One for the Interns: So you broke your pi…

Liticode provides internships for promising students interested in technology and business. One of the projects we assign involves a Raspberry Pi. Inevitably, things go wrong. Here’s a list of situations and options for the students, for when things go wrong.

You Messed with /etc/fstab

If you’ve recently changed the /etc/fstab file and now you’re getting an error on boot that says “You are in emergency mode.” and it won’t let you log in and just keeps rebooting, you have found a common problem due to your editing /etc/fstab. The pi doesn’t like something you did in the file and we have to undo it to allow it to boot. You’re going to need a computer you can use to edit files on the boot disk of the pi. Follow these instructions and it should be bootable once again:

  1. Power it down and remove the boot disk and connect it into a different computer for editing.
  2. Wherever it mounts the disk on that computer, open the /boot partition and edit the file cmdline.txt using vi or notepad.
  3. At the end of the line (its one line of commands) add a space and then the command: init=/bin/sh
  4. Save the file and exit. Eject the disk and put it back in the pi and power it on.
  5. You should arrive at a command line now, if not, go back over the steps and ensure you didn’t add any odd characters to the cmdline.txt file.
  6. In order to edit fstab, we have to mount the disk. If you are using our standard build, this command should do the trick:
    # mount -o remount,rw /dev/sda1 /
  7. Now that we have the root file system mounted, you need to edit the fstab file:
    # vi /etc/fstab
  8. If you’re not comfortable with vi, this is an excellent opportunity to learn!
  9. Find the line(s) you added to fstab and comment them out with a hash character, just like the other comments in the file. You can fix them now if you know what’s wrong, or for now just comment them out.
  10. Save the file, shut down the pi, pull the disk out, and put it back in your other computer to remove the command from cmdline.txt.
  11. Delete the command we added at the end of the line back in step 3, and nothing more.
  12. Save the file again, eject the disk, put it back in the pi, and it should boot to the gui now.

An excellent capabilities example for your resume would be to create an automatic shellscript process that detects these errors at startup and automatically deals with them.

Competitive Advantage and Organizational Blinders

One of the most common flaws in organizational efficiency failures is the reliance on root cause low level determination to excuse failures. All failures are management failures. No error should propagate beyond the first level of management control, or the management is the problem. All penalties for failures need to be addressed primarily at the management level or failures will accumulate. Line employees and systems are not the root cause of failure, the management thereof is. An organization that permits management to persist through multiple failures is undermining its own potential. Failure to observe this fundamental truth of systems management means the real cause of systems failures persists and the efficiency of the organization suffers. This does not mean terminating the problem level of management, it means rehabilitating them or increasing their capacity. And, importantly, the failure of the level above to perceive the weakness ahead of time is itself and additional level of the failure in management. This responsibility rolls all the way up to the board in some cases. If your organization is blaming line personnel or vendors for failures, you may want to consider some external management consulting to examine the situation in detail using an independent set of eyes. Or the competition will eventually eat your business.

Complacency Has No Place in Business

As Mercedes has so aptly demonstrated of late, complacency has no place in business and as any business major can recite, is anathema to competitive advantage.

Racing competition mirrors business competition in that way, and all competition opportunities, for that matter. If you want to survive long term you have no choice but to compete at some level.

There are, as Agent Smith said in The Matrix, levels of survival many are willing to accept.

But businesses that become complacent quickly stagnate and in an environment with limited competition (typically due to regulation and licensing requirements) fester and rot, slowly turning into dinosaurs that impede progress.

Businesses that become complacent in a normal competitive environment quickly get eaten by better businesses. This is why big, older, established companies like Microsoft buy up small innovative firms in a story as old as acquisitions and mergers. Consuming the threat to gain their power.

We must shun complacency and emphasize competition if we are to advance smartly into the future. The alternative is a slow decay into something that can be consumed by a better predator. A business with no aggressive plan for the future is waving a white flag and an easy target. The only thing that keeps a company like that afloat is the dearth of available business.

Liticode’s analytical abilities in these areas can help your company stay competitive and exceed expectations. Our systems engineers are here to help move your business forward.

Annual Canary Notice

We still have never received any federal notice of any kind regarding disclosing client information or not disclosing client information. Or anything other than normal business and tax documents. We’re kind of boring that way. Which is what makes us such a great company to work with. Boring is good.

Going Green

We are proud to announce a new initiative here at Liticode to help reduce client costs while simultaneously helping to reduce our impact on the environment by drastically reducing travel on engagements.

Engagement travel costs for clients involving flights can be as high as $20,000 just for the travel alone. By deploying technical assets (lightweight computers and storage coupled with cloud resources) we can now be effectively onsite faster, and more reliably, than by putting humans in airplanes.

Furthermore, we will improve response times quality by reducing missed dates. Currently, we miss about 1 engagement annually by as much as 2 days due to travel delays, mainly in winter. Using our new remote capabilities, because of the low costs involved, we can simultaneously ship multiple endpoint units via different carriers and routes, and guarantee onsite presence within any shipping window.

For engagements requiring hands on, in clients where no internal technical resource can be used, we will be engaging with partners in the immediate vicinity to be our hands, and still achieve a 99% reduction in travel costs.

Only in the most severe classified containment matters will we continue to ship personnel to remote sites, but even in those cases, we will be able to ship fewer personnel, and still reduce travel costs.

We are very pleased with the remote operations capabilities we have implemented and hope to use them for all our remote clients moving forward. It also makes our personnel happier, since they get to spend less time on the road, and can perform faster and more efficiently on client engagements. This in turn improves client outcomes and we here at Liticode want the best for our clients.

Some Advice for Buying an EMR/EHR

Here at Liticodec, we don’t practice medicine, but we do practice technology and electronic records and have been doing so for a very long time. Since well before the current trend of faster/cheaper became fashionable, and because of that, we’ve learned a few tricks about the system acquisition (purchasing) cycle that you might not think about, but can probably benefit from.

Do your purchasing according to tried and true practices of defining criteria and doing vendor selection. An EMR is not a trivial item, it is foundational and will make or break your healthcare practice. Involve the right people. If none of that makes sense, HIRE SOMEONE who understands purchasing principal systems and don’t rely on the advice of someone internally just because you think they know what they’re talking about. You want to make sure EVERYONE is backstopped by a proper value based decision with defined and trusted characteristics.

Defining those characteristics can be part of the problem, along with relying on vendors to be truthful in their descriptions of what their systems do. There’s a quick and dirty way to figure out if a particular system suits your organization, and that is to go and do site visits. Select a cross-discipline team of physicians and nurses and IT and send them to other installations for several days to shadow people and dig into the real operations of the system being reviewed. Dig deep. Look at the user interface in action. Look at the interfacing and reporting. Look at the errors and support needs. Look at the BC/DR capabilities.

Yes, this will cost you a lot of money, probably upwards of $100,000 for looking at 3 different systems. If it saves you making a $3M purchasing mistake, it’s money well spent. If you’re REALLY good at purchasing, you can get the vendors to pay for the excursions so you don’t have to. That’s the best way, because if the vendors don’t have that level of faith in their system or that level of funding for sales, then they probably aren’t a good choice. Remember, a mistake in purchasing an EMR goes way beyond the price on the invoice, so you have got to get it right. The more right it is, the better you all look on the cover of the monthly healthcare magazine. The more wrong it is, well, we call those “resume generating events”.

Please make sure to include security and forensics in the criteria. That’s our part. We’re available to assist with purchasing evaluations if you need us, and we only need one day and it doesn’t even need to be on site. We can also help with the business side of things, if you’re light on the IT side as some organizations are. Proper purchasing processes and vendor evaluations were figured out back in the 1960’s so there’s no reason for anyone to get it wrong.

Purchasing and Metrics as Key Business Indicators

It cannot be overstated enough that the two most powerful weapons in a company’s policy arsenal are proper purchasing protections and performance metrics.

Without smart purchasing, businesses tend to waste money on solutions that are inadequate and penalize the company repeatedly until cured. The money needs to be reallocated to purchase the correct solution, and while it is in place, the company fails to gain any advantage from the wrong solution; possibly loses ground.

Proper metrics are what allows a company insight into layers of operational intelligence. Without good metrics that permit comparison with competition and external industry measurements, perceptions can be flawed and gains lost. Worse, improper use of metrics can lead to stagnant areas of insight which undermine the entire purpose.

These two areas are clear marks of maturity in a business and keys to remaining competitive and obtaining market dominance. But they are HARD to do. So we see the almost nowhere. This despite the fact that both areas have been understood and well defined for 50 years!

Now, the interesting thing to us here at Liticode is the ramifications these two key indicators have on information security and litigation costs.  Because the cost of a failed security tool purchase are potentially far greater than the cost of the mistake and the fix.  If there is an event stemming from the failure in purchasing, it can have catastrophic consequences well in excess of the purchase costs.  All stemming from a failed purchasing policy.

The Vicious Feedback Cycle of Ransomware and Insurance

Cyber insurance is motivating the black hats to pursue more ransomware attacks. Much like piracy in the Gulf, knowing there is insurance, and requesting a fraction of the insured worth means it is in the best BUSINESS interest of insurance companies to pay the ransoms, which creates a terrible cycle of destruction and costs. The pirates/criminal know the money is there, all they have to do is write the ransomware.

As is the norm in such cases (like piracy) it will require a government to step in and enforce a contractual policy through force. The government must mandate non-payment, which insurers will lobby against. If payment cannot be made, the government will be required to intervene to protect the business assets of the insured and insurance company or a black market will develop to pay the criminals.

If the government doesn’t want the insurers to pay the criminals then the government will need to have an actor (military etc) take action to discourage releasing ransomware. This will not stop the use of ransomware, only decrease the frequency and increase the intensity, just like piracy.

Unfortunately, this will not increase demand for highly qualified cyber security and risk personnel, who can help prevent successful attacks, it will merely increase the size of the insurance market. Consumers, as always, are a secondary consideration, and critical mass affect assets such as health records will be the biggest target, as in any terrorist style criminal activity. Criminal know they need to pick big targets if you want a big payday.

HIPAA security officers need to prepare for this impending increase in risk more than any other industry, because you’ve got the most to lose.

Why 3rd Party Evidence Handling is Important

Let’s talk about why you should be using the services of Liticode, or someone like us, but preferably us. No equivocation, we’ll get right to the foundations of it.

  1. Transfer of liability. There, we said it. The basest of all motives, money. If, luck forbid, there is an issue with the evidence preservation, and internal people did the preservation, the court is likely to take a dim view of the situation and hold the company accountable. Whereas, if it’s OUR fault, the court is going to yell at us and we may be sued by various parties for it (which has never happened, because we’re good at what we do), but YOU are not going to get hit with an intentional destruction of evidence direction from the court. Isn’t that convenient? Like a little slice of insurance you didn’t have to pay a premium on.
  2. We provide an unbiased, objective methodology for the analysis and collection of the electronic evidence. Our personnel are trained in this, experienced in the specific tasks, and not subject to any internal bias regarding what is evidence and what isn’t. We follow the risk averse mantra of “preserve broadly, present narrowly”, and we’ve never missed an objective. Whereas your personnel are subject to a variety of internal factors and pressures which may or may not increase the risk of an improper preservation effort. Which brings us back to the first argument for using Liticode, move that risk off your plate and onto ours.
  3. Using Liticode reduces the chance of an internal leak. There are several points in the process that can be a bit leaky, and you may not want the information contained in the evidence collection available internally. Analysis personnel talk. Collection personnel talk. Preservation personnel talk, misplace data, and accidentally destroy materials. There are chain of command leaks; line employees talk to their managers about the task and results. (Which, by the way, can increase the risk of insider trading!) Preserved data wanders as employees change positions in the company, as well. Some litigation runs for years, so a single point of risk like Liticode is preferable to a complex risk component such as in internal effort. Using internal resources complicates oversight procedures and accounting, as well. Use of a dedicated internal resource helps, but now you’re tasking an FTE and still not eliminating the majority of the risks outlined above. Our process is designed so that your information can’t be exposed or lost, and we compartmentalize and archive everything in dedicated facilities.

In short, Liticode is the best choice for your evidence processing needs. We do a better job and lower your risks because we have the experience to handle your internal evidence assets even better than you can yourselves.

But run this past your lawyer, because we’re not lawyers, we’ve just been doing this for more than 25 years. And then call us, because we’re the best. You can reach us at 610-810-1727 or fill out the form here.

Unauthorized Data Transmission by Hospital Applications

As reported in Network World and from our own observations, there is a bit of trouble with unauthorized outbound information transmission from a variety of systems and software on business networks, including healthcare. Healthcare Providers are particularly susceptible to this, because they have more systems per installation than any other form of business.  Most of the problems are covered in the article link above, so we’ll focus on the two that aren’t, and then talk about what we can do to help.

As discussed in the article :

  • Security devices and systems transmitting configuration data and other information without consent or notice.
  • OT devices like MRI machines and other systems, misconfigured or with their own security problems.
  • Desktop operating systems like Windows 10, which is obnoxiously chatty with high risk components being transmitted.
  • Rogue devices brought in by employees with good intentions, which unfortunately are not secure and transmit all sorts of good data.

Then there’s these:

  • Applications, misconfigured or configured with malignant intentions in an unauthorized fashion by companies with poor practices or ethics.
  • Good intentioned or bad intentioned users, transmitting all sorts of company data.

Email leaks are bad enough, but when systems and authorized users are transmitting data without our knowledge, it’s a serious blind spot. YOu can implement some form of data loss prevention, which should catch the leaks over common channels, but what about the systems and applications that are authorized and more difficult to find?

For these unauthorized data transmissions by personnel, you need manual review and monitoring. To catch data theft by systems personnel, you need to capture their activities and then validate them during or after the fact for bad activities.  We’ve observed major players in the electronic medical records business transmitting large amounts of patient data back to their company systems without authorization.  That needs to be squashed when it happens, so implement a process to make sure it doesn’t happen to your company.

For unauthorized transmissions by systems, you also need monitoring, but because it’s part of the overall activities, you can’t just watch when it’s happening, because you don’t know when it’s happening.  For this, you need to capture and analyze traffic and build up a knowledge of what is normal so you can spot anomalies.  It’s usually easy to profile an application and then locate any strange activity.

If you want some reassurance that your processes are catching everything, or you don’t have the resources to manage the verification process improvement on your own, please call us.  Finding needles in haystacks is kind of our thing.  We’ll be glad to help you figure out your needs and then map out business process improvements to cover them.

We’re the best at finding evidence of bad actors on your network.  Call now 610-810-1727 or email us at sales@ .