROI, according to a report released today by Trustwave

And while victims may not care, RAND says there is a new breed of cyber criminal emerging —

Cybercrime: Much more organized
Cybercrime offers the potential for immense profits. So it is no surprise that the digital “mob” has moved into the space. According to some experts, there is no such thing as “disorganized cybercrime” any more …

RAND also has published a second study that suggests CISOs increasingly believe cyber attackers are rapidly outpacing defenses

Companies making cybersecurity a greater priority, but hackers may still be gaining
Homeland Security News Wire
Companies are spending increasing amounts on cybersecurity tools, but are not convinced their data is truly secure and many chief information security officers believe that attackers are gaining on their defenses, according to a new RAND Corporation study. While worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually, many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

June 30, 2015

Sharing is Caring When it Comes to PTSD Awareness

Father’s day has passed, and many Americansptsd uncle sam have already begun preparations for 4th of July celebrations. However, few know that sandwiched between the two early summer highlights is a less noticed but increasingly important national observance day. Tomorrow is National PTSD Awareness Day. Visibility for the disorder has increased in recent years due in part to media coverage of its prevalence in Iraq and Afghanistan veterans, but an air of mystery and stigma still shrouds the issue.

The American Psychiatric Association (APA) published the fifth edition of their diagnostic manual, DSM-5, in 2013. In it, the APA made changes to the diagnostic criteria and behavioral symptoms related to posttraumatic stress disorder. The manual now describes PTSD as a disorder caused by direct or indirect exposure to a traumatic event (actual or threatened death, serious injury or sexual violation) resulting in “clinically significant distress or impairment in the individual’s social interactions, capacity to work or other important areas of functioning.” Those afflicted can experience four different kinds of symptoms: re-experiencing, avoidance, negative cognitions and mood, and hyper-arousal.

Reading that, it’s no wonder that air of mystery and stigma still exists.

Studies have shown that social support is a key factor in whether or not a person exposed to trauma will develop PTSD.  People without strong family, peer and community support are much more likely to suffer from PTSD than those with solid support networks. Thirty percent of Vietnam veterans were diagnosed with PTSD compared to 11 to 20 percent of Iraq and Afghanistan veterans—a drop many researchers have attributed to more societal awareness and understanding of the disorder.

The smaller percentage of Iraq and Afghanistan veterans diagnosed with PTSD may represent progress, but much more must be done.

We’ve had the opportunity to gain a close-up glimpse of what it’s like living with and caring for a veteran with PTSD through our work with Caring for Military Families: Elizabeth Dole Foundation. Hundreds of thousands of our service men and women have been diagnosed with PTSD. Yet, only one out of three of them will actually seek help or treatment. The Foundation’s beneficiaries — military caregivers — speak frankly and passionately about the difficulties caring for a loved one with these insidious and invisible wounds, and the need for support and resources to help them cope with the challenges.

So, how do we become a society of support rather than one of shame, fear or silence?

The change starts with education. Becoming familiar with the disorder’s causes, signs, symptoms and treatments can turn a concerned bystander into a powerful catalyst for change. To break down the APA’s dense language, here’s what you need to know:


  • Traumatic experiences can range from physical and sexual assault, to military combat, to natural disasters, and so on.
  • The traumatic experience does not have to be first-hand — being witness to the event or even learning that the event happened to a close friend or family member can be traumatic enough to induce PTSD.
  • Research indicates that the intensity of the experience is linked to the probability of PTSD. The U.S. Department of Veterans’ Affairs cites in this guide that 86 percent of Iraq veterans experienced receiving incoming fire, and 79 percent know someone who was seriously injured or killed.


  • Re-experiencing the event through recurrent dreams, flashbacks, etc.
  • Preventing trauma response through avoidance of all thoughts, places, people and emotions related to the event.
  • Negative cognitions and mood, like persistent sense of blame, loss of memory for aspects of the event, and isolation.
  • Being hyper-aroused, either through aggressive and angry behavior or over-reactive startle response.


  • PTSD is curable with consistent and engaged treatment.
  • A variety of Cognitive Behavioral Therapy techniques have been shown to be very effective in treating PTSD, including controlled re-exposure in a safe environment.
  • EMDR, a relatively new but highly effective therapy, is aimed at changing the response to traumatic memories.
  • Some medicines, particularly anti-anxiety medications, can be useful in managing symptoms.

Learn about PTSD and share what you learn with your colleagues and friends. You can do a lot by supporting National PTSD Awareness Day on your social media channels.  Let’s all make an effort to lessen the mystery and reduce the stigma.


By Cassady Burns, SDI

June 26, 2015


Paralyzed Berkeley tragedy survivor says she will honor victims with happy life

One of the survivors of the Berkeley balcony collapse, Clodagh Cogley, took to Facebook yesterday to share an inspirational message of positivity, hope, and purpose. Her resilience in the face of this shocking tragedy is truly moving. Coverage of Clodagh’s remarks from reads below.

By Frances Mulraney, June 25,2015


Clodagh Cogley, a survivor of the Berkeley balcony collapse that killed six young Irish people, has revealed she is paralyzed from the waist down.

“The fall from the balcony left me with 2 collapsed lungs, a broken shoulder, a broken knee, 5 broken ribs and a broken spinal cord… Meaning the chances of me using my legs again are pretty bleak,” she said.

She pledged to honor the victims of the tragedy by “living the happiest and most fulfilling life possible.” The brave Dubliner remains upbeat about her future despite receiving paralyzing injuries in the fall from the fourth-floor balcony.

Despite this, she maintains a positive outlook and aims to work hard throughout her rehabilitation therapy, showing good humor in the face of such extensive injuries.

“Not the best odds,” she continues, “but I’m moving to a great rehabilitation center here in San Francisco for 2 months (it has dog therapy) and intend to give it everything I’ve got.

“Who knows maybe legs have been holding me back all these years and I’ll realize my talent for wheelchair basketball.”


Image: Clodagh Cogley/Facebook


Showing incredible maturity, Clodagh goes on to pledge her life to honoring the victims and making the most of her life.

“The thing I’m taking from this tragedy is that life is short,” she says, “and I intend to honor those who died by living the happiest and most fulfilling life possible.

“Enjoy a good dance and the feeling of grass beneath your feet like it’s the last time because in this crazy world you never know when it might be.”

Clodagh had previously thanked fellow survivor, GAA-star Jack Halpin, for helping to save her when the tragedy happened.

“[We] can’t believe how lucky she and the rest of the survivors were and Clodagh wanted to say particular thanks to Jack Halpin for grabbing her and breaking her fall,” her brother told the Irish Independent.

Granddaughter of legendary RTE rugby commentator Fred Cogley, Clodagh also received a message on Twitter from Harry Potter author J. K. Rowling wishing her a speedy recovery.

JK Rowling Tweet

Clodagh was among the seven Irish J-1 students injured in the balcony collapse along with Jack Halpin (21), Hannah Waters (21), Aoife Beary (21), Niall Murray (21), Sean Fahey (21) and Conor Flynn (22).

Niall Murray and Sean Fahey had previously taken to social media to give thanks to those who have supported them since the tragedy occurred over a week ago.

“Thanks everyone for the support in such a dark time,” wrote Seán, the first of the survivors to leave hospital this week, along with a photo of the six victims.

Niall also paid tribute to the victims writing, “Thank you to everyone across the world for all the support you have given us through this dark time. To Nick, Culli, Lorcan, Eimear, Olivia and Ashley, words can not describe how much we are going to miss you all. May you rest in peace forever xxx.”

Ashley Donohoe (22), Olivia Burke (21), Eoghan Culligan (21), Niccolai (Nick) Schuster (21), Lorcan Miller (21) and Eimear Walsh (21) were killed in the early hours of Tuesday morning, July 16, when the fourth-floor balcony of an apartment complex on Kittredge Street in Berkeley collapsed while they were celebrating a 21st birthday.

