• 5 Accused of Stealing Drug Secrets From GlaxoSmithKline
    From “5 Accused of Stealing Drug Secrets From GlaxoSmithKline”
    New York Times (01/21/16) Thomas, Katie

    Five people, including two research scientists, were indicted by federal prosecutors in Philadelphia on charges of stealing trade secrets about drugs to treat cancer and other diseases from British drug giant GlaxoSmithKline. According to prosecutors, GlaxoSmithKline scientist Yu Xue emailed and downloaded confidential information about company products to associates who planned to sell and market the trade secrets through a company they set up in China, called Renopharma. Former company scientist Lucy Xi is also believed to have emailed confidential information. Some of the documents involved a monoclonal antibody, a type of cancer treatment, that the company was developing. The indictment, unsealed on Wednesday, describes Ms. Xue, 45, as the co-leader of the company’s project to develop the drug. Federal prosecutors with the Eastern District of Pennsylvania said that to hide their crime, Ms. Xue and two other associates, Tao Li and Yan Mei, agreed to put the proceeds in the name of Ms. Xue’s twin sister, Tian Xue, who was also charged. Prosecutors noted that Ms. Xi worked with Ms. Xue at Glaxo and was married to Mr. Mei. Glaxo said in a statement that it had been cooperating with federal authorities and “we do not believe the breach has had any material impact” on the company’s business or research and development activity.

  • Security Can’t Be Left Behind at a Rapidly Growing Company
    From “Security Can’t Be Left Behind at a Rapidly Growing Company”
    CSO Online (12/16/15) Pratt, Mary K.

    CIOs at rapidly growing companies have to maintain speed and progress without sacrificing security — a difficult feat. Software development company Informatica is growing quickly, and finding that balance can be difficult. However, senior vice president and CIO Ginna Raahauge has a method for her own success: “Celebrate that the business needs to move at the pace of growth and create a safe environment of disclosure or amnesty approach,” she says. “It’s better for them to help you find them than try to hide something.” CIOs across the spectrum say they’re facing a rapid pace of change in their IT departments, and security has to be a priority or else all the speed and tech-driven competitive advantages can go to waste. Raahauge also says that a shift in thinking is necessary: “Neither security nor IT should ever slow down the pace of delivery; a better objective is to move with speed by changing the mindset of having security at the forefront of the design or business requirement vs. an afterthought or necessary evil.” Other companies are hiring additional security staff, working with outside security experts, and spending more money on security demands.

    Share       | Web Link

  • How to Increase Security Through Building Design
    From “How to Increase Security Through Building Design”
    CSO Online (01/06/16) Ludwig, Sarah E.

    Crime Prevention Through Environmental Design (CPTED) is a method used in security planning that focuses on design, placement, and the way the building is used as a means to increase security in an aesthetically pleasing manner. “CPTED tends to provide a purposeful sense of orderliness in developing a security program,” says William Nesbitt, president of SMSI. “It’s geared at trying to not only have an effective security program, but to have that program be perceived as being effective. It has to do with both the appearance and the perception.” Three fairly standard principles of CPTED are Natural Surveillance, Natural Access Control, and Territorial Reinforcement. One of the foundations of Natural Surveillance is lighting. “Doing a lighting study is one of the most important pieces of the Natural Surveillance principle,” says Toby Heath, electromechanical specialist at ASSA ABBLOY. “That involves measuring the light output every 10 feet throughout parking lots and the perimeter of a building.” With natural access control, “it’s really important to minimize the points of entry to a building to one, for visitors as well as employees,” says Heath. All doors and entrances should be inspected to make sure they close completely and by themselves. Territorial reinforcement is the basic idea of where a property begins. “There is no defining property line, so to speak, so if you give cues as to where the property is and what’s under your control and maybe some signage, it helps you establish the foundational basis that you have control over this piece of land from this point inward and it’s not common area,” says Nesbitt. He also notes that CPTED should be used in tandem with more traditional methods and human behavior.

    | Web Link

  • U.S., European Aviation Authorities at Odds Over Cybersecurity
    From “U.S., European Aviation Authorities at Odds Over Cybersecurity”
    Wall Street Journal (12/23/15) Pasztor, Andy

    U.S. and European aviation authorities are reportedly at odds over a key question of how to protect aircraft from potential cyberattacks. There is wide agreement between U.S. authorities and their European counterparts that aircraft are vulnerable to cyber threats today. The European Aviation Safety Agency warns that “all recently designed large airplanes are known to be sensitive” to cyberthreats because of the “interconnectivity features of their avionics systems.” They even agree that for large commercial planes, the solution should include enhancing the separation of cabin entertainment and passenger Internet access from any safety related systems. The disagreement, apparently, is over how to address cyber threats facing smaller air craft. European authorities want the same testing guidelines and regulations to cover both large and small planes, while American authorities and industry representatives want aircraft with fewer than 19 seats to be subject to different standards. Both sides hope to hammer out a possible compromise before the Federal Aviation Administration proposes new U.S. standards next summer.

    Share       | Web Link | Return to Headlines
    Iranian Hackers Infiltrated New York Dam in 2013
    From “Iranian Hackers Infiltrated New York Dam in 2013”
    Wall Street Journal (12/21/15) Yadron, Danny

    According to current and former U.S. officials, Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City in 2013. The hack of the Bowman Avenue Dam near the village of Rye, N.Y., was first noticed by National Security Agency, which was monitoring the activity of Iranian hackers launching attacks on U.S. firms Capitol One Financial and SunTrust Banks. NSA analysts noticed that one of the hackers’ machines was crawling the Internet, looking for vulnerable U.S. industrial-control systems. This information was passed on to the Department of Homeland Security, which linked one of the addresses targeted by the hackers to a “Bowman” dam. There are 31 dams in the U.S. with Bowman in the name, and investigators worried that the hackers had targeted the 245-foot-tall Arthur R.Bowman dam in Oregon. Officials say much of this concern dissipated when the Bowman Avenue Dam, a small structure used for flood control, was identified as the target. However, several officials say the incident was a wake-up call for many in the government about the potential capabilities of Iran’s hackers and the vulnerability of the industrial control systems underlying much of the U.S.’s critical infrastructure.

    Share       | Web Link | Return to Headlines
    Cyberattack Prediction: Hackers Will Target a U.S. Election Next Year
    From “Cyberattack Prediction: Hackers Will Target a U.S. Election Next Year”
    CIO (12/17/15) Lawson, Stephen

    Security expert Bruce Schneier, chief technology officer of Resilient Systems, says that a major cyberattack could target next year’s presidential election. “There are going to be hacks that affect politics in the United States,” Schneier said. He pointed to the massive Sony hack and attempted Chinese and Iranian hacks as evidence that cyber criminals are aiming for more complex targets. This has already wreaked havoc on international relations. The EU in October invalidated the Safe Harbor agreement on offshore data storage, claiming that the US did not have their trust. The scope of data has changed because of cyber crime, and that means more intricate problems. The only improvement, albeit a significant one, is the advent of complex encryption. It is not perfect, Schneier said, but it certainly helps more than some may thing. “We get a lot of security because of this,” he said.

    Share       | Web Link

« Previous Entries