Reston Association’s Board of Directors has unanimously directed the organization’s staff to provide a comprehensive report on security incidents that caused losses of data, money or website capacity in the last two years.
At a board meeting last Thursday, board member Sarah Selvaraj-Dsouza proposed the motion in an effort to provide its membership with transparent information about possible issues
The move comes as some board members advocate for the immediate and swift creation of an IT committee that would guide RA on its security posture and provide recommendations on how to protect membership data, privacy and financial information.
Board members contend that RA’s security posture and IT platforms are incapable of maintaining industr-wide accepted standards of privacy and data security.
At last week’s meeting, board member Ven Iyer, a professional in the field of IT security, has voiced what he described as grave concerns related to RA’s lack of security.
Speaking as an RA member and not as a board member, Iyer says that RA CEO Hank Lynch’s email ID was breached, resulting in a loss of $187,000.
He also stated that RA’s website failed in the summer of 2020 when a system hosting the RA website, a decryption algorithm, and membership privacy and financial data was compromised. At the time, RA staff stated the abrupt shift was prompted because the website’s platform was “extremely outdated and unsupported.”
He also contended that RA’s communications to members — including recent press releases — mislead members into thinking that the shift to the cloud and a new website has resolved any pending concerns.
“That is simply not true. RA’s press releases falsely mislead members to believe that security incidents have occurred due to outdated technology or will not occur against because RA has shifted to cloud platforms,” he said.
Iyer wants the board to swiftly create the IT committee in order to “immediately respond at a SWAT team pace.”
A special meeting on the issue is planned, following a review of the proposal by RA’s board governance committee.
RA spokesman Mike Leone told Reston Now that because the board has not taken an official position on IT-related issues, the association cannot directly address Iyer’s concerns or questions about specific security issues.
The board is expected to review a report on IT breaches and other related issues on March 18.
Last year, Reston Association’s website was abruptly taken down because of outdated technology and stability issues. The loss of some financial records and limited backups was also cited as an issue in previous board meetings.
These challenges, along with other IT security needs, have prompted a call by four board members to create a board IT committee. If approved, the volunteer-run committee would be tasked with reviewing RA’s technology landscape, advising the association on procurement, data security and privacy, as well as other hands-on solutions. Board members Sarah Selvaraj-D’Souza, Bob Petrine, and Tom Mulkerin also worked on the plan.
Board member Ven Iyer, who described himself as an expert in security and IT infrastructure with 19 years of experience, said RA’s IT systems are “unfit”for conducting financial and Personally Identifiable data.
“If you were a bank or you were somebody handling PI data, you would be shut down. And you thoroughly need the help,” Iyer said at a special board meeting earlier this week.
He says RA’s IT issues are so severe that the institution of a board committee is necessary in order to make “RA capable of conducting business.”
But the proposal was met with some skepticism by other board members. Board president Julie Bitzer said the proposal needed a more thorough review before a board vote.
Four board members and RA’s legal counsel will revise the proposal in advance of another board special meeting on Monday, Feb. 15. The move was suggested by board member John Mooney and backed by Bitzer, Mike Collins, Caren Anton, and Aaron Webb.
“You don’t rush something important like this,”Mooney said.
Some board members questioned if it was appropriate to set up a board committee – which has more authority than an advisory or working group – to manage and advise RA on IT issues. Other board committees like RA’s Board Governance Committee and Board Advisory Committee have more authority than working groups or advisory committees.
Others simply said immediate action was necessary, especially since IT-related spending is a big-ticket spending item.
“The feeling was that you need to have the strength of the board like the fiscal committee does,” said D’Szousa.
Iyer, who said he has pushed for the creation of an IT committee for years, said the urgency of the need should not be underestimated.
Irwin Flashman, an RA member, said that residents would be more than willing to help support RA’s IT efforts and guide decision-making with expert advice.
