save

now browsing by tag

 
 

Intel #Chairman: Election #Cybersecurity Fixes ‘Might Not be in #Time to Save the #System’

Homeland Security Secretary Kirstjen Nielsen told senators that most states are being cooperative with the whole-of-government effort to protect voting systems from cyberintrusions, though there are two unnamed states “who aren’t working with us as much as we would like right now.”

Members of the Senate Intelligence Committee grilled Nielsen last week about what is being done to secure the vote in light of Russia’s campaign influence operation in the 2016, and for an inside perspective on that campaign season former DHS Secretary Jeh Johnson joined Nielsen at the witness table.

Chairman Richard Burr (R-N.C.) praised DHS for making “great strides towards better understanding elections, better understanding the states, and providing assistance that makes a difference to the security of our elections.”

“But there’s more to do. There’s a long wait time for DHS premier services. States are still not getting all the information they feel they need to secure their systems,” Burr said. “The department’s ability to collect all the information needed to fully understand the problem is an open question, and attributing cyber attacks quickly and authoritatively is a continuing challenge.”

The chairman stressed that “this issue is urgent — if we start to fix these problems tomorrow, we still might not be in time to save the system for 2016 and 2020.”

Vice-Chairman Mark Warner (D-Va.) noted that in 2016 Russian actors “were able to penetrate Illinois’ voter registration database and access 90,000 voter registration records — they also attempted to target the election systems of at least 20 other states.”

“The intelligence community’s assessment last January concluded that Russia secured and maintained access to multiple elements of U.S. state and local election boards,” he said. “And the truth is clear that 2016 will not be the last of their attempts.”

Nielsen described the DHS arm of the election security mission as providing “assistance and support to those officials in the form of advice, intelligence, technical support, incident response planning, with the ultimate goal of building a more resilient, redundant, and secure election enterprise.”

“Our services are voluntary and not all election officials accept our offer of support. We continue to offer it; we continue to demonstrate its value. But in many cases state and local officials have their own resources and simply don’t require the assistance that we’re offering,” she said.

So far, the secretary told senators, “more than half” of states have signed up for DHS’ cyber hygiene scanning service, an automated remote scan “that gives state and local officials a report identifying vulnerabilities and offering recommendations to mitigate them.”

Another tool DHS is using is information sharing directly with election officials “through trusted third parties such as the Multi-State Information Sharing and Analysis Center, or MS-ISAC, and we look forward to the creation of the Election ISAC.”

Nielsen emphasized the need to “rapidly share information about potential compromises with the broader community so that everyone can defend their systems.”

“This collective defense approach makes all election systems more secure,” she said. “We’re also working with state election officials to share classified information on specific threats, including sponsoring up to three officials per state with security clearances and providing one-day read-ins as needed when needed, as we did in mid-February for the secretaries of state and election directors. We are also working with the intelligence community to rapidly declassify information to share with our stakeholders.”

Unlike DHS’ posture in 2016, Nielsen said the department now knows which person to contact in every state to share threat information.

“DHS is leading federal efforts to support and enhance the security of election systems across the country. Yet we do face a technology deficit that exists not just in election infrastructure but across state and local government systems,” she said. “It will require a significant investment over time and will require a whole-of-government solution to ensure continued confidence in our elections.”

Johnson talked about the Obama administration’s reticence to make a wrong move on Russia’s campaign interference and give the appearance that the White House was stepping into the election.

“The reality is that, given our electoral college and our current politics, national elections are decided in this country in a few precincts in a few key swing states. The outcome, therefore, may dance on the head of a pin. The writers of the TV show House of Cards have figured that out. So can others,” Johnson told lawmakers, adding he’s “pleased by reports that state election officials to various degrees are now taking serious steps to fortify cybersecurity of their election infrastructure and that the Department of Homeland Security is currently taking serious steps to work with them in that effort.”

Nielsen said DHS is trying to get security clearances for those three election contact persons in each state, but only “about 20” of those 150 officials have received the full clearance. “We’re granting interim secret clearances as quickly as we can,” she said, adding later that they’re “widely using day read-ins now, so we’re not going to let security clearances hold us up.”

The secretary said “a lot of work” has been accomplished at DHS over the past year on “related processes,” including working with the intelligence community to declassify information as “some of the information does not originate within DHS, so we need to work with our partners to be able to share it.”

“The second one is on victim notification. We have a role there, but so does FBI and so does MS-ISAC, which in this case the Multi-State Information Sharing and Analysis Center was in some cases the first organization to identify some of the targeting,” Nielsen said. “So we have to work with whomever originates the information. We all have different roles. So we’ve worked to pull it all together so that we can quickly notify victims of what has occurred.”

