Here is a summary of the objectives of the report which is take directly from the introductory comments…

On behalf of the Online Safety and Technology Working Group (OSTWG), we are pleased to transmit this report to you. As mandated, we reviewed and evaluated:

 

1. The status of industry efforts to promote online safety through educational efforts, parental control technology, blocking and filtering software, age-appropriate labels for content or other technologies or initiatives designed to promote a safe online environment for children;

 

2. The status of industry efforts to promote online safety among providers of electronic communications services and remote computing services by reporting apparent child pornography, including any obstacles to such reporting;

 

3. The practices of electronic communications service providers and remote computing service providers related to record retention in connection with crimes against children; and

 

4. The development of technologies to help parents shield their children from inappropriate material on the Internet.

 

The report contains recommendations in each of the above categories, as well some general recommendations. We believe these recommendations will further advance our collective goal to provide a safer online experience to our children.

This is an important document. If you have children, know children or are involved with kids at church or school you should take the time to read this report.

- Dan

This came across Twitter this morning. If you have any interest in cyberwarfare and the implications, you should read this. According to the article, this was scrapped, but yet many aspects are still classified.

The plan was to use a cyberattack to freeze financial assets of Saddam Hussein.

Take a look at this…

“We knew we could pull it off — we had the tools,” said one senior official who worked at the Pentagon when the highly classified plan was developed.

The U.S. Government had the technology and abilities. Later it is revealed that the attack was not authorized because of fears over worldwide financial fallout.

It seems like the prudent course of action was taken here. Just because you can do something doesn’t mean that you should.

- Dan

I’ve never really thought USA Today was a bastion of InfoSec news, but they have a report here that gives a basic understanding of what is going on.

It is evident that the information is not complete. Unnamed sources that are “not authorized” to speak are providing sanitized information.

I would expect there to be more information coming out a little at a time.

UPDATE: Information is starting to come out http://www.google.com/hostednews/ap/article/ALeqM5icTKBW9_fm-oKDzns75BI-ykokSwD999UN580.

My plan is to use this as an opportunity and reminder to revisit our plans and procedures in the event any of our computers are a part of a botnet, or in the event our organization becomes a target.

Steps I plan to take specifically for this threat:

• Work with ISP to make sure that they are filtering DDoS at their routers for traffic that is headed our way.
• Verify that all of our computers have current antivirus running and that signatures are current.
• Force an AV scan on all workstations.
• Force an AV scan on all servers using a secondary AV engine.
• Monitor in-bound traffic closely and pay attention to alerts.
• Notify Management of the situation if anything begins to develop.

Sleep tight, y’all.

- Dan

It is important that you know your vendors. Many vendors will approach schools with proposals for solutions they say qualify for E-Rate funding. Sometimes the school or library will create an RFP (Request for Proposal) and send to potential vendors. While the technology may qualify, not all vendors are created equal. How are we to know which vendors are reputable?

• References – Ask for at least four companies or schools that this vendor has done work for. Contact these organizations and get their opinions on the quality, timliness and cost of the work. Find out about any negative interactions with the company. This would be very similar to checking references for a possible new employee.
• Research – Do your own research into the vendor. How long have they been in business? How big is the company? You are seeking information that will give you an idea of the stability and longevity of the company. You want to make sure that this vendor will be around in case there are issues following the project implementation.
• Warranty or money back guarantee – We all want a project to be done on time and within budget. We also expect the solution to work as presented. But, sometimes these things don’t happen. Does this vendor offer any warranty on their work or a money back guarantee in the event of a complete failure to deliver?
• Capability – This seems obvious, but does this company have the expertise and capability to deliver on what they are selling?
• Design – If an RFP has been developed and sent out, you should closely review the proposals that are returned by the vendors. Make sure that their solutions really fit the requirements and that extraneous items are not included. You can be assured that if they are trying to get unneeded items or work into their proposal then they are not a company you want to enter into a relationship with. You want to be able to trust your vendors.

The vast majority of vendors are reputable. Only a few are guilty of fraudulent behavior. Do you homework and you will be able to avoid the ones working to rip you off.

- Dan