Reston Association has acknowledged that technological mishaps resulted in tens of thousands of dollars in additional expenses.
The organization described how it’s working to prevent those types of incidents following a cybersecurity review by information technology professionals with Wipfli, a consulting firm that the organization is using.
The recreational services organization created an IT committee in March that met for the first time last week. RA says that upgrades put in place in 2020 and recommendations it pursued from an assessment report from Wipfli will help mitigate the risk of similar incidents.
“The security of personal information is and remains our top priority and these new processes and protocols will help safeguard our information,” RA said in a statement. “Additional security initiatives will continue to be explored in 2022 with the assistance of RA’s new Board Information Technology Committee.”
Issues with RA’s technological framework and IT practices drew some board scrutiny early last year.
Incidents cost RA an extra $46,000
As part of the IT review, the association recently described three costly problems in recent years.
One incident involved a compromised Microsoft email account that resulted in a loss of over $187,000 in December 2020. That amount was recovered through insurance policies, though, but RA had to pay a $10,000 deductible.
Reston Now previously reported that it involved then-CEO Hank Lynch’s account, according to a board member.
Earlier that year, an individual also accessed the RA website and embedded malware, making the website lose functionality and member access to information.
The organization used a national law firm, BakerHostetler, to investigate, and directed Crypsis to conduct a forensic investigation, showing that members’ personal information was not exposed.
Insurance covered the costs, aside from a $10,000 deductible. That led to the association replacing its website with an interim site through Squarespace.
“The rating on that is yellow,” Kraus said, adding that the website is more of a billboard, though than an interactive portal for members.
Also, a server crash in 2019 led the organization to shift to cloud-based storage. On-site hard drives failed that contained financial data and vehicle fuel log data, requiring the association to around $26,000 in additional costs.
Ratings, recommendations given for IT practices
The assessment review found the organization is reactive — but not chaotic — in four areas: constituent-facing services, IT governance and benchmarking, cybersecurity, and IT vision. Wipfli also found that RA is proactive — but not optimal — in two areas involving Microsoft 365 deployment as well as roles and responsibilities of its managed service provider.
“We rate these key areas from red, yellow, green, blue, to white,” Joseph Kraus, a chief information officer advisor with Wipfli, told RA’s board of directors last week, noting the review showed RA having green and yellow statuses. “Most organizations we evaluate are largely red, yellow, and some green.”
RA’s visual report card, consisting of green and yellow reviews, is not that bad, though, Kraus said, noting it’s rare to be blue or above.
The results come after the organization’s chief information officer, Clara William, resigned in August, just short of two years on the job.
A Wipfli employee, Michael Lockett, began as a virtual chief information officer for RA in November and helped the organization with operational improvements.
He’ll be working with the IT committee to act as a partner with the organization, approve projects, create baselines for communications, and assist RA with other areas.
Wipfli’s assessment also included a roadmap of solutions. Among those recommendations, it said RA should decide if a full-time IT director is needed or if a service should be used. RA currently has two IT staff.
A venture capital fund that invested millions of dollars in a startup later hit with a federal fraud investigation and bankruptcy is suing the Herndon-based business accelerator Center for Innovative Technology.
According to the lawsuit, which was filed with the Fairfax County Circuit Court on May 10, Savano Capital Partners III — a fund tied to a Baltimore-based investment firm — paid CIT nearly $4.5 million in 2020 to invest in a fraud prevention technology company called NS8.
“On paper, it appeared to be earning millions in customer revenue and to have tens of millions of dollars of assets on hand,” the civil complaint said, adding that “the fraud described above occurred under Innovative’s ownership of NS8.”
Savano Capital entered into its financial agreement with CIT on March 20, 2020. At the same time, the Securities and Exchange Commission was investigating NS8 for fraud, issuing subpoenas to the company and its CEO in November 2019 and March 2020.
The SEC charged former NS8 CEO Adam Rogas with defrauding investors on Sept. 17, 2020, alleging that he had raised approximately $123 million from investors — at least $17.5 million of which he pocketed himself — by falsely claiming millions in revenue in 2019 and 2020.
