Time
to get ready. The Corona virus may help to pinpoint targets.
Renowned
Economist Nouriel Roubini Warns of 2020 Cyber War
Economist
Nouriel Roubini, a professor at the New York University Stern School
of Business and one of the world’s most prominent Keynesian
economists, has predicted that 2020 could be the year the world bears
witness to the first-ever cyber war.
Speaking
on Yahoo Finance’s ‘On
The Move’
on 28 February, Roubini told the debate panel that “[The U.S.] will
have the first global cyber warfare this year,” explaining his
belief that the coming cyber war will like play out between the
United States and any one of its several major geopolitical rivals,
either North Korea, Iran, China or Russia.
“We
imposed sanctions against Russia, China, [North] Korea, and Iran,”
Roubini explained, “and they cannot respond to us with conventional
power, because we are stronger from a conventional point of view.”
“So
if you are a weaker rival of the U.S., and you want to contain the
U.S., what you do is asymmetric warfare. Asymmetric warfare means
you try to weaken your enemy from the inside, and how you do it is
with cyber warfare.”
(Related)
Attacks
on DOD Networks Soar as Telework Inflicts ‘Unprecedented’ Loads
Cyber
attacks on Defense Department networks increased over
the weekend as teleworking employees put “unprecedented” loads on
the military’s computer networks.
“They’re
already taking advantage of the situation and the environment that we
have on hand,” Essye Miller, DOD’s principal deputy chief
information officer, told department employees at a Monday morning
“virtual
town hall.”
To
protect Defense Department networks, the Pentagon is barring users
from accessing YouTube and other streaming services. It’s one of
several concerns officials expressed about rapidly moving the federal
government’s largest agency toward “maximized telework.”
(Related)
Hopes for ‘empathy’ are delusional.
Message
to Cybercriminals: Hospitals Are Off-Limits
On
Sunday night, the Department of Health and Human Services was hit
with a cyberattack.
This incident is the third in a string of cyberattacks that show
malicious cyber actors are not slowing their assault on our public
health system despite the global coronavirus pandemic. In the last
week, the Brno University Hospital in the Czech Republic was hit with
a ransomware
attack
and
the Champaign-Urbana Public Health District’s website was also
taken over by cybercriminals demanding payment. In the case of the
Brno University Hospital, the attack caused all surgeries to be
cancelled and all incoming patients to be re-routed to a nearby
hospital. Cyberattacks at this time could make an already dire
situation far worse.
The
national security community has been slow to recognize cybercriminal
groups as a national security threat. The growth in sophistication
of ransomware campaigns suggests that the capabilities
these groups possess are now on par with many nation states.
Many people have expressed hope online that cybercriminals would
empathize with those who are suffering and think twice before
targeting hospitals. Unfortunately, hope
is not a strategy.
Their targeting of vulnerable critical infrastructure, like public
health systems and hospitals, in a time of crisis demands that the
threat posed by these groups be countered with the full weight that
the United States can bring to bear.
(Related)
Another take on risks and mitigation.
Coping
with Coronavirus: Five Strategies to Mitigate Business Risks
Security
tools.
Brave
Ranked the Most Private Browser While Microsoft Edge and Yandex the
Least Private Due to Privacy-Invading Telemetry
A
new study
by
Professor Douglas J. Leith of Trinity College Dublin tested various
browsers for privacy leaks associated with sending data back to their
makers’ servers. Brave emerged as the most private browser while
the new chromium-based Microsoft Edge and Yandex emerged as the most
privacy-intrusive browsers. This outcome is because of their use of
privacy-intrusive telemetry. Their phoning-home activities and other
secret tracking methods allow them to track users across browser
installs.
(Related)
Why is this not updated continuously? Perhaps as a Wiki?
NIST
Updates and Expands Its Flagship Catalog of Information System
Safeguards
NIST:
“After your organization forms a general plan for tackling its
cybersecurity and privacy risk management issues, it needs particular
state-of-the-art tools to make that plan a reality. Computer
security and privacy experts at the National Institute of Standards
and Technology (NIST) have the answer with an updated toolbox of
safeguards for protecting an organization’s operations and assets,
as well as the personal privacy of individuals.
NIST
Draft Special Publication (SP) 800-53 Revision 5, Security
and Privacy Controls for Information Systems and Organizations,
is a collection of hundreds of specific measures for strengthening
the systems, component products and services that underlie the
nation’s businesses, government and critical infrastructure. One
of NIST’s flagship risk management publications, the
document
is
undergoing its first update in seven
years,
and the agency is accepting public comments on the draft until May
15, 2020.
The
publication offers safeguards for all types of platforms, from
general-purpose computers to industrial control systems and internet
of things (IoT) devices. Its tools are intended for a broad audience
of specialists, from security experts to systems developers to cloud
computing providers…”
Security
Architecture.
Security
is leaving the data center and moving to the edge
The
traditional network security model, in which traffic is routed
through the data center for inspection and policy enforcement, is for
all intents and purposes obsolete. A 2019 study by research firm
Gartner found that “more users, devices, applications, services and
data are located outside of an enterprise than inside.”
Driven
by the adoption
of multi-cloud
infrastructure
and applications, mobility and distributed workforces, the focal
point for security has shifted to users and devices. As a result,
the current data center-centric approach to network security is
struggling to support a load it was not designed to bear.
This
outdated architecture is impacting productivity and the user
experience, while increasing networking costs since more and more
circuits and APIs
are
needed to move traffic in and out of the corporate network.
Meanwhile, implementing various security functions on remote devices
requires a complex and difficult-to-manage mix of endpoint software
agents.
An
excuse for more surveillance?
Joseph
Cox reports:
An Austin, Texas based technology company is launching “artificially intelligent thermal cameras” that it claims will be able to detect fevers in people, and in turn send an alert that they may be carrying the coronavirus.
Athena Security is pitching the product to be used in grocery stores, hospitals, and voting locations. It claims to be deploying the product at several customer locations over the coming weeks, including government agencies, airports, and large Fortune 500 companies.
(Related)
U.S.
government, tech industry discussing ways to use smartphone location
data to combat coronavirus
There are dozens of these. No two the same.
I’ve
been occasionally posting FAQs or guidance from other countries and
regions about privacy and the COVID-19 pandemic.
While
the bigger players tend to get more media coverage and analysis, let
us never forget that we are all impacted.
(Related)
A good source for these…
German
Authorities Issue Guidance Related to Coronavirus
Interesting tool.
Google
Translate launches Transcribe for Android in 8 languages
Google
Translate today launched Transcribe for Android, a feature that
delivers a continual, real-time translation of a conversation.
Transcribe will begin by rolling out support for eight languages in
the coming days: English, French, German, Hindi, Portuguese, Russian,
Spanish and Thai. With Transcribe, Translate is now capable of
translating classroom or conference lectures with no time limits,
whereas before speech-to-text AI in Translate lasted no longer than a
word, phrase, or sentence. Google plans to bring Transcribe to iOS
devices at an unspecified date in the future.
No comments:
Post a Comment