technology

now browsing by tag

 
 

#infosec | #RSAC: Realize the Harms and Benefits of Technology and Create Policies to Enable the Public

Source: National Cyber Security – Produced By Gregory Evans

Speaking at the Cloud Security Alliance (CSA) summit at the RSA Conference in San Francisco, Alex Stamos, adjunct professor at Stanford University’s Freeman-Spogli Institute, said that issues and decisions made by technology companies have angered people.

Stamos, who previously served as CISO of both Facebook and Yahoo, said that once he stepped out of those roles and “out of constant emergencies” he could see the bigger picture.

He said that “tradeoffs from a policy perspective are poorly understood by the public and usually go back to the engineering adage of do you want it done correctly, cheaply, or quickly—pick 1 of 3.” Stamos said that this is a basic problem of society, as people say that they don’t want companies looking at their data, but to stop bad things happening you need to see bad things. “Politicians say companies have to find the bad guys, but you cannot have two things.”

Another issue Stamos highlighted is the balance that technology companies have for “solving societal ills,” as he pointed out that technology companies provide platforms while “every bad thing [that] happened [was] done by people.”

He said that companies have to “embrace transparency and make decisions in a transparent manner.” However, the line has to be drawn around bullying and harassment, as “nothing has changed since the last election.”

Stamos said that Google, Facebook, and Twitter came up with policies on political advertising “in closed rooms with no transparency,” and these will be the rules that the 2020 election will be fought on.

He recommended that the tech industry adopt a regulatory framework similar to what Germany did regarding what speech is allowed online, but should consider how this can be adopted by countries with reduced democratic freedoms. “Or you end up with tech companies who are happy if they get regulated if they can make money, as most people who use the internet don’t live in democracies, or if they do, it is with reduced free speech.”

Stamos concluded by saying that we “have to realize that technology has made changes in good and bad ways” and take responsibility for that.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | #RSAC: Realize the Harms and Benefits of Technology and Create Policies to Enable the Public appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Great Britain at Odds over Police Use of Facial Recognition Technology

Source: National Cyber Security – Produced By Gregory Evans

Great Britain’s three nations are not in agreement over the use of facial recognition technology by police forces.

The technology, which can be legally used by police in Wales, was officially introduced by England’s Metropolitan Police Service in East London yesterday, amid a peaceful protest by Big Brother Watch. 

Use of the technology by English police forces has not been debated in parliament or approved by elected officials. 

By contrast, Police Scotland announced yesterday that its plans to roll out facial recognition technology by 2026 have been put on hold pending a wider debate about the implications of its use. 

Their decision comes in the wake of a report published on Tuesday, February 11, by a Scottish government committee, which concluded that facial recognition technology is “currently not fit for use” by Police Scotland.

The Justice Sub-Committee on Policing informed Police Scotland that the force must demonstrate the legal basis for using the technology and its compliance with human rights and data protection legislation before they can start using it.

In a report that was part of the committee’s inquiry into the advancement of the technology, the committee wrote: “The use of live facial recognition technology would be a radical departure from Police Scotland’s fundamental principle of policing by consent.”

The committee warned that the facial recognition technology was “known to discriminate against females and those from black, Asian and ethnic minority communities.”

Committee convener John Finnie said: “It is clear that this technology is in no fit state to be rolled out or indeed to assist the police with their work.

“Current live facial recognition technology throws up far too many ‘false positives’ and contains inherent biases that are known to be discriminatory.”

Police Scotland Assistant Chief Constable Duncan Sloan said it would now conduct a public consultation on the live software and keep a “watching brief on the trialling of the technology in England and Wales.”

