cyber security

25 Oct Breaking News: U.S. Chamber of Commerce Publishes Article featuring LabMD and Michael J Daugherty on Cyber Security

 

 

Link: http://www.freeenterprise.com/technology/fbi-says-expect-be-hacked-ftc-says-expect-us-sue-you?nostyle=true.

Reprint:

FBI Says, Expect to Be Hacked; FTC Says, Expect Us to Sue You

Oct 24, 2012

FBI director Robert Mueller is quoted in a CNN Money story today on the data security crisis now facing American businesses – an issue of particular importance to small businesses:

There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.

The U.S. Chamber continues to lead efforts to address the data security crisis, by actively engaging in discussions with Congress regarding federal data security and data breach legislation. The Chamber also recently released an Internet security guide, “Internet Security Essentials for Business 2.0.

Unfortunately, the FTC is throwing American businesses who are victims of hacking under the bus by punishing them for not successfully preventing the hacks – in spite of the stark reality described by the FBI’s Robert Mueller.

Take the FTC’s lawsuit against Wyndham Worldwide Corp., which was the victim of a global hacking scheme, as just one recent example of an FTC run amok. I explained the Wyndham case and the FTC’s approach to “regulating” data security in a recent blog post:

Over the last few years, the FTC has routinely punished businesses who are themselves hacking victims for allegedly failing to have “reasonable” data security measures in place – only there’s no way for a business to truly know beforehand what the FTC will consider “reasonable” measure until after it’s been hacked.

Because the FTC has never formally promulgated any data security standards, a business has no way of knowing whether it’s compliant until after it’s been hacked, had its data stolen, completed a costly FTC investigation, and an enforcement action has been filed against it. Then the FTC strong-arms the business into entering into so-called “settlement” agreements (or “consent orders”) that often give the FTC roving and unchecked authority for the next 20 years to conduct audits and impose penalties on the business – again, for violating non-existent data security standards.

The FTC’s approach to data security is particularly damning for small businesses, who often are compelled to divert their time and precious resources on lawyers and litigation, rather than on growing their businesses – and creating jobs.

Take the tale of LabMD, a Georgia-based cancer detection company, as just one example of how the mere allegation of inadequate data security can subject a business to years of expensive FTC investigations and reputational injury – which can derail a small business’s growth agenda, and cost jobs. The Atlanta Business Chronicle reported on this case and interviewed Michael Daugherty, LabMD’s founder and CEO:

Daugherty contends his company is being unreasonably persecuted by the FTC. He said he’s already spent about $500,000 fighting the investigation.

“We are guilty until proven innocent to these people,” Daugherty said in a Sept. 5 interview with Atlanta Business Chronicle. “They are on a fishing expedition. We feel like they are beating up small business.”

“There’s no deception. There’s not been a breach,” he said.

Of course, the initial FTC investigation (which in this case has already cost LabMD half a million dollars) is just the tip of the iceberg. In reference to its investigation, the FTC told the Atlanta Business Chronicle that “[t]here is no allegation that anybody has done anything wrong.”

If that’s the type of treatment and expenses that small businesses can expect to incur even when the FTC claims “there is no allegation that anybody has done anything wrong,” then there is certainly something wrong with how the FTC is conducting its business.

Visit ChamberLitigation.com to read more about the FTC v. Wyndham Worldwide Corp, et al. lawsuit and the amicus brief  filed in support of the company by the National Chamber Litigation Center, the U.S. Chamber’s public policy law firm.

 

Originally published October 24, 2012. Reprinted by permission, http://www.freeenterprise.com, October 2012. Copyright© 2012, U.S. Chamber of Commerce.

~   ~   ~

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More

01 Oct What does Rockefeller know about cyber security and small business?

I landed back from England last night after spending over eight days writing my book, The Devil Inside the Beltway. As I played catch-up waiting for my ride home, I saw Paul Rosenzweig’s article:

An offer businesses should refuse.

Whoa, welcome home. I can’t turn my back on those government lovers for a minute! Basically, Senator Rockefeller is ticked off that his cyber security bill has failed and wants to put the Fortune 500 on the spot. This is a new spin on an old trick, and Paul Rosenzweig is dead on the money. Don’t take the bait people.

