PAR Government awarded almost $15 million Air Force contract modification

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

ROME, N.Y. — PAR Government Systems Corp. recently won a nearly $14.9 million modification to a previously awarded U.S. Air Force contract for directional airborne networks for contested environments software. The cost-plus-fixed-fee completion contract modification brings the total cumulative face value of the contract to nearly $24.8 million, according to a Sept. 13 contract announcement […]

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

SEC proposes new cybersecurity reporting rules for public cos.

Subscriber Only, Technology

One of the main changes is a new proposed reporting requirement for cybersecurity incidents at publicly traded companies, says Christoper Salone, a consulting manager at FoxPointe Solutions at The Bonadio Group, which is based in Rochester and has offices across Upstate, including Syracuse. “They want it to be disclosed within four business days from when

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

“They want it to be disclosed within four business days from when an organization determines an incident to be material,” Salone says. A material incident is one determined to potentially impact a company’s finances, operations, or relationships with customers.

While some businesses have expressed frustration with the four-day window, the time frame aligns with existing rules in New York, such as one for financial institutions requiring them to report incidents to the state within four days.

“Four days is quick to determine the full nature of an incident and disclose it, but that four-day clock doesn’t start ticking until an organization determines an incident is material,” he adds.

The second major proposed change is requiring companies to outline, at a high level, their cybersecurity program, Salone says.

That includes addressing how the company addresses threats, how it assesses risk, and how it stays up to date on all of it, he says.

The goal of the proposed changes is to make cybersecurity information available and readable to investors.

While the new rules are not final, Salone says he has no reason to expect they won’t be finalized. Typically, rules are effective 90 days after they have been released to the public register. He anticipates these rules will go into effect in mid-December unless the SEC opts to change elements after reviewing public comment.

Companies should start preparing now to make sure they will be ready to comply with the new reporting rules. “I think the best thing an organization can do is have a written and documented incident-response plan,” Salone says.

Leaders should also clearly define what a material incident is for the company and provide examples in that plan, he adds. Businesses should also outline roles and responsibilities during a cyber incident. Ideally, these plans include the company’s IT, compliance, risk, and auditing departments along with any other entities that may have a hand in cyber response or reporting. This can include outside vendors or a company’s cyber insurance provider.

“Make sure you test those plans on an annual basis,” Salone says. He also suggests including an appendix with disclosure templates ready to go. All of that helps ensure a company is ready and able to report if it is required to do so.

The proposed rules also call for companies to outline management’s role in implementing cybersecurity policies and procedures; disclose the board of directors’ cybersecurity expertise and its oversight of cybersecurity risk; and provide updates about previously reported material cybersecurity incidents.

The changes update guidance issued in 2011 and previously updated in 2018.

SUNY Poly professor’s research focuses on improving security

Health Care, Regional News, Subscriber Only, Technology

MARCY, N.Y. — A SUNY Polytechnic Institute professor is leading a research project to boost cybersecurity after being awarded the largest single-investigator contract award in SUNY Poly’s Marcy campus history. Hisham A. Kholidy, an associate professor and chair of the Network and Computer Security (Cybersecurity) Department, was awarded a nearly $1.1 million contract from the

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Hisham A. Kholidy, an associate professor and chair of the Network and Computer Security (Cybersecurity) Department, was awarded a nearly $1.1 million contract from the Air Force Research Laboratory (AFRL). The three-year project seeks to help address the need for an advanced security system that can identify, assess, and protect against attacks across the 5G open architecture in a timely and accurate way without human intervention.

“This project, led by Dr. Kholidy, is a strong example of how SUNY Poly’s growing reputation as New York state’s premier public polytechnic is backed by our wide-ranging academic and research pursuits, including as a leader in cybersecurity research and applications nationwide,” SUNY Poly Officer-in-Charge Andrew Russell contended in an Aug. 7 news release.

With 5G expected to play an important role in global economic growth and technological development, the Department of Defense (DoD) has identified 5G security as a critical area, Kholidy notes. The proposed research investigates ways to protect 5G open networks, meet resilience requirements, and minimize damage from attacks.

“The DoD has a vital interest in advancing 5G-to-NextG wireless technologies and concept demonstrations,” AFRL Senior Scientist Andrew Karam said. “These efforts represent our continuing investments via public- and private-sector collaboration on research and development for critical 5G technology enablers necessary to realize high performance, security, and resilient network operations for the warfighter.”

