Consumer Watchdog Warns of Security Risk of Internet-Connected Vehicles

Avigael C. Fyman, Partner, Rivkin Radler

In a recently issued report, titled “Kill Switch: Why Connected Cars Can Be Killing Machines and How to Turn Them Off,” Consumer Watchdog, a nonprofit consumer advocacy organization, warned that millions of internet-connected cars already on the roadways may be dangerously vulnerable to hacking. While fully autonomous self-driving vehicles may be years away from widespread use, many of the top-selling models today have internet capabilities, including the ability to control your car using a smartphone app, voice assistant integration with Amazon’s Alexa and the ability to provide updates to the car’s software over the air.

Industry technologists and engineers have warned that many cars’ infotainment systems are connected to the internet through a cellular connection and are also connected to the vehicle’s critical systems, such as engines and brakes. This design could enable hackers to control a vehicle’s operations remotely over the internet, issuing commands from miles away.

While automakers have warned investors about the risks of a hacking incident, they have not, Consumer Watchdog cautioned, taken sufficient steps to protect against those risks. Notably, automakers make use of open-source software platforms, such as Linux and Android, and rely on “bug bounties” or “white hat” hackers who are paid to discover vulnerabilities. Relying on this type of testing to discover software vulnerabilities often circumvents any public disclosure, as hackers who are paid to discover vulnerabilities are often required to keep the details of their discoveries secret. While this is obviously intended to prevent anyone else from trying to exploit vulnerabilities before they are fixed, this secrecy has the added effect of keeping information regarding potential dangers out of the hands of the public and regulators.

The report raises significant concerns about automakers’ intent to use over-the-air updates to correct software problems in vehicle systems. Over-the-air (OTA) updates, which require vehicles to be remotely accessible and which can be transmitted en masse to an entire fleet of vehicles, can disrupt vehicle systems, either unintentionally or maliciously. Some problems have already occurred with OTA updates. In February 2018, a Chrysler OTA update caused some vehicle’s infotainment and other systems to be unusable, including rear-view cameras, heat, radio and navigation, while a September 2018 Tesla OTA update likewise rendered the autopilot feature on certain vehicles unusable. The fact that OTA updates can be made by automakers without monitoring by the National Highway Traffic Safety Administration likewise raises concerns that software systems may be updated without proper attention to safety.

The report discusses several potential mechanisms whereby an entire fleet of vehicles could be simultaneously hacked by malicious actors, including a direct attack over the cellular network from a laptop computer, a vehicle-to-vehicle worm, a “home base” attack on a manufacturer’s servers that can spread malware through an OTA update, use of a WiFi hotspot to spread malware, a hack of the software somewhere within a vehicle manufacturer’s supply chain, a third-party app that could be downloaded to a vehicle’s computer or a mobile device-to-vehicle attack that is transferred when a user’s phone is paired with a car. The report notes that a large-scale hack by a malevolent actor that, for example, disables brakes and airbags during the rush hour commute, could lead to thousands of deaths.

The report’s most significant recommendation is that vehicles be engineered with an “air gap” – ensuring that there is no electronic connection between the internet-connected components and the safety-critical components. With an air gap system, manufacturers would not be able to update vehicle software using OTA technology; while this is a disadvantage, Consumer Watchdog argues that this would incentivize manufacturers to engineer software more carefully in the first instance.

As such technology may take several years to develop, the report recommends that in the meantime all vehicles be removed from the cellular network, or else that manufacturers add a “kill switch” that allows every driver to disconnect their vehicle from the internet.

It remains to be seen whether concerns over the issues raised by the Consumer Watchdog report will lead legislators, regulators or the insurance industry to pump the brakes on internet connected cars. In any event, importing the Silicon Valley ethos of “move fast and break things” to the automotive industry should be tempered by appropriate attention to safety.

Ovarian Cancer Research, Advances and Treatments

COMPILED BY JOHN JOSEPH PARKER, CONTRIBUTING EDITOR

AS SEPTEMBER IS NATIONAL Ovarian Cancer Awareness Month, COMMERCE features a few of the latest advances in treat­ment and disease management. Ovarian cancer ranks fifth as the cause of cancer death in women and is the ninth most common cancer in women (not counting skin cancer).

New Research Identifies Genes Associated with an Increased Risk of Ovarian Cancer

Earlier this year, Nature Genetics published a study, in part funded by the Ovarian Cancer Research Alliance (OCRA), that found 34 genes were connected to women developing the earliest stages of ovarian cancer. Using data compiled by the Ovarian Cancer Association Consortium, researchers looked at the genetic profiles of around 25,000 women diagnosed with ovarian cancer and 45,000 women without the disease. Looking at the genetic variants in a new way and being able to use a large amount of data with which to compare it to, allowed them to identify those new genes.

