Mediaboss Marketing

Thomas Warrick was DHS Deputy Assistant for Counterterrorism Policy from August 2008 to June 2019 and is now Director of the Future of DHS Project at the Atlantic Council.

Javed Ali held senior counterterrorism positions at DHS, the FBI, the Office of the Director of National Intelligence, and the National Security Council. He is a Towsley Policymaker in Residence at the University of Michigan.

OPINION Eyebrows were raised when the Biden administration initially chose veterans of the usually secretive National Security Agency (NSA) for all four top cybersecurity positions in the most diverse administration in U.S. history.

The two leaders who face confirmation hearings on ThursdayChris Inglis as National Cyber Director and Jen Easterly as director of the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA)deserve confirmation by the Senate. They, along with NSA senior executive Anne Neuberger, the Deputy National Security Adviser for cybersecurity, and Amit Mital, who in April replaced NSAs Michael Sulmeyer as senior director for cybersecurity, could be the right people to help lead what needs to be a transparent revolution in cybersecurity.

Given NSAs reputation for secrecy, this might seem odd. In fact, what these NSA veterans share, apart from strong individual qualities, is their knowledge that what is needed now in civilian cybersecurity is significantly increased transparency and an emphasis on enhanced information-sharing. As national security practitioners, they knowas do we (between the two of us we have more than fifty years experience) that while secrecy has its place, especially in protecting sources and methods, it also has its limits. And given the need in cybersecurity for information-sharing, speed, and strong collaboration between the public and private sectorsa critical feature that sets cybersecurity apart from other aspects of national securitydefaulting to a secretive and insular approach would be a mistake.

The first reason to expect a revolution in transparency is that strong cybersecurity requires a robust partnership between the government and the many technology stakeholders who own information technology infrastructure, platforms, and services that adversaries target.

Almost all the cyber infrastructure in the United States is outside the hands of the federal government, in the hands of private industry, state and local governments, academia, and other non-federal sectors. Conversely, much of the information about cyber threats or adversaries intentions and capabilities is in the hands of the federal intelligence and law enforcement communities. As both the Cyberspace Solarium Commission and the Future of DHS Project concluded, cyber operators in this non-federal space need high-fidelity, often classified intelligence to first identify threats to their networks and then to justify actions to their C-Suite executives to defend them. Increasing the speed of sharing is now vital. Recent attackslike those against Colonial Pipeline and JBS Foodsshow that government and private operators need to exchange information, including attribution, in real-time and at network speeds. Hostile nation-states and criminals will hold U.S. national security and prosperity at risk unless the federal government and private sector open up to each other.

Second, the federal cybersecurity enterprise needs the trust of the American people.

For the private sector and government to work together at network speeds, it is essential there be trust, communication, and a shared understanding of desired outcomes. This is one reason security veterans know that NSA is not the right agency to lead civilian cybersecurity. NSA is trusted within the government, but for historical reasons, not so much outside it. This is why the role of DHSs CISA is so important, and why confirming Jen Easterlywhose career spans both cyber and non-cyber threats, and both the government and private sectorsis critical.

Third, to keep the peoples trust, civilian cybersecurity effortsand the information that private citizens provide the government to help secure our networksmust never be used for partisan political purposes.

Like the military and the intelligence communitiesfrom which NSA comesthe federal cybersecurity enterprise needs to be, to the greatest extent possible, nonpartisan and above politics. The same needs to be said about election security, another CISA responsibility.

The fourth aspect of the coming transparency revolution is that the federal cybersecurity enterprise needs to adopturgentlya consumer-focused side that the American people can trust and rely on for impartial advice on personal cybersecurity.

Its good the federal cybersecurity enterprise works with corporations that provide our networks, social media platforms, and major software products. Increasingly, though, the American people need authoritative, understandable cybersecurity information.

In cybersecurity, every American is now on the front linestargetable by hostile nation-states, confidence tricksters, criminals intent on stealing money, and those wanting to sow hatred and division. This reality totally upends previous concepts of national security and political economy. In a bring your own device world, your iPhone or Android phone can be exploited to target you and your workplace, school, or neighbors. You need to know which apps transmit personal data overseas to servers under the effective control of the Chinese Communist Party, or how to instantly recognize the telltale signs of Russian or Iranian disinformation. Your social media feed can be manipulated in non-transparent ways to change how you vote, shop, or even think. Government cybersecurity needs to communicate effectively with individual Americans protect themselves from cyber threats without turning us into a nanny state.

Fifth, and most importantly, cybersecurity needs to be re-scaled by government, by non-federal stakeholders, and by everyday Americans.

