The President’s Cybersecurity EO

President Obama’s just-released cyber security executive order has sparked concern from several advocacy groups debating issues surrounding “too much regulation”, “not enough protection” and of course “too much private sector involvement”.

The U.S. Chamber of Commerce opposed the order. It argued that instituting new regulation is unnecessary.

Meanwhile, the Constitution Project stated that the order poses “far fewer threats” to Americans’ privacy rights than the Cyber Intelligence Sharing and Protection Act (CISPA), which was reintroduced in the U.S. House of Representatives Wednesday. I also believe that President Obama’s executive order has far less regulation than President Bush’s post 911’s “Patriot Act”.

The Information Technology and Innovation Foundation (ITIF) is among the organizations that contend Congress should pass a cybersecurity law anyway, because adhering to the executive order might expose companies to lawsuits over civil liberties and privacy.

What’s in the Executive Order?

The executive order defines what constitutes the nation’s critical infrastructure, and states that policy coordination, guidance, dispute resolution and in-progress reviews will be provided through an interagency process.

The U.S. National Institute of Standards and Technology (NIST) will lead the development of a cybersecurity framework to reduce risks to critical infrastructure. The framework will incorporate voluntary standards and, where they fit, voluntary international standards.

That framework will provide measurable and cost-effective ways to protect the country’s cyber assets, while lessening its impact on business confidentiality, individual privacy and civil liberties.
A preliminary version of the cybersecurity framework must be published within 240 days, and a final version within one year. Adoption of the framework by the private sector will be voluntary.
The order directs agencies to incorporate protection for privacy and civil liberties into their activities based on the Fair Information Practice Principles, and other policies covering privacy and civil liberties. Agencies will be assessed on this.

Information submitted voluntarily to the federal government by private entities will be protected from disclosure.

The U.S. Attorney General, the Secretary of Homeland Security and the Director of National Intelligence have 120 days to issue instructions on how to produce timely, unclassified reports of cyber threats that identify a specific targeted U.S. entity. They also have to set up a process to track the production, dissemination and disposition of these reports.

Is This Necessary?

Yes. During last week’s state of the union address, President Obama was correct is sounding the alarm about the threat of future cyber attacks. The government is tasked with protecting it’s citizens wherever threats may originate from. Sadly because everyone now relies on technology for almost everything, our enemies will see to hurt our nation not only with guns, ships and missiles and bombs but cyber terror.

Protect Yourself from new UPnP Risk

UPnP stands for “Universal Plug and Play.” Using UPnP, an application can automatically forward a port on your router, saving you the hassle of forwarding ports manually. This is fine for inside your network, or better said it is fine behind your firewall. This is why you can easily connect devices like smart TV’s, internet radios, printers and more to your network. However it has been recently discovered that many wireless routers sold today actually come with UPnP enabled by default for access outside of your firewall as well.

Is This a Problem? Yes. There’s no getting around this one – UPnP assumes local programs are trustworthy and allows them to forward ports. However if UPnP is enabled for the “internet side” of your wireless network your computers & devices on your network are open to security hackers.

This is because UPnP doesn’t require any sort of authentication from the user. Any application running on your computer can ask the router to forward a port over UPnP, which is why the malware above can abuse UPnP. You might assume that you’re secure as long as no malware is running on any local devices – but you’re probably wrong.

Very recently it has been discovered that millions of routers in the wild (live on the internet) are vulnerable. Many router manufacturers haven’t done a good job of securing their UPnP implementations.

The good news is that if you take time you can check your wireless router and correct the problem. The best and easiest way to check your network is to go to the GRC / ShieldUp website at

When you arrive at the webpage select “Proceed”. There are many great security risks you can check here. However the UPnP risk is so prevalent at the moment that this option is the very first first thing you see. Select “GRC’s Instant UpNP Exposure Test”.  if your network passes the test you have no worries. if it does not, simply follow the directions for disabling UpNP on your router.

Windows Phone Moves into 3rd Place

I have been predicting this for almost a year now so when I read that Microsoft’s Windows Phone platform has leaped past Blackberry (formally known as RIM) into the third place position for mobile operating systems I just had to report it here.

Stategy Analytics reveled on February 6, 2013 that “Microsoft Windows Phone” overtook Blackberry OS to become the third largest smartphone platform in the United States maket during Q4 2012.
Blackberry had held this position since 2006 so this is big news for Microsoft as they struggle to gain market share in the mobile world.

If you are a regular reader of this fine blog you will recall that I used a Windows 8 phone throughout January. Although I switched back to my iPhone afterward i was impressed with many of the features Windows 8 had to offer. However the platform is still in the infancy stage and needs a little more time to develop. I am hopeful that I will soon be switching back to the Windows Phone because I do miss having Microsoft Office and Skydrive always accessible to me.

Mobile’s Growth Continues

Yes it is true. The last quarter of 2012 demonstrated that PC sales had fallen for the first time in a decade. Consumers had already been moving to laptops and now it has been proven that laptops may even be a product of the past for many consumers. This can be seen in today’s CNN report that for the first time more people are accessing Facebook on mobile devices then on computers.

It has gotten to a point where the company’s (Facebook) focus is now on prioritizing mobile over other connected devices like computers. Facebook is only one company, that is true. However the masses have adopted Facebook as their social media choice. Therefore this is just another strong indicator of the continued grown of mobile technology.  It is apparent that mobile devices such as tablets and smartphones are going to continue grabbing product share from PC’s.