OCRA, American Cancer Society Launch Joint Ovarian Cancer Research Initiative

In a new collaboration, the American Cancer Society and Ovarian Cancer Research Alliance (OCRA) have joined forces to fund multidisciplinary research projects to explore new ways of detect­ing, treating, and preventing ovarian cancer relapse and for improving quality of life among those diagnosed with ovarian cancer. The two organizations are committing to a total investment of $8 million to sustain four research teams over four years.

Ovarian cancer accounts for more deaths than any other cancer of the female reproductive system and is the fifth leading cause of cancer death over­all among women. The American Cancer Society estimates that in 2019, about 22,530 women in the United States will be diagnosed with ovarian cancer and about 13,980 women will die from the disease.

Four out of five women diagnosed with ovarian cancer have advanced disease, which is associated with an increased risk of persistent and recurrent cancer following initial treatment. While advanced ovarian cancer can be treat­able, it is rarely curable. There is current­ly no way to predict which women in remission will experience short-term ver­sus long-term survival from ovarian can­cer, or which women are at risk for high symptom burden during survivorship.

This joint initiative seeks to raise funds to support four multidisciplinary research teams to investigate biological, clinical, and psychosocial factors associated with ovarian cancer outcomes. A better understanding of these factors will lead to new avenues for detecting, treating, and preventing ovarian cancer relapse and for improving quality of life. Once initial funding is acquired, a request for proposal/critical peer review process will select the four research teams.

 Combination Niraparib Plus Pembrolizumub Shows Promise

Results of new trials show that combi­nation niraparib plus pembrolizumab therapy showed promising antitumor activity in patients with ovarian cancer. Patients with recurrent ovarian carcino­ma frequently develop resistance to platinum-based chemotherapy, at which time treatment options become limited. Here, single-arm phases 1 and 2 trials sought to determine the clinical activity and safety of combination therapy of niraparib plus pembrolizumab in patients with platinum-based chemotherapy–resistant ovarian carcino­ma or those not eligible for retreatment with a platinum-based chemotherapy. Sixty-two patients with ovarian carcino­ma were enrolled in this open-label, single-arm phases 1 and 2 study. Among the 60 evaluable patients, 3 had com­plete responses, 8 had partial responses, and 28 had stable disease.

This positive result led researchers to conclude that niraparib in combination with pembrolizumab is tolerable, with promising antitumor activity for patients with ovarian carcinoma who have limit­ed treatment options regardless of plat­inum status, biomarker status, or prior treatment with bevacizumab. Responses in patients without tumor BRCA muta­tions or non-HRD cancers were higher than expected with either agent as monotherapy. This study could poten­tially have long-lasting impact in that it not only identifies women at high risk of developing ovarian cancer, it could also inform future treatments for these genetic components.

Higher Education Roundtable: Cybersecurity Courses/Careers

COMPILED BY MILES Z. EPSTEIN, EDITOR, COMMERCE

FOR THE FBI, CYBERSECURITY students are among the “most wanted” talent for the workforce of the future. This skill set is becoming vital for law enforcement, as cyberspace is now a dangerous neighborhood with criminals, hackers, foreign adversaries and terrorists trying to do America harm with viruses, malware, ransomware and destructive code designed to capture or destroy data. Banks, retailers, individuals and the federal government are all being targeted.

In fact, the U.S. Armed Forces—and the U.S. Coast Guard—are changing how they recruit to attract cyber pros who may not fancy boot camp. That’s right—even Uncle Sam needs “nerds” for both law enforcement and combat opera­tions.

 “We seek individuals with degrees, work experience or certificates in cyber,” says Christopher K. Stangl, the FBI’s Assistant Special Agent in Charge, Newark. “People can get a lot of infor­mation from our website, fbijobs.gov, and we use social media. We go to career fairs, and to colleges and univer­sities. The FBI is also piloting a cyber-STEM [science, technology, mathematics and engineering] program with several high schools to identify, attract and develop students. We also have an Honors Internship Program that can enable college graduates and under­grads with a variety of backgrounds to get an insider’s perspective on FBI law enforcement and intelligence opera­tions, while gaining valuable experience with a 10-week, paid internship.”