It has been confirmed that the supports holding the balcony were destroyed by dry rot, making the balcony unsafe.

A Whale of a Fish Tale

“Aye, aye! and I’ll chase him round Good Hope, and round the Horn, and round the Norway Maelstrom, and round perdition’s flames before I give him up.” 

         – Captain Ahab to Starbuck

Herman Melville’s classic tale of Captain Ahab’s maniacal pursuit of the great white whale Moby-Dick , published in 1851, remains one of the richest novels cyber Tuesday option 3
ever written. Interestingly, it offers a lesson for today’s hyperconnected world, in which the vast expanses of the Internet ocean can be traversed at light speed. Think of a world in which there now exist many Ahabs, relentlessly pursuing their quarry.  Now think of yourself as the whale.

Whaling offers the ultimate trophy in spear phishing. It’s a sophisticated scam that targets senior executives — the “whales.” It also represents the natural evolution of “phishing,” the commonly used practice of sending a supposedly legitimate email in an effort to gain personal information from the recipient.
At one point virtually every Internet user in the world may have gotten an email from a desperate person in Nigeria who wanted to smuggle money out of their country and needed only modest assistance, in return for which they would be ever so generous. For most people, those phishing attempts were obvious.  But the primitive early efforts have been replaced by far more sophisticated undertakings. Now the term “spear-phishing” is far more applicable, for scammers use generally available information to craft more personal emails that are harder for potential victims to identify.

The attacks are unrelenting. Symantec’s 2015 Internet Security Threat Report notes “Almost no company, whether large or small, is immune. Five out of every six large companies (2,500+ employees) were targeted with spear-phishing attacks in 2014, a 40 percent increase over the previous year. Small- and medium-sized businesses also saw an uptick, with attacks increasing 26 percent and 30 percent, respectively.”

Cloud services provider Intermedia and Intel Security have published an ebook titled How Fishing Evolved in the C-Suite that offers an interesting look at the range of “phishing” techniques successfully employed.  With regard to whaling, it has a chapter that begins … “In June 2014, Keith McMurtry, financial corporate controller for Scoular Co., lost $17 million of the company’s money. And it all started with an email.”  It turns out there were multiple emails. The emails used addresses in Israel, France and Germany, and a server based in Moscow. In the “it’s a small world after all” department, the FBI has entered the case and alleges that the money ended up with a company in Shanghai.

Scoular is large enough so that the loss of $17 million is embarrassing rather than catastrophic. But others may not be so fortunate. Some of today’s Ahabs work for concerns that want information far more valuable, and use schemes more complex than that which ensnared Scoular. It is absolutely critical that access to key proprietary data be restricted. If and as it is, one can imagine that the focus on the whales who might have access to that data will become ever more intense. To help assess whether you’re ready, try taking this quiz from McAfee.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

June 23, 2015

How to Look Smart But Stay ‘Cool’ in the Summer Heat

Professional Dress Blog PictureIt’s summer time in Washington, DC, which means ice cream trucks, baseball games, and of course, sweltering heat and humidity. The sun is blazing and the heat index will likely soon soar above 100—a bit of a shock for an Irish girl working for Susan Davis International for the summer.  Back home in Ireland, summer temperatures average around a comfortable 60 degrees, so the thought of wearing professional clothing at the height of summer in DC was quite daunting. However, with meticulous planning I’ve managed to put together a ‘weather appropriate’professional wardrobe. Here’s what I’ve learned along with some valuable tips from staff at SDI!

In the PR industry, how you present yourself is crucial as it serves as a reflection of you as an individual, as well as your company. “How an individual dresses for work can be a powerful extension of his personal brand,” says Matthew Randall, executive director of the Centre for Professional Excellence. Clothing, accessories, and even footwear help to reinforce or diminish a person’s skills and qualities in the eyes of their employer, co-workers, and clients. It’s difficult to overstate the importance of dressing professionally.

