Cybersecurity

Error message

Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in _menu_load_objects() (line 579 of /var/www/drupal-7.x/includes/menu.inc).

Democracy Headache: Trust in the Vote

Published by Anonymous (not verified) on Wed, 30/12/2020 - 12:50am in

This article was produced by Voting Booth, a project of the Independent Media Institute. Angela Clark-Smith, a lawyer, started learning about the intricacies of observing elections when she was a member of the same sorority as Vice President-elect Kamala Harris. … Continue reading

The post Democracy Headache: Trust in the Vote appeared first on BillMoyers.com.

The Story of a Hack

Published by Anonymous (not verified) on Sat, 19/12/2020 - 6:10am in

It is not clear yet how far the hackers have penetrated, and we will likely not know for months. But given the fact they have had access to our systems since March and have almost certainly been planting new ways into them (known as “back doors”), all assumptions are that this is serious indeed. Continue reading

The post The Story of a Hack appeared first on BillMoyers.com.

Transition Time

Published by Anonymous (not verified) on Sat, 14/11/2020 - 1:45am in

Since Arizona has been called for Biden the numbers in Biden’s column now make up an insurmountable margin for Trump to overcome. Continue reading

The post Transition Time appeared first on BillMoyers.com.

Book Review: The Internet in Everything: Freedom and Security in a World with No Off Switch by Laura DeNardis

Published by Anonymous (not verified) on Mon, 02/11/2020 - 10:50pm in

In The Internet in Everything: Freedom and Security in a World with No Off SwitchLaura DeNardis offers an exploration of the invisible, complex and concerning worldwide network of technologies often referred to as the Internet of Things, focusing particularly on the pressing issues of governance and jurisdiction. Courteney J. O’Connor highly recommends this well researched and impeccably written text to political scientists, security practitioners and scholars as well as the interested public.

The Internet in Everything: Freedom and Security in a World with No Off Switch. Laura DeNardis. Yale University Press. 2020.

One of the most pressing concerns in contemporary cybersecurity scholarship is how the ‘Internet of Things’ is affecting, and will affect, both individual security and privacy and the security of the state. As more and more devices connect to the internet and become integrated into every aspect of daily life, there is an ongoing battle between device efficacy and device security, between device utility and individual privacy, between security threat and threat mitigation.

Items as simple as Fitbit watches, for example, release enough data into the ether that entire military bases have been mapped based on soldier movements. Digital devices are woven into the fabric of everyday life in contemporary societies, and the internet has become so integrated that it is also becoming invisible: many people may not actually realise that their (many) smart devices are connected to the internet at all. This growing Internet of Things, this burgeoning network of digital and interconnected devices, is rapidly diminishing the line between physical and virtual, between connected and switched off, between logged in and logged out.

The Internet in Everything is an exploration of this invisible, complex and concerning worldwide network of technologies that we refer to as the Internet of Things, or the IoT. More specifically, author Laura DeNardis explores the consequences, proven and potential, of the degradation of and attacks on cyber-physical infrastructures. Governance and jurisdiction are particularly pressing concerns that are masterfully examined throughout the text.

The Internet is no longer merely a communication system connecting people and information. It is a system connecting vehicles, wearable devices, home appliances, drones, medical equipment, currency, and every conceivable industry sector. Cyberspace now completely and often imperceptibly permeates offline spaces, blurring boundaries between virtual and physical worlds (3).

As an evaluation of the current state of the IoT, DeNardis produces here one of the starkest and clearest statements available to scholars and practitioners of security whose work has any relevance to cyberspace. The internet has truly become part of every aspect of not only individual lives, but also of the systems and structures that form the very foundation of modern society. We are, in fact, so reliant on networked technologies that as well as being extremely valuable to the wealth and security of most (if not all) states, cyberspace is also an issue of serious concern with respect to the security of systems that support the governance and functions of not just individual nations, but the entire international system.

Mobile phone on yellow background showing the WiFi icon

This raises many questions about the method and efficacy of security measures given the multitude of threat vectors as well as the ways that security might change as society continues to advance and rely on networked technologies. This will have implications for the structure of the workforce, the types of technologies (and infrastructures) required and the jurisdiction over and governance of these same elements. As DeNardis asks early in the text, ‘what does the Internet embedding into the physical world mean for consumer safety and national security?’ (4). After all, cyber-enabled technologies are not only in devices around us; they are also now in devices that can be placed inside us. Any individual with a modern implanted cardiac device, for example, is an active part of the IoT. The body, just as much as the surrounding built environment, has become part of the digital object space. New technologies and new varieties of devices connecting to the internet, DeNardis rightly points out, are going to require a reassessment of and novel approaches toward internet governance and the cyber-physical infrastructure that underpins our increasingly networked societies (24). In other words, we now have an Internet of Everything.