NS8 filed for Chapter 11 bankruptcy in October before being acquired by the software company Avolin this past February. Criminal and civil cases against Rogas are still going through federal court, with the civil case halted while the criminal case unfolds.
Prosecutors allege Rogas’ actions “led to the illusion that NS8 had over $62 million in [revenue] when, in fact, it had just over $28,000” by June 2020.
In its legal complaint, Savano says it made the deal with CIT without knowing NS8 “was virtually worthless and was in the midst of a massive accounting fraud and SEC investigation.”
According to the complaint, the investment fund valued its NS8 stake at over $4.4 million as part of a tech companies portfolio with CIT. The plaintiff is seeking to rescind the contract, arguing that the business accelerator benefited from the windfall of worthless stock, attorney Jason Ohana said at a hearing on Friday (July 23).
CIT, which facilitated funding for NS8 and previously cited it as a success story, called the lawsuit meritless and asked for a dismissal with prejudice to avoid a trial. Fairfax County Circuit Court Judge Thomas Mann denied the request.
During the hearing, Jack McCann, an attorney for CIT, argued that Savano’s investment purchase was a “unilateral mistake” by the plaintiff, because the nonprofit never detailed the underlying value of the companies.
He compared the situation to an “as is” used car sale in which a buyer could inspect the vehicle and review maintenance reports but would be responsible if they realized the next day that they had purchased a hunk of junk.
“I don’t mean this disrespectfully, but the used-car analogy was not well done,” Mann said during the virtual hearing. “It’s a completely different set of circumstances than an ‘as is’ sale.”
He also cited a 1993 Supreme Court of Virginia decision on the right to a jury trial.
Founded in 2016, NS8 was once located in Arlington, but its headquarters were moved to Las Vegas. Rogas resigned on Sept. 1, 2020, according to a legal filing.
In its lawsuit, the SEC said Rogas at one point provided false bank statements to an investors’ consultant who found line items that didn’t correctly add up. The executive allegedly re-doctored information after being questioned.
The SEC also alleged Rogas sent falsified monthly bank statements to NS8’s finance department. In January and February 2020, NS8 claimed $38 million and $42 million in revenue, respectively, on financial statements when in reality, it brought in around $39,000 and $45,000, according to the SEC complaint.
An attorney for Rogas declined to comment. Filings on his behalf refer to the charges as allegations.
Amid the SEC investigation, Virginia sold CIT’s Herndon office complex to a private real estate developer and capital investment firm. Gov. Ralph Northam said proceeds from the $47 million sale would go to the Virginia Innovation Partnership Authority, which the General Assembly created last year.
Medically Fragile Task Force Vaccinates Homebound Residents — “For the past six months, a dedicated group of Fairfax County Health Department staff and Fairfax County Fire and Rescue Department firefighter/paramedics have been working to bring the COVID-19 vaccine to those who need to be vaccinated but cannot leave their homes. Through this the successful partnership, nearly 600 homebound residents of the Fairfax Health District have been vaccinated!” [FCHD]
Energy Use Surges Amid Heat Wave — “This week’s heatwave and high temperatures mean a higher demand for power, with Dominion Energy reporting more than double the demand it typically sees during moderate weather. For Dominion Energy’s service area in Virginia and parts of North Carolina, Porter said demand averages 8,000 megawatts a day during moderate weather. But so far this week, it has more than doubled, exceeding 19,500 megawatts a day.” [ABC7-WJLA]
Herndon Residents Surprised by Tree Removal — Town of Herndon residents raised “a furor” when an old oak tree was removed on Tuesday (July 13) during construction on Elden and Center Street improvements. Town Manager Bill Ashton said the tree’s removal was approved as part of the project design back in 2015 because it contributed to visibility issues at the intersection. [Patch]
County Prosecutor Launches Data Program — Fairfax County Commonwealth’s Attorney Steve Descano announced yesterday (Wednesday) that his office will partner with criminal justice reform and data analysis experts to develop a “state-of-the-art data program to track and mitigate racial disparities in Fairfax County’s justice system.” The office will also join a national “Motion for Justice” program to reduce racial disparities in local legal systems. [Fairfax County CA/Twitter]
