Thursday, October 07, 2021

Questions I’d like answered too. Who decides to put hundreds of small businesses at risk?

https://www.cpomagazine.com/cyber-security/fbi-withheld-kaseya-ransomware-decryption-key-for-three-weeks-congress-demands-the-agency-explain-itself/

FBI Withheld Kaseya Ransomware Decryption Key for Three Weeks; Congress Demands the Agency Explain Itself

The Kaseya ransomware attack of July was particularly devastating to small businesses in the United States, with an estimated 800 to 1,500 companies impacted.

In late September, the Washington Post published a story revealing that the FBI had been holding onto the key with the knowledge and agreement of other agencies. The Post cited several anonymous US officials as sources. The FBI and other agencies apparently felt that distributing the key would tip off REvil that their servers had been penetrated, as they worked behind the scenes to identify the players and put them out of business for good.

As it turns out, the secrecy was pointless; REvil abruptly went out of business on their own in mid-July, possibly after becoming aware that government groups were in their servers. However, the FBI held on to the key for about 10 days after the group’s “Happy Blog” and other infrastructure used for receiving ransom payments disappeared from the dark web.


(Related) Definitely worth a read!

https://www.bespacific.com/ransomware-and-federal-law-cybercrime-and-cybersecurity/

Ransomware and Federal Law: Cybercrime and Cybersecurity

CRS Report – Ransomware and Federal Law: Cybercrime and Cybersecurity, October 5, 2021: “Ransomware attacks—the use of malicious software to deny users access to data and information systems to extort ransom payments from victims—are prevalent. A recent notable example is the May 2021 ransomware attack that temporarily shut down the Colonial Pipeline Company’s network, affecting gasoline availability and prices. This attack is but one of many; in 2020 alone, the Federal Bureau of Investigation (FBI) received nearly 2,500 ransomware complaints with losses exceeding $29 million. Federal law provides several potential approaches to combat ransomware attacks. First, federal criminal laws, such as the Computer Fraud and Abuse Act (CFAA), can be used to prosecute those who perpetrate ransomware attacks. These laws and others, such as the statutes criminalizing conspiracy and aiding and abetting, might also be used to prosecute individuals who help to develop ransomware that is ultimately used by others. Victims who pay ransoms might also be subject to criminal or civil penalties in some cases—for example, where a ransom payment is made knowingly to an entity either designated as a foreign terrorist organization or subject to sanctions by the Department of the Treasury. Nevertheless, policy considerations, mitigating factors, and prosecutorial discretion may weigh against enforcement in such instances. Second, federal cybersecurity laws play an important role in both preventing and responding to ransomware attacks. Cyber preparedness laws require federal agencies to secure their networks and authorize the Cybersecurity and Infrastructure Security Agency (CISA) and Office of Personnel Management (OPM) to establish federal network security requirements. Other cyber preparedness laws authorize federal agencies to assist private entities operating in critical infrastructure sectors in securing their systems. Moreover, many data protection laws include requirements for covered entities to safeguard customer or consumer data. If a ransomware attack or other cyber incident occurs, federal law requires CISA and other federal agencies to work together to mitigate harm to federal networks and authorizes them to assist private entities in incident response and damage mitigation…”



Imagine your kid getting this app and backseat driving takes on a whole new meaning…

https://www.bloomberg.com/news/articles/2021-10-07/apple-s-plan-for-cars-using-iphone-to-control-a-c-seats-radio

Apple’s Plan for Cars: Using iPhone to Control A/C, Seats, Radio

Apple Inc., whose CarPlay interface is used by millions of motorists to control music, get directions and make phone calls, is looking to expand its reach within cars.

The company is working on technology that would access functions like the climate-control system, speedometer, radio and seats, according to people with knowledge of the effort. The initiative, known as “IronHeart” internally, is still in its early stages and would require the cooperation of automakers.



How not to issue regulations? TSA strikes (out) again!

https://www.csoonline.com/article/3636408/tsa-to-issue-cybersecurity-requirements-for-us-rail-aviation-sectors.html#tk.rss_all

TSA to issue cybersecurity requirements for US rail, aviation sectors

After issuing cybersecurity requirements for pipeline companies via two directives earlier this year, the Transportation Safety Administration (TSA) will now also issue cybersecurity requirements for rail systems and airport operators.

Although Mayorkas said that TSA is "coordinating and consulting with industry as we develop all of these plans," Jessica Kahanek, director of media relations at the Association of American Railroads (AAR), said in a statement that it "had only three business days to review and provide feedback on the draft security directive."



Pointing to many reports…

https://www.csoonline.com/article/3634869/top-cybersecurity-statistics-trends-and-facts.html#tk.rss_all

Top cybersecurity statistics, trends, and facts

Survey data from the past year paints a picture for what your threat landscape will potentially look like in the coming months



A list worth researching. You never know what you might find!

https://www.llrx.com/2021/09/2021-guide-to-internet-privacy-resources-and-tools/

2021 Guide to Internet Privacy Resources and Tools

Technology has significantly changed our concept of privacy as well as our ability to maintain it. The are a wide spectrum of tools, services and strategies available to assist you in the effort to maintain a sliding scale of privacy in an increasingly porous, insecure online environment. Whether you are browsing the internet, using email or SMS, encrypting data on PCs or mobile phones, looking for the best VPN, or working to secure your online services from cybercrime, hacking or surveillance, this guide identifies a wide range of sources for you to consider. The foundational issue regarding privacy is that you must be proactive, diligent and persistent in evaluating and using multiple applications for email, search, file transfer, and social media. There is no “one size fits all” solution, and your vigilance and willingness to implement solutions are part of an ongoing process.



...and you can’t use my DNA to create a clone.

https://www.insideprivacy.com/health-privacy/newly-effective-florida-law-imposing-criminal-sanctions-adds-to-developing-nationwide-patchwork-of-state-genetic-privacy-laws/

Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws

Last Friday, October 1, the Protecting DNA Privacy Act (HB 833 ), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA. While the criminal penalties in HB 833 are notable, Florida is not alone in its focus on increased genetic privacy protections. A growing number of states, including Utah, Arizona, and California, have begun developing a net of genetic privacy protections to fill gaps in federal and other state legislation, often focused on the privacy practices of direct-to-consumer (“DTC”) genetic testing companies. While some processing of genetic information is covered by federal law, the existing patchwork of federal genetic privacy protections do not clearly cover all forms of genetic testing, including DTC genetic tests.



Yes, it could happen here. Think of it as “Big Robo-brother.”

https://www.theguardian.com/world/2021/oct/06/dystopian-world-singapore-patrol-robots-stoke-fears-of-surveillance-state

Dystopian world’: Singapore patrol robots stoke fears of surveillance state

Singapore has trialled patrol robots that blast warnings at people engaging in “undesirable social behaviour”, adding to an arsenal of surveillance technology in the tightly controlled city-state that is fuelling privacy concerns.

From vast numbers of CCTV cameras to trials of lampposts kitted out with facial recognition tech, Singapore is seeing an explosion of tools to track its inhabitants.



How to handle really, really big data…

https://www.c4isrnet.com/intel-geoint/2021/10/06/national-geospatial-intelligence-agency-boss-reveals-data-strategy/

National Geospatial-Intelligence Agency boss reveals data strategy

Dozens of commercial providers have created entire constellations of sensors that can feed data to the government, while within the Defense Department, organizations are developing or discussing entirely new constellations of imagery satellites to fulfill the needs of joint war fighters.

The growth in GEOINT data from government and commercial sources here and around the world is staggering. This exponential growth in data leads us to one of our biggest challenges: managing all of the data,” Vice Adm. David Sharp, director of NGA, said Wednesday at the 2021 GEOINT Symposium in St. Louis, Missouri.

Sharp outlined the four major focus areas guiding its data investments:

  • First, we have to have data that can be intuitively discovered, easily accessed and responsibly shared with those who need it.”

  • Second, we have to improve data assets so that they can be easily reused for both anticipated and unanticipated purposes.”

  • Third, our customers and workforce have to be able to efficiently find data across different security domains.”

  • And lastly, we need artificial intelligence and machine learning to enhance our production capacity.”

… NGA Data Strategy 2021 PDF https://www.nga.mil/assets/files/RCD_U_2021-00986_210205-006_NGA_Data_Strategy_Digital__APPROVED_21-873_093021_v6.pdf



Thoughtful.

https://sloanreview.mit.edu/article/building-an-organizational-approach-to-responsible-ai/

Building an Organizational Approach to Responsible AI

AI differs from many other tools of digital transformation and raises different concerns because it is the only technology that learns and changes its outcomes as a result. Accordingly, AI can make graver mistakes more quickly than a human could. Despite the amplified risk of its speed and scale, AI can also be tremendously valuable in business. PwC estimates that AI could contribute up to $15.7 trillion to the global economy in 2030.



Not entirely straight forward.

https://www.newscientist.com/article/mg25133550-800-supersized-ais-are-truly-intelligent-machines-just-a-matter-of-scale/

Supersized AIs: Are truly intelligent machines just a matter of scale?

WHEN the artificial intelligence GPT-3 was released last year, it gave a good impression of having mastered human language, generating fluent streams of text on command. As the world gawped, seasoned observers pointed out its many mistakes and simplistic architecture. It is just a mindless machine, they insisted. Except that there are reasons to believe that AIs like GPT-3 may soon develop human-level language abilities, reasoning, and other hallmarks of what we think of as intelligence.

The success of GPT-3 has been put down to one thing: it was bigger than any AI of its type, meaning, roughly speaking, that it boasted many more artificial neurons. No one had expected that this shift in scale would make such a difference. But as AIs grow ever larger, they are not only proving themselves the match of humans at all manner of tasks, they are also demonstrating the ability to take on challenges they have never seen.

As a result, some in the field are beginning to think the inexorable drive to greater scales will lead to AIs with abilities comparable with those of humans. Samuel Bowman at New York University is among them. “Scaling up current methods significantly, especially after a decade or two of compute improvements, seems likely to make human-level language behaviour easy to attain,” he says.


No comments: