fbpx
Absence of Security in System Engineering

Absence of Security in System Engineering

Building a cyber secure system is one of the fundamental objectives of software developers and system engineers and the absence of security is a severe problem. Software developers focus on building feature-rich applications and improving user interaction and user experience. Security of applications and overall systems is left out to be tackled by third parties AFTER the system is developed.

The absence of security in the initial stages of System Engineering is the single most significant cybersecurity gap and risk in modern system development. ~Linda Rawson

Assurance Approach

Researchers have proposed different approaches to secure a system. Security by Design is an assurance approach; software and hardware developers try to secure systems by adopting practices like continuous testing, authentication safeguards, and adherence to best programming practices. This approach allows you to formalize infrastructure design and automate security controls so that you can secure every aspect of IT management and administration.

Absence of Security is an Organization Thing

Security in system engineering has a lot to do with WHO is involved more than vulnerabilities. The most important thing is to get the organization on board to embrace security. No exceptions. Implementing a DevSecOps approach ensures that security, development, and IT Ops teams work toward a joint security goal. If developers are onboarded with training that teaches them how to be hackers, they will write hacker-proof code.

Professional Services

Professional Services

Traditional Methods Need Adjusting

Security by Design helps secure the systems that were not networked initially, and security has not traditionally been considered in product design. One of the vital part goals of Security by Design is baking security into the design lifecycle, ensuring that data flows are secure, and authentication is appropriate.

Baking in Security

Baking in security is imperative as the entire IT landscape infrastructure has moved from just being client-server architecture to virtualization, cloud, a serverless environment, and containers, making it complicated for security practices. Cybersecurity should not be an afterthought; it should be baked in during the entire lifecycle of system development and deployment.

The variety of application development practices and frameworks should also be a motivation behind adopting cybersecurity. The conception, and partial reality, is cybersecurity is challenging and will slow the development cycle down. Modern software development lifecycle models have relaxed the perceived rigidity and are moving toward Agile methods.

The Waterfall model’s sequencing, emphasizing documentation at each phase before proceeding to the next phase, made it easier to include security controls at every step of the process. Baked in cybersecurity fit right into the rigid process.

Organizations are increasingly moving away from the waterfall model to rapid development cycles, where code is released monthly, weekly, daily, or even hourly.

The End Goal

Hardware and software should be treated together, integrated with cybersecurity early and frequently.

A Cyber-Resilient Organization

A Cyber-Resilient Organization

A cyber-resilient mindset is different from a cybersecurity mindset, although they are complimentary. Cybersecurity has often been an afterthought in System Engineering. It always surprises me to read through diagrams or models and discover not one mention of cybersecurity. Criminals will exploit humans and systems to bring the system to its knees and cause massive revenue loss.

Security in System Engineering has a lot to do with WHO is involved more than vulnerabilities. The most important thing for System Engineering security is in changing the culture to embrace security. No exceptions. Security must be built into the project at the beginning.

Implementing a DevSecOps approach ensures that security, development, and IT Ops teams work toward a joint security goal. ~ Linda Rawson

The People are Not the Process.

DevSecOps is agile in nature, and the people are still involved but not in the same capacity as they were in the Waterfall model. In DevSecOps, the people are not the process: The pipeline, the set of phases and tools that the code follows to reach deployment, defines the process.

The phases include Build, Test, and Deployment and prefer automation over manual methods. Build automation consists of the tools needed to grab the code and compile it. Test executes the automated test cases, while deployment drops the build into its destination. It means using static analysis tools that check the portions of code that have been changed versus scanning the entire code base.

The People Monitor the Process and Respond to Process Failures

Training hardware and software developers regularly on new cyber-attack techniques and exploitation vectors is essential to application solution security. Security and quality assurance policies need to be promulgated among the team to make development standards unambiguous and clear for everyone. Defensive Coding Practices result in more complicated code but writing code while thinking how an attacker might think, reduces vulnerabilities, and therefore reduces risk.

All Levels of Management Must Be Involved

Individuals from government stakeholders, operations, security, and development teams must be encouraged to have a cyber-resilient mindset. If you are proactive and think like a cyber attacker, you would do things differently instead of explaining why an attack occurred. In the case of an extensive enterprise system, why bank accounts were drained, or an airplane hit the ground.