In September 2019, Cardiff’s high court ruled that police use of automatic facial recognition technology to search for people in crowds is lawful. The technology is currently being used by South Wales police.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Great Britain at Odds over Police Use of Facial Recognition Technology appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Johnson will defy US and allow use of Huawei, says top security adviser | Technology

Source: National Cyber Security – Produced By Gregory Evans Boris Johnson is likely to approve the use of Huawei technology in the UK’s new 5G network against the pleas of the US government, a former national security adviser has said. Sir Mark Lyall Grant, who was Theresa May’s national security adviser, said that the security […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | Tech 2019: Our biggest technology stories

Source: National Cyber Security – Produced By Gregory Evans As 2019 splutters to a close, it’s time for our annual lookback at our most-read tech stories, and to ask: “What happened next?”. Facebook and its family of apps dominates this year’s list with four entries – it probably won’t be a surprise that none of […] View full post on AmIHackerProof.com

#deepweb | Jeff Bezos’ big tech bets, Technology News, ETtech

Source: National Cyber Security – Produced By Gregory Evans

Amazon Inc, the world’s largest online retailer, is being known these days as more of a technology company, and rightly so.

Technology is at the core of whatever Amazon does — from algorithms that forecast demand and place orders from brands, and robots that sort and pack items in warehouses to drones that will soon drop packages off at homes.

At its new Go Stores, for instance, advances in computer vision have made it possible to identify the people walking in and what products they pick up, helping add them to their online shopping carts.

Jeff Bezos, the founder of Amazon and the world’s richest man, is always pulling new rabbits out of his hat, like next-day or same-day shipping and cashier-less stores. Besides, there is Blue Origin, the aerospace company privately owned by Bezos, which is on a mission to make spaceflight possible for everyone.

Be that as it may, a lot more disruption aimed at reaching the common man is on the anvil.

The most far-reaching and impactful technologies being developed today are for Amazon’s own use, but some others have the potential to disrupt every sector.

The technology marvels that Amazon Web Services — the largest profit driving unit in Bezos’ stable — is working on could jolt several industries, including in India, in the same way that Amazon once disrupted retail.

“In retail, while things like the size of the catalogue, advertising and other stuff might play a role in success, at Amazon, I think success is largely technology driven,” said Chief Technology Officer Werner Vogels.

The ecommerce giant is using advances in technology to disrupt several sectors outside of retail though — medicine, banking, logistics, robotics, agriculture and much more. Interestingly, some of that work is happening in India.

Initially, the thinking was around allowing enterprises in these sectors to grow by using its cloud storage and computing capabilities.

Now, Amazon’s reach has become more nuanced and it has moved up the value chain.

For example, no longer is Amazon offering banks a place to securely store information, it is going beyond by offering tools to detect fraud, making it unnecessary for the lenders to build expensive data science teams in-house.

It is a similar story in other industries, made possible due to the massive amounts of data that Amazon collects and processes.

“We give people the software capability, so they no longer need to worry about that side of things. Most of our services are machine learning under the covers (and) that’s possible mostly because there’s so much data available for us to do that,” Vogels said.

Jeff Bezos' big tech bets
Medicine

Hospitals in the United States have to save imaging reports for years. Earlier these were stored on tapes, since doing so digitally cost millions of dollars.

The advent of cheaper cloud storage meant new scans could be saved digitally, making them accessible to doctors on demand.

Now, doctors could refer to a patient’s earlier CT scan and compare that with the new one to diagnose an ailment, said Shez Partovi, worldwide lead for healthcare, life sciences, genomics, medical devices and agri-tech at Amazon.

The power of cloud and AWS’ own capabilities in medical technology have only expanded since.

Healthcare and life sciences form rapidly scaling units of AWS, which is building a suite of tools that allow breakthroughs in medicine — from hospitals using the tools to do process modelling or operational forecasting, refining the selection of candidate drugs for trial or delivering diagnoses through computer imaging.

Developed markets will be the first to adopt such technologies, but AWS is seeing demand surge from the developing world, including India.

“Not everyone is within a mile of a radiologist or physician, so diagnostics through AI could solve for that. Further, there’s a lack of highly trained people, but when all you have to do is take an image, it requires a lot less training,” said Partovi.

Space

Jeff Bezos' big tech bets
Bezos, in his private capacity, is now looking to connect remote regions with high-speed broadband. He is building a network of over 3,000 satellites through “Project Kuiper”, which will compete with Elon Musk’s SpaceX and Airbus-backed OneWeb.

The bigger bet is in outer space though. His rocket company Blue Origin has already done commercial payloads on New Shepard, the reusable rocket that competes with SpaceX’s Falcon 9. The capsule atop the New Shepard can carry six passengers, which Bezos looks to capitalise on for space tourism, a commercial opportunity most private space agencies are looking at.

It is also building a reusable rocket – Glenn, named after John Glenn, the first American to orbit the earth — which can carry payloads of as much as 45 tonnes in low earth orbit.

Bezos’ aim, however, is to land on the Moon. His Blue Moon lander can deliver large infrastructure payloads with high accuracy to pre-position systems for future missions. The larger variant of Blue Moon has been designed to land a vehicle that will allow the United States to return to the Moon by 2024.

Robotics

Image Source: Jeff Bezos/Twitter
Image Source: Jeff Bezos/Twitter

Amazon’s take on robotics is grounds-up.

The company has been part of an open-source network that is developing ROS 2 or Robot Operating System 2, which will be commercial-grade, secure, hardened and peer-reviewed in order to make it easier for developers to build robots.

“There is an incredible amount of promise and potential in robotics, but if you look at what a robot developer has to do to get things up and running, it’s an incredible amount of work,” said Roger Barga, general manager, AWS Robotics and Autonomous Services, at Amazon Web Services.

Apart from building the software that robots will run on, AWS is also making tools that will help developers simulate robots virtually before deploying them on the ground, gather data to run analytics on the cloud and even manage a fleet of robots.

While AWS will largely build tools for developers, as capabilities such as autonomous navigation become commonplace, the company could look to build them in-house and offer them as a service to robot developers, Barga said.

With the advent of 5G technology, more of the processing capabilities of robots will be offloaded to the cloud, making them smarter and giving them real-time analytics capabilities to do a better job. For India, robot builders will be able to get into the business far more easily, having all the tools on access, overcoming the barrier of a lack of fundamental research in robotics.

Enterprise Technology

Jeff Bezos' big tech bets
AWS might be a behemoth in the cloud computing space, but cloud still makes up just 3% of all IT in the world. The rest remains on-premise. While a lot will migrate to the cloud, some will not. In order to get into the action in the on-premise market, Amazon has innovated on services that run on a customer’s data centre, offering capabilities as if the data is stored on the cloud.

With Outposts, which was announced last month, AWS infrastructure, AWS services, APIs, and tools will be able to run on a customer’s data centre.

Essentially, this will allow enterprises to run services on data housed within their own data centres, just like how they would if it had been stored on AWS.

The other big problem that AWS is looking to solve is not having its own data centres close enough to customers who require extremely low-latency computing. For this, the company has introduced a new service called Local Zones, where it deploys own hardware closer to a large population, industry, and IT centre where no AWS Region exists today.

Both these new services from AWS could be valuable in India given the lower reach of cloud computing among enterprises as well as stricter data localisation requirements.

Artificial Intelligence/Machine learning

Jeff Bezos' big tech bets
Amazon is moving up the value chain in offering services backed by artificial intelligence and machine learning to automate repetitive tasks done by human beings.

Enterprise customers will simply be able to buy into these services with minimal customisation and without a large data science and artificial intelligence team.

In December, AWS launched its Fraud Detector service that makes it easy to identify potentially fraudulent activity online, such as payment fraud and creation of fake accounts. Even large banks in India have struggled to put together teams to build machine learning models for fraud detection, but with such a service they can train their systems easily.

Code Guru is another service that uses machine learning to do code reviews and spit out application performance recommendations, giving specific recommendations to fix code. Today, this is largely done manually, with several non-technology companies struggling to build great software for themselves due to bad code.

