now browsing by tag
#nationalcybersecuritymonth | Rochdale News | News Headlines | Internet savvy Whitworth girls reach semi-final of national competition
Date published: 05 March 2020
Whitworth Community High School students Grace Campbell-Ousey, Elizabeth Gack and Skye Wilkinson, who got through to the semi-final of the CyberFirst Girls Competition.
Three students from Whitworth Community High School got to pit their skills against other schools in the semi-final of a national competition held at PricewaterhouseCoopers office in Leeds.
Grace Campbell-Ousey, 12, Skye Wilkinson, 12, and Elizabeth Gack, 12, were selected for the second round of the The CyberFirst Girls Competition, set up by GCHQ’s National Cyber Security Centre.
The competition is aimed at promoting the industry as a career option to girls to increase diversity in the workforce.
Skye said: “The top 12 girls were split into groups of three for the first part of the competition which we completed online.
“We had four categories, networking, logic and coding, cryptography and cyber security, and we had a series of tasks at beginner, intermediate and expert levels.
“There was a lot of pressure and we had four hours, with a break for lunch, in which to complete as many tasks as we could.”
Both Grace and Elizabeth said they enjoyed the networking tasks best, but Grace said the cryptography was hard. Although all the tasks offered hints, they resulted in points being deducted if they were used.
Skye said: “My favourite part was speaking to the people who were running the competition and I learnt a lot from what they had to say.”
The competition certainly inspired Skye and Grace because they have both signed up for a development day workshop at a university in June and they are looking at computing careers.
View full post on National Cyber Security
#nationalcybersecuritymonth | bne IntelliNews – US Justice Department indicts Russian national Yevgeniy Nikulin in several major cybercriminal offenses
The US Department of Justice indicted Russian national Yevgeniy Nikulin in several major cybercriminal offenses, such as stealing personal identities, usernames and credit card information of customers from Formspring, LinkedIn and Dropbox.
Nikita Kislitsin, an employee of a cybersecurity firm with offices in Moscow and Singapore Group-IB is an alleged co-conspirator in the Formspring 2012 case, according to the DOJ. Kislitsin joined the company in January 2013, about six months after the US prosecutors say Kislitsin tried to sell the Formspring data. US prosecutors have not alleged any wrongdoing by Group-IB.
Russian software firms are under scrutiny too after leading anti-virus software firm Kaspersky Labs, that has sold its software all over the world, was cooperating with the Russian Federal Security Service (FSB) – a claim the company has stringently denied.
Group-IB is a leading Russian cyber-security firm that also has an international clientele however, the company dismissed the charges against Kislitsin in statement the company shared with bne IntelliNews, as “only allegations,” arguing that no case has been made yet.
Indeed, Group-IB said that company representatives and Kislitsin met with representatives of the Justice Department to discuss Kislitsin research into hackers and the dark web that he conducted before joining Group-IB, while editor of the magazine “Hacker.”
From 2006-2012, Nikita Kislitsin was a famous journalist and as chief editor of Hacker wrote extensively about information security, programming, and computer network administration. The magazine paid particular attention to research into cyberattacks, analysis of cybercriminal groups’ tools, case studies of online fraud and hacking, and recommendations on cybersecurity measures and protection against cyberthreats. Kislitsin has also worked in the US as independent threat researcher in the US in 2012.
In Russia the cases of “poacher turned game-keeper” are common amongst the software engineering community and are usually amongst Russia’s best engineers.
Group-IB has offered to fully cooperate with the authorities as the company’s raison d’etre is to prevent cybercrime and hacking attacks. Like most countries Russia also suffers from digital crime and the Central Bank of Russia (CBR) reported earlier this year that Russian banks lost hundreds of millions of dollar to cybercrime in 2019. Last October the state-owned retail banking giant Sberbank was hacked and the personal details of millions Sberbank’s clients were offered for sale on the black marketing in what was Russia’s largest ever data breach, according to security experts. Group-IB regularly publishes research about payment fraud techniques and other cyber threat as a public service and has assisted international law enforcement in its investigations on occasion, according to a company spokesman.