Pressed on the current level of cyber threat from malicious actors heading into midterm elections, Nielsen replied that “the threat remains high.”

“We think vigilance is important, and we think there is a lot that we all need to do at all levels of government before we have the midterm elections,” she said. “I will say our decentralized nature both makes it difficult to have a nationwide effect, but also makes it perhaps of greater threat at a local level. And, of course, if it’s a swing state or swing area that can, in turn, have a national effect.”

“So what we’re looking at is everything from registration and validation of voters — so those are the databases, through to the casting and the tabulation of votes, through to the transmission — the election night reporting, and then, of course, the — the certification and the auditing on the back end. All of those are potential vulnerabilities. All of those require different tools and different attention by state and locals,” Nielsen continued, adding that the federal government continues to work with state and local jurisdictions “to also help them look at physical security.”

“They need to make sure that the locations where the voting machines are kept, as well as the tabulation areas, they need access control and very traditional security like we would in other critical infrastructure areas,” she said.

Johnson told senators that “with the benefit of two years’ hindsight it does seem plain… that the Russian effort has not been contained; it has not been deterred.”

“In my experience, superpowers respond to sufficient deterrence and will not engage in behavior that is cost prohibitive. Plainly, that has not occurred and more needs to be done,” the former DHS chief said. “With the benefit of hindsight, the sanctions we issued in late December [2016] have not worked as an effective deterrent and it’s now on the current administration to add to those and follow through on those.”

advertisement:

The post Intel #Chairman: Election #Cybersecurity Fixes ‘Might Not be in #Time to Save the #System’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Wall #Street Teams Up to Help Save #Client Data in #Cyber Attack

On Wall Street, backing up data now comes with a code name.

Nearly three dozen banks are leading a group called Sheltered Harbor that’s designed to protect consumers’ access to their data in the event a financial institution is hacked. Banks, credit unions and brokerages representing 400 million accounts — or 70 percent of U.S. retail accounts and 60 percent of U.S. brokerage accounts — have signed up to be part of the effort, which went live earlier this year.

Sheltered Harbor requires members to encrypt their customer account data and store it in a vault that is both survivable and accessible in case of a cybersecurity incident, according to the group’s website. If a breach does occur, the affected bank must retrieve and transmit its data to another financial institution, which can load it onto its core platform. That way customers of the hacked bank can still access their account information.

“The focus is on really trying to protect the consumers’ access to their assets,” Steve Silberstein, chief executive officer of Sheltered Harbor, said in a telephone interview. “We have to continue to make the system safer, and it continues to require some amount of sharing and some amount of cooperation to do that.”

For large global banks, it costs $50,000 to participate in Sheltered Harbor, which helps the firms coordinate responses to a cyber attack. For everyone else, fees are based on the amount of assets each one has and can range from $250 to $25,000, according to the group’s website.

The group was formed in November 2016 and its recent progress was reported Sunday by The Wall Street Journal.

Hamilton Series

Sheltered Harbor is a subsidiary of the Financial Services Information Sharing and Analysis Center — or FS-ISAC. Phil Venables, chief operational risk officer at Goldman Sachs Group Inc., and James Rosenthal, former chief operating officer at Morgan Stanley, are co-chairs of the project, according to a press release from FS-ISAC.

The group was formed after banks participated in an exercise in 2015 that was run by FS-ISAC and the U.S. Treasury Department called the Hamilton Series. The exercise exposed how data breaches could hurt consumer confidence in the financial system, even if the incident occurred at a regional or community bank.

Sheltered Harbor does not hold any of the bank account data. Instead, it has created the standards for joining the group and monitors banks’ adherence to those standards, said Silberstein, who was previously the chief technology officer at Sungard Data Systems Inc.

View full post on National Cyber Security Ventures

How #quantum #computing could create #unbreakable #encryption and save the #future of #cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

A new breakthrough in quantum computing may mean quantum key distribution (QKD) is on its way toward being a practical cybersecurity protocol.

Researchers at Duke University, The Ohio State University, and Oak Ridge National Laboratory have announced in the latest issue of Science Advances that they’ve increased the speed of QKD transmission by between five and 10 times the current rates.

Up until this latest breakthrough, which is delivering megabit/second rates, speeds were restricted to between tens to hundreds of kilobits a second.

What is quantum key distribution?

It sounds like something straight out of science fiction, but quantum key distribution is reality, and it could be protecting your data before you know it.

QKD uses photons—particles of light—to encode data in qubits, or quantum bits. The qubits are transmitted to a sender and recipient as an encryption key, and here’s where things get crazy: The transmission channels don’t need to be secure.

QKD’s whole purpose rests on quantum indeterminacy, which states that measuring something affects its original state. In the case of QKD, measuring photonic qubits affects their encoding, which allows the sender and recipient to immediately know if a hacker is trying to crack their quantum encryption key.