One of the most difficult challenges in choosing hot weather attire is preparing for the varying climates you often encounter in one day during DC summers — scorching heat, freezing air conditioning, and frequent afternoon thunderstorms.  I’ve found the solution lies in layering your clothes. Layers allow flexibility to match the needs of each situation. I never leave the house without a lightweight cardigan or umbrella, just in case.

Senior Account Executive Dan Gregory suggests always having a jacket hanging in your office. This allows you to travel to and from work more lightly dressed and still be prepared to meet with clients in professional attire. He also suggests keeping a fresh shirt on a hanger for when a heat-wave hits. If you haven’t already, make sure that a travel-sized deodorant is your best friend this season and keep one in your desk drawer!

Wearing light colors is a stylish way to update your seasonal wardrobe, but it’s also a great way to stay cool. Dark colors absorb and trap heat, making you hotter than usual. One report on the causes of heat stroke states that wearing light colored clothing is key to regulating body temperature during the summer months. So this tip is actually scientifically proven!

Ladies, “less is more” when it comes to summer hair and makeup. One thing that screams unprofessional is smudged makeup. Replacing your trusty liquid foundation with a lighter powder and investing in waterproof eye makeup can help prevent you from looking like you’ve melted in the summer heat. For hair, a neat bun or braid is a great way of keeping hair away from your neck while still looking polished.

Last but not least, blisters are an unfortunate reality of hot weather. However, wearing comfortable shoes for your journey to and from the office is an easy and effective way of avoiding them. Much like Dan’s tip, keep a pair of professional work shoes in your bag or at your desk to slip on once you get into the office.

These are just a few of the tips that are helping me settle into my first summer stateside and allowing me to make the best possible impression during my time here at SDI. I hope they help you beat the heat!


By India Fahy, SDI

June 23, 2015


What are you reading?

It’s time for the annual summer must-read lists Summer Reading 3 (2) that will pop up in most media outlets. While the major publishers will have their recommendations, here’s what some of our staff find intriguing, unsettling, informative, character-building, provocative, mesmerizing and just plain good.

Recently read by Allison Kluh is Allegiant, by Veronica Roth, the last book in the Divergent trilogy, a dark view of a society partitioned into five factions based on the character traits of its citizens, and the inevitable rail against forced conformity.

It’s the second go-around for Lisa Miller with Game of Thrones: Dance with Dragons, by George R.R. Martin. The world’s been waiting since 2011 for book 6 in the series, so a re-read is the only way she can get her fix of Westoros, Tyrion and The House of Black and White.

The erudite Judy Whittlesey is keeping up her artistic sensibilities reading Whistler: A Biography, by Stanley Weintraub, about the life of the influential yet eccentric American artist, James Abbott McNeill Whistler.

Dead Wake, by Eric Larson, awakens Tom Davis’ history passion; the author takes the reader on board the Lusitania for its final voyage across the Atlantic.

Aliza Bran just cracked open JoJo Moyes’ One Plus One, and the crack’s so fresh she’s not yet sure what it’s about. However, she was also left gurgling in the “Dead Wake” by Eric Larson and got her gumshoes on reading The Girl on the Train by Paula Hawkins about a woman who is trying to put together the pieces of a mystery murder.

Nicole Tieman is nurturing her professional skills with Measure What Matters, by Katie Helahaye Paine, an instructional about measuring online engagement and social media to improve how your brand or client relates online. That follows All the Light We Cannot See, by Anthony Doerr (“It was AMAZING”)a story about a blind French girl and a young German orphan who was talented at fixing and operating radio equipment, and their journeys through WWII.

Brain buff Cassady Burns is excited to get her nose back into My Stroke of Insight: A Brain Scientist’s Personal Journey by Jill Bolte Taylor—a neuroanatomist recollects her catastrophic left hemispheric stroke and the illuminative lessons learned on the road to recovery.