The finest cybersecurity policies in the world are useless if theyre not adequately resourced. No matter what you may think of NSA, it is one of governments most successful examples of having learned the importance of scale.

The Cyberspace Solarium Commission said Congress must invest significant resources in CISA and the private sector needs to increase cybersecurity spending. Top cybersecurity experts Richard Clarke and Rob Knake found that successful companies spent 8% of their IT budgets on cyber defense. Today, most dont. CISAs current budget, enacted during the Trump administration, is $2billion, plus $650million added in President Bidens Covid-19 relief bill. In March, House Homeland Security ranking Republican John Katko called for CISA to become a $5billion agency. He is in the right ballpark.

The Russian Sunburst hack into SolarWinds in 2020 and recent ransomware attacks from Russian-based criminal groups show what capable, well-resourced adversaries can do against systems that are vulnerable to cyber exploitation. We should be deeply concerned about adversaries exploiting gaps and seams in the ability of overseas-focused agencies like NSA to collect cyber intelligence inside the United States. Just because there hasnt been a cyber Pearl Harbor or a cyber 9/11 doesnt mean that one is impossible. It means only that weve been luckyso far. Cybersecurity today takes serious resources, trust, and transparency. Swift Senate confirmation of Inglis and Easterly is essential to help bring this revolution about.

Read more expert-driven national security perspectives, insight and analysis in The Cipher Brief

Visit link:
Ushering in a Transparent Revolution in Cybersecurity - The Cipher Brief

Cumbrian father and son farming team, Andrew and Matthew Tomkins, are the recipients of the first of this year's National Sheep Association membership prizes.

Having recently joined the association as joint members, Andrew and Matthew have won a new Solway lamb adopter, donated by recycled product manufacturer Solway Recycling, as part of the 2021/22 membership prize giveaway.

Alongside the rest of the Tomkins family, they farm 300 acres of upland just outside of Longtown, Cumbria, running a flock of 300 Llanwenog and Llanwenog cross Berrichon ewes, plus a small pedigree flock of Oxford Down sheep and a herd of pedigree Beef Shorthorn cattle. The farm supplies their onsite butchery, online sales and catering business Hallsford farm produce with native breed beef and lamb.

Matthew said: We were surprised to hear we had been selected as winners as we had only recently joined NSA but of course we are very pleased with the news. We joined NSA as we believe it is one of the farming organisations that is having a real positive impact on farming. We have been impressed by how forward-thinking and progressive it is.

NSAs current work on heritage breeds and marketing of UK lamb, mutton and hogget really caught our attention. We believe this differentiation is key to helping to bring market control back to the farmer.

The useful piece of sheep farming equipment was very welcome, he added: We are currently increasing our sheep flock so the chance to win this equipment was fantastic it will be a godsend come lambing time next year and we are sure it will come in useful for many years to come.

All new members signing up to join NSA between February 2021 and the middle of February 2022 will be entered into the future prize draws. There are now three further chances for new members of NSA to win a lamb adopter or lamb warming box and sheep pens donated by Solway Recycling.

Existing NSA members also have the chance to win by recommending a friend, family member or neighbour sign up too. There is no limit to the number of entries for existing members, the more recommendations made, the more entries earnt. Find out more at http://www.nationalsheep.org.uk/draw.

Follow this link:
Native breed enthusiasts win first NSA giveaway - The Scottish Farmer

If the IRS had wanted to prevent the leak of tax returns recently reported by Propublica, they could have done it. The methods are simple, effective and in use. They just didnt implement leak prevention methods. Why? The problem isnt money; the IRS spends billions of dollars a year on computer systems. Will this embarrassment get them to fix things? Ive read through the IRS Integrated Modernization Business Plan, the April 2019 document that describes how the IRS will spend many billions over the next 5 years to modernize their computer systems, and nowhere in the document is there a hint that theyll do anything but spend more money to implement more of the ineffective security systems they already have.

The IRS doesnt create or invent cybersecurity methods; they try to adhere to all the security regulations, follow the standards and take the advice of agencies that specialize in cybersecurity. These other agencies employ top experts who set the standards that institutions follow to protect their computer systems and confidential data. So whats going on here? Did the IRS suffer the tax data leak because they failed to implement one of these clear standards? Or is there something missing or wrong with the standards that affects the IRS and all the other organizations that are guided by them? Lets see.

Cybersecurity is a complex issue. Ive used the metaphor of a gated community to explain general computer security; while the walls and gates of a gated community tend to be secure and well-maintained, the equivalent in the computer world is a patch-work of incompatible wall sections from different manufacturers which are never built properly and often need fixes to be applied, which the computer managers too often take months to apply if they do the work at all.