Transcribe Medical is a service that uses Amazon’s voice technology to create accurate transcriptions from medical consultations between patients and physicians. Medical transcription as a service is a big industry in India, and India’s IT service giants hire thousands to review code. These services are expected to replace mundane manual tasks, freeing up resources for sophisticated tasks, and could lead to disruption.

Source link
——————————————————————————————————

The post #deepweb | <p> Jeff Bezos’ big tech bets, Technology News, ETtech <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | ‘Alexa, hack my serverless technology’ – attacking web apps with voice commands

Source: National Cyber Security – Produced By Gregory Evans

Amazon’s voice assistant wisecracks her way through SQL injection attacks on serverless environments at Black Hat Europe

Developers in serverless environments must heed the threat posed to their applications by voice command inputs, an industry expert has warned.

Speaking at the Black Hat Europe conference in London last week, researcher Tal Melamed took control of vulnerable applications hosted on serverless environments using Alexa-guided SQL injection attacks.

‘Sounds like a dream’

Serverless architecture, which allows developers to build applications without provisioning a server, is becoming an increasingly popular choice among developers, said Melamed, who is leading the OWASP Serverless Top 10 project.

Code is executed only when needed and “you don’t pay for what you don’t use”, the researcher noted, adding that the approach is a boon for “experimentation and scaling up”.

Serverless application development “sounds like a dream,” he said. But if organizations are liberated from the burdens of server management, it does not follow that security concerns are fully outsourced to service providers like AWS, Azure, and Google Cloud Platform.

This is because serverless applications still execute code, said Melamed – and insecure code is vulnerable to application-level attacks.

Melamed, head of research at Protego Labs, told The Daily Swig that all too many developers are unaware that serverless environments demand a different security posture to their traditional counterparts.

Read more of the latest news on hacking techniques from The Daily Swig

Outsourcing the perimeter

Outsourcing server architecture might reduce workload, but it also tears down the security perimeter.

“Serverless is an event-driven architecture where code is triggered via different events in the cloud,” Melamed told The Daily Swig.

Unlike monolithic applications, developers are not limited to APIs.

“Code can now be executed due to an email that was received, a file that was uploaded or a database table that was changed. The ‘connection’ between those events to your code is transparent and is controlled by the cloud provider.”

All too many developers “are unaware of the adjustments” they need to make “to attend [to] those risks.”

Those adjustments include never trusting inputs, which should be validated before data is processed.

“However, [developers] need to get used to the fact that the input could come from unexpected sources, like Alexa voice commands,” added Melamed.

Alexa, what is my balance?

Melamed’s final demonstration, in which he stole data from a hypothetical user account, illustrated how a voice-command injection attack requires only “code [that’s] vulnerable to SQL injection, which accepts inputs from Alexa (or any other voice-enabled devices) and processes the input as part of the database queries without validating it first.”

Alexa translated his voice commands – such as “what is my balance?” – into code.

“I designed it so it would translate words of numbers into actual numbers,” he told attendees.

The voice-delivered code that cracked the user’s secret ID, unlocking the cash balance, was .

The lesson to “organizations that develop voice-enabled applications” is clear, Melamed told The Daily Swig: they “should consider voice-commands as [an] input to their application.”

Melamed also launched event injection attacks through a third-party app using rest API, against cloud storage, and via email.

Melamed said his demos – coming soon to GitHub – evidenced the importance of shrinking “the attack surface by following the least-privilege principle: narrowing down the permissions of every serverless function as much as possible.”

Attendees were also urged to automate their defensive processes wherever possible.

Telling it like it is, Alexa clearly assigned blame for successful injection attacks: “In short, the problem isn’t the cloud – it’s you [the developer]”.