“Reston is a technology center and many of those who work in the industry live in Reston and would be well qualified and willing, I feel certain, to lend a guiding hand to such an IT Committee and RA,”Flashman said.
‘We urge the board to act diligently and seriously. You hold the security of RA information in your hands. It is a great and serious responsibility.’
Within one day, RA staff quickly created a temporary website in July after the association’s IT team learned that the old website created a “potential security risk” to RA members and the DotNetNuke platform was no longer ‘technically supportable,’ according to past meeting materials.
Planning is underway to launch a new website with enhanced communication features later this year.
Lake Anne Elementary School will receive a grant from the Virginia Department of Education to boost its security.
The grant award of $104,000 covers Garfield ES and Lake Anne ES. It will pay for video monitoring systems, voice and video internal communications systems, school bus cameras, mass notification systems, access control systems, two-way radios, and other security upgrades, according to a release by Fairfax County Public Schools.
The award was developed with the help of the Virginia Department of Criminal Justice Services. Priority is given to schools most in need of security, schools with high numbers of offenses, schools with needs flagged in a security audit, and unmet funding needs.
This year, the program expanded to include funding for security equipment on school buses, according to Lucy Caldwell, the system’s director of news and information.
“FCPS intends to use the funds to enhance security systems at these schools,” Caldwell wrote in a statement to Reston Now. “Even though this is not a ‘normal’ school year, security and safety of our school buildings, staff, students and visitors is always a high priority.”
FCPS is one of 102 school divisions to receive the grant.
Photo via Google Maps
Herndon Middle School‘s administration is considering installing security cameras on school grounds.
The school’s administration stated that the cameras will “increase the ability to maintain the safety of all students, staff members and visitors within the building.”
Before installation begins, the school’s administration is accepting feedback from members of the school community. An informational meeting for parents is set for Thursday (Jan. 16) at the school at 5:30 p.m.
Lucy Caldwell, the director of news and information for Fairfax County Public Schools, told Reston Now that the move was not prompted by any specific events. Caldwell noted that all high school and middle schools are slated to install security devices in the near future.
“Cameras, by their mere presence, offer a deterrent to criminal and/or inappropriate behavior. Photographic evidence also serves to help identify individuals who are trespassing onto school property, thus greatly enhancing school safety.
Additionally, camera evidence can help exonerate individuals accused of acts they did not commit,” Caldwell wrote.
Photo via Google Maps
(Editor’s note: This story was updated at 9:22 a.m. to clarify information about the location of the Reston headquarters.)
Global firm IDEMIA, a company that specializes in augmented identity, plans to move its headquarters to Reston and create 90 new jobs.
The company will move its North American Identity & Security headquarters from Billerica, Mass. to Reston Town Center, Gov. Ralph Northam announced today (Dec. 19).
IDEMIA develops, manufactures and markets security technology products and services for the telecommunications, payments and identity markets. The company describes its “Augmented Identity” as “an identity that ensures privacy and trust and guarantees secure, authenticated and verifiable transactions.”
The company provides 80 percent of the U.S. driver’s licenses and ID-issuance solutions to 37 states, according to the press release.
The Fairfax County Economic Development Authority (FCEDA) helped Virginia beat out Washington, D.C and Maryland for the company’s move, according to the press release. IDEMIA, which has offices in Chantilly and Alexandria, will move into an 18,000-square-foot space in One Freedom Square (11951 Freedom Drive), according to Alan Fogg, the vice president of communications and research for FCEDA.
IDEMIA’s website lists the headquarters at 11911 Freedom Drive.
“Moving to Northern Virginia will enable both close proximity to our U.S. government customers and the ability to attract world-class talent,” Ed Casey, the chief executive officer of IDEMIA’s Identity & Security in North America, said in the press release. “The new workspace will feature a technology center to demonstrate our leading digital security and identification technologies.”
Gerald Gordon, president and CEO of FCEDA, said IDEMIA will fit into the county’s innovative companies.