Its possible that a hacker broke into the IRS. But what probably happened is that an IRS employee or contractor with legitimate access to IRS data decided to make a political statement by grabbing the files of ultra-wealthy Americans, smuggling them out of the agency and giving them to Propublica. This is known as an insider threat. Heres the shocker: modern corporate and government cybersecurity standards and regulations fail to prevent or even detect insider threats!

Insiders stealing the data of the company or agency they work for has happened many times. The famous Edward Snowden case is a classic example of an insider stealing secret information and leaking it for publication. Snowden was a contractor who worked at the super-secret NSA (National Security Agency). He saw the surveillance of citizens that was being performed by the agency and didnt think it was right, so he gathered lots computer files documenting the behavior and sent the files outside the agency for publication.

Snowden did electronically what Daniel Ellsberg did decades ago physically. Ellsberg was a military officer who had helped create reports describing in detail secret operations the US conducted during the Vietnam war. While working at the Top Secret RAND Corporation he gained access to a copy of the reports and walked out the door with them in his briefcase. He gave them to the press, where they were headlined as the Pentagon Papers.

The NSA has a positive reputation for cybersecurity. The cover story in Wired Magazine in June 2013 featured a description of a visit to NSA HQ in Fort Meade with its elaborate security measures. The strong impression given is that an organization that has so many strong walls, locks and cameras must be able to do the equivalent in the invisible world of computers. The timing of the cover story was perfect. Edward Snowden started leaking secret NSA documents in December 2012; the leaked documents were published shortly after the publication of the Wired Magazine issue praising the ultra-security of the NSA.

There are systemic issues that result in most of the successful hacks of governments and large companies which I describe here. What it comes down to is two main factors: the people in charge dont understand the world of computers; the people in charge take a slow, regulatory approach to security, while the opposition is fast and creative.

For the IRS, the data loss is similar to books being taken from a library without being checked out, and can be fixed using electronic versions of methods that librarians use: check the books anyone walks out with!

Personal tax information is valuable, like the goods sold by high-end retailers. Think about jewelry stores; nearly anyone can go in the store, but all the valuable jewels are closely watched as they are taken out of display cases, tried on and put down. You dont get away with slipping a diamond into your pocket and walking out of the store. Systems like this can be and have been implemented in the world of computers. I go into more detail here.

Going beyond basic monitoring of the behavior of computer users, its possible to translate methods that are in production today for catching credit card fraud to the problem of data leaks. Basically what you do is use machine learning to model everyones normal behavior concerning data access. When someone does something that is not normal for them, the model immediately notices and calls software to stop them and raise an alert.

In the case of the IRS the general behavior monitoring behavior could be refined, since IRS employees work on cases that have been assigned to them. The software would look at each file a user accesses and make sure that file is relevant to a case theyre working on; if not, the software would prevent access and raise an alarm. That way an errant employee who tried to pull Warren Buffets tax data who wasnt specifically assigned to the case wouldnt be allowed to do so. And the person working on Warren Buffets case wouldnt be able to access Elon Musks case.

Its less likely but possible that instead of the bad guy being an employee, it was a hacker who gained access to internal systems using methods similar to the ones that resulted in financial records of 147 million Americans being stolen from Equifax in 2017. I describe that hack here.

If the internal monitoring systems I have described were in place, it would also catch a person who had gotten into the IRS by hacking the beauty of the method is that you dont worry about who the actor is you just worry about what they do, just like in a library or jewelry store.

The cybersecurity problem isnt limited to giant government bureaucracies with outdated computer systems. Its widespread, in part because they all follow experts, standards and regulations that ignore the insider threat. I analyzed in detail the various experts who were quoted in articles published by the New York Times about the Wannacry ransomware attacks based on software that had been leaked from the NSA. I found that the experts were simply wrong about the reasons, methods and responses to the attack.

It is ironic that the same government authorities who force everyone to follow ineffective regulations they craft by the ton are spending even more money training young people in their methods. My local community college was conducting training sponsored jointly by the NSA and DHS (the Department of Homeland Security); when I looked into it I found that the experts couldnt even build functioning, secure websites with accurate information.

I sincerely hope that the ongoing flood of illegal leaks and ransomware attacks will end soon. But so long as the current batch of bureaucrats, regulators and experts are in charge of things, were likely to spend ever-increasing amounts of money on cybersecurity with ever-worsening results.

