Mediaboss Marketing

We dont know much about her.

We know she was pregnant and close to giving birth.

We know she was severely injured a week ago, after Vladimir Putins tanks shelled a maternity hospital in the Ukrainian port city of Mariupol.

We know that her left hand cradled her belly as brave rescuers carried her to safety, that she was loaded into an ambulance and taken to another hospital. We know that her pelvis was crushed, and her left hip, bloody in the photo, was dislocated.

Opinion Columnist

Robin Abcarian

We know that doctors there delivered her baby by caesarean section, that the baby showed no sign of life.

And we know that she died too.

Every so often, a single photograph so perfectly encapsulates the terror, the tragedy, the despair of a particular moment that it jolts the world. The pregnant woman on the stretcher has become one of the most memorable images from the misbegotten Ukraine war. Her situation is as unthinkable, and gut-wrenching, as war itself.

If Putin is willing to kill pregnant women, we cannot help but think, what will the Russian dictator do next? And how should we answer him?

Every conflict produces indelible images of human suffering. We used to have to wait for the nightly news, or the newspaper to hit the porch. But now, with the flick of a send button, powerful photos go viral in an instant. Suffering that may have once seemed far away is right in our face.

In 2015, the image of a lifeless toddler face down on a beach in Turkey galvanized an international response to the Syrian refugee crisis.

We would learn that the boy was 3-year-old Aylan Kurdi, that he and his family were in the first stages of what they hoped would be a journey to Canada, when the inflatable boat they were in capsized. Within hours of the photos dissemination, migrant organizations and charities reported huge spikes in donations and offers from ordinary citizens willing to take in refugees from the Syrian civil war.

People are saying they dont want to be bystanders anymore, the director of a group that operates a fleet of rescue boats in the Mediterranean told Britains Guardian newspaper. We are increasingly understanding that behind every statistic, every number, there is a life a life who has a mother, a father or a sibling, a grandparent.

The public outcry forced the British government to change its policies on refugees.

Another image from the war in Syria produced similar shock and heartache. Omran Daqneesh, a boy about 5, sat dazed and bloody in an ambulance after a Russian air strike destroyed his home in Aleppo on behalf of the Syrian government.

Closer to home, as debate over migrants at our southern border raged, and then-President Trump bloviated about building a wall and making Mexico pay for it, one 2019 photograph said everything there was to say about what desperate people are willing to risk to make it to this country. It showed a father facedown in the mud and reeds of the Rio Grande, his toddler daughter tucked into his T-shirt with her arm draped over his neck.

Their bodies lay near the Mexican border town of Matamoros, across the river from Brownsville, Texas, a mile or so from an international bridge.

scar Alberto Martnez Ramrez, 25, his 21-year-old wife, Tania Vanessa Avalos, and 23-month-old Valeria had fled the turmoil and violence of El Salvador and were hoping to apply for asylum in the United States. Relatives told reporters that the family tried to wade across the river after being told the bridge was closed. As it turned out, the bridge was closed because of the Trump administrations policy of limiting the number of migrants allowed to seek asylum at border crossings.

Trump is responsible for these deaths, tweeted former U.S. Rep. Beto ORourke (D-Texas).

These terrible images serve to focus the worlds attention, but they also raise ethical questions about whether graphic images of the dead amount to exploitation. Perhaps the most famous example of this quandary, and the toll it can take on those who bear witness, is a photograph taken by South African photojournalist Kevin Carter during a famine in Sudan in 1993.

The photograph shows an emaciated child, sitting on the ground, head bent, with a vulture watching in the background. It was one of the most shocking photographs published, to be sure, and brought home the unspeakable suffering and the worlds insufficient response.

The child survived. Carter, however, was widely criticized for not doing enough to intervene, though he said he chased the vulture away before leaving the scene. Three months after winning a Pulitzer Prize for the image in 1994, Carter died by suicide. I am really, really sorry, he wrote. I am haunted by the vivid memories of killings & corpses & anger & pain.

Ive scoured the internet and have yet to find any detailed information in English about the woman on the stretcher in Mariupol. I hope, one day, to learn her name and hear her story.

She may be anonymous at the moment, but she has become a powerful symbol of the cruelty and pointlessness of this unforgivable war.

@AbcarianLAT

Here is the original post:
Abcarian: The image of a bloody mother and her unborn child symbolize Russia's brutality in Ukraine - Los Angeles Times

SAVE THE DATE

March 21st - 25th 2023

Announcements & Meetings

RENEW YOUR MEMBERSHIP DUES

NOT A MEMBER - JOIN NSA NOW!

Institutional Subscriptions to the Journal of Shellfish Research

Statement on Racism and Discrimination

Congratulations to the 2021 student awardees!

The Journal of Shellfish Research received a 2020 APEX Awards for Publication Excellence!

NSA Cookbook: SIMPLY SHELLFISH

Order your copy from Sandy Shumway!

The 2021(4) NSA Quarterly Newsletter is now available!

Upcoming Meetings/Workshops:

23rd International Pectinid Workshop: Apr. 20-26, 2022. Douglas, Isle of Man.

World Congress on Genetics Applied to Livestock Production - "Challenges and Solutions in Shellfish Aquaculture" session: July 3-8, 2022. Rotterdam, the Netherlands

Aquaculture Canada/WAS North America 2022: Aug. 15-18, 2022. Newfoundland, Canada

Aquaculture America 2023: Feb 19-22, 2023. NewOrleans, Louisiana.

116th NSA Annual Meeting 2024, March 22-26, Charlotte, North Carolina

See the article here:
NSA home - Shellfish

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published updated guidance about how to harden Kubernetes for managing container applications.

Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers.

The updated guidance refreshes the two agencies' first Cybersecurity Technical Report regarding Kubernetes hardening guidance from August 2021. CISA says the update contains additional details and explanations based on feedback from industry, including more detailed info on logging and threat detection in addition to other clarifications.

SEE: What is cloud computing? Everything you need to know about the cloud explained

Some of the updates are subtle but important for those who protect Kubernetes clusters. NSA and CISA do not list what the changes are in the updated guidance, but the initial recommendations weren't met with universal approval.

For example,NCC Group noted that advice about Kubernetes authentication was "largely incorrect when it states that Kubernetes does not provide an authentication method by default", whereas most customer implementations NCC Group had reviewed "support both token and certification authentication, both of which are supported natively." NCC Group advised against both for production loads because Kubernetes does not support certificate revocation, which can be a problem if an attacker has gained access to a certificate issued to privileged accounts. The updated guidance now says that "several user authentication mechanisms are supported but not enabled by default."

Otherwise, key points of the original document appear to be unchanged. It looks at hardening within the context of typical Kubernetes cluster designs that include the control plane, worker nodes (for running containerized apps for the cluster), and pods for containers that are hosted upon these nodes. These clusters are often hosted in the cloud and across multiple clouds in AWS, Azure, Google and elsewhere.

The agencies maintain that Kubernetes is commonly targeted for data theft, computational power theft, or denial of service. Historically, flaws in Kubernetes and various dependencies as well as misconfigurations have been used to deploy crypto miners on victim's infrastructure.

It also maintains that Kubernetes is exposed to significant supply chain risks because clusters often have software and hardware dependences built by third-party developers.

For example, security analysts last year warned of attacks against Kubernetes clusters via misconfigured Argo Workflows container workflow engines for K8s clusters.

Besides supply chain risks, other key actors in the agencies' threat model include malicious outsiders and insider threats. These help define its hardening recommendations.

For example, there is a common cloud case where workloads that aren't managed by a given Kubernetes cluster share the same physical network. In that instance, a workload may have access to the kubelet and to control-plane components, such as the API server. So, the agencies recommend network-level isolation.

The agencies provide advice on how to ensure strict workload isolation between pods running on the same node in a cluster, given that Kubernetes doesn't by default guarantee this separation.

Announcing the updated guidance, the NSA says: "Primary actions include the scanning of containers and pods for vulnerabilities or misconfigurations, running containers and pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing."

The agencies also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.

SEE: There's a critical shortage of women in cybersecurity, and we need to do something about it

But patching is not easy in the context of Kubernetes. CISA regularly publishes alerts about new Kubernetes-related vulnerabilities. In February, for example, it warned of a critical (severity score 8.8 out of 10) privilege escalation flaw,CVE-2022-23652, which affected the capsule-proxy reverse proxy for Capsule Operator.

But as NCC Group points out: "patching everything is hard", partly because of the pressure to avoid downtime, but also because vulnerabilities span Kubernetes,Containerd, runc, the Linux kernel, and more.

"This is something that Kubernetes can help with, as the whole concept of orchestration is intended to keep services running even as nodes go on and offline. Despite this, we still regularly see customers running nodes that haven't had patches applied in several months, or even years. (As a tip, server uptime isn't a badge of honour as much as it used to be; it's more likely indicative that you're running an outdated kernel)," NCC Group noted.

Read the original here:
NSA and CISA: Here's how to improve your Kubernetes cluster security - ZDNet

Lucknow: The Uttar Pradesh government on Tuesday said action under the National Security Act (NSA) will be taken against those involved in organised copying racket in high school and intermediate exams conducted by the UP Board of Secondary Education.

The directives were given at a meeting held by chief secretary Durga Shankar Mishra with all divisional commissioners, police commissioners, district magistrates and SSPs through video conferencing, an official statement said.

He directed that zonal and sector magistrates should be deputed in districts to conduct copying-free examinations and they should regularly inspect and supervise the examination centres.

Action under the NSA should be taken against those involved in organised copying racket, the officer said, adding that special attention should be paid to those spreading rumours.

In the meeting, additional chief secretary (ACS), secondary education, Aradhana Shukla, said 51,92,689 candidates will appear for the UP board examination at 8,373 examinations centres in the state.

CCTVs have been installed in each examination hall.

The examinations will start from March 24.

(PTI)

Read more from the original source:
UP Govt to Slap NSA Against Those Involved in Copying Rackets in School Exams - The Wire

The increasing incidence of aggressive cyber activity from Russia, China, Iran and North Korea, together with heightened concerns over the war in Ukraine, raises an important question: should the free world unite with a global cyber alliance in response?

At Cybertech Tel Aviv 2022 (March 1-3, 2022), founder of VC firm JVP, Erel Margalit, called for a global cyber alliance in response to the Russian invasion of Ukraine. Leadership is required to establish a democratic cyber alliance, including NATO and other free countries, in order to lead values-based cyber that will support democracies and people, and will say enough! to dictators and to those who support them, he said.

At the same time, on March 2, 2022, Robert Silvers of the U.S. DHS and Israels National Cyber Directorate director-general Gaby Portnoy signed a cyber collaboration deal between the two countries. This followed a new agreement between the UK and Israel announced in November 2021 which was described by the UK government as something that will enable closer working in diplomacy, defense and security, cyber, science, technology, and many other areas.

Such agreements never publicly disclose the extent to which the intelligence agencies of the different countries will work together, but we can assume that it is part of the arrangement. A third new alliance, known as AUKUS, was more upfront about its design and ability to deliver offensive cyber operations, clearly focused on the Indo-Pacific region and Chinas activities.

It is important to understand what we have before asking what we need.

Israels emergence as a cyber ally

Israel is not known for its cyber relationships, but is well known for its cyber capabilities. It is generally thought that Israel worked with the NSA on the delivery of Stuxnet against the Iranian nuclear facility at Natanz in the early 2010s but it must be noted that the U.S. has never declared or admitted any involvement.

The continuous conveyor belt of new and innovative cybersecurity companies being formed by Israeli Defense Force (IDF) alumni also attests to the depth of cyber knowledge and training within the country.

The Belfer Center at the Harvard Kennedy School published a ranking of national cyber power in September 2020. It produced a list of the most comprehensive countries with the highest level of intent and capabilities comprising, in this order, the U.S., China, the UK, and Russia as the top four.

Belfer placed Israel at number 11 in the world. Its methodology was to add data to a mathematical model. The International Institute for Strategic Studies (IISS) takes a different approach, and adds qualitative assessments to Belfers quantitative approach. IISS separates cyber power into three tiers. Tier #1 has the U.S. on its own as the sole world cyber superpower. Tier #2 includes China, the UK, Russia, Canada, Australia, France and Israel.

Clearly, the addition of Israel to the free worlds cyber alliances is a good thing.

AUKUS and theFive Eyes

AUKUS was announced on September 15, 2021. There are two parts to AUKUS a vehicle to provide nuclear submarines to Australia, and the formation of defensive and offensive cyber capabilities to counter Chinese activities in the Indo-Pacific region. There was some surprise at this new alliance since the three countries are three of the five countries comprising the existingFive Eyesalliance. However, theFive Eyesis primarily signals intelligence while AUKUS is likely to deliver offensive cyber operations where necessary. It was the U.S., UK and Australia that together performed cyber operations against the Islamic State.

The Five Eyes (U.S., UK, Canada, Australia and New Zealand) evolved as an extension of the UKUSA treaty that itself grew out of the informal agreement between the U.S. and UK during World War II. The agreement was formalized in March 1946, and expanded in subsequent years to include Canada, Australia and New Zealand. Other countries, such as Germany, the Philippines and some Nordic countries, have joined as third parties but the core remains the originalFive Eyes.

The Five Eyes intelligence relationship is probably the closest and most powerful intelligence relationship in history.

At first, the existence of theFive Eyesremained secret (just, in fact, as the very existence of the NSA and GCHQ remained secret for many years). The Prime Minister of Australia didnt learn aboutFive Eyesuntil 1973; it was not disclosed to the public until 2005; and it was only in June 2010 that the full text of the UKUSA agreement was made public.

This treaty is often considered to be the basis of the so-called special relationship between the U.S. and the UK.

NSA and GCHQ

The core of theFive Eyes remains the NSA and GCHQ. This is a complex relationship that is so close that the two organizations are sometimes described as twins. This is wrong. The two organizations have very different structures and primary purposes.

The NSA is run by a military officer currently General Paul Nakasone. Nakasone is a four-star general who also heads U.S. Cyber Command. For the first he reports to the undersecretary of defense for intelligence, and for the latter he reports directly to the secretary of defense. There is a strong military theme that runs through the NSA. Officially, its purpose is to secure DOD and U.S. military networks. More directly offensive operations are conducted by U.S. Cyber Command and the CIA.

GCHQ, on the other hand, is run by a civilian reporting to the Foreign Secretary. Its responsibilities support the military but go beyond this, working closely with law enforcement to go after serious organized crime within the UK such as pedophile networks.

The two agencies are different. The relationship is complex and close, and it is difficult to think of any closer intelligence alliance. But they do not automatically share all information between themselves nor the otherFive Eyespartners. There are things the NSA will want to do without sharing it with other agencies, and GCHQ is the same.

Neither the NSA nor GCHQ are officially charged with offensive cyber operations but both have done so in the past. A more recent development in the UK has been the formation of a National Cyber Force (NCF), which brings UK cyber operations more in line with the U.S. model and for the first time acknowledges that GCHQ may have some offensive responsibilities. Plans were announced in 2018, but it wasnt effectively established until 2020.

NCF is part of the MoD, the Defense Science and Technology Laboratory, the Secret Intelligence Service, and GCHQ. The government describes it as a partnership between defense and intelligence, it is responsible for operating in and through cyberspace to disrupt, deny, degrade and contest those who would do harm to the UK and its allies, to keep the country safe and to protect and promote the UKs interests at home and abroad. It clearly has the remit to direct offensive cyber operations against the enemy in justified cases.

NCF is the equivalent of the U.S. combining the cyber operations of Cyber Command, CIA, FBI, and the cyber operations of the military forces into a single organization. But there is also an element of necessity the UK simply doesnt have the budget to maintain the separate number of 3-letter agencies that exist in the U.S.

Long-term relationships and short-term politics

There is one surprising element of the major international intelligence treaties their longevity and persistence. They survive political change with a broader collective interest that transcends the coming and going of individual politicians.

In recent years there was concern that the U.S./UK special relationship (the one based on the NSA and GCHQ relationship) might fail with the U.S. change from Trump to Biden. It was generally acknowledged that President Biden had scant regard for Prime Minister Johnson because of the mutual admiration between Trump and Johnson. And Biden even issued warnings to Johnson over the sanctity of the Good Friday Agreement in Ireland following Brexit.

The Good Friday political agreement was signed in April 1998. It brought an end to the so-called Troubles in Northern Ireland between loyalists wanting to stay within the UK, and the Irish Republic-favoring republicans. Now Northern Ireland is part of the UK while Southern Ireland is part of the EU and the potential for new tensions has returned. But despite Bidens less-favorable view of the UK, UKUSA just continues.

A similar concern now occurs for GCHQ the fear that Brexit would break the ties with EU national intelligence agencies. The European Commission has had concerns over GCHQ and personal privacy ever since Snowdens leaks about GCHQ and the NSA; and has even threatened legal action. But the individual relations between GCHQ and the individual EU member state intelligence agencies seems to be persisting aided, perhaps, by the absence of national security from the EUs political remit.

Where are we now?

Out of necessity, we have concentrated on the major international free world cyber and intelligence relationships. In reality, there is a global patchwork of individual agreements between different nations throughout the free world; many of them ultimately coalescing around theFive Eyeshub. For the most part, these are security information sharing arrangements relatively few nations have the ability or confidence or political will to engage in offensive cyber operations. In this sense, there are two separate networks: gathering intelligence (for example,Five Eyes), and responding offensively to that intelligence (for example, AUKUS).

Does the free world need a single global cyber intelligence organization? The answer is almost certainly No. Firstly, such a move would likely drive Russia and China closer together perhaps including Iran and North Korea and Russian and Chinese satellite nations into their own special relationship.

Secondly, it would be unworkable. Friends keep secrets from friends when the economic or political necessity demands. Just consider the French reaction to the AUKUS announcement. France described it as a stab in the back, and within a couple of days recalled its ambassadors to both the U.S. and Australia. France lost a multi-billion euros submarine deal over AUKUS.

Related: Russia, Ukraine and the Danger of a Global Cyberwar

Related: Russia-Ukraine: Threat of Local Cyber Ops Escalating Into Global Cyberwar

Related: Talking Global Cyberwar With Kaspersky Lab's Anton Shingarev

Related: The United States and China - A Different Kind of Cyberwar

Here is the original post:
Does the Free World Need a Global Cyber Alliance? - SecurityWeek