Adopting Cybersecurity Practices

Adopting cybersecurity practices such as continuous integration, continuous delivery, and constant distribution has dramatically accelerated the speed at which organizations release and update applications. Security is no longer something that can be bolted on at the end of the development cycle but must be started by a proactive organization.

This blog was written by Linda Rawson, of DynaGrace Enterprises (dynagrace.com). For further information, please connect with Linda on LinkedIn, or contact her at (800) 676-0058 ext 101.

#systemengineering #cybersecurity #cybersecurityawareness #DevSecOps #infosec #security #mindset

DynaGrace Enterprises adds TOSIBOX® Products to GSA MAS Schedule

DynaGrace Enterprises adds TOSIBOX® Products to GSA MAS Schedule

DynaGrace Enterprises, a Data Science, Emerging Technology, and IIoT Automation WOSB Firm, has partnered with Industrial Automation powerhouse TOSIBOX® to add their line of products to the GSA Multiple Award Schedules (MAS). The IIoT products give federal government buyers easy access to advanced technology solutions.

“Our GSA MAS federal government contracting vehicle enables us to reach more facility managers as well as those agencies focused on remote maintenance, access control, and data collection with trusted and secure devices. By getting involved in development projects, keeping the government infrastructure safe, and developing automation solutions, we enhance the government’s infrastructure keeping our nation strong.” Says Linda Rawson, President, and Founder of DynaGrace Enterprises.

Patented TOSIBOX® OT Networking Platform

TOSIBOX®, with its patented OT Networking platforms, is an ideal solution for anyone looking to connect devices for remote maintenance, access control, data collection, or any Industry 4.0 (IoT) initiative. TOSIBOX® uses the latest IT technologies, including 256-bit AES encryption, RSA Matching, physical-first Multi-Factor Authentication, and secure boot, all wrapped in a fully automated platform.

TOSIBOX® Lock 500

TOSIBOX® Lock 500

When organizations are looking to find operational efficiencies by digitizing processes and systems, previous networking choices have proven to be complicated and expensive. In addition, lacked a built-in security profile that ensures a consistent and safe digitization strategy.

With TOSIBOX®, the inventors of Operational Networking (OT Networks), organizations can connect devices, buildings, infrastructure, SCADA, CCTV, and anything else in the organizational digitization strategy. The cost-effective integration utilizes TOSIBOX® automation and creates private OT Infrastructure leveraging the internet and remaining separate from traditional public internet tools like Static IPs, and DNS server farms. TOSIBOX® is especially helpful with secure organizations using highly encrypted VPN connections.

With TOSIBOX®’s built-in cybersecurity and frictionless IT/OT connection method, organizations can connect operations across town or the globe, without having to invest in new IT infrastructure. Now you can connect what you want to connect without having a team of IT Experts to engage devices for decision support, remote maintenance, or any other Industry 4.0 initiative. In a world with tightening resources, IT professionals can stay focused on the mission and leave the day-to-day OT networking to TOSIBOX®.

Partnering Makes Sense

“By partnering with the team at DynaGrace Enterprises, we will go beyond the commercial space and bring a cost-effective and secure OT platform to US Government agencies. Growing a global brand requires two things in my mind: Great tech and Great Partnerships.” says William Behn, President of TOSIBOX®, Inc., ”DynaGrace Enterprises has a proven track record bringing technology and services to government agencies, and we are proud to be in partnership with this women-owned business to accelerate the choices government agencies have.”

DynaGrace Enterprises and TOSIBOX® are laser-focused on the modernization of older facilities, driving organizational efficiencies through secure digitization, raising technical and cybersecurity standards, and drive massive energy and operational efficiencies to facility managers across the DoD.

Customers can learn more about DynaGrace Enterprises by visiting DynaGrace.com or calling the company directly at 888-676-0058. DynaGrace Enterprises is a Data Science, Emerging Technology, and IIoT Automation Firm located in Utah.