Wild, by Cheryl Strayed, keeps Jayne Davis up at night. Abandon everything you know and take a flying leap into the wild unknown of the Pacific Coast Trail with one shoe on and a hole in your heart.

Dan Gregory is taken with Becoming Richard Pryor by Scott Saul, an extensive look into the personal and cultural events that shaped the comedic legend’s professional genius and prosperity alongside his devastating fatal flaws.

According to Austin Courtney, 20-something women seeking belly-aching laughs should look no further than actress and writer Lena Dunham’s brutally honest pseudo-memoir, Not That Kind of Girl: A Young Woman Tells You What She’s Learned.

Although we think Susan Davis is secretly reading When Women Rule the World, author unknown (but suspected), her pick is Road to Character, by David Brooks, which explores how thought leaders and inspiring historical figures developed inner character and personal morality. Whew.


By Jayne Davis, SDI

June 19, 2015

Savage, Md. Boys and Girls Club Baseball Team Wins Fielding Lesson from the Orioles

U12 Team Enjoys Lesson and Oriole Park Tour from Third Base Coach Bobby Dickerson andShortstop J.J. Hardy in Honor of LUNGevity


Baltimore, Md. (June 2015) —The Savage Boys and Girls Club’s U12 travel baseball team, the Savage Eagles, enjoyed the baseball practice of a lifetime when Baltimore Orioles’ third base coach Bobby Dickerson and shortstop J.J. Hardy led the team in a fielding lesson and behind-the-scenes tour of Oriole Park. Savage Eagles baseball coach Adam Leader told the U12 team that they would be entering an essay contest with the prompt “what it takes to be the best teammate” to win a special Oriole-led fielding lesson – though he had secretly already won the experience for the team through the Major League Baseball Winter Meetings Auction.

“It’s definitely an experience they will remember for the rest of their lives, which was our big reason for doing this,” U12 Savage Eagles Coach Adam Leader shared.

Proceeds from the fielding lesson benefitted LUNGevity Foundation and critical lung cancer research in honor of former Baltimore Orioles’ public relations director, Monica Barlow, who died of lung cancer in February of 2014 at 36 years old. The fielding lesson took place just days after what would have been her 38th birthday.

“Monica Barlow means a lot to us, and the LUNGevity Foundation is very important to this organization and to us as individuals,” Baltimore Orioles third base coach Bobby Dickerson said. “Anything we can do to help, we welcome it.”

“It was a no brainer for me,” Shortstop J.J. Hardy said when asked about his involvement. “It just shows you how important Monica was to us…we don’t want to forget her.”

The Savage Eagles, a Boys and Girls Club’s U12 baseball team, received a fielding lesson and behind-the-scenes tour at Oriole Park with third base coach Bobby Dickerson and shortstop J.J. Hardy. Photo Credit: The Baltimore Orioles

The Savage Eagles, a Boys and Girls Club’s U12 baseball team, received a fielding lesson and behind-the-scenes tour at Oriole Park with third base coach Bobby Dickerson and shortstop J.J. Hardy. Photo Credit: The Baltimore Orioles

“The Baltimore Orioles have been an extraordinary ally in the quest to raise awareness and funds for life-saving lung cancer research. The team was the impetus behind Major League Baseball designating LUNGevity the beneficiary of the 2014 Winter Meetings Auction. The team showed amazing support of the lung cancer community, raising funds for critical research and addressing a health concern that can affect anyone with lungs,” said Andrea Ferris, president and chairman of LUNGevity. “We are thrilled to continue working with the Orioles and to have the opportunity to honor Monica’s memory, provide young baseball fans a once-in-a-lifetime experience, and inspire hope amongst lung cancer survivors nationwide.”

The Baltimore Orioles will again host LUNGevity’s Breathe Deep Baltimore walk in memory of Monica Barlow on Saturday, October 3, 2015. To sign up or learn more, visit

For interviews with LUNGevity spokespeople or additional photos from the fielding lesson and Oriole Park tour, please contact Aliza Bran at (202) 414-0798 or at

For more information on LUNGevity Foundation, please visit

About Lung Cancer

  • 1 in 15 Americans will be diagnosed with lung cancer in their lifetime
  • More than 221,000 people in the U.S. will be diagnosed with lung cancer this year
  • About 60%-65% of all new lung cancer diagnoses are among people who have never smoked or are former smokers
  • Lung cancer takes more lives than the next three cancers (colorectal, breast, and prostate) combined
  • Only 17% of all people diagnosed with lung cancer will survive 5 years or more, BUT if it’s caught before it spreads, the chance for 5-year survival improves dramatically

About LUNGevity Foundation

LUNGevity Foundation is firmly committed to making an immediate impact on increasing quality of life and survivorship of people with lung cancer by accelerating research into early detection and more effective treatments, as well as by providing community, support, and education for all those affected by the disease. Our vision is a world where no one dies of lung cancer. For more information about LUNGevity Foundation, please visit

Mobile Devices – A Way Into Your Corporate Data

Want to hazard a guess as to how long it would take a hacker to crack your four-digit security pin on your smartphone? A week? A day? Eight hours? How about 23 seconds? That’s right, 23 seconds is what it takes for a hacker, using open source tools available cyber Tuesday option 3through the Internet, to crack a four-digit pin. That disturbing piece of information was brought to my attention by Brian Reed, chief mobility officer of mobile security provider Good Technology. Mr. Reed was speaking at a seminar I attended held by the Cyber Division of the National Defense Industrial Association (NDIA). He referred us to a Youtube video, which illustrates the point.

There was a time when compromising the security of a smartphone would have been more of an irritant than a critical business threat.  But that time is well past.  In our ever evolving threat environment, we must pay continuing attention to user behavior patterns among employees.  And one obvious trend is the increasing use of smartphones and other mobile devices in the workplace.

According to Gartner, approximately 40 percent of U.S. consumers who work for large enterprises said they use their personally owned smartphone, desktop or laptop daily for some form of work purposes.  If anything, that number may be conservative, and is sure to grow.  Businesses have learned the use of personal devices by employees increases both job satisfaction and productivity. Gartner predicts that by 2018 there will be twice as many employee-owned devices used for work than enterprise-owned devices.  Along with this explosion of personal devices used in the workplace comes a considerable security challenge.

If someone compromises your phone, the attacker can access all data and network resources available to you. Basically, the attacker can carry out any activity that the user can, which means that users with more access to valuable information are more valuable targets. To guard against this prospect, leading firms are using enterprise mobility management systems to provide greater security and prevent unauthorized access to corporate data.

Workers are demanding, and corporations increasingly are embracing, the ability to use personal devices in the workplace. Balancing the interests of employees with the accompanying security considerations is a growing challenge. Companies must embrace the use of mobile devices while effectively managing the expectations of their employees, providing freedom and flexibility without sacrificing security.  It will take time to work through this challenge, which is likely to be magnified as wearables become more present in the workplace. But when you think about the time that will take, remember this time … 23 seconds.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

June 16, 2015

Oh, oh – OPM

“The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have exposed the personal information of Federal personnel. Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) to determine the impact to Federal personnel. OPM immediately implemented additional security measures and will continue to improve the security of the sensitive information it manages.”

On Thursday, June 4, the Office of Personnel Management, which essentially serves as the federal government’s human resource department, announced that it had suffered a massive data breach.cyber Tuesday option 3  The personally identifiable information (PII) of over 4 million current and former federal employees had been taken. According to OPM, the breach began in December of 2014, and was discovered in April of this year. The time that elapsed from discovering the breach to announcing it may be explained by continuing security concerns, but it easily could stem from pure embarrassment. After all, less than a year has passed since OPM was publicly attributing another breach to Chinese attackers.