Reston IT Company to Sponsor Cybersecurity Competition — “Leidos, a Fortune 500 information technology, engineering and science solutions and services leader, has joined as a top sponsor of the inaugural US Cyber Games…Through its sponsorship, Leidos is helping to equip, train and send the first-ever US Cyber Team to compete in December at the inaugural International Cybersecurity Challenge (ICC) in Athens, Greece.” [PR Newswire]
Photo via vantagehill/Flickr
General Assembly to Hold Special Session in August — “Governor Ralph Northam today [Wednesday] issued a proclamation calling the members of the General Assembly into special session on Monday, August 2. A special session is necessary to fill judicial vacancies and allocate more than $4.3 billion in federal relief funding.” [Office of the Governor]
TJ Admissions Changes Result in Increased Diversity — The Thomas Jefferson High School for Science and Technology Class of 2025 will include more Black and Hispanic students, more girls, and more economically disadvantaged students than past years, according to Fairfax County Public Schools data. This is the first cohort to be admitted under a new admissions system that ditched the magnet school’s usual admissions test and $100 application fee. [The Washington Post]
Herndon Office Building Sold — The investment company Boyd Watterson Asset Management has purchased a 160,000 square-foot office building at 13651 McLearen Road for $48 million. The McLearen Center is in the same complex as the Transportation Security Administration’s Freedom Center and Nysmith School, and it counts Boeing as a long-term tenant, though the lease is set to expire in May 2022. [Washington Business Journal]
Reston Contractor Reports Medicaid Data Breach — Maximus Corp., a government health data services provider based in Reston, says a data breach that occurred between May 17 and 19 exposed the personal information of more than 334,000 Medicaid healthcare providers nationwide. The incident did not affect information about patients or Medicaid beneficiaries, according to the company. [Information Security Media Group]
Irish Rock Band Joins Arrowbrook Concert Lineup — The D.C.-based Irish rock band Scythian will perform at Arrowbrooke Centre Park in Herndon on July 17 as part of Fairfax County’s Music at Arrowbrook Centre concert series, one of several free summer concert series organized by the county park authority. [Fairfax County Park Authority]
Photo via vantagehill/Flickr
Reston Association’s Board of Directors has unanimously directed the organization’s staff to provide a comprehensive report on security incidents that caused losses of data, money or website capacity in the last two years.
At a board meeting last Thursday, board member Sarah Selvaraj-Dsouza proposed the motion in an effort to provide its membership with transparent information about possible issues
The move comes as some board members advocate for the immediate and swift creation of an IT committee that would guide RA on its security posture and provide recommendations on how to protect membership data, privacy and financial information.
Board members contend that RA’s security posture and IT platforms are incapable of maintaining industr-wide accepted standards of privacy and data security.
At last week’s meeting, board member Ven Iyer, a professional in the field of IT security, has voiced what he described as grave concerns related to RA’s lack of security.
Speaking as an RA member and not as a board member, Iyer says that RA CEO Hank Lynch’s email ID was breached, resulting in a loss of $187,000.
He also stated that RA’s website failed in the summer of 2020 when a system hosting the RA website, a decryption algorithm, and membership privacy and financial data was compromised. At the time, RA staff stated the abrupt shift was prompted because the website’s platform was “extremely outdated and unsupported.”
He also contended that RA’s communications to members — including recent press releases — mislead members into thinking that the shift to the cloud and a new website has resolved any pending concerns.
“That is simply not true. RA’s press releases falsely mislead members to believe that security incidents have occurred due to outdated technology or will not occur against because RA has shifted to cloud platforms,” he said.
Iyer wants the board to swiftly create the IT committee in order to “immediately respond at a SWAT team pace.”
A special meeting on the issue is planned, following a review of the proposal by RA’s board governance committee.
RA spokesman Mike Leone told Reston Now that because the board has not taken an official position on IT-related issues, the association cannot directly address Iyer’s concerns or questions about specific security issues.
The board is expected to review a report on IT breaches and other related issues on March 18.
Amazon Web Services, Microsoft, and 25 other technology companies will be represented at a virtual career fair hosted by the Fairfax County Economic Development Authority on Thursday (Jan. 28).
The Cyber and Cloud Virtual Career Fair will focus on the information technology, cyber, and cloud industries. Participation is free of charge for job seekers, and the FCEDA is encouraging professionals of all experience levels to attend. People with security clearances are especially in demand, though that is not a required qualification.
“Our region is a top cyber and cloud hub and there has never been a better time to land a job in this industry because of the thousands of open jobs here,” FCEDA President and CEO Victor Hoskins said in a press release. “We are proud to be working with such a diverse group of companies that are letting us help them cast a wide net to find the right talent to fill these jobs and keep our networks, businesses, agencies and people secure.”
This is the latest in a series of job fairs that the FCEDA has been organizing throughout the past year in response to the COVID-19 pandemic. Previous events included fairs focused on hiring and reskilling, and women in technology.
According to the FCEDA, the first three job fairs in the series “collectively attracted over 2,100 attendees and resulted in 3,100 completed conversations between job seekers and hiring reps from a wide range of employers.”
The tech industry is expected to grow rapidly in Fairfax County in the coming years. About half of the more than 86,000 open jobs on the FCEDA’s job board are in technology fields, and the D.C. area is projected to add more than 130,000 tech jobs within the next five years.
The FCEDA’s job fair series is part of an initiative funded by Fairfax County to attract, retain, and retrain workers.
“Cloud and cyber companies are an important and growing facet of the Fairfax County tech economy,” Fairfax County Board of Supervisors Chairman Jeff McKay said. “I am delighted to see the talent initiative that the Board of Supervisors funded helping residents find jobs and emphasizing the importance of these sectors to Fairfax.”
Because the cyber and cloud career fair will be conducted virtually, candidates do not need to be currently located in Northern Virginia, and some companies are open to remote work options, the FCEDA says.
Interested job seekers can visit the FCEDA’s Work in Northern Virginia website to register and to see a full list of participating companies.
Photo via Glenn Carstens-Peters on Unsplash
More students and teachers in the Fairfax County County Public Schools system have been identified as victims of a ransomware attack that took place in September.
In a letter to parents, FCPS Superintendent Scott Brabrand said his staff has identified more people who may have been impacted by the attack.
”In line with our commitment to providing credit monitoring and identity restoration services to those who may need them, we have distributed additional individualized notices to ensure all eligible members of our community who wish to utilize these services have access to them,” Brabrand wrote in a letter to parents and students last night.
On Sept. 11 — just a few days after virtual learning resumed — hackers posted personal information of some students and staff on the dark web. Maze, a group of cybercriminals, claimed responsibility for the attack, which uses ransomware to prevent users from accessing files. In some cases, data is extracted and held hostage until a ransom is paid.
While the incident remains under investigation, Brabrand said that the school system is working with the FBI and Virginia State Police to investigate the attack.
Brabrand’s complete letter is below, after the jump.
The Fairfax County Economic Development Authority is hosting a free cyber and cloud virtual career fair next month.
Set for Jan. 28 from 1-4 p.m., the virtual fair will give candidates a chance to interview with 20 companies in Northern Virginia. According to FCEDA, more than 5,000 open positions are available at all experience levels.
“The Fairfax County Economic Development Authority is proud to host the Cyber + Cloud Virtual Career Fair,” said Victor Hoskins, president and CEO of the FCEDA. “We are thankful to the outstanding tech companies that will be participating in this event. This will be a great opportunity for job-seekers to interview virtually for job opportunities in two of the most robust industry sectors in Northern Virginia.”
Candidates with security clearances are strongly encouraged to attend. Attendees will be able to chat with company representatives and can register and attend from anywhere.
A lineup of the represented companies is below:
- BAE Systems North America
- Constellation West
- Easy Dynamics
- Human Touch
- Kreative Technologies
- ManTech International
- Ridgeline International
- Triumph Enterprises
The career fair is part of FCEDA’s newly-created talent attraction and retention initiative which is funded by the Fairfax County Board of Supervisors.
Photo via Unsplash
Some of the area’s largest cybersecurity companies are located in Herndon and Reston, according to a ranking by the Washington Business Journal.
