Wednesday, March 18, 2020


Time to get ready. The Corona virus may help to pinpoint targets.
Renowned Economist Nouriel Roubini Warns of 2020 Cyber War
Economist Nouriel Roubini, a professor at the New York University Stern School of Business and one of the world’s most prominent Keynesian economists, has predicted that 2020 could be the year the world bears witness to the first-ever cyber war.
Speaking on Yahoo Finance’s ‘On The Move on 28 February, Roubini told the debate panel that “[The U.S.] will have the first global cyber warfare this year,” explaining his belief that the coming cyber war will like play out between the United States and any one of its several major geopolitical rivals, either North Korea, Iran, China or Russia.
We imposed sanctions against Russia, China, [North] Korea, and Iran,” Roubini explained, “and they cannot respond to us with conventional power, because we are stronger from a conventional point of view.”
So if you are a weaker rival of the U.S., and you want to contain the U.S., what you do is asymmetric warfare. Asymmetric warfare means you try to weaken your enemy from the inside, and how you do it is with cyber warfare.”


(Related)
Attacks on DOD Networks Soar as Telework Inflicts ‘Unprecedented’ Loads
Cyber attacks on Defense Department networks increased over the weekend as teleworking employees put “unprecedented” loads on the military’s computer networks.
They’re already taking advantage of the situation and the environment that we have on hand,” Essye Miller, DOD’s principal deputy chief information officer, told department employees at a Monday morning “virtual town hall.
To protect Defense Department networks, the Pentagon is barring users from accessing YouTube and other streaming services. It’s one of several concerns officials expressed about rapidly moving the federal government’s largest agency toward “maximized telework.”


(Related) Hopes for ‘empathy’ are delusional.
Message to Cybercriminals: Hospitals Are Off-Limits
On Sunday night, the Department of Health and Human Services was hit with a cyberattack. This incident is the third in a string of cyberattacks that show malicious cyber actors are not slowing their assault on our public health system despite the global coronavirus pandemic. In the last week, the Brno University Hospital in the Czech Republic was hit with a ransomware attack and the Champaign-Urbana Public Health District’s website was also taken over by cybercriminals demanding payment. In the case of the Brno University Hospital, the attack caused all surgeries to be cancelled and all incoming patients to be re-routed to a nearby hospital. Cyberattacks at this time could make an already dire situation far worse.
The national security community has been slow to recognize cybercriminal groups as a national security threat. The growth in sophistication of ransomware campaigns suggests that the capabilities these groups possess are now on par with many nation states. Many people have expressed hope online that cybercriminals would empathize with those who are suffering and think twice before targeting hospitals. Unfortunately, hope is not a strategy. Their targeting of vulnerable critical infrastructure, like public health systems and hospitals, in a time of crisis demands that the threat posed by these groups be countered with the full weight that the United States can bring to bear.


(Related) Another take on risks and mitigation.
Coping with Coronavirus: Five Strategies to Mitigate Business Risks




Security tools.
Brave Ranked the Most Private Browser While Microsoft Edge and Yandex the Least Private Due to Privacy-Invading Telemetry
A new study by Professor Douglas J. Leith of Trinity College Dublin tested various browsers for privacy leaks associated with sending data back to their makers’ servers. Brave emerged as the most private browser while the new chromium-based Microsoft Edge and Yandex emerged as the most privacy-intrusive browsers. This outcome is because of their use of privacy-intrusive telemetry. Their phoning-home activities and other secret tracking methods allow them to track users across browser installs.


(Related) Why is this not updated continuously? Perhaps as a Wiki?
NIST Updates and Expands Its Flagship Catalog of Information System Safeguards
NIST: “After your organization forms a general plan for tackling its cybersecurity and privacy risk management issues, it needs particular state-of-the-art tools to make that plan a reality. Computer security and privacy experts at the National Institute of Standards and Technology (NIST) have the answer with an updated toolbox of safeguards for protecting an organization’s operations and assets, as well as the personal privacy of individuals.
NIST Draft Special Publication (SP) 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations, is a collection of hundreds of specific measures for strengthening the systems, component products and services that underlie the nation’s businesses, government and critical infrastructure. One of NIST’s flagship risk management publications, the document is undergoing its first update in seven years, and the agency is accepting public comments on the draft until May 15, 2020.
The publication offers safeguards for all types of platforms, from general-purpose computers to industrial control systems and internet of things (IoT) devices. Its tools are intended for a broad audience of specialists, from security experts to systems developers to cloud computing providers…”




Security Architecture.
Security is leaving the data center and moving to the edge
The traditional network security model, in which traffic is routed through the data center for inspection and policy enforcement, is for all intents and purposes obsolete. A 2019 study by research firm Gartner found that “more users, devices, applications, services and data are located outside of an enterprise than inside.”
Driven by the adoption of multi-cloud infrastructure and applications, mobility and distributed workforces, the focal point for security has shifted to users and devices. As a result, the current data center-centric approach to network security is struggling to support a load it was not designed to bear.
This outdated architecture is impacting productivity and the user experience, while increasing networking costs since more and more circuits and APIs are needed to move traffic in and out of the corporate network. Meanwhile, implementing various security functions on remote devices requires a complex and difficult-to-manage mix of endpoint software agents.




An excuse for more surveillance?
Joseph Cox reports:
An Austin, Texas based technology company is launching “artificially intelligent thermal cameras” that it claims will be able to detect fevers in people, and in turn send an alert that they may be carrying the coronavirus.
Athena Security is pitching the product to be used in grocery stores, hospitals, and voting locations. It claims to be deploying the product at several customer locations over the coming weeks, including government agencies, airports, and large Fortune 500 companies.
Read more on Motherboard.


(Related)
U.S. government, tech industry discussing ways to use smartphone location data to combat coronavirus




There are dozens of these. No two the same.
I’ve been occasionally posting FAQs or guidance from other countries and regions about privacy and the COVID-19 pandemic.
While the bigger players tend to get more media coverage and analysis, let us never forget that we are all impacted.
Here’s an FAQ from the office of the privacy commissioner of New Zealand.


(Related) A good source for these…
German Authorities Issue Guidance Related to Coronavirus




Interesting tool.
Google Translate launches Transcribe for Android in 8 languages
Google Translate today launched Transcribe for Android, a feature that delivers a continual, real-time translation of a conversation. Transcribe will begin by rolling out support for eight languages in the coming days: English, French, German, Hindi, Portuguese, Russian, Spanish and Thai. With Transcribe, Translate is now capable of translating classroom or conference lectures with no time limits, whereas before speech-to-text AI in Translate lasted no longer than a word, phrase, or sentence. Google plans to bring Transcribe to iOS devices at an unspecified date in the future.



No comments: