[Log In] []

Exploring the science and magic of Identity and Access Management

We are what we repeatedly do, Excellence is therefore not an act but a habit. — Aristotle

Wednesday, September 3, 2014

It’s Good the World has Shrunk!

Humor
Author: Mark Dixon
Tuesday, June 21, 2011
8:35 am

Buffer

Stuff we love: technology, information, communications … and high gas prices.  (Thanks, Frank and Ernest for pointing this out!)

Actually, high gas prices are somewhat of a misconception: When I was in high school, I made about $1.50 an hour at the cheese factory.  That would buy about 3 gallons of gas.  Now, my kids make about $10 per hour – which buys about three gallons of gas!

 

Happy 100th Birthday, IBM!

Business, Technology
Author: Mark Dixon
Thursday, June 16, 2011
7:34 pm

Buffer

It was 100 years ago today that the Computing Tabulating Recording Corporation was incorporated through a merger of four companies: the Tabulating Machine Company, the International Time Recording Company, the Computing Scale Corporation, and the Bundy Manufacturing Company.  It’s name was later changed to International Business Machines Corporation.  Today we salute IBM for its innovation and endurance, its ability to remake itself time after time, and for leading the way to the era of modern computing which we now enjoy.

I highly recommend that you read the ZDNet Article, “IBM at 100: 15 inflection points in history” and step through the accompanying photo gallery, “IBM: 100 years of THINKing big.

IBM

I love old photos of the big panels with so many flashing lights.  And that guy probably knows what each of those lights means!

 

Twitter Feed from Heaven

Humor, Social Media
Author: Mark Dixon
Thursday, June 16, 2011
9:58 am

Buffer

Now that is some crystal ball!

Twitter from Heaven

I wonder if the Wizard of Id could get one for me?  We could open a new business: HeavenlyTweets.com. (Alas.  Someone has already camped out on that domain.)

 

 

Internet of Things: For Real

General, Technology
Author: Mark Dixon
Wednesday, June 15, 2011
6:01 pm

Buffer

TendrilLast month, I created a series of posts (one, two, three) about the Internet of Things.  I turns out that one of my colleagues who inspired that series of blog posts is now employed by Tendril, a company that is involved in this Internet of Things business for real.

According to their press release footer:

Tendril is a leading energy platform company that is helping to drive the large-scale deployment of the Smart Grid through the development of forward-thinking solutions as well as its work to establish industry protocols. The Tendril platform provides an open standards-based, scalable and secure end-to-end solution for the Energy Internet – the network for existing and upcoming Smart Grid technologies. With applications, products and services enabled by the platform, Tendril creates a dialogue and marketplace between energy providers, consumers and the energy ecosystem.

The Smart Grid concept will certainly be involved in attaching lots of devices to the Internet. For one intriguing project, Tendril has teamed with Whirlpool to focus on the roll-out of smart home appliances in the US. For example,

For a refrigerator to actively manage its energy consumption, it must be able to quickly, reliably and seamlessly communicate with the electric utility company. … In this case, the refrigerator will automatically move its defrost cycle to a non-peak time without impacting the performance of the appliance.

I like the idea of having smart appliances coordinate with the electric utility to save energy and reduce my energy bill. It will be great to see what companies like Tendril will do to productively contribute to the Internet of Things.

 

 

Facebook or Twitter: Friend or Stalker?

Humor, Social Media
Author: Mark Dixon
Wednesday, June 15, 2011
5:32 pm

Buffer

From the Geek & Poke archives … if she won’t friend you on Facebook, you can follow her on Twitter.

Geek & Poke - Facebook or Twitter

Isn’t that stalking?

 

Identity Hardness – Do You Need Talc or Diamonds?

Identity
Author: Mark Dixon
Wednesday, June 15, 2011
4:56 pm

Buffer

I had an interesting Twitter conversation recently with @steve_lockstep and @NishantK about Identity Assurance.  It began with Steve’s comment about how Facebook identities were of little worth, unfit to use with valuable transactions.  Nishant suggested that most Relying Parties (RP’s) are content with “soft” identities that have to with personal likes and interests, while significantly fewer RP’s rely on “hard” identities.

Nishant’s observation about “hard” and “soft” identities made me think of the Mohs Mineral Hardness Scale, which assigns an “absolute” hardness value to different minerals.  Wikipedia’s article uses the following table to illustrate this concept:

Mohs Hardness Scale

Perhaps we could suggest a corresponding mineral and hardness value to each of NIST’s standard four Levels of Assurance (LOA) shown in the following table.

Levels of Assurance

Steve stated on Twitter that “I’m preoccupied with hard identity: doctors, lawyers, bank accts, patients”: scenarios where Facebook just doesn’t work. We could say that Steve is dealing in diamonds (level 4), but Facebook only offers talc (level 1).  Having a tangible example helps illustrate the somewhat ethereal LOA concept.  And over time, perhaps we can come up with a more definitive way to measure just how hard a particular Identity Assurance process really is.

As a parting thought: I have suggested minerals match NIST Assurance Levels 1 and 4.  What would you suggest for the other two?

 

Source Doc: PCI DSS Virtualization Guidelines

Identity, Information Security, Source Doc
Author: Mark Dixon
Wednesday, June 15, 2011
1:41 pm

Buffer

On June 14th, the PCI Security Standards Council announced publication of the PCI DSS Virtualization Guidelines Information Supplement, which “provides guidance to those in the payment chain on the use of virtualization technology in cardholder data environments in accordance with PCI DSS.”

The introductory section in this document outlines four principles associated with the use of virtualization in cardholder data environments:

  1. If virtualization technologies are used in a cardholder data environment, PCI DSS requirements apply to those virtualization technologies.
  2. Virtualization technology introduces new risks that may not be relevant to other technologies, and that must be assessed when adopting virtualization in cardholder data environments.
  3. Implementations of virtual technologies can vary greatly, and entities will need to perform a thorough discovery to identify and document the unique characteristics of their particular virtualized implementation, including all interactions with payment transaction processes and payment card data.
  4. There is no one-size-fits-all method or solution to configure virtualized environments to meet PCI DSS requirements. Specific controls and procedures will vary for each environment, according to how virtualization is used and implemented.

After giving an overview of virtualization, the report sets forth a detailed review of risks inherent in a virtualized environment and specific recommendations about how to deal with those risks.

The document’s appendix describes in detail how each of the 12 broad PCI security controls that are mandated for logical environments need to be applied in a virtual setting.

I have long thought the PCI DSS specification to be a good example of how an industry regulates itself.  The Virtualization Guidelines document shows once again how the payments industry is in step with recent trends in Information Technology.

 

Source Doc: NIST Computer Security Division Annual Report

Identity
Author: Mark Dixon
Tuesday, June 14, 2011
3:03 pm

Buffer

The National Institute of Standards and Technology (NIST) has released its 2010 Computer Security Division Annual Report. Donna Dodson, Chief, Computer Security Division & Deputy Chief Cybersecurity Advisor offers the following in her welcome statement:

The Computer Security Division (CSD), a component of NIST’s Information Technology Laboratory (ITL), conducts research, development and outreach necessary to provide standards and guidelines,  tools, metrics and practices to protect our nations information and  communication infrastructure.

In fiscal year (FY) 2010, CSD continued to build on its work in security management and assurance, cryptography and systems security, identity management and emerging security technologies.   CSD played a vital role in both national and international security  standard setting.  The division continues its leadership role in technologies and standards for Cloud Computing, Identity Management and as a Government Wide Leader and national coordinator  for the National Initiative for Cybersecurity Education (NICE).  In addition, this year marked the publication of NIST Interagency Report  (NISTIR) 7628,  Guidelines for Smart Grid Security, which identifies  security requirements applicable to the Smart Grid, security-relevant use cases, logical interface diagrams and interface categories,  vulnerability classes abstracted from other relevant cyber security  documents, specific issues applicable to the Smart Grid, and privacy concerns. We also continued to provide reference specifications  in multiple areas, allowing others to leverage our work to increase  the security of their systems and products.


Looking forward to FY2011, CSD plans to continue its work in information security, producing standards, guidelines, technical reference materials and specifications to improve the information security management of systems across the Nation and around the  world.

