Arch Street Client Wins Big in $1.5 Billion Competition

With help from Arch Street, the Central New York Regional Economic Development Council (REDC) won $500 million in funding from the State of New York to catalyze economic growth across a five-county region centered around Syracuse, New York.


Arch Street helped author key portions of the winning proposal to New York Governor Andrew Cuomo’s  high-stakes Upstate Revitalization Initiative competition.  CNY was one of three winners out of seven competitors.

Arch Street drafted major elements of the successful proposal especially Section I. the regional Strategic Plan.  This section introduced regional economic data and trends linking them to future economic directions and initiatives for the region.

Organizations forthcoming about data breaches? Not really

Time to ShareSimple reason for not disclosing  — potential for getting sued.

More complex reasons — continuity of operations, competitive pressures, effect on stock prices, fear and embarrassment.

Certainly public acknowledgment of an attack can trigger legal obligations, potentially turning corporate offices into a crime scene where employees are unable to work to shut out attackers.

Source: Here’s why companies leave you in the dark about hacks for months – LA Times

Gravitational waves detected from second pair of colliding black holes 

Gravity Waves StillImage.jpg

Scientists with the Laser Interferometer Gravitational-Wave Observatory (LIGO) have observed gravitational waves — ripples in the fabric of spacetime — for the second time.  Gravitational waves carry information about their origins and about the nature of gravity that cannot otherwise be obtained, and physicists have concluded that these gravitational waves were produced during the final moments of the merger of two black holes — eight and 14 times the mass of the sun — to produce a single, more massive spinning black hole that is 21 times the mass of the sun.

The LIGO Observatories are funded by the National Science Foundation (NSF), and were conceived, built and are operated by Caltech and the Massachusetts Institute of Technology (MIT).

During his tenure with the NSF, Tim Clancy, the President of Arch Street sat on the internal NSF LIGO Steering Committee that oversaw the budget and program management of the LIGO project during it’s design and construction in the 1990’s.

Credit: Image credit: LIGO/T. Pyle



New White House Report:  A 21st Century Science, Technology and Innovation Strategy for America’s National Security 


Emerging technologies are creating the potential for new, asymmetric, and unpredictable threats in areas such as cybersecurity, synthetic biology, artificial intelligence and autonomy, and climate change. In order to address these emerging threats, the U.S. national security science and technology (S&T) enterprise must become more agile, responsive, and resilient.

Recently the Obama Administration released a new report from the National Science and Technology Council titled A 21st Century Science, Technology and Innovation Strategy for America’s National Security.  The strategy calls for the modernization of the national security S&T enterprise to ensure:

  • The ability to access the best talent in the world for the national security mission;
  • Proactive and collaborative investments in specialized facilities necessary for critical national security science and technology needs;
  • Intelligent management of the business of national security science and technology, and associated risks, to achieve the best outcomes as an enterprise; and
  • Adoption of transformative frameworks and innovative practices from the private sector, where it makes sense to do so for the national security mission.


Bill to strengthen New York State data breach law advances

Legislation to change how the state’s IT office responds to data breaches is now up for consideration by Senate lawmakers.  The bill (NY State Senate Bill S6834A) would alter how the state reacts to an electronic breach of private information, giving more responsibilities to New York’s Office of Information Technology Services in the wake of any state data breach.   The bill states that should any “state entity” handling citizens’ private information discover that personal data becomes exposed to any unauthorized users, the legislation would task the IT office with delivering “a report on the scope of the breach and recommendations to restore and improve the security of the system to the state entity” within 90 days after the discovery of the breach.

Additionally, the bill requires that state IT staff “develop, update and provide regular training to all state entities relating to best practices for the prevention of a breach of the security of the system.”


Request for Comment:  Standards for Cyber Information Sharing and Analysis Organizations (ISAO’s)


The Department of Homeland Security has requested public comment on draft documents produced by the Information Sharing and Analysis Organization (ISAO) Standards Organization (SO). This is the first iteration of drafts to be used in the development of voluntary standards for Information Sharing and Analysis Organizations (ISAOs).  This carries out directives in Executive Order. 13691 which is intended to enable and facilitate “private companies, nonprofit organizations, and executive departments and agencies . . . to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.”


New markets emerging for software flaws — but transparency can be lacking

How much are software bugs worth?  New markets for software flaws are being created by corporate bug bounty programs.  But it’s not a simple process, as pricing can be difficult. Companies try to balance the need to be transparent with outside researchers (white hats) while protecting their own sensitive business information, the often opaque bug valuation process can be controversial.


We love information sharing!  Until we don’t

Time to ShareInformation sharing is an important security tool — especially for and among security practitioners (sharing incident logs, etc.).  Unfortunately as things scale, information sharing regimes suffer as other imperatives begin to compete with security.  Imperatives such as competitive pressures or proprietary concerns between security companies who don’t want to reveal their secret sauce.

Many anti-virus (A/V) companies use an information platform called VirusTotal — run by Google, the largest collection of industry analysis of computer viruses.  But there is trouble.  A number of newer technology security companies such as Palo Alto Networks, Cylance and CrowdStrike face losing access to the platform,  accused of freeloading by older A/V companies such as Symantec and TrendMicro for not sharing their analysis (the secret sauce) of how they detected a virus or vulnerability.

Robust competition in the security software industry is critical for improving cybersecurity but overall things will get worse if information sharing breaks down.