A number of sources are attributing the latest breach to China, and interestingly, China’s relatively perfunctory denial amounts to “prove it.” But the source of the attack is not the primary concern. It comes as little surprise that there are pernicious, enduring cyber threats that are continuously seeking to exploit cyber defenses. The issue is just how poorly OPM seems to have defended the sensitive information it held.

Apparently none of the data taken from OPM was encrypted. Encryption would have dramatically lowered the value of the data. Given the earlier breach, and the fact, as reported by The Washington Post, OPM was warned that it had major cybersecurity deficiencies, it would seem encryption would have been a logical way to address its vulnerability.

In a press release announcing the latest breach, OPM said, “Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the Internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.” More than one person affected by the breach has wondered just why those precautions are being taken only now, when they seem to be fairly basic and would have been expected.

No doubt OPM will be given great opportunity to troop to Capitol Hill and discuss in agonizing detail what it did and did not do that factored into this latest data breach. We can all learn from the details. But the prudent observer should already be taking steps to ensure that critical information held by an organization is encrypted and protected by relatively cost-effective measures like multi-factor authentication and encryption.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

June 9, 2015

The Boys of Pointe du Hoc

D-DaySeventy years ago today, Operation Overlord was already well underway. Shortly after midnight on June 6, 1944, more than 24,000 airborne assault troops dropped into the fields of Northern France to prepare the way for the beach landings scheduled to begin just a few hours later. This was to be the largest amphibious invasion in history and would ultimately lead to the downfall of one of the most oppressive and brutal regimes the world has ever known. It involved more than 11,000 aircraft, 7,000 ships, and one hundred and sixty thousand troops. These men, the majority of whom came from the United States, the United Kingdom, and Canada, were poised to storm the beaches of Normandy and begin to drive back the forces of Nazi Germany. Millions more were preparing to follow them in the coming days and weeks. By the end of the day, the combined Allied forces had suffered at least 10,000 casualties, with more than 4,000 men left dead. The Battle of Normandy had begun, and would rage on until the end of August. It was to be a costly campaign, with hundreds of thousands of casualties on both sides in the months that followed D-Day.

Nearly a decade ago, I had the privilege to visit Normandy with my family. We decided to visit the famous Pointe du Hoc. Standing there, it is easy to see why this place was so strategically important; from its height, one can see the whole of both Utah and Omaha beaches. This site held special significance for me because my grandfather was a Ranger who fought in campaigns across North Africa, Sicily, and Italy. It was his brother Rangers who assaulted this cliff-top fortress. Seeing it in person was a powerful experience. Even today it looks like the surface of the moon, covered in craters from the heavy shelling and bombing in the lead-up to the invasion. Seeing the bunkers there, many of which are still standing, was eerie. It was so quiet, peaceful almost; but it was not hard to imagine the chaos that took place here. Men fought, died, and sheltered here in a hail of gunfire and explosions that went on for nearly three days. Of the more than 225 Rangers who landed at Pointe du Hoc and scaled the hundred foot cliffs to reach the top, only 90 fighting men remained when relief arrived on June 8th.

After visiting Pointe du Hoc, we thought it was fitting to go to the Normandy American Military Cemetery and Memorial. Here stands row upon row of white crosses, marking the burial sites of 9,387 men, most of whom died fighting in the Normandy campaign. The cemetery is immaculate, perfectly cared for. It is a testament to the gratitude still felt by the people of France for the sacrifice made by so many Americans to free them from tyranny. It is important that we remember them as well.

On this 70th anniversary of the landings that marked the beginning of the end for Nazi rule in Europe, the numbers of World War II veterans amongst us have dwindled. We must make sure that they and the sacrifices of their comrades in arms are not forgotten. Without the 416,800 American soldiers, sailors, airmen, and marines who gave their lives, and the millions of others who served alongside them, our world would be a much darker place.


By Sam Burns, SDI

June 5th, 2015