RELATED The best hacks from Black Hat Europe 2019

Source link

The post #hacking | ‘Alexa, hack my serverless technology’ – attacking web apps with voice commands appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Accel’s new India fund, Slowing growth of AePS & more, Technology News, ETtech

Source: National Cyber Security – Produced By Gregory Evans Accel’s new India fund What’s the news? Accel India, backer of leading technology startups such as Flipkart, Freshworks and Swiggy, has raised about $550 million for its sixth India fund, taking its assets under management to $1.5 billion. This makes Accel VI among the largest corpuses […] View full post on AmIHackerProof.com

#cybersecurity | hacker | ‘DIRT CLEAN’ -a technology rationalization approach for security controls

Source: National Cyber Security – Produced By Gregory Evans Security is a boardroom topic and not a hard sell these days. Not saying the job of the CISO has become easier, but certainly getting funding is less of a herculean task as it used to be 10 years ago. Everyday we get updates about breaches […] View full post on AmIHackerProof.com

#deepweb | Technology Might Save, or Doom, the 2020 Census

Source: National Cyber Security – Produced By Gregory Evans

Photo: More than 120,000 enumerators gathered data for the 1940 census.
For the 1940 census, more than 120,000 enumerators gathered and processed data. Eighty years later, the 2020 census will be the first to go online. AP/National Archives and Records Administration

The 2020 count will be the first census to go online, and it faces many threats, from cyberattacks and scam artists to security fears and undercount risks.

With the next census, for the first time ever, respondents will be able to fill out their questionnaires online. This marks a major transition for the count, which guides the apportionment of seats in Congress and the disbursement of hundreds of billions of dollars in federal funds. Giving Americans the option to fill out the 2020 census by laptop or smartphone means dragging Article 1, Section 2 of the U.S. Constitution into the 21st century. For better or for worse.


Worries over the looming census run beyond the typical concerns about underfunding and understaffing (although those are fraying nerves this time around also). Putting the census online opens a Pandora’s box of new risks, including meddling from hackers and scammers, and there’s evidence that vultures are already circling. While the first-ever online census introduces challenges for consumer protection and data security, the greatest threat to the census itself may be inequality—specifically, the digital divide.



“Asking people to fill out a form on their phone is quite different and complicated from asking people to use a social media app,” says Greta Byrum, co-director of the Digital Equity Laboratory at the New School.


Beware the census scams


First, the good news: An overwhelming majority of adults in America know about the census and plan to participate. The brand is strong, according to the Pew Research Center, despite the Trump administration’s failed effort to pin a divisive citizenship question onto the questionnaire. Yet its (quite literal) household-name status also makes it a high-value target for players intent on misleading people.


For example, in October, the Republican National Committee issued a mailer in Bozeman and other areas in Montana that represented itself as a “2019 congressional district census.” The document was really a disguised solicitation for President Donald Trump’s re-election campaign, leading officials in Montana to condemn the “imitation census” as misinformation.


Other census-lookalike forms are designed to lure people to sites where they might be asked for identifying personal information or financial records (even though the census doesn’t ask for these details). “We’ve already seen cases of fake mailers, where they ask people to go to some random URL,” Byrum says. She gives an example of a library patron in Canandaigua, New York, who brought a mimic mailer in to the local library to ask whether it was an official census form.



When the official 2020 census launches next April, the mailers that come to households will direct respondents to a web address and provide them with a unique identifying code. That opens a window for fraud: Bad actors might design convincing spoof sites that look like an official census portal, or they might zero in on (say) a wifi network created for census response by a neighborhood complete count committee. All the usual malware maladies that plague email could be tried against the census, and the same people who are vulnerable to those attacks—older people and those less familiar with online interactions—may be victimized. Other scammers pretend to be Census Bureau staffers and use analog methods of deceit to lure victims into handing over Social Security numbers and other identifying personal information over the phone or at the door. Organizations like AARP have been warning members how to better identify census fraud threats and imposters.