 

Why is it that a Rockefeller thinks that:

  • Small business is not as important as Fortune 500 companies?
  • The government is ready to regulate cyber security when they don’t have a handle on what it is they are trying to regulate?
  • The government will be able to waive their regulatory magic wand and this problem will be under control?
  • The only two cents worth hearing is that of Fortune 500 companies?

Boy oh boy, Senator Rockefeller, your having “never really got your hands dirty” may be why you are a tad confused. You may be a Democrat, one of the few in your family (are they over that yet?), but that spoon is still looking pretty silver to me.

 

As a small business owner, I would like to be invited to one of your hearings on this topic. Let me just sum it up. It isn’t that we don’t want to be secure. It is that we don’t think politicians should run the internet. With all due respect, sir, being elected to office does not magically grant you a PhD in computer science.

 

Do you have a knee jerk bias that the business community has some bad ulterior motive? There is nothing to hide here. Please, allow me to just cut to the chase:

 

If you pass a law managed by the politically powerful but factually clueless (see prior notes on Obamacare), then you are going to drain my business dry of dollars that would otherwise increase profits and create new jobs. Given your inheritance, I assume you don’t have a thing against profits. Obama merely says he wants to “spread it around”. Spread around the fantasy bubble floating in your heads due to your limited real world experience? What you are spreading around isn’t safety, security, wealth or opportunity.

What you are spreading around is manure. That stinks.

~   ~   ~

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook * Twitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More

16 Sep The FTC is Suing Me…

 

The cat has finally come flying out of the bag. In 2008, someone (and we know exactly who it is) took our file without authorization. We believe it has always been secure and still is. Why do we believe this? Because the people who took it were subsidized by U.S. government agencies.

Since January 2010, the FTC has been sniffing around, wondering if our practices are up to snuff. Notice I say practices and not standards. The Feds have not pointed out any standards! Also, we are quite up to snuff, thanks very much. It’s hard to break a law when there isn’t one. Unfortunately, my MindReader3000 broke just hours before they showed up. Don’t you hate that?

Judging by the FTC’s practices, they seem to have opened their playbook to the page on digging in and driving a good citizen nuts. As houseguests, they are rude, silent, and terrible. Run the other way if you see them in your neighborhood. They hover like a dinner guest who stays for months—the epitome of rude and selfish. Did I mention they are also poor conversationalists? Aside from asking for another helping of whatever they want, the FTC doesn’t say much, but it’s not a pretty picture if you don’t have the steak cooked exactly to their liking. Apparently nothing we’ve served has been to their liking, yet we are positive that we did what they asked.

Are they trying to drive us so nuts that we’ll finally do and say anything necessary to make them leave? They don’t even really have a reason to stick around aside from “just doing their jobs.” Since this administration showed up, it seems like all the government agencies have been “just doing their jobs” in this manner. It’s almost like being cyber-waterboarded.

We’ll never give in! Self-appointed savior of the world or not, the FTC is a rude houseguest, and we won’t make up a lie about our cooking just to get them out. That would be giving them exactly what they want. Why validate such vile behavior from these occupiers?

So, what exactly does one do when big brother is hovering, knocking, poking, not playing nice, and won’t go home? Speaking for myself, I shine a light on how “he” conducts himself and scream from the rooftop to alert the neighbors. Of course, I still mind my manners–go along hoping the growling dog won’t attack or bite. I’ll throw them all the treats they want! We’ve always conducted business in an honest, sincere manner, so there’s nothing to hide. Despite our efforts to get the FTC to laugh and wag its tail, nothing seems to work. Sigh….

This is a LONG story so I am writing a book titled “The Devil Inside the Beltway.” I don’t want to write a book; I HAVE to write a book. There is way too much juicy stuff to cram into a sound bite or two-minute video. A book is a LOT of work. I started in April. Now that the cat is out, I have to finish ASAP, so I am flying to London next week to get it done. Then the editors dig in — developmental, copy, line, and all sorts of prep work prior to launch.

Soooooo…welcome to my website!

As the story unfolds, I will bring to you my experience of just “how they do it;” how our property (a data file with patient information) was taken, how it was presented to the U.S. Congress, how it ended up in the Congressional record without our knowledge or permission, how we were extorted, questioned, investigated, and manipulated. I will tell you how they don’t like it one bit if they have to break a sweat.

Yeah. The bad houseguest sued me last week, so my author page had to turn into a landing page. Spread the word. Turn on the lights. Ask me questions as I unfold the scary and true story of how one fluke after another, combined with an agency of the self-righteous, brought me to this place.

 

I want to tell you so you know. I want to tell you so it won’t happen to you. I want to tell you so, if it does happen to you, you will know what to do. Trust me, when this happens, dialing 911 or 1-800-LAWYER will not summon Superman. However, we are doing well. Our customers support us 100%. We are going to make it, and I look forward to sharing our story with you.

You won’t have to choose to believe me; most of this is in writing.

Until we meet again,

Mike

 

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

FacebookTwitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More

09 Sep Exactly How Good Is Good Enough For Data Security?

In the past 24 hours, I have read several articles that would make a small business owner like me throw his hands up in exasperation.

One article states that malware can actually spy on your Mac and read emails and text messages according to News360.
“Researchers have unearthed new malware that turns a Mac into a remote spying platform that is able to intercept e-mail and instant-message communications. The malware uses internal microphones and cameras to spy on people in the vicinity of the OS X machine.”

Are you kidding me?  Still aren’t a bit paranoid?  Try this one on for size.

“This innocent looking power strip can hack almost any computer network.”
Well, that is just great news.  I wonder what the government is going to do about this. Are companies that have computer networks supposed to stay this far ahead of the curve? What is a reasonable degree of security when even using a power strip or your Mac computer can result in cameras and exposed files?
I ask this because evidently the FTC seems to think that going after the victim is actually going to protect the consumer.  CNN Money.
Is it? Hell no, it is not! Only the rantings of a high-level government bureaucrat would be arrogant enough to think this is going to have the slightest ding in the battle to keep the Internet a safe place. Their chasing Wyndham is clear evidence that they “don’t get it.”
Has anyone ever seen the FTC at a cybersecurity conference? Do they contract with industry experts to learn, or is that just the State Department and the National Security Council that are attending these conferences? The FTC trying to manage technology is similar to their trying to practice medicine. Not having a license makes them a danger to those and themselves. The FTC needs to BOOK UP before they start punishing companies or they risk creating self-inflicted wounds that will hurt their credibility.
The FTC looks like an old fool running around with a flyswatter trying to control a swarm of bees. They need to learn from experts and get their game plan together before they enter the field. Punishing a hotel chain does nothing to protect consumers. One would hope that the FTC would aspire to having a greater impact by aiming before they fire.  Sigh………….come on guys, since when has punishing the victims of theft made the thieves slow down or protect other potential victims. I think is time for the FTC to walk outside the Beltway for some badly needed fresh air.
Until that happens they are going to suffer from stinkin’ thinkin.’

 

Want more of me? Find me on Twitter, like my Facebook, and stay tuned for my upcoming book, The Devil Inside The Beltway!

 

Find Me onGoogle + Michael J Daugherty

 

Read More

06 Sep The US Government’s Offensive Cyber Defense

I read a very compelling article by Jorge Benitez and Jason Healey in The National Interest last week. Pulling no punches, it is titled Cybersecurity Pipe Dreams.

Here are my favorite lines: “There is a popular misconception that perfect cybersecurity is obtainable if you invest in sufficient defenses and practice reasonable access procedures. The cold, hard truth is that we live in an age where cyber-offensive capabilities are dominant.”

 

I appreciate and respect the authors for pulling no punches and stating the obvious.

 

My number two favorite line is, “For all the talk about cyber protection and the billions of dollars being spent ($3.2 billion in 2012 for the Pentagon alone) to improve defenses in the public and private sectors, your bank account PIN and the secrets in President Obama’s computer are both vulnerable.”

 

The United States Government, holder of top secret information and data, has had their pants pulled down so many times with data breaches that violate their own “standards,” which are outdated moments after their ink is dry (yes, still not paperless!), that they ought to just stop wearing pants. It would save time. It would not be pretty, but it would be cheaper.

 

When there is a fast moving, nimble, never before experienced, technology explosion like the internet, what better than a bloated lumbering elephant to be able to solve the problem? (Yes, when I have a virus I immediately look for a government toll free number for tech support.)