 Businesses, governments, nonprofits and individuals need cybersecurity pro­fessionals, so COMMERCE asked the fol­lowing higher education leaders to dis­cuss how their colleges and universities are preparing students for this growing career field:

● Berkeley College President Michael J. Smith;

● County College of Morris President Dr. Anthony J. Iacono;

● Eastwick College President Tom Eastwick;

● Montclair State University President Dr. Susan A. Cole;

● New Jersey Institute of Technology President Dr. Joel S. Bloom;

● Ocean County College President Dr. Jon H. Larson;

● Ramapo College of New Jersey President Dr. Peter P. Mercer;

● Stockton University President Dr. Harvey Kesselman;

● Thomas Edison State University President Dr. Merodie Hancock;

● William Paterson University President Dr. Richard Helldobler.

 Berkeley College By Michael J. Smith, President

Students at Berkeley College interested in cyber or Internet security careers can gain expertise and career placement assis­tance from a variety of resources to find valuable internships and employment. One student whose major is Justice Studies-Criminal Justice succeeded in getting an internship with the FBI’s Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Another student with a major in Information Technology Management is working with a local police department for her internship. The Network Security course includes Internet security. The Justice Studies-Criminal Justice program offers a career path in cybersecurity. A key unifying factor for student success at Berkeley College is the cohesive effort among the faculty, students and career service counselors, who create networks and partnerships in which students and graduates can thrive.

County College of Morris By Dr. Anthony J. Iacono, President

Designated a National Center of Academic Excellence in Cyber Defense Education by the National Security Agency (NSA) and Department of Homeland Security (DHS), County College of Morris (CCM) is a national leader in preparing professionals for this important field. Our Information Security Certificate program is mapped to NSA/DHS stan­dards and our professors are nationally recognized leaders in setting the direc­tion of the country’s information securi­ty curriculum. Students at CCM, thereby, are well prepared to provide businesses, government and individuals with appro­priate cybersecurity measures to protect their digital assets. Additionally, CCM’s Center for Cyber Security assists with educating cybersecurity professionals, along with the community. High school students also can take advantage of CCM’s cybersecurity curriculum and earn college credit through a program offered with the Morris County Vocational School District.

Eastwick College By Tom Eastwick, President

Students at Eastwick College Nutley are immersed in the world of cybersecurity through our specialized computer and electronics technology associate degree. Networking plays a critical role in the daily operations for businesses (now more than ever) and it is with this in mind that we help our students become proficient in this area. Some of the core concepts covered include network infrastructure, current best practices within cybersecurity, and defensive and offensive network protec­tion. The program utilizes hands-on projects in malware, e-mail and web content protection and hacking behav­ior, including applicable concepts in ethics and relevant law. As Internet connectivity increasingly expands beyond laptops and desktop computers to devices such as smart watches, busi­ness automation and driverless trans­portation, the challenge to keep these devices safe (and the data on them) will be an increasing challenge. Our degree equips the next generation of techs with the knowledge, skills and abilities to take on these challenges.

Montclair State University By Dr. Susan A. Cole, President

As an emerging leader in computer science and information technology, Montclair State University provides New Jersey’s businesses with a highly skilled work­force and research-based innovations. Our new Master of Science in Cyber-security—housed in a state-of-the-art facility—educates professionals to meet the needs of employers in this growing field. Students graduate with strong computational skills and a grounding in the legal and ethical aspects of cybersecurity. Montclair State students learn from internationally recognized researchers who are conducting break­through work in data science, big data analytics and computational linguistics. In the past five years alone, our comput­er science faculty received $2.5 million in research grants and have published more than 200 research articles.

New Jersey Institute of Technology By Dr. Joel S. Bloom, President

All computer science undergraduates have a cybersecurity requirement, and all information tech­nology undergraduates are required to complete a course in computer and net­work security. At the graduate level, NJIT offers an M.S. in Cybersecurity and Privacy, and an M.S. in Information Technology Administration and Security. NJIT is designated a National Center of Academic Excellence in Cyber Defense Education by the NSA and DHS. Under this umbrella, NJIT offers the CyberCorps M.S. program, a competitive program funded by the NSF. Accepted students receive full tuition, stipend and funds for professional development. In exchange, the student works as a cybersecurity professional in govern­ment after graduation for a period of time equal to the support period. NJIT also has an active Center for Cyber-security Research with four faculty and dozens of Ph.D. students, funded by the NSF and defense agencies, such as DARPA, DoD and ONR.