Marijuana and Workplace Safety

Marijuana and Workplace Safety

For some situations, like office work, the primary safety hazard might be a paper cut.  In industrial professions, employee safety is at risk every day.  Because of legalization of marijuana, industrial accidents could occur more often because marijuana can impair an employee’s coordination and motor skills.

Where is Marijuana Legal Right Now

Despite many states legalizing cannabis in the United States, marijuana remains an illegal drug according to the federal government.  The government classifies cannabis or marijuana as a Schedule I drug.  Schedule I drugs, under the federal Controlled Substances Act (CSA), are those drugs that possess a high potential for abuse and for which there is no currently accepted medical use. The DEA reviewed its classification of marijuana in 2016, and affirmatively chose to keep marijuana on the list Schedule I drugs.

A nice map from DISA Global Solutions shows the marijuana legality by state with links to the state law.

Map of Marijuana by State

Map of Marijuana by State

How is Marijuana Use Impacting Safety on the Job?

People try marijuana to get “high.”  The psychoactive ingredient,  tetrahydrocannabinol (THC) in marijuana stimulates the brain to produce dopamine which relaxes the body.  According to an article by WebMD, How Marijuana Affects Your Mind and Body, affects sensory perception (brighter colors, louder sounds), reaction time, motor skills, and increase risky behavior.  For an employee working in an industrial environment, operating machinery, or driving industrial equipment, these effects can be deadly.

According to a study, How does marijuana use affect school, work, and social life?, by the National Institute on Drug Abuse (NIDA), 55 percent more workplace accidents, 85 percent more injuries at work, and 75 percent more absenteeism when an employee tested positive for cannabis.

The Employer Usually Wins a Lawsuit

As a result of cannabis use, an employee’s job is terminated.  When this happens states typically side with the employer even if the employee has a medical marijuana card.  However, marijuana is still Schedule I drug which is illegal according to federal law. Federal law supersedes state law.

  • The Americans with Disabilities Act sides with the employer when it comes to medical marijuana use
  • If an industrial accident occurs and a worker is injured, worker compensation is not provided if an employee was under the influence
  • Most health insurance programs do not cover medical cannabis as part of their list of prescription drugs

What Makes a Good Drug Policy?

An interesting study on the impact of Drug-Testing programs by the National Center of Biotechnology Information (NCBI) shows the effective use of pre-employment drug testing concludes it is useful to employers choosing job applicants.  An employer drug policy should include:

  • Management training to ensure enforcement the drug policy
  • Employee support options including company assistance or local resources
  • Clearly defined use and possession guidelines
  • Criteria for post-accident analysis
  • Rules employee’s conviction or arrest for drugs

Legal authorities review drug policies and workplace procedures to ensure reduction of litigation by employee.  Policies may change based on state or even federal law and could change frequently.  The drug policy should have a date and acknowledgment by the employee.  By having this information, litigation against the employer is protected.

Cannabis

Cannabis picture by pixabay

The health and safety of your workforce depend upon you to keep them safe.

Linda Rawson, is the Founder of DynaGrace Enterprises, inventor of WeatherEgg, and the author of The Minority and Women-Owned Small Business Guide to Government Contracts: Everything You Need to Know to Get Started

Top 10 Plants for Improving Indoor Air Quality

Top 10 Plants for Improving Indoor Air Quality

Household plants can improve indoor air quality.  People lined their windowsills in growing numbers with greenery after NASA published a series of research dating back to the early 1980s, saying that indoor plants could purify the air. Sadly, a little wishful thinking seems to have been going on back then.

Researchers now claim that you would need 680 plants in a 1,500-square-foot home for the leaves to fight toxins. Indoor plants have other health and air boosting benefits that you don’t need to build a jungle wall-to-wall to enjoy.

Even a small quantity of foliage could improve the quality of indoor air.

Because Americans spend most of their time indoors, a top priority should be good air quality. So why not add to your living room a few easy-care plants?

The following 10 plants help remove pollutants like formaldehyde, benzene, trichloroethylene, and carbon monoxide.

English Ivy (Hedera Helix)

English Ivy

English Ivy Photo Credit Costa Farms

The classic, elegant, English ivy is lovely as a ground cover or as a house plant, which is ideal for removing dangerous chemicals from the house. It can grow in complete shade to full sun, it can be formed, and it will likely survive several years with the proper care.