The rest is here:
Heres How The IRS Could Have Prevented The Tax Data Leak - Forbes

Aligarh, June 6

The Uttar Pradesh BJP unit on Monday expelled Rishi Sharma, the alleged kingpin in the hooch tragedy case, from the party and said he was not an active member.

District president of BJP Rishipal Singh has cancelled Rishi Sharmas primary membership, a party press release said.

Hooch tragedy accused Rishi Sharma is neither an active member in the BJP nor has he been given any responsibility in the organisation.

However, if he is saying that he is in some way connected to the party, then, on the direction of the state leadership, his primary membership is immediately annulled and he is expelled from the party, it said.

Aligarh police have started the process of charging all the five main accused including Sharma, who was arrested on Sunday, under the stringent National Security Act and the Gangster Act, Senior Superintendent of Police Kalanidhi Naithani said.

The accused are being interrogated and are expected to reveal the entire network of the liquor mafia, police sources said.

They said Rishi Sharma was in disguise and hiding among a group of sadhus at an ashram at Garhmukteshwar near Hapur to evade the police.

Police had managed to trace his whereabouts from the video footage of one of his close associates with whom he was last seen when the news of the liquor tragedy, which has claimed at least 35 lives, started trickling on the night of May 27.

During the past week, police raided the premises of several of Sharmas associates in different states including Himachal Pradesh.

After they traced him to Garhmukteshwar Ashram on Saturday evening, a police party rushed there only to discover that he had escaped.

With the help of some informers, he was tracked down at the Aligarh-Bulandshahr border where he was ultimately nabbed after a manhunt lasting nine days. PTI

Visit link:
BJP expels hooch tragedy accused from party; NSA to be invoked against 5 arrested - The Tribune India

THE National Sheep Association (NSA) says it welcomes any strengthening of legislation on livestock worrying by dogs, however, the sheep farming association believes that strengthening police powers to seize dogs should have been further backed up by a significant increase in the maximum fines that could be imposed.

The views come following the announcement that stricter measures to crack down on livestock worrying were to be introduced in England and Wales through the Kept Animals Bill introduced to Parliament earlier this week. NSA chief executive Phil Stocker said: This was an opportunity to create a major deterrent to this antisocial behaviour by substantially increasing the maximum applicable fine alongside more proactive measures to prevent attacks occurring. Defra and Ministers responsible for English legislation are missing a trick in not taking the opportunity to increase fines in line with what the Scottish Parliament has done.

The provisions of the Dogs (Protection of Livestock) (Amendment) (Scotland) Act 2021, which received Royal Assent on May 5, 2021, includes imprisonment for a term not exceeding 12 months, a fine not exceeding 40,000, or possibly both. A person who commits a similar offence in England under this new proposed Animal Welfare (Kept Animals) Bill is liable to a summary conviction and a fine not exceeding level 3 on the standard scale currently 1,000.

Mr Stocker added: There are significant and very welcome improvements contained in the Animal Welfare (Kept Animals) Bill to support the police and rural crime teams after an offence has occurred, but very little to reduce the number of incidents that are increasing year-on-year. In fact, the lack of clarity in defining under close control puts farmers and dog owners in a difficult, potentially conflicting position.

Recent reports of out-of-control dogs causing harm to livestock including a Highland cow being chased over an embankment leading to its death and an MP being fined for his dog chasing deer in Richmond Park, London, underline a significant increase in the number of incidents that have come with increased dog ownership and more people using farmland for leisure. The results from NSAs own sheep worrying by dogs survey also revealed a concerning increase in dog attacks on sheep over the past year.

NSA believes these incidents all point to an urgent need for simple, straightforward and effective measures to radically reduce the number of cases. NSA urges ministers to avoid any ambiguity by legislating for non-working dogs to be on a lead when around or likely to come into contact with livestock.

DEFRAs Action Plan for Animal Welfare highlights the UKs long tradition of protecting animals and outlines its ambitions to raise welfare standards further with tougher penalties for animal cruelty, raising the maximum prison sentence from six months to five years, and a new range of (unlimited) fines to be applied to those who are cruel to animals. NSA believes that the injury and stress involved when sheep and other livestock are attacked results in serious animal cruelty and should be subject to similar maximum penalties and deterrents.

While the NSA would like to see legislation strengthened beyond what appears to be proposed it will also continue to campaign to improve attitudes to responsible dog ownership, to protect its members livelihoods and reduce stress and anxiety. NSA looks forward to working with DEFRA and other organisations to improve responsible dog ownership and a better situation for all involved.

Read more here:
Higher fines needed for sheep worrying cases, sheep association says - Craven Herald