The project will support a post-doctoral student and two research assistants assisted by Kholidy. The project will also educate and involve students with interdisciplinary skills, including underrepresented minority students through integrating projects covering information science, communication, cybersecurity, and autonomic computing, as well as developing a new cybersecurity course and a simulated 5G security testbed network.

Key contributions of this project include: improving the current 5G security testbed that was developed in collaboration with AFRL engineers to support the 5G open architecture network. This network is to become the first-of-its-kind “open 5G-federated testbed” supporting 5G multi-vendor and commercial service providers. This will help them develop innovative cybersecurity solutions and datasets with respect to this emerging global architecture, SUNY Poly said. Such solutions and datasets will open the door for researchers to improve this new architecture. The project will also develop an intelligent vulnerability assessment approach to assess the security level of the new architecture. In addition, it will seek to develop a smart-network slice provisioning framework to help orchestrate and manage 5G slices among multi-vendor and commercial-service providers. The 5G network slices are defined as network configuration that allows multiple networks to be created on top of a common 5G physical infrastructure.

SUNY Poly students are already actively involved in AFRL activities established by Kholidy. Through this project, he will have the option of dedicating lecture time on the testbeds by logging in remotely and showing practical scenarios to his students, per the release. This project will allow him to take these activities to the next level by developing interdisciplinary projects, in which graduate and undergraduate students will be paired together, the university said. Graduate students would be able to assist undergraduates in obtaining a realistic understanding of graduate education and research methodologies.

Outreach activities targeting local schools that offer cybersecurity programs are also part of the project’s plans, as is expanding existing SUNY Poly outreach programs to enhance cybersecurity awareness among high-school students in Oneida County, the release stated.

Along with degrees in technology including cybersecurity, SUNY Poly also offers undergraduate and graduate degrees in professional studies including business and communication, and arts and sciences such as mathematics, game design, and humanities.

VIEWPOINT: “Smishing” fraud is on the rise

Business Mentors, Subscriber Only, Technology

Financial institutions across the country have noticed a troubling trend — a dramatic increase in text-message fraud attempts. “Smishing,” defined as phishing attempts via SMS text messaging, is increasingly the vehicle of choice for cybercriminals. Most frequently, this type of fraud is carried out through impersonation attempts, with the intention of gathering an individual’s personal

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

This is known as credential harvesting, which is exactly what it sounds like. Bad actors are stealing and collecting the credentials needed to access financial accounts. And cybercriminals are getting much better at masking their efforts.

The scale of the problem is highlighted in the 2023 Data Breach Investigations Report, issued by phone carrier Verizon. It found that 74 percent of all breaches involved a human element, and that the three primary means of attacking an organization are through “stolen credentials, phishing and exploitation of vulnerabilities.” The threat this poses to businesses is multi-fold.

1. Reused passwords — If a criminal manages to access an employee’s personal banking records, there’s a chance that the employee has reused passwords. All a cybercriminal needs to do is look on LinkedIn to determine where the employee works, and then test the passwords they’ve stolen to see if they can get into business accounts.

2. Compromised accounts — For employees with mobile links to corporate systems, either through company-issued phones or apps on their personal phones, the risk is even more direct. With the right credentials, a criminal can access accounts and change logins, locking legitimate employees out, stealing funds, and more.

3. Distracted, upset workers — Even if criminals are not able to access corporate accounts via your workers, distracted, upset employees who have had their funds stolen will need time away from work to repair their accounts.

The increasing use of artificial intelligence (AI) is making fraud detection even harder. Over the years, people have become far savvier at spotting phishing attempts. Emails with jumbled syntax, spelling, and grammatical errors sent up red flags that meant even if an email looked official, it clearly was not.

Now, free, easy access to AI tools that have the capability of constructing persuasive, grammatically correct content has all but eliminated the warning of a misspelled email or text as an indicator of criminal activity.

It’s more important than ever for employers to talk to employees about cybersecurity and show them how they can protect themselves and the business. Here are some of the most-common signs of fraud to share with your employees to prepare them for smishing attempts:

• High sense of urgency — Criminals prey on our fear of having our money stolen and the impulse to address potential fraud fast. Common tactics are telling the fraud targets that they must click on a link or call a number within a short, fixed amount of time — like the next 15-20 minutes — in order to stop an allegedly fraudulent transfer from happening.

• Requests for your one-time PIN — Your financial institution will never ask for the one-time PIN to access your account. This is a sure-fire sign that you’re dealing with a criminal.

• Pestering you — Your financial institution will not badger you and repeatedly text you asking you to click a link, and they will not scold you or get angry if you ask to hang up and contact the fraud line. This should strike anyone as bizarre and unprofessional behavior and is a warning sign that you’re dealing with bad actors.

• Asking you for the answers to your challenge questions — Again, your financial institution has set up these questions to protect your account. They would never call or text you asking you to divulge these answers. It’s always the reverse: they ask you to answer these questions when you call them — not the other way around.

Attempts at fraud are increasingly sophisticated. Criminals have access to programs that can “spoof” a financial institution’s actual fraud-line phone number, so caller ID will appear to come from a legitimate source. Web domains can be set up quickly and look virtually identical to legitimate websites. Criminals are depending on the people they target to be upset at the possibility that they’ve been a victim of fraud, causing them to react rather than pausing and thinking.

If you or your employees are ever on the receiving end of a text message or phone call from someone saying they are from a financial institution’s fraud department, have your guard up. Remember that legitimate contacts will never ask you to divulge account-protection information, such as a one-time PIN, or the answers to your challenge questions, and they won’t pressure you to respond within a few minutes. Hang up and contact your financial institution by typing in its URL (do not click any links provided), or contact the firm through its official app on your smartphone.

Finally, mobile-phone carriers recognize the threat, and we can help them build an effective database by forwarding suspected spam messages by texting 7726 (SPAM). This will allow them to develop better tools to block spammers in the future.

Terra Carnrike-Granata is senior VP and senior director of information security at NBT Bank, where she designs and implements sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyberthreats.

OPINION: Albany Democrats Push Mail-In Ballots After Voters Rejected Them

Opinion, Subscriber Only

Gov. Kathy Hochul and her political allies have made great efforts to convince New Yorkers they are motivated by improving our democratic processes, but actions speak louder than words. The push to widely expand mail-in voting runs contrary to what voters expressed in a statewide referendum in 2021, yet New York State is prepared to

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

The move, while portrayed as a way to “protect democracy” and increase voter participation, is motivated entirely by political considerations. Access to absentee ballots already exists. In-person voting is an important part of our democracy, and it represents the best way to combat voter fraud and other electoral foul play. We know this to be the case, and voters in New York made that clear by overwhelmingly rejecting mail-in ballot expansion when it came up just two years ago.

In our system of government, the voice of the people takes priority above all else. Our electoral process is built on the principle that what happens at the ballot box determines the course of action. On mail-in ballots, the results of the 2021 election were deliberately overturned, and New Yorkers should be very concerned.

Luckily, Democrats’ bold-faced rejection of our most fundamental democratic principles will likely be blocked in court. It is clear that in order to actually expand mail-in voting a constitutional amendment is needed; that is the reason it appeared on the ballot in the first place. Now, time, energy and resources are going to need to be wasted to restore election procedures that never should have been tampered with in the first place.

These changes represent a troubling pattern where New York’s election laws are being turned upside-down. In addition to the expansion of absentee voting, recent laws to move local elections to even-numbered years and dictate where constitutional challenges to election outcomes can occur have also been pushed onto an unwilling electorate. These measures will undoubtedly drown out local issues and favorably impact the governor and her allies, and one can only wonder if they would even be on the agenda if not for their political value.

The motivation behind these changes is obvious: preservation of New York’s one-party rule. Forcing through a law that was summarily rejected at the ballot box is bad enough. Claiming to be doing so in the name of democracy is a level of disingenuous political rhetoric we haven’t seen in quite some time.

William (Will) A. Barclay, 54, Republican, is the New York Assembly minority leader and represents the 120th New York Assembly District, which encompasses all of Oswego County, as well as parts of Jefferson and Cayuga counties.

OPINION: “Greatest nation” debates aren’t too helpful

Subscriber Only

Is the United States the greatest nation in the world? It’s a natural question to ask, given our penchant for displays of patriotism and our debates about American exceptionalism. But I don’t much like the question. Talking about American greatness isn’t a helpful exercise. It doesn’t do anything to make our country better or stronger.

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Is the United States the greatest nation in the world? It’s a natural question to ask, given our penchant for displays of patriotism and our debates about American exceptionalism.

But I don’t much like the question. Talking about American greatness isn’t a helpful exercise. It doesn’t do anything to make our country better or stronger. It plays to the stereotype of the ugly American, the idea that we are proud and boastful, insensitive to the values and accomplishments of others. No one likes to hear someone else talk about how important or powerful they are, whether it’s a person or a nation.

