Connect with us

Business

DHS Offers Free Cyber-Attack Drills For Private Companies

Published

on

The U.S. Department of Homeland Security (DHS) has been offering a free service to test companies’ abilities to withstand cyber attacks, according to KrebsOnSecurity. The little-known program involves penetration testing of companies’ infrastructure and has drawn both support and criticism from private security experts.

Under the program, private firms, primarily energy companies and banks, commission the DHS to conduct penetration tests with the goal of strengthening firms’ network and computer defenses against real attackers. The testing is provided by the National Cybersecurity Assessment and Technical Services (NCATS).

The program came to light after a risk manager at a small Eastern U.S. financial company sought KrebsOnSecurity’s advice when comparing the free services with private sector offerings. KrebsOnSecurity contacted other sources about the program and found none were aware of the program.

DHS Publishes Program Information

DHS declined to be interviewed about NCATS, but it has published information about the program. The NCATS provides penetration testing through two separate programs: a Risk and Vulnerability Assessment (RVA) and a Cyber Hygiene evaluation, both of which help the client organization understand how infrastructure and external systems look to attackers.

Sy Lee, a DHS spokesman, told KrebsOnSecurity via email that the agency works with private and public sector partners to improve the resilience and security of their systems against cyber attacks. NCATS focuses on government at all levels and private sector stakeholders to improve cyber security.

The RVA program scans clients’ databases, operating systems and web applications for vulnerabilities. It then tests for weaknesses. Program participants are scanned for rogue wireless devices. “Social engineering” is used to see how employees respond to phishing attempts.

cyberhygienemap-580x388

The Cyber Hygiene program is mandatory for federal civilian executive agencies and optional for state, local, tribal and private sector stakeholders. This program includes both external and internal vulnerability and web application scanning.

vulnerabilities charts

Reports Cite Need For Improvement

The program’s reports provide clients detailed information about their vulnerabilities and recommendations for corrective action.

Program data was used to create an FY14 End of Year report which is available on the program’s website. It includes information from over 100 engagements. The report notes:
• Manual testing was needed to identify 67% of RVA vulnerability findings (as opposed to automated vulnerability scans).
• Over half of the 344 vulnerabilities discovered during the scans received a severity rating of high (40 percent) or critical (13 percent).
• RVA phishing emails delivered a 25 percent click rate.

In 2015, NCATS served 53 private sector clients, the majority being financial services and energy companies. The financial service companies were mainly smaller firms such as credit unions.

DHS has been criticized for its own cybersecurity shortcomings, KrebsOnSecurity noted. Given these issues, the NCATS program appears to be an attempt to mollify criticism.

Cyber Security Experts Weigh In

KrebsOnSecurity sought input from the private sector testing industry on the government’s services.

Dave Aitel, chief technology officer at Immunity Inc. in Miami Beach, Fla., said DHS can learn about real-world vulnerabilities from the program. As a major player in regulation policy, DHS should have technical expertise in penetration testing, Aitel said. The more DHS knows about information security, the better its policy recommendations will be.

At the same time, Aitel said, you sometimes get what you pay for.Cybersecurity1

He wondered if the data DHS finds will affect a company’s SEC liabilities. He also wondered if there are legal ramifications if the government gains access to customer data.

The DHS provides no warranties related to its services, KrebsOnSecurity noted.

Aitel, a former National Security Agency (NSA) research scientist, further noted that vulnerabilities found inside the government are required to go to the NSA, which could use the vulnerabilities for clandestine programs.

There are also legal issues when the government competes with private industry.

Also read: Pentagon’s new cyber security tool: cyber scorecard

An Excuse For Not Investing?

Alan Paller, research director at SANS Institute, a Bethesda, Md.-based security training firm, said DHS’ free assessments can serve as an excuse for companies for spending less on security. He said the services measure a limited set of vulnerabilities.

Paller further noted that NCATS testers do not conduct active penetration tests against the network, despite what its documents claim.

He said NCATS mostly does traffic analysis and architectural assessments. Using big packet capture, NCATS baselines, profiles and does some protocol analysis. Scans done by DHA can only reveal a certain amount of information, he said, and the people doing them do not have extensive experience with important aspects of critical infrastructure systems.

The architectural reviews are conducted by younger people with minimal real world experience and the customer is not completely advised on the assessment and testing limitations, Paller noted.

Images from Shutterstock and the DHS.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

3.9 stars on average, based on 8 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.




Feedback or Requests?

Bitcoin

BlockState Interview Part One: Institutional Investment Framework Story

Published

on

The mainstream media narrative has shown an uncompromisingly negative bias towards institutional crypto investment of late and it only seemed fair that we got in touch with some people who have professional expertise in the field.

BlockState is a platform that aims to deliver a modular blockchain-based legal and technological infrastructure for financial institutions which combats the low interest and return rates offered by traditional asset classes.

We spoke to the three co-founders: Paul Claudius, Michael Weber and Samuel Brack regarding the nature of the project. In addition to how they met and how it all started, their current status, and their plans for the future.

BlockState in Brief

On their website, the BlockChain team states that their intention is to provide “a technological and legal bridge between blockchain technology and financial markets.”.

It is an infrastructural platform upon which organisations within these sectors build or inform their own solutions – and is unashamedly focused towards providing products for the institutional investment crowd.

On the One Hand…

When asked about the ethics, technological approach and modus operandi of BlockState, Managing Director Paul Claudius was eager to provide a comprehensive, dichotomised summary.

“On the one hand we are creating the basis for institutional investors to access the digital assets markets.

“Investment banks can’t simply open a wallet on their phone and start buying crypto-assets. They need a range of services and processes in place to make sure that they abide by regulation and their internal requirements.”

The BlockState consensus is that there are insufficient frameworks in place to mitigate the obstacles faced by companies unfamiliar with the many intricacies of the crypto-space at present.

This is not to mention the prohibitive nature of the past progression of technological and regulatory standards, which are largely non-standardized.

… And On the Other

The ‘other hand’ to which Paul refers to is the lack of blockchain or cryptocurrency integration at product or service levels within the institutional market.

For this reason: BlockState posits the second half of its service as an offering to:

“help institutions leverage blockchain to improve their existing processes… helping them tokenize financial products and using smart contracts to govern their execution… [to] save massive amount of resources while making their systems more transparent and efficient.”

In theory all transactions will be immutably recorded on the blockchain, which will ensure that all parties involved can access this data and that all transactions will be processed quickly.

Performance can distinguish a winning cryptocurrency from a useless dud.

The Three Musketeers

In addition to Paul Claudius, we got the opportunity to speak to fellow founding members Michael Weber and Samuel Brack.

Paul specialises in Strategy and Business Development, whilst Michael’s role is to take the lead on Product Development and Project Management duties. Their specialisms are Strategy and Business Development, and Product Development / Project Management (respectively).

Samuel Brack is the cryptocurrency brains of the operation and performs something of a hands-on position, donning the title of Chief Technology Officer. He sits in a more hands-on position, acting as Chief Technology Officer (CTO) for BlockState.

Before BlockState

Paul recalls that the executive leadership team had “all already knew each other” before the BlockState project even began.

Whilst he and Michael Weber had made acquaintance whilst studying together at the ESPC Europe business school, Michael had met up with Samuel Brack as they were co-founding partners on a prior blockchain based project entitled ‘Goodcoins’.

Whilst they have sold their stake in Goodcoins since, Samuel at least considers his time on the project to have equipped him a knowledge which has been brought forth to BlockState.

Beginners Luck?

On a more personal level: Paul Claudius described his first interaction with the world of cryptocurrency as being the moment in 2012 in which a friend had recommended Bitcoin to him as a potential investment.

He has not disclosed exactly how much Bitcoin he purchased in 2012 but if story is true, considering the token’s contemporary value of $13: Paul would have made a profit of a whopping 51614.53% on his investment. No matter the amount invested.

