Mediaboss Marketing

There is a fascination in the security industry with the threats and actors that reside at the top of the pyramid, the apex predators who employ the most sophisticated tools and tactics and have the budgets and patience to penetrate the hardest of targets. The fancier the bear, the more attention it attracts. But, for most organizations, the threats they face on a daily basis are far more mundane, if no less difficult to address.

Those threats come in the form of everyday issues such as someone typing a password into the wrong website, clicking on a link in a phishing email, or inadvertently sharing a sensitive document with the wrong person. They may not be as interesting as an APT team spending months to develop and execute a software supply chain attack, but the consequences can be just as dire. And for most security teams, defending against those unsexy threats is the core of their mission and occupies the bulk of their time.

But despite decades of work on defending against everyday threats, many modern networks still are not built to be resilient against them and one mistake or minor intrusion can have devastating, cascading effects. The time to address that issue was 20 years ago, but the next best time is now.

I'm the cybersecurity director at NSA and you could absolutely craft a phishing message that would get me to click a link. Youve got to design your architecture to assume the humans are humans and bad things will happen, Rob Joyce, the director of cybersecurity at the NSA, said during a discussion at the Center for Strategic and International Studies on Tuesday.

Though there is no small amount of cognitive dissonance involved in hearing the director of cybersecurity at the nations premier signals intelligence agency make that kind of statement, its a mantra that many in the security community have adopted and have been repeating in one form or another for many years. Worrying about what Russian or Chinese or North Korean or Iranian APT groups are plotting will mainly serve to prematurely age the security team members and likely do little to actually secure the organization's network. Its the small, boring, practical measures, implemented day by day and practiced year after year that often make the difference in making a network resilient and resistant to attacks.

But another challenge lies in wait there: money.

The infosec team in most organizations is lucky if it gets six percent of the IT budget, and probably 25 percent of that will go to antivirus and firewall licenses. It doesnt leave a lot of money for other things. The money dries up fast. Do they want to do the right thing? Hell yes. But its about meeting what the risks are for the organizations, said Dave Lewis, advisory CISO at Cisco.

The low-hanging fruit is what they should be picking off, but many people tend to focus on the high end threats.

"Youve got to design your architecture to assume the humans are humans and bad things will happen."

The challenge in building networks and security processes that are resilient by design is both a human one and a technological one. Technology often changes and advances more quickly than humans do, and adapting to those changes can be difficult. The shift to the cloud in the last decade has transformed many organizations IT strategies and presented new challenges for security teams who now find much of their datas security in the hands of Amazon or Google or Microsoft.

The current push for secure by design is something weve got to apply to the cloud and it starts with secure by default. Cloud deployments are often optimized for ease of use rather than security. Those companies are getting better about the default being secure, but were not all the way there, Joyce said.

The same obviously applies to the on-premises portions of corporate networks, and finding ways to make life easier and more secure for users starts with figuring out what assets the organization actually owns and where they are. Thats no small task for many organizations, especially those with distributed operations and years or decades of accumulated stuff.

We talk about building resilient networks, but how do you secure anything if you dont know what you have? Lewis said. Many people dont know these basics because we suck at capturing lessons learned and passing them on. A lot of security practices are tactical and not strategic and theres no strategic vision behind them.

In a plot twist few would have seen coming a few years ago, NSA is actively involved in trying to help enterprises make this shift, defend themselves more efficiently, and be more pragmatic about their security practices. The agency is sharing more of its security knowledge publicly than it ever has before and Joyce said there is more to come.

We work hard at getting those secrets sanitized so they can get actioned. We dont just throw it over the fence. Weve learned that lesson. What we know is not nearly as secret as how we know it and we never unbundled that in the past, Joyce said.

The most useful thing is context. If we can point to something and explain in a classified exchange why something is important, then all of us can work in an unclassified environment to stop it. We have to continue getting faster at taking things that are sensitive and getting them into the operational space. Thats really where weve got to be.

Continued here:
'Assume the Humans are Human and Bad Things Will Happen' - Duo Security

Russian hackers are monitoring CCTV cameras in Ukrainian cafes to gather information, a US intelligence official said on Tuesday.

Supported by the state, they are trying to find out information about passing aid convoys, according to National Security Agency (NSA) Cybersecurity Division Director Rob Joyce.

Speaking at the Center for International and Strategic Studies think tank in Washington, he said Russian hackers have attacked Ukrainian information systems since the start of their country's broader offensive.

"Attacks are persistent on Ukrainian interests, whether financial, state, individual [or] business," said Joyce, pointing out they were often "just to disrupt" operations.

The NSA official called some Russian hackers "creative".

"We are watching Russian hackers connect to web cameras to observe convoys and trains delivering aid," he said.

"Instead of using [cameras] from a public place that are available on the internet, theyre looking at the coffee shop security camera and seeing the road they need to see".

Russian hackers are also focusing their operations on US defence industries and logistics companies to learn more about arms shipments to Ukraine, Joyce continued.

"They are under daily pressure from the Russians," he said.

In March, the US news outlet CCN obtained a report that claimedEuropean military, energy, and transportation organisations were targetted by Russian hackers in an apparent spying campaign.

It went undetected for months as the war in Ukraine raged, despite the heightened defensive posture of Western governments.

Read the rest here:
Russian hackers tapping into CCTV in Ukrainian cafes, says US - Euronews

New Delhi: Union Home Minister Amit Shah chaired a high-level review meeting in the Ministry of Home Affairs at the North Block and examined the Jammu and Kashmir security situation on Thursday, reported news agency ANI.

Security representatives from the central government and the union territory administration provided Shah with a comprehensive presentation on the current state of law and order in J-K. The situation along the Line of Control and International Border, as well as attempts to target members of minority communities and infiltration attempts from across the border, were discussed at the meeting in Delhi.

The meeting included attendance by Lieutenant Governor Manoj Sinha, Union Home Secretary Ajay Kumar Bhalla, Jammu and Kashmir Director General of Police Dilbag Singh, and other high-ranking officials.

In the past three years, Jammu and Kashmir have seen a number of targeted killings.

Since the abrogation of Article 370 in 2019 and through July 2022, the government had informed Parliament that as many as 118 civilians, including five Kashmiri Pandits and 16 other Hindus and Sikhs, had been killed in J-K.

In May, four Hindu pilgrims were killed and something like 20 were injured when their bus caught fire close to Katra in Jammu. The fire might have been started by a sticky bomb, according to the police.

On August 5, 2019, Article 370, which granted Jammu and Kashmir special status, was repealed, resulting in the state's division into Jammu and Kashmir and Ladakh, two Union Territories.

Also Read: Covid Variant 'Arcturus', Driving Recent Surges, May Show A New Symptom 'Not Seen In Earlier Waves': Paediatrician

Read this article:
Home Minister Amit Shah Reviews J&K Security Situation, NSA Doval And LG Attend Meet - ABP Live

Over the past three years, we reporters learned there were certain things that we werent allowed to say. Not long ago, in fact, my new video may have been censored.

One dangerous idea, we were told, was that COVID might have been created in a lab at the Wuhan Institute of Virology. That seems very possible, since the institute studied coronaviruses in bats, and Americas National Institutes of Health gave the lab money to perform gain-of-function research, experiments where scientists try to make a virus more virulent or transmissible.

A Washington Post writer worried the lab leak theory could increase racist attacks against Chinese people and further fuel anti-Asian hate.

The establishment media fell in line, insisting that COVID most likely came from a local market that sold animals.

Left-wing TV mocked the lab theory as a fringe idea that came from a certain corner of the right.

This coronavirus was not manmade, said MSNBCs Chris Hayes, confidently, That is not a possibility.

Not even a possibility?

Debate about it, we were told, posed a new threat: misinformation.

Facebook banned the lab leak theory, calling it a false claim.

But now the U.S. Department of Energy says the pandemic most likely came from a lab leak. FBI director Christopher Wray now says the origin of the pandemic is most likely a potential lab incident in Wuhan.

For two years, the most likely explanation was censored.

Do the media gatekeepers apologize for their censorship? No.

The closest to an admission of guilt I found was from Chris Hayes, who eventually said, Theres a kernel of truth to the idea that some folks were too quick to shut down the lab leak theory.

There was more than a kernel of truth. Again and again, politically correct media silenced people who spoke the truth.

Facebook throttled the reach of science journalist John Tierneys articles simply because he reported, accurately, that requiring masks can hurt kids.

YouTube suspended Sen. Rand Paul for saying, Most of the masks you get over the counter dont work.

But what they said is true. The Centers for Disease Control and Prevention updated its guidance to say cloth masks are not very effective. And now a big study failed to find evidence that wearing even good masks stops the spread of viruses.

Probably the most blatant censorship was Twitters shutting down the New York Posts reporting about Hunter Bidens laptop.

Twitter wouldnt let users decide for themselves. The company just called the Posts report potentially harmful and blocked users from sharing it.

Facebook, as usual, was sneakier, suppressing the story instead of banning it outright. Thats what they do to my climate change reporting.

Today, the media admit the Post story is true. But they dont admit they were wrong. Now they just say things like, Nobody cares about Hunter Bidens laptop.

Bad as the media are, whats worse is that government wanted to censor.

Sen. Mark Warner complained, Weve done nothing in terms of content regulation!

Fortunately, his colleagues were not as irresponsible as he; no censorship legislation passed. But government did apply lots of pressure.

The White House asked Facebook to kill what they called disinformation, even urging them to censor private WhatsApp messages.

Now that Elon Musk owns Twitter and opened up the companys internal files, we know that censorhip requests came from every corner of government, as journalist Matt Taibbi put it.

Even individual politicians tried to censor.

Maine Sen. Angus Kings staff complained about Twitter accounts that they considered anti-King. Rep. Adam Schiffs office asked Twitter to suppress search results.

Fortunately, Twitter refused.

But the sad truth is that lots of government agencies and media tyrants want to limit what you read and hear.

Today's breaking news and more in your inbox

Read the original:
Not allowed to say that | News, Sports, Jobs - The Inter-Mountain

April 11, 2023 FEDmanager

Chip Somodevilla | Getty Images

The Senate Homeland Security & Government Affairs has advanced a slew of legislation that could impact the federal workforce.

The Saving Money and Accelerating Repairs Through (SMART) Leasing Act (S.211)

This legislation would create a program that allows federal agencies to lease underutilized and vacant properties to the private sector. The Administrator of the General Services Administration (GSA) must approve the leases. The rent payments would be used to fund capital project and facilities maintenance.

Senate Homeland Security Committee Chairman Gary Peters (D-MI), Senator James Lankford (R-OK), Senator Josh Hawley (R-MO), and Senator Kyrsten Sinema (I-AZ) authored the legislation.

Federal Agency Performance Act of 2023 (S.709)

The legislation aims to improve accountability and transparency among federal agencies by requiring regular reviews of an agencys performance goals and then making more of that data public. It updates the Government Performance and Budget Act.

Senator Gary Peters (D-MI) and Senator Mike Braun (R-IN) authored the bill.

Increased transparency and accountability are key when it comes to improving the performance of federal agencies for taxpayers, said Senator Braun.

Clear and Concise Content Act (S.717)

The bill would ensure that information published by the government, including guidance, instructions, and other key information, is written in plain language. It also updates the Plain Writing Act of 2010 to expand the types of information that agencies must publish in plain writing.

Senator Gary Peters (D-MI) and Senator James Lankford (R-OK) authored the legislation.

Duplication Scoring Act of 2023 (S.780)

This legislation, sponsored by Homeland Security Committee Ranking Member Rand Paul (R-KY), aims to prevent duplicate programs in the federal government. The bill directs the Government Accountability Office (GAO) to analyze legislation reported by any congressional committee, and then report if the legislation would create a duplicate program, office, or initiative, with the goal of cutting down on wasteful spending.

Guidance Clarity Act of 2023 (S.108)

The legislation would require federal agencies to include a guidance clarity statement, which states that the guidance is not issued in accordance with the rulemaking process and therefore is not legally binding.

Senator James Lankford (R-OK) and Senator Kyrsten Sinema (I-AZ) sponsored the bill.

Federal Data Center Enhancement Act (S.933)

The legislation instructs the Office of Management and Budget (OMB) to develop security protection requirements at federal data centers. That includes both cyber and physical threats such as wildfires.

Senator Jacky Rosen (D-NV) sponsored the bill.

GAO Database Modernization Act of 2023 (S.679)

Senator Rick Scott (R-FL) sponsored this legislation that would require federal agencies to report to the Government Accountability Office (GAO) any rules that are revoked, suspended, replaced, amended, or otherwise made ineffective.

IMPACTT Human Trafficking Act (S.670)

This bipartisan legislation enhances the Department of Homeland Securitys (DHS) ability to fight human trafficking by making permanent and expanding the Homeland Security Investigations (HSI) Victim Assistance Program. The bill also improves and makes permanent a program that promotes the wellbeing of HSI employees who deal with the stress and associated trauma of supporting victims of human trafficking.

Senator Gary Peters (D-MI), Senator James Lankford (R-OK), and Senator John Cornyn (R-TX) sponsored the bill.

The federal government must support victims of human trafficking, as well as the professionals who work each and every day to stop these crimes, said Senator Peters.

END FENTANYL Act (S.206) (Eradicating Narcotic Drugs and Formulating Effective New Tools to Address National Yearly Losses of Life Act)

The legislation aims to cut down on illegal drugs, by requiring U.S. Customs and Border Protection (CBP) to review and update policies related to inspections at ports of entry and the border. The updates would be required every three years to ensure the guidance is up to date.

Senator Rick Scott (R-FL) is the chief sponsor.

Read this article:
Key Bills Advance out of Senate Homeland Security Committee - FEDmanager