We often say that actions speak louder than words. The subject of American greatness is a great example of the truth of that old saying.

A recent Pew Research Center survey tried to gauge public opinion on the question, however, and the results are interesting. It asked if the United States “stands above” all other countries; if it’s one of the greatest countries, along with others; or if other countries are better than the U.S.

One in five respondents said the U.S. stands above all others, while 52 percent said it is one of the greatest countries. Another 27 percent said other countries are better. The results showed a measurable decline in American self-esteem since Pew asked the same questions four years ago.

Republicans were more likely than Democrats to say America is the greatest country. That might be expected, given the GOP’s traditional emphasis on patriotism, but the number of Republicans who take that position has declined: 31 percent of Republicans and Republican-leaning independents said the U.S. “stands above” other countries, compared to 40 percent in 2019. Democrats are also less likely today to say the U.S. is the greatest nation.

There’s also a split among age groups. Americans over 65 are most likely to say the U.S. stands above other nations. Many of those under 30 say other nations are better.

What do people elsewhere in the world think? About six in 10 have a generally favorable view of the United States, according to a Pew survey of 23 middle-income nations this year. Reassuringly, over half said the U.S. contributes to peace and stability in the world.

At the same time, a large majority in the international poll said the U.S. is inclined to interfere in the affairs of other nations. That finding should give us pause. Our efforts to promote peace and stability won’t be effective if we’re seen as a bully that’s pushing other countries around.

Similarly, claiming that America is the greatest nation doesn’t accomplish much. It takes time and energy that would be better spent doing whatever we can to make America the prosperous, secure, generous, and truly democratic country that we want it to be.

Former Secretary of State Madeleine Albright said the U.S. is the world’s “indispensable nation.” Trying to play that role may have led us to make some foreign-policy mistakes, but it has also helped us take on tough challenges, most successfully when we act as part of alliances such as NATO. Our support for Ukraine in resisting Russian aggression is a good example.

Our country has done a lot of good things in the world. We could take credit for it, but it’s better if we don’t. Our leadership will be more effective if we let our actions speak for themselves.

Lee Hamilton, 92, is a senior advisor for the Indiana University (IU) Center on Representative Government, distinguished scholar at the IU Hamilton Lugar School of Global and International Studies, and professor of practice at the IU O’Neill School of Public and Environmental Affairs. Hamilton, a Democrat, was a member of the U.S. House of Representatives for 34 years (1965-1999), representing a district in south-central Indiana.

KEVIN WESTCOTT

People on the Move, Subscriber Only

KEVIN WESTCOTT has joined KeyBank as VP, area retail leader. In this role, he is based in Key’s downtown Syracuse office and it responsible for the sales, service, and financial leadership of multiple branches across the counties of Onondaga, Jefferson, Madison, Lewis, and St. Lawrence. Westcott comes to KeyBank with more than 10 years of

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Klepper, Hahn & Hyatt

People on the Move, Subscriber Only

GABRIEL V. AMAYA has joined Klepper, Hahn & Hyatt as a structural engineer. He has more than seven years of experience and studied at Syracuse University, where he received his bachelor’s and master’s degrees in civil engineering with a concentration in structural engineering. STEVEN SONGER has joined Klepper, Hahn & Hyatt as a civil engineer.

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

DAVID A. QUINZI, MD

People on the Move, Subscriber Only

DAVID A. QUINZI, MD has joined the joint replacement team at Syracuse Orthopedic Specialists (SOS). A fellowship-trained surgeon, he is joining the SOS joint replacement program, which performs more than 3,000 surgeries annually. Prior to coming aboard SOS, Dr. Quinzi completed a fellowship in adult reconstruction surgery at the Rothman Institute in New Jersey. He

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

LEAH DEMING JAWORSKI

People on the Move, Subscriber Only

LEAH DEMING JAWORSKI has joined Strategic Communications as public-relations content specialist. She is a digital public-relations professional with almost a decade of experience in the industry. Most recently, Jaworski served as a senior digital-marketing manager and people lead at Terakeet, where she managed a team of 12 digital-outreach specialists and wrote content for clients in

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

Get our email updates

What's New

Upcoming Events

Project Homecoming Job & Career Fair 2025

Annual Nonprofit Conference 2026

2026 CenterState CEO Economic Forecast Breakfast

CNYBJ Job Board

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get our email updates