The ATM Industry Association (ATMIA) has released a new security guide with 128 best practices for armored carriers.

“We are in an industry in need of change,” said Mark Lowers, President of Lowers & Associates. “Without meaningful security improvements among armored carriers, the temptation for theft will continue to grow, leading to more and more losses that the industry simply cannot continue to sustain. Implementation of these best practices will add a major hedge of protection around the ATM industry.”

Tom Stevenson, [President and founder of Cash Connect], said he has been pleased so far at the positive response from armored carriers, many of whom are also facing heavy insurance premium increases and recognize the need to strengthen security measures. “Most armored carriers recognize that significant changes need to be made in order for underwriters to gain confidence that the upward trend in losses will be reversed.” said Stevenson, who travelled to London in January to meet with insurance underwriters, pledging a push for major security improvements in the US armored carrier industry.

Email the ATMIA for a copy of the guide.

The text of a Deutsche Welle article on the German Cyber Defense Center has some funny logic.

Note the name of the center, for example, versus the title.

Germany declares war on hackers with new cyber defense center

I propose they rename themselves the Cyber Offensive Center. No, that acronym doesn’t work. They could go with the Cyber War Center…or, wait, maybe a Cyber Lulz Center. If you are going to declare war and go on the offensive, you might as well get a few laughs in. What’s the German translation for lulz?

Seriously, though, the German news site says NATO top threats list includes terrorism, WMD and cyber attack. Never mind the differentiation and overlap of those terms (terrorism could be done with WMD and/or cyber attack). Note the absence of cruise-missiles on the list. Then read this:

NATO now counts cyber attacks as one of the greatest security threats in the modern world – alongside terrorism and weapons of mass destruction. The so-called Stuxnet worm, which targeted industrial software in the summer of 2010, infected computers controlling uranium enrichment plants in Iran. That showed the world that highly-developed viruses can penetrate enemy infrastructure as if they were digital cruise missiles.

If Stuxnet only has as much risk as a cruise missile does it drop off the top threats list? I think such a description is counter-productive. In other words, is your industry preparing for attack by cruise missiles? On a similar note, has anyone said viruses would be unable to penetrate critical infrastructure? As far as I can recall (at least into the early 1990s) it was widely known that worms could spread by removable storage and enemy infrastructure was susceptible to infiltration.

Iran’s uranium enrichment program at Busheir was built with extra resiliency in the 9,000 centrifuges because of an anticipated high-failure rate. The latest reports I found say production impact of Stuxnet was negligible, although clearly the surveillance aspect of it has had a psychological/political impact…even on Germany.

Last night I had a lengthy discussion with an ex-Amazon staff who laughed when I said consumers hate lock-in and high exit barriers. He gave the example of Microsoft Office and asked “you really think people are going to use something else?” That seemed strangely upside-down and backwards as an analogy.

My point was exactly the opposite. A market of new products to be considered for future adoption will factor exit cost. Those who use Microsoft Office are the ones on traditional non-cloud environments. There is no real exit barrier to leaving Microsoft Office other than the cost of learning a new platform since the formats can be exported and imported, or even used as a current standard (e.g. Office 97 or RTF).

A new platform (e.g. Cloud Y applications), by comparison, may come with lock-in to a non-standardized format. That should and will give consumers pause before they convert to it. This was highlighted by the European Network and Information Security Agency (ENISA) as one of the top barriers to new technology adoption in their Cloud Computing Risk Assessment.

CTOEdge now carries this message as well. Their post neither mentions security as the primary barrier nor hides the fact that cloud technology can be hamstrung by (boiled down to?) management of virtualization.

If you get the sense that we’ve entered a period of pregnant pause as it relates to cloud computing in the enterprise, it might have something to do with virtualization standards.

Right now, there are two standards that many cloud computing advocates are tracking with keen interest. The first is the Open Virtual Format, which will make it a whole lot easier for application workloads to dynamically run on top of multiple virtual machines. The second is a set of virtualization management interfaces that is to be shepherded by the Distributed Management Task Force (DMTF)