“The county’s ever-growing technology ecosystem has the kind of assets these companies need to succeed in terms of workforce talent, potential customers, suppliers and partners, and a strong communication and transportation infrastructure,” Gordon said.
The FCEDA will support IDEMIA’s job creation through the state-funded Virginia Jobs Investment Program, which provides consultative services and funding to companies creating new jobs or undergoing technological changes for employee-training activities.
Photos via Fairfax County Economic Development Authority and IDEMIA/Facebook
This story has been updated
Beginning on October 1, Virginians will be able to obtain through the local offices of the Department of Motor Vehicles a REAL ID that complies with federal regulations to prove their identity. While having state-issued, federally-approved identification to prove who you are is offensive to many, the practical use of the REAL ID will result in most if not all complying with its requirements.
The REAL ID came about from recommendations of the 9/11 Commission studying ways to improve security to prevent other horrible terrorist acts from happening. Half of the September 11 hijackers had received driver’s licenses in Virginia. Congress passed an act to help prevent terrorist attacks and to reduce the number of licenses issued to undocumented residents. It established the requirements for states to follow in issuing driver’s licenses, and the program is implemented by the Department of Homeland Security. Under the congressionally passed law, states are required to issue licenses only to applicants who provide in-person proof of their identity and legal U.S. residency. The new cards must use the latest counterfeit-resistant security features.
Half the states are now in compliance with the new federal law, and others like Virginia have been working hard to put the new system into place. Beginning in the fall of 2020, persons who want to board a commercial flight must present a REAL ID or an alternative form of acceptable identification. Likewise, persons entering federal facilities must present a REAL ID. The DMV-issued credential will meet the requirement of REAL ID and will allow holders to access federal buildings, including military installations, and board commercial flights.
Obtaining a REAL ID when you renew your driver’s license is voluntary. That is what I intend to do. I do not want to have to remember to make a special trip to the DMV in the future to prove my identity for a REAL ID when I can do it as part of renewing my driver’s license.
To get a REAL ID you must apply in person and provide DMV with physical documentation of identity, such as an unexpired U.S. passport or a U.S. birth certificate and provide your legal presence through the same documentation. And yes, there is an additional one-time fee of $10 to help pay for the new cards. Hopefully you can visit a DMV office when they are not too busy. But you do need to go in person and take the time to meet the requirements.
Important news for those who do not drive and hence do not have a driver’s license: You can get a REAL ID through the same process just described to use for entering federal facilities, boarding commercial flights and voting.
Need more information? The DMV website is filled with full details. Check my interview with Commissioner Rick Holcomb of the DMV on YouTube after October 10 or watch it on Reston Comcast Channel 28 for public service programming or Verizon Channel 1981 at 7:30 p.m. on Tuesday, October 23 or at 10:30 p.m. on Wednesday, October 24.
The craft store said Thursday that nearly 2.6 million customers’ information had been stolen from its point-of-sale system. The company said security firms had found that criminals broke into Michaels’s system using “highly sophisticated malware that had not been encountered previously by either of the security firms.”
The Reston store, one of eight in Northern Virginia affected, was breached from May 8, 2013 – July 29, 2013, Michaels said.
The stolen information at both stores includes credit and debit card numbers and expiration dates. Customer names, Personal Identification Numbers (PINs) and addresses were not affected, the company said.
Michaels said it would offer customers free credit monitoring services for one year.
“We previously informed our customers and relevant regulators that we might have experienced a data security issue,” the company said in a statement. “Since the announcement, we retained two independent, expert security firms to conduct an extensive investigation. We also have been working closely with law enforcement authorities and coordinating with banks and payment processors to determine the facts. As soon as available, we provided data about potentially affected payment cards to the relevant card brands so they could take appropriate action.”
The store chain says the problem has been fixed and it is now safe to use credit and debit cards at the store.
They are advising customers to contact their bank or credit card company if they think they might be at risk. Customers can also call Michaels at 1-877-412-7145.