Mediaboss Marketing

FORT MEADE, Md. - The National Security Agency (NSA) is joining U.S. federal partners to release cybersecurity guidance to promote understanding of open source software (OSS) implementation and provide best practices to secure operational technology (OT) and industrial control systems (ICS) environments.

OSS is software with an open license for anyone to view, use, study, or modify, and is distributed with its source code. The diverse way in which OSS can be integrated into OT products can make it difficult to know whether particular software modules, and their associated vulnerabilities, are present and/or exploitable.

Implementation and patching of OSS in OT environments continues to be a challenge due to safety concerns and the potential disruption of critical systems. As the integration of OT and Information Technology (IT) networks increases, the critical infrastructure supporting these networks faces greater exposure to cyber threat campaigns.

The Cybersecurity Information Sheet (CSI) Improving Security of Open Source Software in Operational Technology and Industrial Control Systems offers best practices and recommendations for improving OSS security in OT/ICS environments, such as supporting OSS development and maintenance, patch management, authorization and authentication policies, and establishing common frameworks.

The joint cybersecurity guidance also encourages the adoption of secure-by-design and secure-by-default principles to decrease cybersecurity risk in OT environments. The Cybersecurity and Infrastructure Security Agency (CISA) authored the CSI with contributions from the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and U.S. Department of the Treasury. Read the full report here. Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations MediaRelations@nsa.gov 443-634-0721

Continued here:
NSA and U.S. Agencies Issue Best Practices for Open Source ... - National Security Agency

Medical societies representing radiology, emergency medicine and anesthesiology on Monday blasted new guidance from the Centers for Medicare & Medicaid Services related to the No Surprises Act.

CMS revealed the new details on Oct. 6 the same day it partially relaunched the independent dispute resolution process for settling disagreements between payers and providers over out-of-network payments. The federal government has indicated that it is not issuing directions on how health plans should calculate the qualifying payment amount, which is the key starting point of such disputes. Instead, insurers will have discretion to determine this figure via their own good-faith interpretation of recent court rulings and remaining regulations.

Our organizations are strongly opposed to this newest guidance, which further broadens the already significant discretion health plans had on how they may calculate qualifying payment amounts under the NSAs original implementation, the Radiology Business Management Association, American College of Radiology, American Society of Anesthesiologists, American College of Emergency Physicians and Emergency Department Practice Management Association said in a joint statement issued Oct. 9.

RBMA et al. also took issue with plans from the federal departments of HHS, Treasury and Labor to provide limited oversight of insurers in calculating the qualifying payment amount until at least May 1, 2024, and potentially Nov. 1 of next year. A Texas judge ruled in August that the methodology insurers use to calculate the QPA is tilted in their own favor, disallowing several provisions that go into this determination. The medical groups want the federal government to incorporate this court ruling into their guidance and prevent payers from slanting the IDR process in one direction.

Our organizations are very concerned about this delay in full enforcement, the medical societies wrote. There is already lax enforcement of insurer compliance with the NSAs requirements, including the fact that many plans are seemingly being allowed to delay payment to physicians (or simply not pay at all) following an independent dispute resolution ruling, without any consequences imposed by the departments. This newest announcement providing insurers with significant enforcement relief on the QPA further erodes the critical foundations Congress built into the NSA when it passed these important consumer protections into law and seems contrary to the federal court order which stated that this could be done expeditiously.

RBMA, ACR and the others are urging the departments to immediately reconsider this decision and promptly issue specific guidance on how health plans should calculate the QPA. Theyre also discouraged that, despite the relaunch of IDR on Oct. 6, the ability to batch together similar payment disputes remains in a holding pattern after recent court rulings.

Without any improved guidance on batching, the administrative efficiencies that come from being able to batch disputes will not be realized, thereby increasing costs for physician practices, while causing the current backlog of unresolved disputes to continue to grow, the statement closed. We urge the departments to quickly reopen the portal to batched determinations, and concurrently provide effective guidance to all affected parties.

You can find the full statement on the American College of Emergency Physicians website here, and read previous coverage about the NSA at the links below.

Link:
Medical societies representing radiology, emergency medicine and ... - Radiology Business

Cybersecurity is a team sport.

National Security Agency cybersecurity expert Tamela Dukes hit home that point during her keynote address at the Universitys Cybersecurity Conference Oct. 5 at the Joe Crowley Student Union.

A cybersecurity threat happens every 39 seconds, Dukes, who works for the NSA Cybersecurity Directorate, told the crowd of about 200 members of industry, academia and government. Everyone, Dukes said, is part of the cybersecurity team, and must know their positions as well as the offensive and defensive plays.

NSA (director) Gen. Paul Nakasone says cybersecurity is national security, Dukes said. NSA Cybersecurity Directorate uses the sports team analogy to emphasize the importance of collaboration to defeat the adversaries.

The event, organized by the Universitys Cybersecurity Center and its director, Computer Science & Engineering Professor Shamik Sengupta, is designed to bring industry, government and academia together to tackle cybersecurity issues. The conference is in its fourth year and included an industry showcase with such Cybersecurity Center partners as the Nevada Air National Guard and inLumon, a Reno-based technology company. Student cybersecurity project posters were displayed and a Capture-the-Flag cybersecurity contest designed by students Ignacio Astaburuaga and Lloyd Gonzales ran throughout the day.

University President Brian Sandoval gave the welcoming address, acknowledging the importance of cybersecurity in modern life and contemplating the conference theme: Edges of Cybersecurity, from Machine Learning to Quantum.

This theme is timely, forward-thinking and relevant to our future, Sandoval said, adding that cybersecurity has implications for economic development in Nevada.

Sandoval was introduced by Engineering Dean Erick Jones, who noted that cyber-protected information and communication technology is one of the College of Engineerings research pillars.

We are very excited to have this conference, to take what we do in the lab and make this country more secure, Jones said.

In her keynote address, Dukes offered best practices for businesses and organizations to protect information. She also shared recent NSA efforts to secure information on a national level.

Annual employee security training, implementing software updates and patches, and utilizing free and open-source security systems are some of the baseline cybersecurity efforts organizations can take, Dukes said. Reporting cybersecurity incidents to such agencies such as the Cybersecurity & Infrastructure Security Agency (CISA), a part of the U.S. Department of Homeland Security, is important. NSA collaborates with CISA and other federal agencies to run offense to continue with the sports analogy by studying those breaches and providing information, tools and infrastructure to meet the latest threats. On Oct. 4, the NSA and CISA released a report onmulti-factor identification and single sign-on challenges. Last week, the NSA announced the creation of anew AI Security Centerto oversee the development and integration of artificial intelligence capabilities within U.S. national security systems.

The cybersecurity game is ongoing and will change as technology advances.

Dukes recalled her childhood watching the 1960s-era cartoon The Jetsons, about a space-age family.

As a kid watching this, I was amazed at their technology, Dukes said, remembering how the cartoon characters could communicate with each other via hand-held devices. Sixty years later, we have a lot of things that were on that show.

Technology has advanced, enhancing and enriching our lives but also leaving us vulnerable to bad actors. And that, Dukes said, is the cybersecurity paradox.

We will always have cyber-challenges, she said. But we can achieve more working together as we take on cybersecurity as a team sport."

Original post:
Cybersecurity is a team sport; know your position and the defensive ... - University of Nevada, Reno

Some 10 years after he flew to Hong Kong to meet Edward Snowden with Glenn Greenwald and Laura Poitras, The Guardians Pulitzer Prize winner, Ewen MacAskill, talks to Computer Weekly about the Snowden files.

MacAskill was speaking after Computer Weekly revealed the first new facts to emerge from the Snowden files since the archive first made headlines in 2013.

The three new revelations have surfaced for the first time only thanks to a highly technical publication: a doctoral thesis authored by US investigative journalist and postdoctoral researcher Jacob Appelbaum, as part of his degree in applied cryptography from the Eindhoven University of Technology in the Netherlands.

Their publication by Computer Weekly has revived the debate as to why the entire Snowden archive has never been published, considering that even after a decade the three revelations remain indisputably in the public interest, and it is reasonable to assume there are many others like them.

MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He told Computer Weekly that:

The Snowden archive allows exposing and documenting the rise of the mass-surveillance state, a serious threat to democracy. Have the journalists and media with access to the full archive done everything they can to expose this threat? That is the crux of the matter, because even in a democracy bad people can be elected who could use such unprecedented Orwellian control to crush any opposition. Legendary Pentagon Papers whistleblower Daniel Ellsberg said: As Snowden has put it, were a turnkey tyranny: in other words, turn a switch, and we could be a total police state.

MacAskill tells Computer Weekly: That is what we did. With hindsight, we could have done some things better. But those stories reverberated around the world and still do today. Snowden wanted to alert the world to the scale of mass surveillance and loss of privacy, and he succeeded in that. He believes that those living in democracies have a right to know.

Although the NSA and GCHQ have since developed better tools and surveillance is more intrusive than ever, Snowden has increased public awareness of the threat posed by loss of privacy, he said. Much of the public may be apathetic, but at least they know.

MacAskill said he only worked on a small selection of documents from the archive, when he met the former CIA whistleblower in Hong Kong. There, Snowden gave him a memory stick with tens of thousands of documents from the National Security Agency (NSA) and its British partner, GCHQ, which formed the basis of the subsequent reporting by The Guardian. The Guardian shared the documents with The New York Times and ProPublica, and were to work alongside journalists from those organisations.

The Guardians journalist did not recall seeing the three revelations published by Computer Weekly, summarised below:

Given the sheer volume of documents, it is possible I and reporters from The Guardian, The New York Times and ProPublica missed them or were more interested in other documents. Or it could be that the documents you refer to are in the main archive, which, as far as I know, only Laura Poitras and Glenn Greenwald had access to.

He said he worked on only a small selection of documents from the archive while in Hong Kong, though these contained the stories that were to have the most impact, such as the mass collection of US phone records and the revelations of the PRISM programme.

Why was only 1% of the documents published, in the end? The documents are not like the WikiLeaks ones from the US state department, which were written by diplomats and, for the most part, easily understandable, said Ewen MacAskill.

The Snowden files are largely technical, with lots of codewords and jargon that is hard to decipher. There are pages and pages of that which the public would not be interested in. There are also documents that relate to operational matters. Snowden said from the start he wanted us to report on issues related to mass surveillance, not operational matters. So we stuck to that.

The Guardians Pulitzer Prize winner said the main reason why only a small percentage was published was due to diminishing interest. The Guardian published lots of stories from the Snowden files for months and months after Hong Kong, he said. But it reached a point where each story attracted smaller and smaller readerships, as interest dwindled.

The feeling at The Guardian and, I assume, at The New York Times and ProPublica was they had reported on the biggest stories in the documents and there was diminishing interest in publishing more.

The feeling, too, at The Guardian was that by continuing to report on stories that attracted less interest, we were in danger of undermining the impact of the initial ones. The Intercept, which had access to more documents than us, continued publishing for a while after us.

The three unpublished revelations revealed by Computer Weekly, thanks to Jacob Appelbaums doctoral thesis, confirm it is reasonable to assume the archive still contains important information in the public interest. According to Appelbaum: Even if the privacy-violating intercepts are excluded from publication, there is an entire parallel history in that archive.

We asked McAskill why The New York Times hasnt published them in a decade. This is a complicated issue, he said. Although the files are in the New York Times office, The Guardian retains responsibility for them. Should more journalists be given access to the Snowden documents? In that case, who should decide which journalists get to see them? Should the whole lot just be published for everyone to see? Snowden did not want the documents to be published en masse.

The bottom line is that Snowden is facing charges under the Espionage Act. If he was ever to return to the US and face trial, the documents could be used against him. All journalists have a duty to protect source material. How best to do that? How long would The New York Times be willing to store them? Where else could they be stored? Should the documents be destroyed?

MacAskill acknowledges that there is, at the very least, a case to be made for keeping them for future generations of historians.

Is there a university that would be prepared to take them? he suggested. But that would be expensive, and could they ensure they would be secure?

MacAskill left the staff of The Guardian in 2018. I dont know what discussions, if any, have taken place between The Guardian and The New York Times since then, he said.

See the original post here:
Why only 1% of the Snowden Archive will ever be published - ComputerWeekly.com

Last month, British Prime Minister Rishi Sunak released his Plan for Motorists, which reads like it was written by a car. In it, Sunak proposes to rid his polluted, congested nation of so-called anti-motorist measures such as 20 mph speed limits, dedicated bus lanes, and automated camera enforcement. Sunaks party has also bought into conspiracy theories that 15-minute cities, built so everything you need is within a 15-minute walk or bike ride away, are prisons for car owners.

In New York, politicians of all stripes are ratcheting up anger over the so-called (and eponymous podcast title) war on cars. Council Member Bob Holden (D-Queens) decried the arrival of Citi Bike in central Queens as a salvo from the fanatical anti-car movement, and Council Member Vickie Paladino (R-Queens) uses her office Twitter account to blast congestion pricing and even the transition to electric vehicles amount as Democrat-led cash grabs. Meanwhile, companies like Broadway Stages are flexing their muscle to get the mayors chief adviser who boasts that she hasnt ridden the subway in decades to reverse long-established safe street redesign protocols.

Its worth reminding oneself that this is the response to measures that aim to: a) make roadways safer; b) delay the worst effects of climate change; and c) make it easier to simply breathe outside. Such proposals barely ask Americans to make even a small sacrifice in the grand scheme of things, but they do seek to encourage people to drive a little bit less, to drive a less-polluting vehicle, or to try (keyword: try) to give people the option of not driving at all.

In return, people who even mildly question the primacy of the automobile are met with a vitriolic backlash, one whose vehemence shows how deeply people associate themselves with the car. Initiatives that use less than 1 percent of a citys (mostly free) parking spots for something that isnt the private storage of vehicles on public space like bikeshare, outdoor dining or even getting disgusting trash out of the way of pedestrians are labeled a war on our way of life. (Or as conservative commentator Ann Coulter put it: $0 for the Wall. $5 Billion for bike paths.)

This car culture war will likely get worse, as Sunak, Holden, Paladino and their ilk show. Cities cant deliver on their climate goals without getting cars off the road. Cities cannot succeed in solving Americas road-death crisis without calming streets, reducing car speeds and creating more space for cyclists and pedestrians.

Meanwhile, Millennials and Gen Zers, who will soon dominate policy-making circles, want walkable communities and lives without cars. Thats good news for the future, but sets up a clash with the naysayers who still have a grip on power (and community boards).

But the revanchists should be aware: their culture war risks backfiring. The abortion fight is a telling example. Conservatives who pushed to repeal Roe v. Wade didnt expect people to respond by voting to preserve abortion rights, even in deep-red states. This was always one of Donald Trumps great flaws: by making everything political, you end up energizing a lot more people (who are usually apolitical) against you.

The same can be said about cars. Theres a clear demand for safer streets and better mobility options: bike lanes lead to more cycling, while pedestrianization leads to more walking (and spending). Polls often capture a wide swath of the population that would bike or walk more if conditions were safer or more pleasant. If opponents seek battles to prevent the changes we need, they shouldnt be surprised when people of all backgrounds show up in support.

Change, of course, is difficult and cars are potentially poised for the loudest outcry. You might not know someone who had to get an abortion, whose sexual identity or orientation are under attack, or whose school district banned fact-based history instruction, but its almost an absolute certainty that youve been in a car. In a recent interview, Sunak said exactly that when dodging questions about a major high-speed rail project that he cancelled: The vast majority of the journeys that people make are in their cars, he said, suggesting that trying to change that is futile and politically suicidal.

Weve been here before. (Time and time again.) In 1972, an angry taxi driver in Amsterdam was captured on video ripping down barricades for a kids-only street and exerting his right to drive anywhere at any time. Residents persevered, pushing the Dutch capital to become a hallmark of people-friendly streets (with still plenty of cars to go around) as the rest of the world gobbled up more space for the internal combustion engine.

In many ways, countless cities today are finally arriving at their 1972 Amsterdam moment, stuck between a gurgling culture war that threatens to enrage and enlist countless drivers by convincing them that their parking is more important than the Earth or a childs survival and a movement to reclaim space for everyone else.

Local leaders will just have to decide whether thats actually an equal fight.

Read more from the original source:
Hey, Bike Haters, You Will Lose the Culture War You're Starting ... - Streetsblog USA