< PreviousMEET YOUR VENDORSMainline Information SystemsMeet Mainline Information Systems, The Technology Partner for Business ResultsProtect your investments with enhanced video surveillanceIn the past, the quality of surveillance solutions was hit or miss, with their fuzzy images and cheap, unreliable recording hardware leaving much to be desired. Our team has developed state-of-the-art solutions that are scalable and customizable to your environment and budget requirements. This flexibility and design quality has helped us to become one of the premier integrators in the industry. A few features of our solutions include:• Plug-and-play compatible – devices sit on your existing IP network• Ability to incorporate existing composite CCTV analog system on new IP-based open systems• State-of-the-art video compression• Automated archiving and retrievalManage your data with superior storage solutionsFrom social, audio, video, email, digital video surveillance and meta-data (data about the data), data analytics, mail logs, machine data to more traditional business data like email, documents, archived chats, backup data, transaction records, it’s a struggle to find the necessary space for on legacy storage solutions. Our experts are some of the most knowledgeable in the industry and can give you valuable advice on the strengths and weaknesses of your entire spectrum of storage solutions. We take great pride in not limiting you to the product range of any single vendor, but to enable you to pick from the best available technologies to build the multi-tiered solution while supporting you with an array of implementation and advisory capabilities.Awards and Accomplishments • IBM 2016 Beacon Award for the Outstanding IBM Analytics Platform Solution • CRN’s 2015 List of Tech Elite 250• Axis 2015 Gaming Market Partner of the Year*• IBM Gold Accreditation for IBM Cognos business intelligence – 1st Business Partner Named in U.S.• 2014 Installation Partner of the Year from Milestone Systems• RedHat Business Partner of the Year 2013• IBM Specialty Elite Certification: Power Systems, System Storage*3 consecutive yearsMEET YOUR MAINLINE REPTYLER BURKETTAccount Executive - FederalMainline Information Systems480-221-3244Tyler.Burkett@mainline.com www.mainline.com Our Message to Tribes: Mainline is a veteran owned business serving the TribalNet community by protecting your investments, collecting and managing your data and analyzing and predicting data trends through our superior and cost ef-fective solutions and services. We have a dedicated team of profession-als that take the time to understand your objectives and your challeng-es and impart strategic solutions within your budget and timeframe.40TribalNetMEET YOUR VENDORSWhere Business and Technology Unite Mainline Enterprise Digital Solutions (MEDS) is the consulting division of Mainline. We solve our customers’ business problems by uniting business acumen with deep technical skills. We are your one-stop-shop for Social, Security, Mobile, Analytics, and Cloud (SMAC). Our dedicated team of experts help our customers turn information into actionable insights, and maximize their investment in people, process and technology. Mainline recommends, designs, and supports IT solutions that help businesses increase their effectiveness. With more than 500 professionals around the country, and numerous certified architects across various specialties, Mainline can assist with your most urgent and highly visible IT initiatives.Mainline’s Industry Partnerships:• IBM • RedHat• HP • Cognos• Milestone Systems • EMC• VMware • Dell• Axis CommunicationsFor more information about Mainline Information Systems go to www.mainline.comMainline Information Systems has demonstrated their leadership in the gaming industry by promoting the advantages of IP video technology in a traditionally analog market,” said John Bartolac, business development, seg-ments manager for Axis Communica-tions. They remain dedicated to understanding their gaming customers’ unique and evolving needs and show-casing how IP video can provide the most effective solutions.Mainline Information Systems is a VALUED BRONZE SPONSOR for TribalNet 2016. Visit them at their booth at this year’s TribalNet conference!Fall 201641What can you tell us about your IT department and the gaming areas of oversight?The IT Department is comprised of approximately 60 IT professionals and is organized in what I would consider to be a fairly traditional way, by discipline: Operations, Support, Systems & Engineering, Programming, Information Security & Assurance, Application Services, Network Engineering & Telecom and Project & Program Manage-ment. Applications Services spans the dynamic of support as well as software development, programming, SharePoint site development and workflows. Our Support Services Model includes classic help desk, desktop services, asset management and user provisioning. Our department supports roughly 150 unique systems and over 5,000 endpoints. Seneca Niagara Resort & Casino, Seneca Allegany Resort & Casino, and Seneca Buffalo Creek Casino; the total install base of slot machines at the three sites my team oversees IT for is about 6,280. This number will grow to 6,660 with the Buffalo Creek Expansion. The Niagara and Allegany sites have hotel towers with 604 and 413 world-class rooms/suites at each property, respectively. What is your leadership style or management philosophy? Our organization has branded a leadership model or a “way of thinking” based on the Iroquois Great Law. It embraces concepts of Peace, Power, and Righteousness. It is steeped in tradition and culture and deep-rooted. It is ancient and ageless. I aim to be a leader that upholds that way of thinking. My philosophy is that if you make sure that your people are successful, the department will be successful, and therefore the business will be successful. It’s my job to bring the right resources to the table, make sure that our people have the right capabilities, tools and time to achieve greatness. As a CIO my objective is to define the culture of the department, a culture that is built on trust, inclusion and consensus, one that embraces change and continuous learning. I hope to create a shared vision for the direction that we are headed…and then tear down any barriers to success. What can you tell us about some accomplishments your team is proud of?The remarkable thing about our department is that we have been able to support an organization marked by extraordinary growth. When I first came to the company in 2006, the Niagara property was erecting its first hotel tower. In rapid succession since then, there has been the build out of the permanent facility at Allegany, the opening of a property at Buffalo Creek, the building of a second hotel tower and expansion of the Allegany property, the ex-pansion and permanent facility at Buffalo Creek, opening Hickory Stick Golf Course and many renovations, and expansions at all of the properties. Along the way, the team has stood shoulder-to-shoulder with the business integrating complex systems that transform the way our business oper-ates. The ability to keep up the pace with this kind of growth is facilitated by a strong IT governance structure. This framework has been, and will continue to be, extremely important to us. It is something that we continuously refine and improve on. We are proud of the methodologies we follow and the model we have in place for manag-ing projects and the alignment with the business that it brings both now and for the future. CIO, RENITA DISTEFANOIT LEADER Q & ARENITA DISTEFANOCIOSeneca Gaming Corporation42TribalNetWe would like to thank Renita DiStefano for meeting with us on this Q&A article. She welcomes any questions or comments and can be reached at: RDiStefano@senecacasinos.comIT LEADER Q & A43What can you share with us about your path to becoming a CIO?I’ve been with Seneca Gaming for almost 11 years working my way through roles in support services, information security and assurance IT roles. My educational background is in both Business and Information Systems. I’ve been in the CIO role now for about five months and when I was first promoted to this position, I got a call from a colleague to congratulate me on the accomplishment. It was during that conversation that he mentioned that he thought I was the first Native woman to become a CIO. It really hit me and the question started to come up in my mind of “how many other women are CIO’s”. Then to take it a step further, how many Native American women have become CIO’s? I can honestly say I don’t know the answer to that and I’m not sure that statistic even exists, but what I do know is that it made me think of this opportunity as a call to action. How can we change the underrepresentation of women at the executive level? Sharon Florentine, reports in her January 2015 article in www.cio.com that “Women represent only 20 percent of CIOs at Fortune 250 companies.” I’m taken back by this. But for me, personally the statement brought something else to light: if women are underrepresented, Native American women are an even smaller minority in that group. I don’t have an answer to how I would affect the change necessary to improve that statistic, yet; but I know that for me it is a call to action! You may have heard of bitcoin. But, have you ever heard of blockchain? Not many people have. Many experts in the financial and technology industry are calling the emerging blockchain technology the greatest revolution since the advance of the Internet. Investments in blockchain-related startups have crossed the billion dollar mark already. Savvy financial and insurance industry veterans have already started investing money and effort to get a foothold in this burgeoning technology. They also believe that the strength lies in the fact that it is not a new technology, per say; but, it is rather a composite of proven technologies applied to create the underpinning of bitcoin. However, the same technology can be applied to different use cases, which addresses a substantial latent pain that exists across industries.What is a Blockchain?A blockchain is a distributed register to store static records and/or dynamic transaction data without central coordina-tion. The coordination takes place through a consensus-based mechanism to check the validity and maintain the integrity of the transaction. It is thus suited for applica-tions requiring transparency of records with a permanent time and date stamp, such as: titles, document histories and notary services. A blockchain solution, without central coordination, builds on a set of four tenants: decentralized validation, redundancy, immutable storage and encryption. From a building blocks perspective, there are (at a high level) three main components: a network of computers, a network protocol and a consensus mechanism. A blockchain can include everyone with a computer or a small group of known participants, known as a node. Each node has a copy of the entire ledger and works with other nodes to maintain the ledger’s consistency. This creates a fault tolerance and governs the communication between the nodes. The consensus mechanism is a set of rules the network uses to verify each transaction and agree on the current state of the blockchain. Adam Ludwin, CEO of Chain (a San Francisco- based blockchain startup that has raised 44 million dollars from Visa, Citi, NASDAQ, CapitalOne, Khosla Ventures and RRE Ventures) puts it this way, “A blockchain is similar to a database in that it’s a record-keeping system that is digital and becomes the source of truth.” He also says, “It’s fun-damentally different in that it can also be considered a network.” A blockchain also offers a shared infrastructure that doesn’t require reconciliation.Blockchain’s OriginationOne of the first and most popular imple-mentations of blockchain technology was bitcoin. Bitcoin does not require central administration or a clearing house. In 2008, a person (or possibly a group of people) known as Satoshi Nakamoto published a paper describing bitcoin and how it could be used to digitally send payments between any two willing entities without the need for a third-party financial institution in the middle. Each transaction was recorded on the blockchain ledger with the newest block being tied to the ones before it using a digital signature. To ensure trust in the ledger, participants on the network ran complicated algorithms to verify those digital signatures and add transactions to the blockchain. Current ChallengesThe blockchain technology is still con-sidered to be in the “hype” phase of growth (even though some of the implementations, like bitcoin, are much further ahead). One major obstacle to widespread enterprise adoption of blockchain technology is the lack of common protocols and technology stack that the participants agree on. Many questions around security and privacy are still being sorted out by the industry players right now. Enterprise and Gaming ImpactThe concept of digital currency has been in the gaming sector for some time now. There are many online gambling platforms where players have been wagering with bitcoins. Cryptocurrency is a form of accepted tender in many of the foreign online gambling sites (although it might not be as relevant in the U.S.). One of the companies helping guide enterprise companies in integrating blockchain into their work is Chain, a San Francisco-based startup that has raised $44 million from Visa, Citi, NASDAQ, Capital One, Khosla Ventures and RRE Ventures, among others. Last year, its partnership with NASDAQ resulted in the launch of the first live private blockchain, a product called Linq that uses the blockchain to manage shares in private companies. The company has also authored a blockchain protocol called the Chain Open Standard, which is being used by its partners like NASDAQ and Visa to implement such networks.Some areas where blockchain technology is being used to improve and revolutionize the business processes are as follows:• Trading ownership: Ownership of any digital property can be established in a peer-to-peer decentralized fashion. Block-chains will be applied to establishing and GAMING TECHNOLOGIESBlockchain Tsunami: Will it change finance and gaming forever?RAM PATRACHARICIO/VP of ITViejas EnterprisesFEATURED COLUMNSRam Patrachari, CIO/VP of IT, Viejas Enterprises44TribalNettrading ownership over anything on the Internet in a secure manner.• File storage: Planetary File System (IPFS) is an innovative protocol that is complementing this big change in stor-age and storage management systems. Storj is a startup using blockchain to store data that is encrypted end to end in a distributed manner. Only the individual storing the data has access to it.• Voting, authorization, authentication: One of NASDAQ’s latest initiatives aims to migrate proxy voting, used by sharehold-ers, onto a blockchain solution to replace the cumbersome process that is currently widely used.• Identity management: Many compa-nies are taking the initiative to solidify-ing the digital identity management by using blockchain. These digital identities, known as Passcards by one company, is meant to replace the username and passwords online. Summary and ConclusionBlockchain technology is a paradigm shift from the way we operate now in every sphere and in every industry that is informa-tion centric. Especially, the gaming industry, with the underpinnings based on trust and validation of each transaction stands to gain a lot from this technology and its amazing potential. Wouldn’t it be marvel-ous to track and audit every handle pull of a slot machine through its entire life cycle of 25 years? Or every denom change that a machine has been through over its entire life cycle? Maybe… maybe not! I am sure you are already thinking of ten better use cases at this point. GAMING TECHNOLOGIESFEATURED COLUMNSRam has over 25 years of experi-ence in IT managing highly-scalable systems. Ram holds an MBA, a Mas-ter’s Degree in EE from Stevens Insti-tute of Technology. He is credentialed from the CIO Institute at UC Berkeley and Kellogg Business School. He is a certified PMP, CISSP and a Certified ScrumMaster.AGENCY UPDATESIndian Health Service Holds Partnership ConferenceThe Indian Health