By the way, this report has the coolest front cover of any government report in recent history.  The image shown above is but a small excerpt.  Not that this has anything to do with the contents of the report or anything …

 

What is Enterprise Architecture?

Enterprise Architecture, Humor
Author: Mark Dixon
Tuesday, June 14, 2011
2:28 pm

Buffer

Fortunately, Geek&Poke takes us right to the heart of the issue …

… IT-Business Alignment, of course!

 

Source Doc: Policy Framework for the 21st Century Grid

Information Security, Source Doc
Author: Mark Dixon
Tuesday, June 14, 2011
1:56 pm

Buffer

On Monday, the White House released a policy paper entitled, “A Policy Framework for the 2st Century Grid: Enabling Our Secure Energy Future.”  This report sets forth policy recommendations that build upon the Energy Independence and Security Act of 2007 and the Obama Administration’s smart grid investments to foster long-term investment, job growth, innovation, and help consumers save money.

The document’s foreword states:

A smarter, modernized, and expanded grid will be pivotal to the United States’ world leadership in a clean energy future. This policy framework focuses on the deployment of information and communications technologies in the electricity sector As they are developed and deployed, these smart grid technologies and applications will bring new capabilities to utilities and their customers In tandem with the  development and deployment of high-capacity transmission lines, which is a topic beyond the scope  of this report, smart grid technologies will play an important role in supporting the increased use of  clean energy.

A 21st century clean energy economy demands a 21st century grid. Much of the traditional electricity  infrastructure has changed little from the original design and form of the electric grid as envisioned by Thomas Edison and George Westinghouse at the end of the 19th century (EEI 2011, p6). In a 21st  century grid, smart grid technologies will help integrate more variable renewable sources of electricity,  including both utility scale generation systems such as large wind turbines and distributed generation systems such as rooftop solar panels, in addition to facilitating the greater use of electric vehicles and  energy storage. Moreover, such technologies will help enable utilities to manage stresses on the grid, such as peak demand, and pass savings on to consumers as a result.

The report introduction explains further:

The Federal Government, building on the policy direction set forth in the Energy Independence and Security Act of 2007 and the Recovery Act’s historic investments in innovation, offers this policy framework to chart a path forward on the imperative to modernize the grid to take advantage of opportunities made possible by modern information, energy, and communications technology.

The report concludes:

Smart grid technologies and programs represent an evolution in how our electricity system operates. As this report highlights, this transition offers significant promise for utilities, innovators, consumers,and society at large. This document has outlined four essential pillars that will enable the United Statesto transition to a smarter grid:

  1. Enable Cost-Effective Smart Grid Investments: Smart grid technology can drive improvements in system efficiency, resiliency, and reliability, and help enable a clean energy economy through cost-effective grid investments. Many of these technologies promise to pay for themselves in operational improvements, and energy savings. The Federal Government’s research,development and demonstration projects, technical assistance, information sharing on technologies and programs, and evaluations provide valuable guidance for utilities, consumers, and regulators about what approaches are the most cost-effective, thereby paving the way for theeffective, ongoing upgrade of the grid.
  2. Unlock the Potential of Innovation in the Electricity Sector: A modernized electric grid promises to be a powerful platform for new products and services that improve grid operations and deliver comfort, convenience, and savings to energy customers.
  3. Empower Consumers and Enable Informed Decision Making: The success of smart grid technologies and applications depends on engaging and empowering both residential and small business consumers. New tools and programs promise to provide consumers personalized information and equip them to make informed energy choices, while ensuring their energyconsumption data is accorded privacy protections.
  4. Secure the Grid: Protecting the electric system from cyber attacks and ensuring it can recover when attacked is vital to national security and prosperity. Developing and maintaining threat awareness and rigorous cybersecurity guidelines and standards are keys to a more secure grid.

The current electric grid and the proposed smart grid are fascinating to me.  From my perspectives as a residential customer, a security professional and an old electrical engineer, it seems incredible that the old system we have works so well. At the same time, the emerging smart grid system should  have great benefits for us all … and provide huge employment opportunities to those involved for many years to come.

 

 
 
 
 
 
Copyright © 2005-2013, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.