Products, Pains and Peers

Michael Weber (product lead and project management professional) broke down the trio of primary services / product lines that BlockChain focuses on as being “asset management, dept capital, and derivatives” – with a perceived overlap between the three.

This is as well as the ability for tailoring packages for clients from these tested specialisms.

If these products names appear distinctive yet simple, then you would be correct. Of course, this is one of the main objectives of marketing – however it does not help a company to distinguish itself from its peers.

“While most focus on very specific needs, our infrastructure integrates solutions at every level of the financial product lifecycle, from issuance to reporting always with a view to improving current products on the market.”

This isn’t an easy task however, with obstacles to full-automation rearing their heads alongside undesirably long payment clearance times,

“Some of the major pain points specific to the asset management and derivatives markets and resource consuming operations are settlement and clearing, which can take up to 30 days… with manual processes like getting signatures and manual transactions.”

With a Little Help From My Friends

The three musketeers of BlockState with whom we have already spoken are supposed to possess their own unique-yet-compatible inventories of skills and experience. If the team has any luck it will prove a winning combination.

Three men cannot rule an empire alone however and as the popular idiom goes: successful leaders fill the gaps in their expertise by surrounding themselves with knowledgeable advisors. Following this, BlockState boast a roster of advisors who may just fit the bill for now.

They include (according to Paul):

  • “Patrick Storchenegger, co-founder of the Ethereum Foundation in Zug, is our advisor on legal questions. He brings years of experience from blockchain, capital market law and international tax and business consultancy…
  • “Andrea Voinea, who helped to structure the first Gold Exchange Traded Fund, is a seasoned professional from the asset management market…
  • “Ludwig Schrittenloher, who spent nearly six years at Credit Suisse, offers a breadth of knowledge in DCM and structuring…
  • “[and] Martin Schröder, currently a Director in an investment firm, is an expert in derivatives and also very knowledgeable in capital markets and structuring.”

Estimated Time of ETN

Looking not to the past or present, but forward to what the future may hold for BlockState (or at least, what they plan to happen), we asked Paul Claudius some closing questions in an attempt to reach some conclusions on what may come next…

“At the end of September, we will launch the CTF15 Exchange Traded Note, and it will also be listed on a major European Stock Exchange – to be announced soon…”

An Exchange Traded Note (or ETN) is “a type of unsecured, unsubordinated debt security”

Final Words

Perhaps more exciting even is the fact that the team are currently in the process of preparing the launch of an ‘Equity Token Sale’, issued as part of the company’s equity in a public sale.

According to Paul, it will be “one of the first companies ever to tokenize their equity in a fully regulated and compliant manner, driving the adoption of security tokenization in the financial space.”

Paul, Simon and Michael parted our discussion by asking to remind readers of a forthcoming event at which all three will be attending: the Delta Summit in Malta, which takes place from October 3rd to the 5th.

Stay tuned for the second part of this interview coming soon: in which the team will deliver their commentary on recent news, the present situation; and future predictions on the market and industry.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.4 stars on average, based on 8 rated posts




Feedback or Requests?

Continue Reading

Altcoins

Stellar Acquires Blockchain Startup Chain to Form Interstellar

Published

on

The commercial arm of the Stellar Development Corporation has acquired a promising blockchain startup by the name of Chain, paving the way for possibly higher enterprise adoption of distributed ledger technology. The deal adds to Stellar’s credibility as one of the world’s leading blockchain companies.

Chain Acquired

Chain, a San Francisco-based startup pursuing enterprise grade adoption of blockchain technology in finance, has sold to Lightyear in an undisclosed cash agreement. Lightyear, the subsidiary of the Stellar Development Corporation, will be re-named Interstellar, according to official reports. Jed McCaleb, Stellar’s founder, will be the chief technology officer of the newly formed company, which he said should help companies build on the Stellar network. He adds:

“Chain’s team has led the market for enterprise adoption of blockchain technology, which is a critical component of building a future where money and digital assets move over open protocols.”