Group-IB said it will support Kislitsin and has taken advice from international lawyers before taking its next steps. Kislitsin is currently employed as the head of network security, according to a company webiste
The indictment is short on details of the alleged crime and the evidence that has been publically released is based on little more than a conspiracy theory.
According to US press reports the case against Kislitsin is largely built on linking him to Yevgeniy Nikulin, a Russian national, who is set to stand trial in March in San Francisco for allegedly stealing 117mn usernames and passwords from Formspring, LinkedIn and Dropbox in a separate case.
The post #nationalcybersecuritymonth | bne IntelliNews – US Justice Department indicts Russian national Yevgeniy Nikulin in several major cybercriminal offenses appeared first on National Cyber Security.
View full post on National Cyber Security
Trail through history
It might have been the James Carty family, or Carty cows, that established a web of trails here starting as long ago as 1836. The land became public property in 1966, but grazing continued for at least 30 more years as the acreage phased into a new identity as the Carty Unit of the Ridgefield National Wildlife Refuge.
Those old trail alignments really don’t make sense given the contours of the land, refuge managers say. “They’re like a plate of spaghetti” inside the northern loop, Anderson said — going up and down eroding slopes, plunging into mud puddles and crossing streams via mossy, rotting wooden footbridges.
“We inherited those trails. We don’t really know what their origins are,” spokeswoman Josie Finley said. “We think they were just created by … whatever made sense to people at the time.” Lately, she added, the trails are “starting to get loved to death.”
So, on a recent Thursday, approximately 20 trained volunteers with the Washington Trails Association, or WTA, fanned out across the north loop landscape. They’ve been here week after week this winter, and not just to contribute the grunt work of hauling dirt and rocks around. These volunteers have all devoted classroom study to the science of trail building. Some have even been to “trail skills college,” volunteer Bill Connolly said.
“They’re the trail building experts. We’re not,” Finley said.
WTA volunteers have been consulting with refuge staff, analyzing the topography and developing a smarter, sustainable new trail alignment. The new loop trail they’re building this winter is designed to follow the contours of the land, staying flat and avoiding erosion. “It’ll be pretty much a single grade, not so up and down,” Anderson said.
The post #deepweb | <p> Oak restoration on track at Ridgefield National Wildlife Refuge <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #infosec | Man who hacked National Lottery for just £5 is jailed for nine months – HOTforSecurity
A 29-year-old British man has been jailed for nine months after admitting using hacking tools to break into UK National Lottery gambling accounts.
Anwar Batson, of Notting Hill, West London, downloaded the readily-available Sentry MBA hacking tool to launch a credential stuffing attack against the National Lottery website.
Credential stuffing takes lists of usernames and passwords exposed in data breaches and uses the same credentials to see if they will unlock other accounts online. As so many users make the mistake of reusing passwords on different websites, credential stuffing is a technique commonly deployed by attackers and tools such as Sentry MBA make the process even easier for the attacker.
Prosecutors told Southwark Crown Court that after Batson downloaded Sentry MBA he joined a WhatsApp group devoted to hacking under the alias of “Rosegold,” and provided to accomplices a configuration file specifically designed to launch Sentry MBA against the National Lottery website.
The attack, in late 2016, caused National Lottery operators Camelot to issue a warning to thousands of gamblers that their accounts may have been accessed, and forced a password reset on affected accounts.
Batson’s accomplices, Daniel Thompson and Idris Akinwunmi, were jailed in 2018 after admitting their involvement in the attack.
Batson was arrested in May 2017 by the National Crime Agency (NCA), and initially denied that he was involved in the attack – claiming that his devices had been cloned or hacked
by online trolls.
But when NCA officers examined his devices they uncovered the conversations between Rosegold and others on WhatsApp where they discussed hacking, the buying and selling of lists of usernames and password, and more.
In addition, officers found at Batson’s flat clothes which had been addressed to someone calling themself “Rosegold”.
Time and time again, people roll out the adage that “crime doesn’t pay.”
Well, it certainly doesn’t pay in the case of Batson.
As the NCA reports, Batson gave the username and password of one National Lottery player to Akinwunmi, who stole the entire contents of the account – a grand total of £13. Batson’s split of the ill-gotten gains? A mere £5.
Lottery operator Camelot says that responding to the attack cost it £230,000, and that 250 players had closed their accounts due to the negative publicity.
View full post on National Cyber Security
#nationalcybersecuritymonth | DFARS / CMMC for 2020: Culmination of Efforts to Protect National Security Data and Networks – Cybersecurity and Privacy Alert | Bradley Arant Boult Cummings LLP
Updated: May 25, 2018:
JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.
Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the “My Account” dashboard (available if you are logged into your JD Supra account).
Collection of Information
Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account (“Registration Data“), such as your:
- First Name
- Last Name
- Company Name
- Company Industry
Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.
Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.
How do we use this information?
We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:
- Operate our Website and Services and publish content;
- Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
- Measure readership and usage of the Website and Services;
- Communicate with you regarding your questions and requests;
- Authenticate users and to provide for the safety and security of our Website and Services;
- Conduct research and similar activities to improve our Website and Services; and
- Comply with our legal and regulatory responsibilities and to enforce our rights.
How is your information shared?
- Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
- If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
- Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
- Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
- Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
- To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.
How We Protect Your Information
JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at email@example.com.
Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.
Links to Other Websites
Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.
Information for EU and Swiss Residents
JD Supra’s principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.
- Your Rights
- Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
- Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
- Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.
You can make a request to exercise any of these rights by emailing us at firstname.lastname@example.org or by writing to us at:
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965
You can also manage your profile and subscriptions through our Privacy Center under the “My Account” dashboard.
We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use “automatic decision making” or “profiling” as those terms are defined in the GDPR.
- Onward Transfer to Third Parties: As noted in the “How We Share Your Data” Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.
California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.
You can make a request for this information by emailing us at email@example.com or by writing to us at:
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965
Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.
Access/Correct/Update/Delete Personal Information
For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to firstname.lastname@example.org. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the “My Account” dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to email@example.com.
Contacting JD Supra
As with many websites, JD Supra’s website (located at www.jdsupra.com) (our “Website“) and our services (such as our email article digests)(our “Services“) use a standard technology called a “cookie” and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.
- Improve the user experience on our Website and Services;
- Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user’s login session and requires a valid username and password to obtain. It is required to access the user’s profile information, subscriptions, and analytics;
- Track anonymous site usage; and
- Permit connectivity with social media networks to permit content sharing.
There are different types of cookies and other technologies used our Website, notably:
- “Session cookies” – These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
- “Persistent cookies” – These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
- “Web Beacons/Pixels” – Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.
JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.
Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:
- HubSpot – For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
- New Relic – For more information on New Relic cookies, please visit www.newrelic.com/privacy.
- Google Analytics – For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.
Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the “Like,”https://www.jdsupra.com/”Tweet,” or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.
Controlling and Deleting Cookies
The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser’s “Help” function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.
Updates to This Policy
Contacting JD Supra
The post #nationalcybersecuritymonth | DFARS / CMMC for 2020: Culmination of Efforts to Protect National Security Data and Networks – Cybersecurity and Privacy Alert | Bradley Arant Boult Cummings LLP appeared first on National Cyber Security.
View full post on National Cyber Security
#nationalcybersecuritymonth | Applied Cybersecurity Club wins National Collegiate Penetration Testing Competition for 3rd consecutive year
Source: National Cyber Security – Produced By Gregory Evans A six-person team from Stanford’s Applied Cybersecurity club placed first for the third straight year at the annual National Collegiate Penetration Testing Competition (CPTC) last month. Since it began competing in CPTC in 2017, the team has won first place every year. The fast-growing club — which […] View full post on AmIHackerProof.com
#nationalcybersecuritymonth | Gov. Ricketts, Nebraska National Guard Celebrate National Guard’s 383rd Birthday
LINCOLN – Today, Governor Pete Ricketts and Major General Daryl Bohac joined more than 100 members of the Nebraska Army and Air National Guard to mark the National Guard’s 383rd birthday and Nebraska National Guard’s 165th birthday.
“Happy birthday to the men and women of the National Guard,” said Governor Ricketts. “The Nebraska National Guard has a long tradition of protecting our state and our country at home and abroad. This past year, Guard members stepped up to aid our communities during record flooding, heroically saving numerous lives along the way. Nebraskans support our National Guard, and they stand behind our servicemen and women who sacrifice so much. Thank you to all our troops for their selfless service to our country and for protecting the freedoms we hold dear.”
“Since before Nebraska gained statehood, the men and women of the Nebraska National Guard have protected our homeland, fought our nation’s wars, and built partnerships that have kept us safe and allowed freedom to flourish,” said Nebraska’s Adjutant General, Maj. Gen. Daryl Bohac. “In 2019, we responded quickly to one of the largest natural disasters our state has ever experienced. We also deployed nearly 400 Soldiers and Airmen overseas, and we brought them all home safely. I am proud of them and forever grateful for the support from our families, communities, and employers here in Nebraska.”
The National Guard, which was founded on December 13, 1636, draws its heritage back to the Massachusetts Bay Colony when the Massachusetts General Court, for the first time in America, established that all able-bodied men between the ages of 16 and 60 were required to join the militia. Since that day, members of the National Guard have fought in each of America’s wars and continue to serve overseas and participate in combat operations in support of the United States’ continuing international efforts.
Closer to home, the National Guard continues to provide support for such emergencies as floods, hurricanes, tornadoes, earthquakes, and wildfires, while also building partnerships both at home and internationally.
In 2019, Nebraska experienced the most widespread natural disaster in the state’s history. Guard members helped keep people safe during flooding, and delivered critical relief to communities around the state. The severe weather made for poor flying conditions, and put air crews at risk. But that didn’t stop them from completing their missions. In the month after the flood, 461 soldiers with the Guard:
- Drove nearly 45,000 miles and put in 335 hours of flight time.
- Rescued 112 people and 13 pets. 66 of these were hoist recues by helicopter.
- Air dropped hay bales to ranchers and pallets of water and medical supplies to communities in need.
- Delivered 1,100 vertical sandbags and 1,000 small sandbags.
December has been a busy month for the Guard. At the beginning of the month, the newly created 179th Cyber Protection Team mobilized for its first deployment. The unit will spend the next year at Fort Meade, Maryland, working for U.S. Cyber Command to identify and prevent cybersecurity threats. Earlier this week, Nebraska National Guard air crewmen and coordinators were honored at the Capitol for heroism shown during the 2019 flooding in Nebraska. In addition, Maj. Gen. Bohac recently returned to Nebraska from Rwanda where he officially formalized a partnership between the Nebraska National Guard and the Rwandan Defense Force on December 12th.
Although not quite as old as the larger National Guard, Nebraska National Guardsmen will mark their 165th birthday this month. The Nebraska National Guard was founded when Nebraska’s acting Territorial Governor Thomas B. Cuming issued a proclamation on December 23, 1854, recommending that the citizens of the territory organize, in their respective neighborhoods, into volunteer companies. The territory’s first legally authorized militia consisted of two regiments, one north and one south of the Platte River.
View full post on National Cyber Security
#nationalcybersecuritymonth | India’s National Cybersecurity Policy Must Acknowledge Modern Realities – The Diplomat
Earlier this year, it was discovered that India was the target of two cyberattacks in the same month. The malware attacks at the Kundankulam Nuclear Power Plant and the Indian Space Research Organization (ISRO) are believed to be the outcomes of phishing attempts on employees. In 2018, it was reported that an officer of the Indian Air Force was sharing sensitive information on Facebook with two women who had honey-trapped him. None of these incidents are known to have resulted in severe harm, but the possibility that they could have is reason enough for India to cultivate and shape international discussions on cyberspace.
As is the case with both international terrorism and protection of the environment, cooperation is a prerequisite to deal with cyberthreats given their borderless nature. India’s National Cyber Security Policy (2013) did not assign much weight to this aspect and defined no measurable outcomes against which progress could be judged. With its upcoming National CyberSecurity Policy (2020-2025), India has the opportunity to align its domestic policy with its global aspirations.
Warfare in Cyberspace Is Unique
Cyberspace is an amalgamation of the virtual with the physical. Actions in the virtual realm can affect the physical domain. With low barriers to entry, cyberspace provides attractive options for the launch of attacks and allows actors to achieve strategic outcomes both within and outside of the information domain. From crumbling critical infrastructure to designing a smart misinformation campaign that can influence democratic processes, the spectrum of outcomes that cyberattacks can achieve is broad. The Stuxnet malware, a U.S.-Israel joint operation to target Iran’s nuclear enrichment plant in Natanz, displayed the capabilities of a highly sophisticated and targeted cyber-offensive operation. Operations against Ukraine’s power grid in 2015, misinformation campaigns targeting U.S. presidential elections in 2016, and the WannaCry and NotPetya ransomware outbreaks in 2017 all showed the potential for real-world impact and collateral damage.
There are two features that distinguish these attacks from conventional ones. First, cyberattacks are hardly predictable. Accurately determining an incoming attack is at present not possible. Second, as long as there is plausible deniability, attribution is tough. As such, warfare in cyberspace poses a unique challenge to national security and the lack of rules to govern it intensifies this challenge.
Security in Cyberspace
The United Nations Charter, the Laws of Armed Conflict (LOAC), and other regional arrangements provide a general overarching framework for governments to manage problems of security across all domains. Cyberspace differs from conventional domains of warfare because it functions as both a battlefield and a weapon. It is therefore risky to assume that existing rules of conflict can be extended to cyberspace as well.
American political scientist Joseph Nye has discussed the absence of coherence among existing norms that govern cyberspace. Existing practices are based on agreements between private players (largely multinational corporations) with only a mild degree of enforceability. Since providing security is a critical function of government and it is most susceptible to attacks, only governments are properly incentivized to set the rules. Numerous track two groups and various private conferences and commissions continue to work on the development of norms. Successive UN-GGEs (Governmental Groups of Experts) have developed a consensus that the UN Charter and international law apply to cyberspace. But cyberspace is changing faster than countries can legislate internally and negotiate externally.
There is no denying that all security efforts need to be collaborative. But as with international terrorism and environmental protection, effective norms and rules can only be set if all stakeholders consensually arrive at what the rules should be. Currently there are two camps on the global stage: a Sino-Russian camp and a rival one comprising the United States, Western Europe, Japan, Australia, and New Zealand. The former espouses the supremacy of national sovereignty in the governance of domestic cyberspace, risk of destabilization by the application of existing international humanitarian law to cyberspace, and the need for new, binding international agreements. The latter advocates for a free and open internet as well as the full applicability of international law (including the right to self-defense, use of countermeasures) to cyberspace. Resolutions sponsoring the formation of the Russia-backed Open Ended Working Group (OEWG) and the UN-GGE 2019-21 were both passed in the United Nations General Assembly in 2018. The UN now has two parallel tracks working toward the establishment of norms in cyberspace. The OEWG is open to all member states and will hold consultations with stakeholders across members, NGOs, and private industry while the UN-GGE is comprised of 25 member states with consultation typically limited to regional organizations. The prevailing atmosphere of mistrust portends further deterioration rather than improvement. This variance between great powers has weighed heavily on international discussion on norms while cyberattacks continue to happen, quietly.
There is some scope for optimism yet. At a panel in the recently concluded Internet Governance Forum in Berlin, the Global Commission on the Stability of Cyberspace (GCSC) proposed eight norms including protection of the public core of internet and infrastructure essential to elections, referenda, and plebiscites. This was followed by informal consultations at both the OEWG and UN-GGE in early December. Through the Paris Tech Accords, Digital Geneva Convention, and Charter or Trust, private companies have also sought to play a more active role in the shaping of norms, which is significant as they operate a significant portion of the public internet.
What Has India Done So Far?
In 2011, India’s proposal for a Committee on Internet Related Policies (CIRP) comprising 50 member states was met with the criticism that it would create an exclusive club. Since then, an analysis of India’s contribution to debates on internet governance by the Center for Internet and Society (India) has revealed a tendency to shift between support for multilateralism and mutli-stakeholderism. Researchers have termed this “nuanced multilateralism,” where a broad range of stakeholders are consulted, but not involved in implementation and enforcement. On the question of cyberspace sovereignty, India seems to share common ground with the Sino-Russian camp, but has refrained from commenting definitively on the issues dividing the two camps. India was one of the member states that backed both UNGA resolutions that resulted in the formation of the OEWG and the UN-GGE (2019-2021). It is also a member of the UN-GGE and has not yet contributed formally to OEWG proceedings. On the multilateral front, it has stayed out of the Osaka Track for Data Governance and the Budapest Convention on Cybercrime.
Get first-read access to major articles yet to be released, as well as links to thought-provoking commentaries and in-depth articles from our Asia-Pacific correspondents.
There is no single approach that captures India’s engagement with multilateral institutions. Its rule-taker instinct is evident from India’s support for the United Nations’ peacekeeping operations. Contrary to this is the rule-breaker approach, which is evident from India’s endeavor to be recognized as a nuclear weapon state while also challenging the norms established by the Nonproliferation Treaty. The expectation that India will be a rule-maker all by itself is unrealistic. In the multipolar world that exists today, no single country, let alone India, can become make the only rule-maker. A more achievable goal for India would be to play the role of a rule-shaper, an active voice among rising powers. This goal finds its strength in India’s economic prowess and diplomatic experience in working with alliances.
India’s success in shaping the international narrative on climate change has already proven its ability as a rule-shaper. With its upcoming National Cybersecurity Policy (2020-2025), India must look to articulate and justify its position on the applicability of international law to cyberspace. It should bring its domestic policy in line with its global aspirations. Given the importance of private companies in this exercise, it must also consider creating an office of a tech ambassador that will present its position consistently. This level of transparency can serve as an important confidence-building measure as it engages across multiple stakeholders and fora to shape future norms.
Prateek Waghre and Shibani Mehta are Research Analysts at The Takshashila Institution, an independent center for research and education in public policy.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans DETROIT – Michigan’s IT professionals already know about the crucial shortage of properly trained and educated Cybersecurity professionals. In fact, you can’t open a newspaper, or a browser, without seeing an article publicizing the critical shortfall of Cybersecurity workers. Worse, the gap shows no sign of […] View full post on AmIHackerProof.com
#nationalcybersecuritymonth | How to Really ‘Own IT’ for National Cybersecurity Awareness Month – Homeland Security Today
National Cybersecurity Awareness Month (NCSAM) is in its 16th year. The theme for 2019 – Own IT. Secure IT. Protect IT. – is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. Considering that individually we are picking up our smartphones on average of 77 times a day and spending nearly 12 hours a day in front of a screen, the digital lines between work and personal lives are all but gone. With nearly every facet of our lives impacted by what we do online, NCSAM calls to action this year include:
- Own IT. If you are reading this, you are using a digital device. Whether you own the device or not, we are all responsible for how we use them – from the data they store and transmit to the information we post online about ourselves and others, or share with other third parties. We are all responsible for our digital footprints, including the data apps collect and transmit from these devices.
- Secure IT. If you own it, you must secure it, from strong credentials (unique usernames, passwords/passphrases, and multifactor authentication) to physical access. This includes securing computers, laptops, tablets, smartphones, apps, and website logins.
- Protect IT. If you own it, you must protect it with security updates and safe browsing practices. Stored information, including personal and customer/consumer data that you gather from others, must also be protected. Every organization has a duty to safeguard the confidentiality, integrity, and availability of data obtained from other persons.
Struggle with Passwords Continues
After all of these years, we are still terrible at creating and managing passwords. Year after year the most commonly used (and breached) passwords still include – you got it – ‘password’ and ‘12345678.’ Variations like ‘p@$$w0rd’ are not any better as they contain common substitutions such as ‘@’ for ‘a,’ etc. Given these shortcomings, password hygiene is a leading topic any time of year, but as National Cybersecurity Awareness Month continues it is a good time for another reminder for organizations to do better at helping employees improve password management.
It is no secret that passwords alone are not the best method to safeguard our digital assets, especially weak passwords. Password security firm LastPass recently published its 3rd Annual Global Password Security Report, which highlights how employees’ continued poor password habits weaken the overall organizational security posture. To affect positive password changes, it is up to organizations to take action to improve password hygiene. Read on for three simple and effective low-cost and no-cost solutions companies and their employees should apply today to start improving overall security and reduce risk posed from stolen passwords.
Longer Passwords Take Longer to Crack
Enforcing the use of longer passwords or passphrases can go a long way. Depending on computing power (and other factors), it could take approximately 23 seconds to crack ‘football1’ (or similar) vs. over 10,000 centuries to crack ‘R73&nebp@98backyard45’ or ‘tHe!weatheriscoLd67outside?’. In addition to making passwords longer, not reusing them across multiple sites and services cannot be overstated. Even if a password is stolen, if it is only used for a single site or service, cyber thieves can only potentially compromise that single account, not the entire kingdom.
Passwords Aren’t Perfect, but MFA Could Save the Day
Adding multifactor authentication (MFA) is another quick win. MFA does not guarantee an account will not be compromised, but it does significantly reduce that likelihood. Authenticator apps like Duo, Authy, and Google Authenticator provide low-cost, no-cost, hassle-free options to add an additional layer of security to the authentication process. This extra step reduces the risk a malicious attacker would be able to successfully log in and compromise valuable accounts, even with a stolen password.
The “Problem” with Password Managers
Password managers store passwords and create strong (and long) passwords so you do not have to – what’s wrong with that? Skeptical about password managers? Password managers don’t have to be perfect, they just have to be better than not having one, says cybersecurity expert Troy Hunt (founder of haveibeenpwned). Other quips by Troy: The only secure password is the one you can’t remember, and when accounts are “hacked” due to poor passwords, victims must share the blame. There are several reputable password managers to choose from, but if you are looking for “go here, do this” for picking a “good” one, check out Troy’s post on why he partnered with 1Password. On a final note, the aforementioned LastPass Global Security Report found that password manager adoption increases when it is convenient. If employees can access and use password managers from their smartphone or other device of their choice, they are more likely to use it. So, what IS the “problem” with password managers? They simply are not used enough.
Cybersecurity Awareness All Year
While October is designated NCSAM, cybersecurity awareness is far from a once-a-year activity. NCSAM materials provide proactive awareness content to use throughout the year. So, while you are sipping that long-awaited (or 100th) pumpkin spice latte, review NCSAM materials for tips, resources, webinars, and workshops. In addition, it is not too late to demonstrate your cybersecurity awareness commitment by becoming an NCSAM Champion. Some of the best NCSAM Champions come from the information-sharing community – WaterISAC, Research & Education Networks ISAC (REN-ISAC), Information Technology ISAC (IT-ISAC), Retail & Hospitality ISAC (RH-ISAC), National Council of ISACs (NCI), Faith-Based ISAO (FB-ISAO), InfraGardNCR, and InfraGard Los Angeles – and they are ensuring organizations and consumers have the resources to stay safer and more secure online. Follow #BeCyberSmart and #CyberAware on social media for great security awareness tips from the NCSAM Champions and others.
Finally, NCSAM is a great time to bolster or jump-start your cybersecurity awareness program. Interested in a ready-made program to plug into your organization? The Cyber Readiness Institute (CRI) may have just the program! Founded by the CEOs of Mastercard, Microsoft, the Center for Global Enterprise, and PSP Partners, CRI’s Cyber Readiness Program is a no-cost, practical, step-by-step guide to help small- and medium-sized enterprises become cyber ready. Completing the program will help make your organization safer, more secure, and stronger in the face of cyber threats.
15 Steps to Keep Foes from Hacking and Hurting Our Water Infrastructure
(Visited 50 times, 1 visits today)
View full post on National Cyber Security