The U.S. Census Bureau’s 2020 data collection push itself could also be a target. When Australia launched its first online census in 2016, it was subject to a distributed denial of service attack that crashed the site, forcing authorities to take it down. Security experts have warned the Bureau that census data will be vulnerable both during transmission and at rest. Earlier this year, officials from the Government Accountability Office testified before the House that the Census Bureau had flagged more than 500 corrective actions to be taken during a cybersecurity risk assessment, nearly half of which were deemed high risk.


“The Census Bureau has been extremely guarded about how they’re building these systems,” Byrum says. “There was a long delay on procurement of these contracts because of the [federal government] shutdown [in 2018–19]. The Census Bureau is really far behind on building the IT systems.”


Delays, budget uncertainties, and lapses in leadership have loomed over the census. While three full trials were planned to test all 50-odd new IT systems for the 2020 Census, the bureau scaled back its preparations to a single dress rehearsal in Rhode Island’s Providence County due to funding shortfalls. “When we went into the end-to-end pilot in Rhode Island in 2018, several of the systems were not completed yet. We haven’t seen them. They haven’t been tested in the field. They’re not going to be tested.”


New technology, and stubborn gaps


Even the system for ensuring that the census reaches hard-to-count households is brand new. For the 2010 census, the bureau hired about 160,000 temporary workers known as “listers” to canvas nearly every block in the nation and generate the agency’s master address file (part of a much larger temporary workforce). As a cost-saving mechanism, the Census Bureau scaled back the door-to-door canvassing operation for 2020. The agency is splitting this task into “in-field” and “in-office” efforts. The latter involves sophisticated data analysis techniques, including machine learning and satellite imaging, to generate a profile for places that have added addresses.



As a result, the Census Bureau is only physically canvassing a quarter of the blocks that the agency covered for the last census. During the single (and only) end-to-end trial conducted of the census, the in-office (digital) canvassing results differed from the in-field (analog) canvassing results for 61 percent of the blocks tested, according to a final internal report on the trial.


“If there’s an over-representation of folks who have internet at home, we don’t know that the nonresponse follow-up systems as it exists is going to be able to identify who has not been counted,” Byrum says. “We’re not sure there’s any corrective mechanism to identify or measure an undercount.”


There won’t be another dress rehearsal before Census Day (April 1, 2020). The 2018 practice run in Providence County did not exactly inspire confidence, according to James Diossa, the mayor of Central Falls, Rhode Island. Outreach was nonexistent. Worse still, Commerce Secretary Wilbur Ross announced the citizenship question in March 2018, midway through the test, adding to the confusion. “There was no information, no advertising, no discussions happening from the Census Bureau around this test trial run,” Diossa told CityLab earlier this year.



“Folks would rather not transmit their data through systems that they neither understand nor trust.”

Yet outreach is an enormous obstacle for the 2020 census, thanks to the deep divides in the ways that American reach and use the internet. In New York City, for example, more than 917,000 households lack access to broadband at home—29 percent of the city, per a July report on the census from the Office of the New York City Comptroller. This digital divide tracks neatly with existing borders that define marginalized populations, including race, class, and ethnicity. Nearly half of the homes in Borough Park, Kensington, and Ocean Parkway in Brooklyn lack broadband access at home, while on the Upper East Side that figure is just 15 percent.


Share of households in New York City without broadband internet access. This map strictly shows households that lack at-home broadband, so it excludes households with cellular data plans for phones or tablets. (NYC Office of the Comptroller)

Broadband access isn’t the only measure of the digital divide. Sticking with New York, about 38 percent of households without internet access at home pay for data on a mobile device. Smartphones may be ubiquitous among communities of color, particularly in low-income communities, but that isn’t a closing of the digital divide, says Maya Wiley, professor at the New School and founder and co-director of the Digital Equity Laboratory. “Try doing your homework on a mobile phone,” she says.


Counting on trust


Black and Hispanic adults, who are more likely to have unreliable access to the internet in the first place, also harbor greater doubts about the census, according to the research from Pew. And no wonder: The Trump administration took great pains to introduce a citizenship question as a way to give an edge to Republicans and non-Hispanic whites. While the effort to add the citizenship question failed, the distrust lingers, and putting the census online raises a whole new category of objection.



“Folks would rather not transmit their data through systems that they neither understand nor trust,” says Melva M. Miller, executive vice president for the Association for a Better New York, a nonprofit that has identified 2020 census outreach as a priority.


Maximizing New York City’s self-response rate is one of her association’s goals going into a census that could see the state as a whole lose billions of dollars in federal funds as well as one or more seats in Congress. Developing messaging to reach hard-to-count communities means coming up with the strategy that’s most likely to reach a trusted figure within a particular demographic, whether that’s a maternal head-of-household, religious leader, or social media platform. And the answer changes wherever you go.


“I was in a conference and sitting on a panel with a woman who is organizing in the state of Arkansas, and she mentioned that there’s been some hesitation among the minority community specifically in Arkansas around filling out the form online. Their preference was to complete the form over the phone,” Miller says. “In our focus groups [in New York], we saw the absolute opposite. Filling out the census over the phone was the least favorite option, even after enumerators knocking on individual doors.”


Public libraries are likely to be the front line in census outreach: That’s where many people who don’t have home access to the internet go to get online. And as trusted arbiters of information across many different communities, librarians have been preparing for the 2020 census for at least two years, according to Larra Clark, deputy director for policy at the Public Library Association (part of the American Library Association). In fact, librarians are already doing some heavy lifting for the 2020 count: They’re helping library users apply for and train for jobs with the Census Bureau, processes that have migrated online with this census.



“Every time we see a government activity move online, whether it’s only online or partly online, every single time we see an impact on our public libraries,” Clark says. “So much about the census is about what public libraries do every day ensuring people have a safe and effective online experience.”



Librarians, faith leaders, and other standard bearers have their work cut out for them. For the 2020 census to succeed, they’ll have to help communities across the country bridge the gulfs of digital illiteracy and lack of accessibility. Success assumes that the government’s untested census technologies hold up to attacks from pirates, hackers, and foreign governments. And if everything works—well, we’ll never know, really. The Census Bureau isn’t conducting a control trial to see how the online census measures up to past efforts.


“If we have a census where a large percentage of the population don’t have faith in the results,”Byrum says, “then we’re in a very poor position when it comes to how we make those decisions or how we litigate going forward regarding these very important issues.”

About the Author

Source link
——————————————————————————————————

The post #deepweb | <p> Technology Might Save, or Doom, the 2020 Census <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Does #Cyber Security Really Need #Machine Learning #Technology?

Source: National Cyber Security – Produced By Gregory Evans

Amidst the escalating number of high-profile hacks and cyber attacks, organizations are now embracing various forms of artificial intelligence (AI) – including machine learning technology and neural networks – as a new cyber security defense mechanism. At a time when human skills and competencies appear to be overmatched, the thinking goes, machines have a nearly infinite ability to analyze threats and then respond to them in real-time.

Is machine learning really the silver bullet?
However, putting one’s faith in the ability of machines to defend entire organizations from hacker attacks and other forms of security intrusions ignores one basic fact: cyber security is an arms race, and the same weapons that are available to one side will soon be available to the other side. Put another way, the same machine learning technologies being embraced by the world’s top corporations and data scientists will soon be co-opted or adopted by the world’s top hackers.

Moreover, there is still quite a bit of work to be done before any machine learning cyber defense is fully robust. Right now, machine learning excels at certain tasks, but still needs significant human intervention to excel at others. For example, machines are extremely good at “classification,” which enables them to label and describe different types of hacker attacks. As a result, machines can differentiate between spoofing attacks, phishing attacks and other types of network intrusions.

The idea here is simple: just show a machine many different examples of hacker attacks, and they will eventually learn how to classify them very efficiently. The more raw data and data points you show machines (think of all this data as “training data”), the faster they will learn. In many ways, it is similar to the machine learning techniques used for image recognition tools – show a machine enough photos of a dog, and it will eventually be able to pick out a dog in any photo you show it.

Thus, it’s easy to see an obvious implication for machine learning and cyber security: machines can help security teams isolate the most pressing threats facing an organization and then optimize the defenses for those threats. For example, if an organization is facing a hundred different potential threats, a machine can easily sort and classify all of those threats, enabling humans to focus only on the most mission-critical of these.

The use cases of machine learning in cyber security
One of the most obvious ways to apply machine learning in cyber security involves the creation of stronger spam filters. For many organizations, a constant security threat is the ability of hackers to get inside the organization simply by sending spam emails filled with all kinds of malware. Once an employee clicks on a bad link or opens a bad attachment that makes it past conventional spam filters, it may be possible for malware to spread throughout an organization’s network.

Thus, you can immediately see why adopting machine learning for email security makes so much sense – it can provide a first layer of defense against these spam emails laden with malware. If you frame email as a “classification” problem, then machines can play an important role in sifting out the “good” emails from the “bad” emails. You simply show a machine many, many different examples of “bad” emails as well as many, many different examples of “good” emails, and it will eventually become 99.9% efficient in sorting them out (or so one common myth about machine learning goes).

Another common use case for machine learning in cyber security involves spotting irregular activity within an organization’s network traffic. For example, an unexpected surge of network activity might signal some sort of looming cyber attack (such as a DDOS attack). Or, activity in the accounts of certain employees that is out of the norm might indicate that one or more of these accounts have been compromised. Again, it matters how you frame the problem for machines: organizations must be able to show them what “normal” looks like, so that they will then be able to spot any irregular deviations from the normal state of network affairs.

Machine learning, cyber security and the enterprise
To get cyber security executives thinking more deeply on the matter (without delving too deeply into the complex data science behind machine learning), the technology research firm Gartner has proposed a PPDR model, which corresponds to the various uses of machine learning for cyber security within the enterprise:

Prediction
Prevention
Detection
Response
In short, with machine learning technology, organizations will be able to predict the occurrence of future attacks, prevent these attacks, detect potential threats, and respond appropriately. With the right machine learning algorithms, say experts, it might be possible to shield even the largest and most vulnerable organizations from cyber attacks. In the big data era, when organizations must grapple with so much data, it’s easy to see why they are turning to machines.

With that in mind, Amazon is leading the way with an application of machine learning for the cloud. At the beginning of 2017, Amazon acquired a machine learning startup, harvest.ai, for just under $20 million. The goal of the acquisition was to be able to use machine learning to search for, find and analyze changes in user behavior, key business systems and apps, in order to stop targeted attacks before any data can be stolen or compromised.

Then, in November 2017, the company’s cloud business, Amazon Web Services (AWS), unveiled a new cyber security offering based on machine learning called Amazon Guard Duty. The allure of the new offering is easy to grasp: companies with a lot of data in the cloud are especially vulnerable to hackers, and they are easy “sells” for any company that is able to promise that their cloud offerings will be safe from attack. Already, big-name companies like GE and Netflix have signed on as customers of Amazon’s new machine learning-based offering.

Clearly, there is a tremendous amount of potential for machine learning and cyber security within the enterprise. Some industry experts have estimated that, in the period from 2015-2020, companies will spend a combined $655 billion on cyber security. Other estimates have been even more aggressive, suggesting that the total could be closer to $1 trillion.

If companies are spending so much money on cyber security, though, they will want to be certain that new solutions featuring machine learning actually work. In order for machine learning to live up to the hype, it will need to offer a fully robust security solution that covers every potential vulnerability for a company – including the network itself, all endpoints (including all mobile devices), all applications and all users. That’s a tough order to fill, but plenty of organizations are now betting that machines will be up to the task.

The post Does #Cyber Security Really Need #Machine Learning #Technology? appeared first on National Cyber Security .

View full post on National Cyber Security