Service Office of Information Technology and Office of Resource Access and Partnerships hosted the 2016 IHS Partnership Conference on June 28-30, 2016 in Phoenix, Arizona. The three-day event brought together federal, tribal and urban Indian health organization employees working in healthcare admin-istration, information technology, business offices, purchased/referred care programs and health information management departments.The theme, “Providing Quality, Patient-Centered Care Through Health Information Technology Innovation and Improved Busi-ness Practices,” highlighted the IHS’ dedica-tion to delivering exceptional healthcare services and advancing the Indian health system to improve the health of the commu-nities the IHS serves. Capt. Mark Rives, IHS chief information officer, and Terri Schmidt, Office of Resource Access and Partner-ships acting director, delivered the keynote presentations.Breakout sessions included more than 150 presentations, demonstrations and hands-on training across 17 tracks. Many different topics were covered, including: Health Information Management, Cyber-security, Health IT, Meaningful Use, Privacy, Records Management, Business Office Management, Patient Registration/Benefits Coordination, Third-Party Billing/Accounts Receivable, Debt Management, Purchased/Referred Care-Rate Implementation and Ac-cessing the Catastrophic Health Emergency Fund. Fifty-two of the breakout sessions offered 83 continuing educational credits through the American Academy of Profes-sional Coders. These sessions were highly attended and well received.In addition to IHS speakers, presenta-tions were given by the Department of Health and Human Services, Centers for Medicare & Medicaid Services, Office of the Inspector General, Federal Bureau of Investigation and the National Institute of Standards and Technology.IHS received outstanding feedback from conference attendees and is already discussing ideas for a future Partnership Conference.For more information on the Indian Health Service Office of Information Technology, visit www.ihs.gov/oit/.Rear Adm. Sandra Pattea, IHS deputy direc-tor of Intergovernmental Affairs addresses the conference, flanked by Robert Collins, IHS chief Information security officer and Raho Ortiz, IHS Division of Business Office Enhancement director.Customize Your Agenda at the 17th Annual TribalNet Conference An agenda so comprehensive there is something for everyone IT Leadership TrackIT Security TrackTribal Government TrackTribal Gaming/ Hospitality TrackTribal Health IT TrackOver 30 breakout sessions across five tracks, six hands-on interactive workshops, two keynotes, two-day tradeshow with over 100 vendors. Endless opportunities for engaging with your peers and making connections that last a lifetime. So much value into one week! Don’t miss it. November 7-10, 2016 San Diego 8Holding computing devices or digital data captive and then demanding ransom to recover or access the device or data is a modern way to rob individuals, families and businesses of their hard earned cash. This type of crime, referred to as ransomware, is not a new concept; but, it has proliferated rapidly due to ease of use, lack of victims’ preparedness and the potential for criminals’ quick financial gain. Ransomware is defined as “a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid.” Ransomware has evolved significantly in a number of areas including: functions performed, payment channels used, attacks on customer service, delivery mechanisms, sophistication of cryptography and types of devices and victims targeted. Criminals have used ransomware to target computer operating systems such as Linux, OS X and Windows, as well as Android and iOS mobile devices. Among the most concerning iterations are variants that delete data rather than encoding it. Although paying a ransom may be tempting and expedient, many law enforce-ment agencies and security professionals advise against this option for multiple reasons. Paying the ransom can have long term, devastating effects. Payment does not guarantee that the data will be recovered (or that deleted data is recoverable), payment usually ensures the organization will be targeted again and payment could be legally perceived as a business arrangement with a criminal organization. Take a look at statistics at http://ransomwaretracker.abuse.ch/statistics/ and http://ransomware-tracker.abuse.ch/statistics/.But wait! Organizations that experience ransomware infections need not despair! A few reasonable preparedness activities initiated ahead of time can prevent a ransomware attempt from being a crisis. Being operationally ready for an attack is achieved by following some simple actions. The best strategy for defeating ransomware remains the presence of backups and the ability to restore from backups in a timely manner, avoiding significant operational downtime. To be ransomware-ready, consider some of the following:• Establish and implement a data backup and restoration plan. • Train leaders and staff on the plan, expected actions, and key decisions that will need to be made in the event of an infection.• Exercise the plan and the ability to restore data from backup.• Keep operating systems and applications patched.• Employ application whitelisting and data execution controls on user devices, desktops/laptops and servers. This will prevent unknown or unauthorized programs from gaining access or the resources needed to do harm. • Configure user accounts and profiles with the least privilege needed to perform work-related tasks. Malware programs attempt to imitate users or leverage the permissions of the user ac-count active at the time the malware is executed. Restricting the permissions of user accounts and preventing the use of privileged accounts for non-administra-tive functions will reduce the ability for malware to gain elevated privileges. • Disconnect systems that are not actively backing up data from the backup systems. This way ransomware that attempts to propagate to or encrypt data in backup systems will be unsuc-cessful.• Employ safe web browsing controls. These might include restricting scripts from executing in the web browser or preventing redirects to unknown third party sites. RANSOMWAREStick em Up! Give Me Your Money, Or Else ANDY JABBOURPresidentGate 15BRETT ZUPANRisk Analyst Gate 15KRISTI HORTONSenior Risk Analyst Gate 15FEATURED COLUMNSBrett Zupan, Risk Analyst, Gate 15 Andy Jabbour, President, Gate 1548TribalNetKristi Horton, Senior Risk Analyst, Gate 15 • Provide staff training to educate all users about safe web browsing, the dangers of email and social engineering tactics. Each user is an integral part of an organizations’ front line of defense. • Participate in information sharing efforts so best practices can be honed and malicious activity can be detected before delivery to endpoint systems. If an organization becomes infected, there are several operational responses that should be considered (these actions and corresponding details should be identified in organizational response plans):• Isolate affected systems. • Consult forensic professionals to triage the situation. Forensic professionals can determine if the data is “locked” and inaccessible, “deleted” but recoverable or truly encrypted in a manner that is not be easily undone. If the data is easily accessed and/or deemed recoverable by a forensic team, then the need to restore backups or interact further with a criminal organiza-tion might be averted. This presents an opportune time to prioritize recovery efforts of data based on its importance to business continuity. • Gain an understanding of the extent of the activity. If ransomware has been delivered and executed, there may be persistent backdoors or other malware already in your systems/networks. In this case, restoring data or paying a ransom fails to solve a bigger problem. • Research the existence of a decryption or recovery tool adequate for the situation. • If necessary, restore backups. Make sure data is recovered to a safe environment based on the results of step 3. • Paying the ransom should only be considered if backups have been corrupted and/or restoration cannot be performed in a timely manner. If paying the ransom is found to be an ethical, legally accept-able course of action, F-Secure recom-mends negotiation. They report that the deadlines and price to restore data are negotiable with ransomware purveyors. Organizations considering making ransom payments should work as closely as possible with law enforcement. • Share ransomware experiences and include as much detail as possible can with other organizations and law enforcement partners! Ongoing collabo-ration and ingenuity between victims, researchers and the public and private sectors can reduce the effectiveness and profitability of ransomware as an occupation, while raising its cost and effort to criminals.US-CERT (www.us-cert.gov) and other sources can provide additional details on these steps. Resources, such as a new public-private partnership in Europe, (www.nomoreransom.org) where several ransomware decryption tools can be found, are being developed to help organizations respond to infections. As the threat of ransomware will persist and continue to move to new communities, organizations need to proactively ready themselves to respond to ransomware attempts through effective preparedness and operational activities.RANSOMWAREFEATURED COLUMNSKristi Horton’s current position with Gate 15 is as the Senior Risk Analyst for Cyber Intelligence and Analysis. She contributes largely to our collaboration, collection efforts and the development of our weekly products/reports. Kristi pro vides expert threat and risk analysis for internal activities and client needs, supporting client prepared ness re-quirements and specialized technical areas such as forensics investigations and legal support. Kristi earned both her BS and MS from Virginia Polytech-nic Institute and State University.Brett Zupan is a Gate 15 Risk Ana-lyst responsible for the coordination and production of all-hazards threat intelligence products – including daily and weekly reports such as the Gate 15 Threat Dashboard and Torpedo Re-port - as well as supporting Gate 15’s myriad analytical and preparedness activities. Brett graduated magna cum laude from Georgia State University with a degree in Political Science and earned his MA in International Affairs from the American University School of International Service.Andy Jabbour is the founder of Gate 15 and leads a variety of pre-paredness, analysis and operational activities. Andy has previously served in a variety of roles including leading analysis for the Real Estate Informa-tion Sharing & Analysis Center (ISAC), supporting the Financial Services ISAC and DHS exercises and incident response, as well as worldwide as-signment in the US Army.Fall 201649Next >