That means, theoretically at least, that QKD would be a perfect encryption: Any attempts to crack it would immediately be noticed and keys could be changed.

Making QKD practical for cybersecurity

The breakthrough made by the Duke research team came from being able to pack more data onto a single photon. The trick was learning to adjust the time at which the photon was released, along with adjusting the phase of the photon, causing it to be able to hold two bits of information instead of just one.

What makes the new system developed by the researchers even more amazing is that they were able to do it with nothing but commercially available telecommunication hardware, save the single-photon detector.

“With some engineering,” said Duke graduate student Nurul Taimur Islam, “we could probably fit the entire transmitter and receiver in a box as big as a computer CPU.”

Islam and his research partners say that hardware imperfections render their QKD system less than hack-proof, but their research continues to incorporate hardware shortcomings to make up for them.

“We wanted to identify every experimental flaw in the system, and include these flaws in the theory so that we could ensure our system is secure and there is no potential side-channel attack,” Islam said.

While it’s likely to take some time to emerge from the research phase and become a practical tool, this latest QKD breakthrough gives cybersecurity a leg up on cybercriminals.

As quantum computing becomes accessible, the likelihood of it being used to obliterate current forms of encryption increases, making the development of practical QKD essential. This should come as good news to anyone concerned about the current, and future, state of cybersecurity.

The post How #quantum #computing could create #unbreakable #encryption and save the #future of #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Will A Digital Renaissance Man Save Cybersecurity?

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Cyberattacks we’ve seen to date have been child’s play relative to what’s possible, according to a government expert. We could soon see how bad it can get — and our best defense may be highly capable cyber-warriors. “Sometime in the next few years, we’re going to […] View full post on AmIHackerProof.com | Can You Be Hacked?

Vigilante Hacker is Trying to Save Us From Ourselves

Source: National Cyber Security – Produced By Gregory Evans

Vigilante Hacker is Trying to Save Us From Ourselves

Surely we’re all aware that cyber attacks are getting worse and it’s because there’s been thousands of unsecure, internet-enabled devices hitting the market. These can range from light bulbs you can control with an app to classic printers, but many …

The post Vigilante Hacker is Trying to Save Us From Ourselves appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

200 Coders and Hackers United to Save NASA’s Climate Data From Deletion

200 Coders and Hackers United to Save NASA’s Climate Data From DeletionSource: National Cyber Security – Produced By Gregory Evans BAGGERS AND TAGGERS With pages of climate-related documents and other environmental issues quickly disappearing from government websites, hackers, students, and scientists have decided to take it upon themselves to salvage the information that still remains. Groups in more than 20 … The post 200 Coders and […]

The post 200 Coders and Hackers United to Save NASA’s Climate Data From Deletion appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

Save Someone’s Life This Christmas

Be very careful this Christmas season! People that you know are going to be lonely. That makes them vulnerable to relationship attachments online. That makes them vulnerable to relationship scams. Scammers understand this and work extra hard during the holidays to exploit this. You probably know friends or family members who are alone and isolated. […] #dating #scams #datingscams #htcs View full post on Romance Scams Now™ Official Dating Scams Website – Ghana & Nigerian Scammer Photos

The post Save Someone’s Life This Christmas appeared first on Dating Scams 101.

View full post on Dating Scams 101

Only Biomimicry Will Save Cybersecurity

The network of the office building

Source: National Cyber Security – Produced By Gregory Evans

Only Biomimicry Will Save Cybersecurity

The massive Distributed Denial of Service (DDoS) cyberattack which took down a raft of websites (Twitter, Reddit, Spotify, CNN, The New York Times, Etsy) last Friday comes as a stark reminder of the most elementary axiom of internet security: if

The post Only Biomimicry Will Save Cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

7 Ways To Save Your Sexless Marriage, According To Sex Therapists

In a sexual rut with your partner? Take heart — it’s natural for partners’ sex drives to ebb and flow through the years and things can definitely improve in the bedroom.

Below, sex therapists share seven pieces of advice that have worked for real couples they’ve counseled through the years. 

1. Don’t assume your spouse is uninterested in having sex. 

Don’t jump to conclusions about your partner’s sex drive without consulting him or her. Take the time to reach out, said New York City-based sex therapist Gracie Landes, pointing to the example of a client who assumed her husband was disinterested in sex based off another therapist’s observation.

Read More

The post 7 Ways To Save Your Sexless Marriage, According To Sex Therapists appeared first on Parent Security Online.

View full post on Parent Security Online

Parents turn to doctors, lawmakers to save school recess – Education Week

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Parents turn to doctors, lawmakers to save school recess – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online