The government is never going to fix its cybersecurity problem until it fixes its procurement problem!
Shockingly, there are no NAICS, SIC or SIN CODES for cybersecurity products on the GSA Schedule. As a California Certified Small Business owner who offers multi-factor authentication (MFA) products on the GSA Schedule, this is a serious problem.
Without cybersecurity procurement codes, government agencies and departments are unable to find, let alone implement, targeted products and services to keep our nation’s electronic data secure. Current procedure involves a keyword search on the GSA Schedule. If the exact keyword is not typed or listed, no match is found. An agency’s only recourse then becomes generating expensive and time consuming RFIs, RFPs and RFQs. Cybersecurity NAICS, SIN and SIC codes are designed streamline the entire process, save money and ensure fast cybersecurity implementations. Read More→
Cybersecurity Executive Order – Open Letter to President Trump
February 8, 2017
President Donald Trump
The White House
1600 Pennsylvania Avenue NW
Washington DC 20500
Re: Small Business Response to President’s Cybersecurity Executive Order
Dear Mr. President,
Thank you so much for your initiative with our nation’s Cybersecurity.
As a California Certified Small Business owner who offers a multi-factor authentication (MFA) product on the GSA Schedule, I have an important concern: Currently, there are no NAICS, SIC or SIN procurement codes for cybersecurity products on the GSA Schedule. This makes it difficult for government agencies and departments to find, let alone implement, the products you are mandating.
A year ago, I sent a similar letter to President Obama. NOTHING has changed. I trust that you are the man to fix this ridiculous problem. By simply adding cybersecurity procurement codes on the GSA Schedule as part of your Executive Order implementation, cybersecurity solutions will be implemented much faster. Read More→
Why do biometric fanatics want to “Kill Passwords?”
When biometric fanatics evangelize “Kill Passwords!” in favor of biometrics they create a false security narrative. Replacing one form of Single Factor Authentication (SFA) with an alternate form of Single Factor Authentication adds nothing. It simply trades one factor for another. The whole security argument against any Single Factor Authentication is that the hacker only needs one piece of information to break in.
While biometric fanatics like to tout the weaknesses found in knowledge based authentication, (and I readily admit there are some), there are also a number of inherent weaknesses in biometrics. In this series of short blog posts, I will outline those weaknesses. My ultimate goal is for the reader to understand that if we go down the “either/or” cybersecurity path in choosing biometrics over passwords, everyone loses. The smart and secure cybersecurity solution is the “and” path, also known as Multi-Factor Authentication (MFA). Read More→
Understand the difference between Password Authentication and Password Management
Don’t kill passwords because the industry is confused between password authentication and password management. In their latest “2016 Data Breach Investigation Report,” Verizon spells out the most common ways credentials get stolen: key loggers, malware, social engineering and phishing. Nothing new there. Verizon also concludes that 63% of confirmed data breaches involved a hacker leveraging weak, default, or stolen passwords. Again, not a huge surprise. The report’s Earth shattering recommendation was… “user names and passwords are great for fantasy football leagues, but there needs to be stronger authentication.” The truth is, the problem is way more complex than simply killing passwords.
The report failed to clarify why attacks on passwords are so successful. Hackers simply go after the weakest link in the cybersecurity chain: humans. The problem is not the viability of password authentication; it’s how passwords are managed. Specifically, who manages them and what technologies (if any) are used for the job. You don’t kill passwords just because they are poorly managed. Instead, you fix the management. Read More→
Did you know: The U.S. Courts have deemed that passwords are protected under the U.S. Constitution?
U.S. Courts have ruled that passwords are considered free speech since they are considered “knowledge”. Therefore, under the Bill of Rights, 5th amendment , no person is required to disclose information that could incriminate themselves. DNA and biometrics, on the other hand, are not protected by these same rights. What’s more, Private Keys are not protected by the Constitution since they are computer generated and not considered an individual’s “knowledge”. Read More→