Ocean County College By Dr. Jon H. Larson, President

Ocean County College (OCC) now offers an Associate Degree in Computer Science with a Cyber-Information Security Option. This path is specifically tailored to students who plan to continue their studies or begin their careers in the field of information security. The Cyber- Information Security degree option is a broad program of study that covers the basics of cybersecurity. Students enrolled in this degree program will complete Information Security Fundamentals, Systems Analysis and Database Management, as well as additional com­puter science and criminal justice elec­tives. Upon degree completion, OCC stu­dents can seamlessly transfer their cred­its to institutions such as the New Jersey Institute of Technology (NJIT). This pro­vides OCC graduates the opportunity to pursue a bachelor’s and master’s degree at a global leader in the field of infor­mation security.

Ramapo College of New Jersey By Dr. Peter P. Mercer, President

We are launching degree programs in cybersecurity, digital forensics and data science— and for students in business degree programs—we offer new courses in these fields. Our Cybersecurity course covers privacy concerns, secrecy issues, operational security, physical security, hardware and software security, commu­nications security and data security. Students also learn cryptography and risk management, as well as how to design and create disaster recovery plans, computer policies and standards, system security architectures and physi­cal security controls. Also, our “Intro-duction to Digital Forensics” course covers digital forensic processes in response to cybercrime and ways to uncover, protect, exploit and document digital evidence. Students also learn techniques in computing investigation, digital evidence collection, cell phone and mobile device forensics and comput­er forensics reporting.

Stockton University By Dr. Harvey Kesselman, President

Stockton University’s B.S. degrees in Computer Science (CS) and Computer Information Systems (CIS) include courses on Cryptography and Data Security, and Software and Security Engineering. Our interdisci­plinary approach allows students in fields such as business and criminal jus­tice to minor in CIS and obtain the skills to work in cybersecurity. Students intern in Stockton’s Office of Information Security and data protection businesses such as Commvault. The Washington Internship Program provided a student the opportunity to work on cybersecurity issues for the U.S. House of Representatives Committee on Homeland Security. The Homeland Security track in Stockton’s Master of Arts in Criminal Justice includes sections on cybersecurity and counterterrorism. Faculty also offer free workshops on Internet security, teaching local residents to protect their personal information.

Thomas Edison State University By Dr. Merodie Hancock, President

TESU offers workforce-responsive cybersecurity programs that prepare students for pivotal roles in securing the nation’s information assets and critical infrastructure. The School of Applied Science and Technology’s Bachelor of Science degree in Cyber-security helps students develop founda­tional expertise that responds to a bur­geoning skills gap and unprecedented industry demand. The Master of Science in Information Technology degree with specializations in Cybersecurity and Information Assurance enables them to translate that expertise to manage­ment and leadership roles. For those seeking specific credentials, we offer an Undergraduate Certificate in Cyber-security and a Graduate Certificate in Cybersecurity-Critical Infrastructure designed to help employees advance in their careers. Our flexible online program structure allows students to earn industry-recognized credentials and expand their expertise without sacrificing professional and personal responsibilities.

William Paterson University By Dr. Richard Helldobler, President

Our bachelor’s degrees in computer science and computer information technology include the course “Fundamentals of Networking Information Assurance and Security,” which provides cyber-security assessment and defense strategies. “Cybersecurity and Information Assurance,” a new course in our business analytics master’s pro­gram, focuses on today’s challenges. The University’s School of Continuing and Professional Education (SCPE) oversees a new grant, Growing Apprenticeships in Nontraditional Sectors (GAINS) from the New Jersey Labor and Workforce Development Office of Apprenticeships. This USDOL Registered Apprenticeship program for computer systems analysts in informa­­­­tion technology/cybersecurity, in close collaboration with employer partners, combines classroom training and mentoring with related hands-on internship work experiences. Through the SCPE, we also provide technology certification in a wide range of cybersecurity specializations. In support of our commitment to cybersecurity readiness, our annual Cybersecurity and Big Data Analytics Symposium brings industry experts to campus to discuss strategies for addressing challenges in this critical field.

Five Cybersecurity Traps: Are You Prepared for Bad Actors?

By Tyler Cohen Wood, Inspired eLearning, LLC

We live in a world were cyber threats to corporate security can come from both internal and external sources. Here are the key dangers to be concerned about.

Dark Hotel Hacks. Hackers know that C-level executives travel often and use this knowledge to try to exploit that situation by compromising technology in hotel rooms. There are many ways hackers can use this technique, and they tend to be creative, such as com­promising USB phone charging outlets in hotel rooms by replacing them with hacked versions that exfiltrate data to the hackers. Use only your own charging equipment when charging phones and other devices. Avoid using lamp and desk-mounted outlets to charge your devices. Instead, use A/C outlets along the walls away from desk and bedside areas.

Whaling. This is the “Big Phish” version of Phishing that specifically targets CEOs. Protect yourself from whaling just as you would guard against any e-mail Phishing attack. Examine links within e-mails to deter­mine the source before clicking on them. Don’t download attachments from unknown sources. Don’t give away detailed information that a hacker can use to glean information about you on social media. Always use the strictest privacy settings on all your digital devices.

Business E-mail Compromise (BEC) Scams. Criminals use a faked or compromised e-mail that appears to come from the CEO directing Accounts Payable to wire money directly to a hacker under the guise of a legiti-mate request. To counter this threat, establish a two-factor authentication protocol with your Accounts Payable department, such as requiring a phone call with a code word for each transaction.

Evil-Twin Schemes. These scams can happen in tandem with Dark Hotel hacks. Recently, hackers have targeted executives by creating fake hotel Wi-Fi networks that closely mimic the real thing. CEOs must make sure they log on to the secure, hotel-authorized networks with the passwords they are provided at check-in.

Lack of Education. It is critically important for C-level executives to have a good understanding of their organization’s cybersecurity readiness, capabilities and weaknesses and employ a full security awareness training pro­gram for all employees at every level. Ensuring that you and your workforce know the latest threats and countermea­sures will help protect your company from falling victim to the latest hacks.

New Businesses Are Key to Economic Growth

COMPILED BY JOHN JOSEPH PARKER, CONTRIBUTING EDITOR

SMALL BUSINESSES ARE THE economic engine that powers communities, says Quint Studer, author of Building a Vibrant Community: How Citizen-Powered Change Is Reshaping America (Be the Bulb Publishing, 2018). “A healthy busi­ness presence can turn around a strug­gling community and make a healthy one even stronger,” he says. Here are some smart steps leaders can take to create a community that attracts start­ups and supports the companies that are already there, according to Studer.

Make sure your focus is on eco­nomic growth. Judge all community projects through this lens. Growth is almost always driven by private invest­ment. It’s the key to job creation and a strong, sustainable tax base.

Create a vibrant downtown that appeals to young talent. Creating events that bring people downtown is the first step to creating a vibrant, walkable, liv­able downtown. Many communities do this with farmers markets, festivals, out­door concerts, and so forth. Other key ingredients are places to eat and shop, office space and residential develop­ments.

Invest in affordable housing. “This is a huge issue in attracting tal­ent,” notes Studer. “Young people and empty nesters in particular want to live where they work so it’s great if you can figure out how to get local investors to commit to building affordable housing.

Focus on a strong education system. This creates a strong talent base and appeals to investors. Do every­thing you can to improve yours, not just now, but in the future.

Elect and appoint leaders who put the community first. They should be willing to listen to new ideas and make it easy and comfortable for people to do business there. That means ensur­ing all guidelines, codes and zoning rules make sense and are clearly spelled out and enforced. Further, leaders should be easily accessible and available to answer questions to assure that deci­sions about planning and developing are made quickly, efficiently and in the right order.

Make sure companies have a safe, clean environment in which to operate. Attractive urban and subur­ban spaces and low crime rates are good for business. If you’re in an unsafe area, it won’t matter how good your product or service is. Customers won’t come.

Create a dashboard showing critical, objective metrics, update it regularly, and keep it in front of citizens, businesses and investors. It will provide concise information about relevant factors like economic perform­ance, well-being of the population, high school graduation rates and where entrepreneurs are located. These metrics will attract investment and keep citizens and decision-makers mindful of where improvements are needed.

Use the dashboard to create a compelling story. Does the community have a high graduation rate? Are there a lot of Millennials? These are the kinds of data points that can be used to show­case a community’s advantages. And don’t forget about the other factors that don’t show up on a dashboard. Is there a downtown? A great universi­ty? Is the community known for its art and culture? Is the cost of living affordable?

Find ways to help start-ups get access to capital. One way they help entrepreneurs is by creating leases that move up and down based on revenue.

Consider hosting a small business challenge. This is a contest in which people compete to submit the best small business idea. The winner gets funding and support for getting their new ven­ture started. This really gives a big boost to startups and small companies.

Galvanize your business community. Being business-friendly doesn’t just mean making it easy for people to start companies. It also means keeping them growing. A fully engaged business community is the key.

Diversify, diversify, diversify. “It’s easy to have a little success in one area and then focus on that area too much,” notes Studer. “Healthy economies are based on more than just tourism or just manufacturing or just banking. They need diversity to thrive.”

One more important factor for a strong small business ecosystem? A culture of community support. This is the nutrient-rich soil that allows a business to really take root and thrive over time, says Studer.