Three companies in Reston and Herndon topped WBJ’s list, which ranks the largest cybersecurity companies in the Greater DC area by the number of employees, total revenue last year, and total Metro-area revenue.
More information on the local companies is below:
- Carahsoft Technology Corp. (Ranked #1): The company, which helps the public sector manage and reduce cybersecurity risks, has 1,282 employees, including 948 in the Metro-area. Last year, the company brought in $5.4 million in total revenue.
- Iron Bow Technologies LLC (Ranked #2): Located at 2302 Dulles Station Boulevard, the company boasted $1 billion in revenue last year. It has 680 total employees, 510 of which are based in the Metro-area.
- ThunderCat Technology LLC (Ranked #3): The company, which is located at 1925 Isaac Newton Square, brought in $503 million last year, roughly $289 million of which was in the Metro-area. The company has 84 employees.
Overall, 18 of the region’s 25 largest cybersecurity companies are located in Fairfax County.
Photo via Unsplash
FireEye, a publicly-traded cybersecurity company based in Silicon Valley, has acquired a local security company.
The company announced that it has required McLean-based security company Verodin.
A spokesperson for the company wrote the following about the acquisition:
In April, the company announced it was expanding its Reston footprint. Their offices are located at 11955 Freedom Drive… FireEye announced their continued expansion in the Reston area in April and has now taken another step towards establishing its dominance in the growing cyber security industry with the purchase of McLean, VA-based Verodin. This acquisition will grow FireEye’s footprint in the tech corridor as the region continues to draw top-tier companies.
Equipped with FireEye’s frontline intelligence, the Verodin platform will measure and test security environments against both known and newly discovered threats, empowering organizations to rapidly adapt their defense.
The terms of the deal were not disclosed.
FireEye offers a single platform for organizations struggling to prevent and respond to cyber attacks. Since it was founded in 2004 by Ashar Aziz, the company has filed more than 150 patents for technology related to cyber threat protections.
The company also has offices in Alexandria, where FireEye’s cybersecurity consultants are located. Overall, the company has more than 7,700 clients in 103 countries.
Photo via FireEye
Reston Hospital Center Helps Patient Recover from Coma — The center helped Amin, Hassam, 70, recover from a traumatic injury that left him in a coma. He was transported to the critical care unit of the center after a car crash. [WUSA 9]
Reston Concerts on the Town Kick Off Tomorrow — Reston Town Center’s pavilion will come to life once again with lively entertainment tomorrow from 7:30-10 p.m. The series runs through August 24. [Reston Town Center]
Reston Cybersecurity Firm Acquired and Merged with Two Other Companies — “TruShield Security Solutions Inc., a Reston cybersecurity firm, has been sold and merged with two other companies to form a new company, Avertium, based out of Phoenix. San Mateo, California-based private equity firm Sunstone Partners recently closed on the acquisitions of TruShield, Phoenix-based Terra Verde Security LLC and Knoxville, Tennessee-based Sword & Shield Enterprise Security to create Avertium, which will focus on midsized to large customers.” [The Washington Business Journal]
Flickr pool photo by vantagehill
Reston companies topped rankings for the most prominent and largest cybersecurity firms in the Washington region.
The rankings, determined by the Washington Business Journal based on last year’s revenue, included 25 companies, 21 of which are in Fairfax County. Based on the rankings, eight of the 25 companies are located in Herndon and Reston.
Reston-based Carahsoft Technology Corp., a distributor, and reseller of services that aim to reduce risks associated with cybersecurity topped the list. The company, which is located on 1860 Michael Faraday Drive, reeled in $4.1 billion in revenue and has 900 employees.
Herndon-based Iron Bow Technologies, which offers services related to defense, threat visibility, policy enforcement, and data protection, came in second, with $862.8 million in revenue last year and 661 employees.
ThunderCat technology, which offers forensic analysis and other services, ranked third, with $320 million in revenue and 70 employees. Knight Point Systems ranked fourth, Amyx Inc. ranked sixth, ITility ranked seventh, SeKON Enterprise Inc. ranked fourteenth and Electrosoft ranked 24th.
Photo via Carahsoft Technology Corp.