 

That was a JOKE. It is also a JOKE that the US Government thinks they can solve this issue by regulation and bully tactics. Take one part intellectually arrogant Inside-the-Beltway government agency, throw in a bureaucrat kissing his boss’s ass, add a few lawyers, top off with an asleep at the wheel Congress, and stir. There you have your recipe for disaster and a whole bunch of wasted tax dollars.

 

While they are trying to kill one fly at a time with swatters to scare all the other flies, the locusts are coming. PLEASE shut up and take care of your own house before they go attacking citizens and businesses in this country. Work WITH THE INDUSTRY AND THE PEOPLE, not against us.

 

Learn about technology outside of the FBI and NSA. We all know how well these agencies play with each other in the same sandbox. It does not paint a pretty picture. What do the Feds have to show for it? Are there laws passed yet? No. Are there standards yet to adhere to? No. Do the lawyers and agency heads have enough education to lead from a place of knowledge rather than power? No.

 

There have been more than a few instances where the government needs to ‘heal thyself,’ before they start playing one of their favorite games, which I call “Head on a Spike.” The Heritage Foundation shined a light on the government’s “problems at home” in an article titled FEDERAL CYBER WOES CONTINUE.

 

I wonder if these government branches will sign a consent decree agreeing to future audits from an outside third party that will cost them a fortune, misrepresent the truth, harm their reputation and solve nothing. Perhaps they will just admit that we are all in this together. Perhaps Nancy Pelosi will buy a summer home in Alabama. Well, probably not.

 

Unfortunately, hypocrisy is not covered in the Bill of Rights.

 

Make sure you read my previous post Another Day, Another Cyber Story

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

Facebook  *  Twitter LinkedIn   *   Pinterest

Google + Michael J Daugherty

Read More

02 Sep Another Day, Another Cyber Story….

 

Another day, another story of the cyber tail wagging the cyber dog (let’s call him Astro).

“Astro”

The cyber security threat to all portions of our society seems to be growing faster than Jack’s beanstalk on steroids…and the government knows it.  Why else would the head of the NSA and General Keith Alexander run to the Black Hat and DEFCON conventions a few weeks back making all nicey nicey, showing up out of uniform, and in blue jeans and a T-shirt no less?  Just by its very existence, the government is about control, and I would not be surprised if they know this sandstorm is gaining on them faster than they can run.

 

Of course, the Feds admit they don’t know it all?  That is a tough one for them to swallow. Hello, government investigators and lawyers, here is a hint: if you want to recruit hackers to your team, you may want to stop acting like investigators and lawyers. Hackers, well, they like rockin’ that boat, right? They don’t really like rules and order and restrictions. Not really a good fit for a government agency…. team play and pretending that you don’t smell a skunk being crucial skills to survive inside the Beltway. I guess they are just going to have to put on a training course before these new recruits will fit in.

 

In the meantime, it isn’t cool to have a stressed look on your face when in the enforcement business. Therefore, I was very intrigued to read in The IT Daily recently:FBI Surveillance Backdoor Might Open Door to Hackers

 

 

Basically, the FBI wants back doors encoded into Google, Twitter, Facebook and Microsoft, to name a few. They are afraid that they are going to get frozen out of communications when trying to rein in any threats to the country. (I will save my concern for the slim chance the Feds might abuse their powers for another blog, as there is such a slim chance of governmental abuse of power…yeah, right. Ahem.).

 

The problem as I see it is that the government is not usually voted the smartest guy in the room, so what happens if someone opens these back doors with a plan other than defending the USA? I get that we need security.  It is critical to every citizen in this country that we maintain our security and our privacy, but here we go again with the debate on the public sector or the private sector being better equipped to handle such sensitive tasks.  The government doesn’t build planes; they buy them from Boeing and Lockheed.  The government doesn’t build computers, they get them from Dell, Apple, and is Wang still around (just saw that antique in a government office last month)?

 

Oh, wait, now I get why the NSA head was at BLACK HAT and DEFCON! Smart guy that General Alexander. Why, I bet he thinks they need help! Now does anyone else in DC get that there actually are a few geniuses outside the Beltway? I hope so, boy oh boy do I hope so.

 

And please be nice to those of us outside the Beltway…I know this may be a stretch for you, but we are smarter than you think.

* * * * *
Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

FacebookTwitter  *  LinkedIn  *  Pinterest

Google + Michael J Daugherty

Read More