“Entrepreneurs need to feel that the community is invested in their well-being,” he says. “Once leaders start this conversation, the community will respond.”

COMMERCE asked top accounting firms and law firms to discuss how New Jersey could become more busi­ness-friendly, and how they are assisting their clients. Here are their thoughts, insights and best practices.

ACCOUNTING

Goldstein Lieberman & Company LLC By Phillip Goldstein, CPA, Managing Partner

Our state and municipali­ties should improve access to funding for start-ups. Offer tax incentives. New Jersey once had one of the lowest income tax rates in the country. Today, taxes are so high any entrepreneur would have to ask “why” start a busi­ness here? Be creative with those incen­tives—let businesses with the greater number of employees pay less taxes. Loosen the regulation stranglehold—fast track the building approval process. Create new business incubators especial­ly for those industries New Jersey is eager to attract. Stay in touch. Getting entrepreneurs here is one thing—keeping them here is also a challenge. Facilitate communications and provide networking opportunities. Invite those of us who have been here longest to mentor the newcomers. We’re here to help.

Grassi & Co. By Michael Hochman, CPA, CCIFP, Partner, NJ Office Market Leader

Whether we are willing to admit it or not, government policy does play a part in the creation, trajec­tory and success of small businesses—sometimes their policies can benefit entrepreneurs and sometimes they can hurt. Tax and other incentives offered to entrepreneurs, as long as they make economic sense, could bring jobs and much-needed tax revenue and economic growth to the state. In the development stage, entrepreneurs tend to be smaller operations and could use much-needed property tax relief, which would entice them to purchase commercial properties which would maintain and increase real estate values and their underlying investments. With regard to the numer­ous and many times onerous regula­tions, entrepreneurs could be provided full exemptions or reduced compliance requirements to ease the burden on these early stage businesses, who gener­ally don’t have the back-office capabili­ties to comply and this would make it more attractive to operate in the state.

Levine Jacobs & Co., LLC By Michael H. Karu, CPA, CFF, CGMA

On a state level, it all starts and ends with taxes and tax incentives. New Jersey does have the “Angel Investor” pro­gram, whereby investors in a qualifying emerging New Jersey technology or life science business can get a tax credit. New Jersey needs to expand upon it and advertise it better. On the local level, towns can reduce real estate taxes or provide facilities to entrepreneurs. Towns can host events allowing the entrepreneurs to meet other business owners, town officials, and interested residents, providing a forum to intro­duce their businesses. Many towns have Chambers of Commerce or service clubs, such as the Rotary Club or Kiwanis Club. Those organizations should invite the entrepreneurs to come in and talk about their businesses and to advise what is needed to help them thrive. Communication is the key.

SobelCo By Alan D. Sobel, CPA, CGMA, Managing Member

For starters, New Jersey needs to become the best place for entrepreneurs to start and maintain their business. The density of our population creates a unique oppor­tunity for entrepreneurs to reach multi­tudes of potential customers and our highly educated workforce presents great opportunity to leverage skills into dynamic organizations. But, unnecessary regulations, among the highest taxes in the nation, and a lack of solutions to fix long-term fiscal and physical infrastruc­ture issues in our state are a drag on growth and on the ability for an entre­preneur to succeed. By definition, entre­preneurs are risk-takers, but taking on the risk of fighting these counter forces limits or impedes their ultimate success. Entrepreneurs will find alternatives of where to start and grow their business unless New Jersey seriously addresses these impediments.

LAW

Cole Schotz P.C. By Jeffrey H. Schechter, Esq., Chair, Tax Controversies

New Jersey must create a better environment for entrepreneurs by becoming more tax-friendly. New Jersey taxes entrepreneurs at rates among the highest in the country. The Corporation Business Tax is imposed at a 9 percent rate when net income exceeds $100,000 and an additional 2.5 percent surtax when net income exceeds $1 mil­lion. For entrepreneurs who hold their businesses in flow-through entities, they will be subject to one of the highest individual income tax rates in the coun­try—8.97 percent for income above $500,000, which jumps to 10.75 percent for income above $5 million. The tax allows for virtually no deductions. Most daunting is the highest property tax levy in the country on a per capita basis. Because these taxes are no longer fully deductible for federal purposes, the pain is compounded. Bringing these taxes down will bring more entrepre­neurs to the state.

Connell Foley LLP By John D. Cromie, Esq., Chair, Corporate and Business Law Group

Small businesses are the economic engine of New Jersey. The most important steps that state, county and local governments can do to create and foster a more entrepreneur-friendly environment are to commit to policies that encourage business formation and growth, the free flow of capital and job creation. Government at all levels needs to lower taxes, eliminate and simplify business regulations, and assist small business owners in attracting and retain­ing a well-qualified labor force. New Jersey enjoys many advantages over other states, but government and administrative agencies must be mindful of the challenges faced by entrepre­neurs and small business owners and take steps to support economic growth for the benefit of New Jersey and the region. These policies will help attract and keep small business owners in New Jersey.

Chiesa Shahinian & Giantomasi PC By Francis J. Giantomasi, Esq., Member

It is my view that entre­preneurs would benefit greatly from an interactive, user-friendly communication apparatus—whether a newsletter, web­site, digital kiosk or other device—that more tightly integrates the many, evolv­ing incentives New Jersey has to offer at both the municipal and state levels. In addition to continuously broadcasting the state’s business-friendliness to the world’s entrepreneurs, the platform would bundle otherwise disparate incentive packages, streamline the incentive evaluation and selection process, and foster deeper collaboration and synergies among New Jersey and its municipalities. I would think of it as the virtual equivalent of the ongoing amal­gamation of three of the state’s top eco­nomic development functions—the New Jersey Economic Development Authority, Choose New Jersey and the Governor’s Office—under one roof at One Gateway Center in Newark.

Gibbons P.C. By Frank T. Cannone, Esq., Chair, Corporate Department

Be more flexible. Running a business, and particularly being an entrepreneur, is an extremely difficult, ever-changing venture. Recognizing this, governments, includ­ing New Jersey and its municipalities, are trying to keep up, but they move slowly, as political entities with numer­ous rules, regulations and penalties for violations and dependent on legislators, regulators, voters, judges and similar influences. Governments can look beyond by-the-book rules to the chal­lenges that entrepreneurs face strug­gling to stay competitive in a complex global marketplace. Rather than search for ways to penalize them, look at the equitable side—as in a court of equity—asking what is fair and supporting entrepreneurial efforts where the desire is not to break the rules or cheat but to improve their businesses for the better­ment of the state and society.

Harwood Lloyd, LLC By Thomas Loikith, Esq., Partner

The New Jersey commer­cial recording website makes the formation of a new business quick and easy. But both the state and municipalities need to make growing a small business less burdensome with fewer regulations, lower taxes and fair employment and labor laws. Consolidation of regional services, lower property taxes and lower car insurance premiums for individuals and entities would all help make New Jersey a place where an entrepre­neur wants to start and grow a new business.

Norris McLaughlin, P.A. By David S. Blatteis, Esq., Co-Chair, Business Law Group

New Jersey and its municipalities need to continue to fund and more thoroughly promote existing organizations and programs designed to incentivize entrepreneurs in the state, such as the New Jersey Angel Investor Tax Credit Program, and the New Jersey Economic Development Authority (NJEDA). Most entrepreneurs do not know that the NJEDA has invested more than $51 million in venture capital funds that invest in emerging technology com­panies, or that 21 tenants are using space at the Commercialization Center for Innovative Technologies. I also ques­tion whether entrepreneurs are aware of the New Jersey Business Incubation Network—a collaborative community of business experts and resource facili­ties dedicated to enhancing the com­mercial success of early stage and expan­sion stage entrepreneurial companies. More funding for these valuable organi­zations and programs, as well as publici­ty, will create a better business environ­ment for entrepreneurs in the Garden State.

NPZ Law Group, P.C. By David H. Nachman, Esq., U.S. Managing Attorney

The immigration and nationality lawyers at the NPZ Law Group, P.C. believe that states and municipalities can promote entre­preneurship by formulating programs like E-2 Investor Visas and EB-5 Regional Center Programs (designated by the state departments of labor) to incen­tivize investments on both a local and state level. Additional ways to promote entrepreneurship are to create partner­ships with academic institutions to extend local and regional business incu­bators; provide special tax incentives in the locales to permit special tax credits for entrepreneurial endeavors; and to provide special incentives to encourage entrepreneurs to live and work in these states and municipalities.

Wilentz, Goldman & Spitzer, P.A. By Brett R. Harris, Esq., Shareholder

New Jersey laws address­ing business entities should be updated to provide maximum flexibility for struc­turing of transactions, including allowing for corporate conversions to limited liability companies, an entity form frequently used by entrepreneurs. Since entrepreneurial ventures are often based on innovative platforms, our laws should be revised to facilitate adoption of technology such as use of blockchain to document corporate records. Finally, recognize that for all businesses, whether traditional or entrepreneurial, attracting and retaining a talented workforce is critical. High quality of life within close proximity to the workplace can be a deciding factor in recruitment. Our state and municipalities should focus on developing communities with access to quality education, transportation, healthcare, cultural institutions and recreational facilities, and should support the non-profit organizations, which can provide these services while alleviating burdens on governmental resources.

FBI Agent Christopher K. Stangl Patrols Cyberspace from His Post in Newark

 BY MARTIN DAKS, CONTRIBUTING EDITOR

NEWARK, NEW JERSEY-BASED Assistant Special Agent in Charge (SAC) Christopher K. Stangl has been with the FBI for more than a decade, investigating criminal computer intrusions, Internet fraud and other issues. The Newark office helped to crack a case involving two Iranian men who were charged in November with deploying SamSam ransomware, which crippled the operations of more than 230 hospitals, municipalities, public insti­tutions and other critical networks in the United States and Canada.

More than $6 million in ransom pay­ments were extorted, and the affected public and private institutions suffered an estimated $30 billion in damages. COMMERCE spoke with SAC Stangl about where the biggest threats to national security are originating, the kinds of cyber-risks companies face and some best practices to guard against hackers.

COMMERCE: Are any businesses at particular risk of a cyberattack? CHRISTOPHER K. STANGL: Many kinds of companies and other organizations, across the spectrum, are affected. The businesses themselves, their employ­ees, their customers and national securi­ty are all targeted. Even agricultural companies can be targeted, with attack­ers seeking their formulas and processes. Competitors want to find out how we engineer and harvest seeds.

 Q. Who’s behind these attacks?

A. The No. 1 threat today is the gov­ernment of China. But the United States is also under attack by Russia—which tried to influence the 2016 election —and Iran. They’re using malware and other means to try to get our intellectu­al property, and sensitive trade and mili­tary information. They’re also targeting the U.S.’s pharmaceutical industry.

Also, when U.S. companies want to do business in China, they often have to first enter into a joint venture with a China-based firm. This provides the U.S. company with access to the China market, but it also opens the door for the China business to steal U.S. secrets. We spend money on R&D, and China spends time and money on reverse engineering our secrets.

Consider the January indictment of Huawei Device Co., Ltd. and Huawei Device Co. USA with theft of trade secrets conspiracy, attempted theft of trade secrets, seven counts of wire fraud and one count of obstruction of justice. The indictment detailed Huawei’s efforts to steal trade secrets from T-Mobile USA and noted an inter­nal Huawei announcement that the company was offering bonuses to employees who succeeded in stealing confidential information from other companies.

Q. When does the FBI get involved, as opposed to a local police department?

A. That’s usually based on federal statutes and international partnerships. We can’t investigate everything.

Q. What can companies do to try to protect data?

A. Assess what information you own— including IP, customer data, blueprints and other sensitive information, and then protect it. Be on guard against cyberattacks, but also remember that companies and foreign intelligence serv­ices may send individuals or academics to penetrate a company here and access sensitive data. We support cultural and other exchanges, but we have to guard against subversive attempts.

Q. What are some best practices to secure sensitive data?

A. There are four basic steps. Protection, which involves safeguarding your data and systems. Detection, which involves identifying security events and incidents. Response, which focuses on what you’ll do if you do have an incident. And Recovery, or how you’ll come back from an attack or other incident. Securing your network architecture— including segmenting the network instead of linking everything by a central access point—can help to limit cyber incidents. Also, consider maintaining your most sensitive information on a private network that’s not connected to the Internet. ­­­

User-access should be restricted on an “as needed” basis. For example, an employee in accounting shouldn’t be able to access the payroll system. Multifactor authentication—typically a password and something else, like a dongle [a small adapter that plugs into a computer and enables the use of certain software]—should be utilized, and companies should also require employees to use a strong password. On an ongoing basis, employees should be educated about security policies, and the policies and systems should periodically be tested.

Q. What are some other cybersecurity defenses?

A. Encrypt sensitive data [so even if a hacker gets it, the information may not be usable], and maintain your sys­tem’s firewalls. Monitor inbound and outbound traffic as a way to detect intruders and compromised systems— for example, is your payroll computer suddenly sending out customer informa­tion. Establish a baseline of “normal” computer activity, like the applications that are typically running at certain times of the day, and then monitor the systems and be aware of abnormal activity.

Q. Do you think we’ll ever be totally secure online?

A. That’s a complex question. We deal with constant change and an evolving landscape of hardware and software. We need continuing joint efforts involv­ing developers and private individuals and government resources. We’re get­ting better but there’s a lot left to do. Once an attacker acquires your IP or other information, we can investigate the attack and perhaps initiate a legal response—but we can’t undo the damage.