Bamboo Palm (Chamaedorea Seifrizii)

Bamboo Palm

Bamboo Palm Photo Credit Stevens Plant Care

Because of its preference for the proportion of sun and shade, the bamboo tree or red palm produces a large house plantation, which also helps remove harmful components such as benzene and formaldehyde.  Palm trees thrive away from cold drafts in pleasant amounts of light. They can bring plenty of greenery to your space and reach 12 meters high but are growing slowly. Keep your bamboo palm in a larger container at least three years before re-potting.

Chinese Evergreen (Aglaonema Modestum)

Chinese Evergreen

Chinese Evergreen Photo Credit Linda’s Flowers

The Chinese evergreen is a healthy plant with low to medium-light conditions. It usually reaches 1 or 2 feet. While it helps keep the Chinese evergreen atmosphere safe, it is essential to remember that an irritant is present in the Chinese evergreen that can be poisonous to animals.

Gerbera Daisy (Gerbera Jamesonii)

Gerbera Daisy

Gerbera Daisy Photo Credit Cascade Floral Wholesale

This famous annual is helpful when placed indoors to remove the gasoline and to improve the mood of the house. Be aware, however, that Gerbera daisy is best in warm temperatures at or above 75 degrees F.

Dragon Tree (Dracaena Marginata)

Dragon Tree

Dragon Tree Photo Credit The Tree Center

A beautiful office plant, the Dragon Tree would be a great complement both indoors and outdoors with a green to purple leaf color. It would also fit in perfectly in the office because it can withstand low light.  The Dragon tree is among the best for removing trichloroethylene and xylene from indoor air.

Mother-in-Law’s Tongue (SansevieriaTrifasciata ‘Laurentii’)

Mother-in-Law Tongue

Mother-in-Law Tongue Photo Credit Hirt’s Garden

A sturdy and succulent mother-in-law tongue is a good home plan for beginners and is capable of surviving under certain harshest conditions, including a broad range of light and temperatures. Be cautious, however, not to over water or not to water at all.

Mum (Chrysanthemum Morifolium)

Mum

Mum Photo Credit NC Cooperative Extension

Not just for memorials, Mums have lovely flowers, which are accessible and inexpensive in garden shops in the spring. These perennials are also suitable for interaction with plants because they sometimes take a deadhead (the pinch of spent flowers).  Display it in a cool place under the sun for 10 hours. These plants are toxic to animals if consumed, so keep it out of reach. You can plant it outside in spring when the risk of frost goes away.

Peace Lily (Spathiphyllum ‘Mauna Loa’)

Peace Lily

Peace Lily Photo Credit Mark and Spencer

One of the best plants to combat poisonous substances is the Peace lily.  Known for their ability to battle formaldehyde and carbon monoxide, are relatively simple plants that handle and even show indications of dropping when need to be watered. This plant may be slightly poisonous to animals and people, so after touching the plant, it is essential to clean your hands.

Spider Plant (ChlorophytumComosum ‘Vittatum’)

Spider Plant

Spider Plant Photo Credit Gardening Know How

The spider plant is one of the simplest air-purifying indoor plants for beginners or forgetful owners to grow. Spider plants fans of light, indirect sunlight shoot with flowers that ultimately develop into baby spider plants.  The child plants can be placed in their pot while still connected to their mother plant. Then once they are rooted, you snip them off. Please give the plant to your friends, or increase your collection of plant life.

Dracaena (Fragrans ‘Massangeana’)

Dracaena

Dracaena Photo Credit Jordan’s Jungle

A common species, Dracaena is known for their beautiful foliage, which varies from green to yellow and has proven to prevent formaldehyde. It looks fantastic in the shape of tree but can also be cultivated as shrubs.

Whatever your choice of house plant is one of these plants will help indoor air quality.

Linda Rawson, is the Founder of DynaGrace Enterprises, inventor of WeatherEgg, and the author of The Minority and Women-Owned Small Business Guide to Government Contracts: Everything You Need to Know to Get Started

Pin It on Pinterest