Interstellar’s new CEO Adam Ludwin explained how the newly merged company will work together:

“Chain has worked from inside the enterprise while Stellar has focused on the network between organizations. As a single team we will have a complete view and set of capabilities to make value-over-IP a reality.”

Chain is said to be a leader in the world of fin-tech, having built enterprise-grade blockchain solutions for Visa, Citigroup and Nasdaq, among others. With the merger, Interstellar will have access to Sequence, Chain’s powerful cloud solution that enables companies to monitor assets moving between private ledgers and the Stellar network.

Previously, Chain had raised more than $43 million across multiple deals. Financiers included Capital One, Citigroup, Pantera Capital and Blockchain Capital.

XLM Price Update

Although the merger between Chain and Lightyear has not had a demonstrably positive effect on XLM’s price, the cryptocurrency continues to outperform leading assets such as Ethereum and bitcoin cash. The XLM price was down 4.4% on Tuesday but has gained 3.2% over the past seven days. By comparison, bitcoin has declined nearly 1% over that period while Cardano has lost more than 10%. Ethereum is trading in positive territory over seven days as prices recovered from 16-month lows.

XLM, which is currently valued at $0.197, has declined roughly 12% over the past month. At current values, it has a market capitalization of $3.7 billion, placing it sixth among active cryptocurrencies. Bitbox is the most active market for XLM traders, accounting for more than 54% of daily transactions.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 613 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Business

Grayscale’s $6 Million Dollar Bet

Published

on

Grayscale Investments, the company behind the Bitcoin Investment Trust, has announced plans to back a little-known privacy coin by the name of Zen. The news came mere months after Grayscale put Zen on its “conviction list” of potentially high-impact cryptocurrencies.

Zen Investment Trust

On Thursday, Grayscale announced the creation of the Zen Investment Trust, which gives accredited investors direct access to the cryptocurrency. It is the eighth such fund mandated to hold just one currency, joining a list of products that include bitcoin, Ethereum, XRP and Ethereum Classic.

Although the announcement came as a surprise to some crypto observers, Grayscale said the decision was based on intensive research and due diligence.

“Grayscale conducts unparalleled research and due diligence on their investment products, striving to offer regulated and professionally managed exposure to the digital currency market for institutional and accredited investors worldwide,” said Rob Viglione, Grayscale’s founder and president.

According to Fortune, Grayscale has already purchased $6.3 million worth of Zen tokens and plans to increase its holdings in the future.

Grayscale appears to be increasing its exposure to privacy-focused coins, having recently added Zcash to its list of single-currency investment funds. These assets align with Viglione’s vision of financial privacy, which he believes will be a dominant theme in the future.

Zen Token: An Introduction

Horizen, the company behind Zen token, launched in May 2017 as ZenCash before rebranding this past summer. The company has designed a platform that provides users with complete control of their digital footprint, including private chat and development features. Once scaled to full capacity, Horizen’s side-chain technology will allow anyone to develop privacy-focused applications and generate income from them. Sidechains ensure that Horizon has the bandwidth to process large volumes of transactions without running into scalability issues plaguing other cryptocurrencies.

For users, Horizen’s platform is intended to provide end-to-end encryption of their online activity. The company employs zk-SNARKs, a protocol that can prove possession of certain information without revealing that information and without any interaction between the prover and verifier. This protocol is also employed by zCash.

Valued at $82 million, Zen is currently ranked no. 72 by market capitalization, according to latest available data. Zen was down only 1% on Thursday compared with double-digit losses for the broader market. At press time, Zen was valued at $17.16, according to CoinMarketCap. Trade volumes amounted to $1.8 million, with Binance accounting for more than half the daily turnover.

There are currently less than 4.7 million ZEN tokens in circulation out of a total supply of 21 million.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 53 votes, average: 4.67 out of 5 (3 votes, average: 4.67 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 613 rated postsSam Bourgi is Chief Editor to Hacked.com, where he specializes in cryptocurrency, economics and the broader financial markets. Sam has nearly eight years of progressive experience as an analyst, writer and financial market commentator where he has contributed to the world's foremost newscasts.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending