As an embedded software developer I can go on and on about the many benefits of LINUX.  I can easily list hundreds of benefits.  What I believe is the greatest though is the LINUX repository.

The LINUX repository is an online archive of open source and proprietary software packages that programmers use for development or maintenance.  There is a repository for every LINUX distribution with compiled packages for a multitude of hardware configurations.  Software developers can create upgrades or security patches and upload them to the LINUX repository where they can be easily downloaded by users.

Click to Subscribe

Unfortunately, new security risks are forcing system administrators to limit connectivity between secure networks and the internet.   You can’t be hacked if a hacker can’t get in. While a closed network is ideal for security, it is a big problem for software maintenance.

Since the LINUX repository is online, the software upgrades are inaccessible on a secure network.  For years defense contractors, like TELEGRID, have had to go to great lengths to deploy software upgrades on secure networks.  This leads to delays in the deployment of security patches and seemingly endless upgrade cycles.

To resolve these issues we recommend replicating the LINUX repository inside secure networks with an offline LINUX repository.  But how do we update the LINUX repository if it is offline? One solution is to deploy a cross domain solution that straddles the secure and unsecure networks.  Another solution is compressing repository updates and sending them to a system administrator who can upload them into the offline LINUX repository.

While secure networks are important we must not forget that the main goal is functional, bug-free and secure code.  An offline LINUX repository will make it easier to maintain code on secure networks and apply needed security patches.  It seems the President agrees.

Beth Flippo is Vice President of Embedded Software at TELEGRID.  TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Does President Trump Want an Offline LINUX Repository? appeared first on TELEGRID.

My guess is that Cam was so focused on beating the Arizona Cardinals that he did not want to think about the Super Bowl. How often in sports do we see the dominant team lose because they “looked past” the current opponent? How often do they disregard the easier team only to suffer an upset? Maybe Cam Newton made a conscious decision not to look past Arizona and get distracted from the job of winning the NFC Championship. Perhaps he would have gotten overwhelmed if he thought about all of the games between him and a Super Bowl.  Maybe he knew that the only way for him to accomplish his goal was to take it “one game at a time.”

This lesson is obvious to all of us Northeasterners who just emerged from our igloos on Sunday after Winter Storm Jonas. Looking out at the multiple feet of snow we knew that the only way we were ever going to clear our driveways was to take it one shovel at a time (or one phone call to the plow guy – not judging). If we started worrying about the hours we were going to spend, or the potential chiropractor bills, we never would have survived.

Click to Subscribe

So what can Cam Newton teach us about embedded software cybersecurity? Just like winning the Super Bowl developing a secure embedded system is really hard (but not nearly as cool). If we stand back and look at the breadth of the problem we can easily get overwhelmed. But, if we break the problem down into pieces we will make it through. Start with a FIPS 140-2 validated encryption engine, then focus on PKI and then build your application on top. Take each step independently and make sure you develop it correctly before you move on to the next step.

This is the reason TELEGRID developed its Embedded Security Framework (ESF).  The ESF is a structured collection of encryption and authentication modules designed to accelerate the design and development of embedded systems. It is based on TELEGRID’s 30+ years of design, development and production of embedded systems in the field of voice and data encryption, secure unified communications and management of networked encryptors. The ESF helps Government Engineers design STIG compliant embedded systems quickly.

Eric Sharret is the Vice President of TELEGRID Technologies, Inc. TELEGRID designs and develops secure embedded systems for the US Military.

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  TELEGRID Technologies, Inc. will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Cam Newton, Blizzards, and Cybersecurity appeared first on TELEGRID.

The post 10 Commandments of Embedded Software Security appeared first on TELEGRID.

The Department of Defense released its report on defense spending by State for 2014.  It is no shock that the draw down in Iraq and Afghanistan, as well as Sequestration, have resulted in a major reduction in defense spending.  The value in this report though lies in the incredibly detailed breakdown of defense spending by State and County.  This report is not only valuable to defense contractors, like TELEGRID, but also to ordinary citizens who want to see what this impact will have on their local economy and housing market.  Below are some highlights of the report:

From FY2011 to FY2019 real defense spending is expected to decline by 28%. From FY2013 to FY2021 defense spending will be reduced by $454bn

The 5 states with the largest defense spending as a percentage of GDP were Virginia, Hawaii, Alabama, District of Columbia and Alaska. The state with the lowest defense spending as a percentage of GDP was Oregon.

The 5 states with the largest defense spending (in dollar terms) were Virginia, California, Texas, Maryland, and Florida. The state with the lowest defense spending was Vermont. The 10 states with the highest DoD spending accounted for almost three-fifths of total DoD spending in the nation.

To see how your State and County performed click here.

The post Defense Spending by State – Report Released appeared first on TELEGRID.

In the past two weeks TELEGRID engineers gave presentations on Embedded Software Security and attended talks on M2M cybersecurity, IPv6 security flaws, and personal cybersecurity best practices.  Since TELEGRID designs embedded software security tools for the US Military all of these talks were aimed at the Government.

As we sat and listened we began to notice a common theme.  According to the presenters, Commercial cybersecurity is head and shoulders above the Government and the only way the Government will defeat this enemy is to learn from the Commercial sector (and pay the consultant giving the talk).  We were therefore quite amused to read in this month’s issue of Harvard Business Review, the de facto bible of Industry, that HBR believes that the Government is in fact better than the Commercial sector at cybersecurity.

We think the simple takeaway is that cybersecurity is difficult and everyone feels like the other guy is doing it better.  We also think Government engineers should print out this article, hang it on their wall and show it to a consultant the next time they are told they should learn from the Commercial sector.

To read the Harvard Business Review article Click Here.

The post Government vs. Commercial Cybersecurity appeared first on TELEGRID.