Cyber-physical systems can safely be described as ubiquitous, particularly in societies that have embraced advanced technologies and platforms as part of daily life and efficient governance. The enormous variety of devices that form part of this global network includes everything from footballs to door locks, light bulbs to oxygen monitors, televisions to watches, traffic cameras to refrigerators, many of which are also connected to home assistants (‘Alexa, turn off the lights’) and/or controlled by a phone app. This means a continual stream of data between appliance and controller, usually transmitted (at least in part) over public internet and potentially unsecured networks (29-31).

All of these items, devices and systems represent new threat vectors, the true vulnerability of which may not be immediately apparent until an enterprising mind decides to take advantage. DeNardis uses as an example the case of hackers accessing and exploiting the network of a casino by first infiltrating the WiFi-connected fish tank (103). While an amusing anecdote, it is also an alarming and clear example of the vulnerabilities that are proliferating across public and private spaces.

Exploitation of cyber-physical infrastructures can even contribute to threats against political sovereignty, notable in the cases of disinformation and interference campaigns against the elections of modern democracies. Information warfare can be undertaken utilising data exfiltrated illegally (and usually covertly) from ‘secure’ systems – social engineering, already advanced in many ways, becomes much more highly targeted and tailored when data is available in significant quantity (106-107). This, of course, has many implications for the legitimacy of governance and authority, as well as the integrity of and public trust in democratic institutions such as elections.

That the physical infrastructures that support the global internet are within (and cross) sovereign borders is something that tends to be forgotten, due to the prevalence of claims about the decentralisation and border-agnostic nature of data and logical architecture (189). This requires, and has yet to receive, a global approach to infrastructure, policy and security to secure the future openness and freedom of cyber-physical technologies and networks. Because no one state (or more appropriately, the private corporations of one state) control the entirety of the infrastructure of cyberspace, a multilateral approach to the problems surrounding cyber vulnerabilities and the diffusion of insecure cyber-enabled technologies is a necessity going forward. DeNardis identifies the need not only to move from a content lens (concerning freedom of speech, disinformation, intellectual property) to an infrastructure lens (concerning platforms and systems) in discussions of cybersecurity, but also to recognise that cybersecurity is a growing human rights issue, and that greater clarity surrounding liability and jurisdiction in the cyber-physical space is needed – and quickly (215).

This is a very well researched and impeccably written text. While dense in terms of the information and discussion provided, particularly in the sections concerning the technical areas, The Internet in Everything remains easy to read and the lines of argument and discussion are clear and succinct. I do not hesitate to recommend this volume to political scientists, security practitioners and scholars as well as the interested public.

Note: This review gives the views of the author, and not the position of the LSE Review of Books blog, or of the London School of Economics.

Image Credit: Photo by Franck on Unsplash.

 


Cyber Command Gets New Surveillance Powers Under Guise of Battling Election Meddling

Published by Anonymous (not verified) on Thu, 27/08/2020 - 5:20am in

China doesn’t want Trump to win in November, according to William Evanina, Director of the National Counterintelligence and Security Center (NCSC). Russia, on the other hand, is “using a range of measures” to undermine Joe Biden’s candidacy. The intelligence official also accuses China of “expanding its influence” ahead of the 2020 U.S. presidential election, but only to “deflect and counter criticism” as opposed to a direct attack on the incumbent.

As the election nears, calls for bolstering cybersecurity efforts from the U.S. military establishment and other quarters are intensifying. Former head of the NSA, Mike Rogers, leaned into the Russian meddling narrative in a recent interview with NPR to justify increased surveillance and more proactive approaches to the ostensible “threat” posed by social media memes and hashtags to the American electoral process. In early February, the top three cyber chiefs pitched a social media hashtag of their own, #Protect2020, which has been posted enthusiastically by FBI twitter accounts, but few others.

Rogers’ successor at the NSA, Gen. Paul Nakasone revealed in a Foreign Affairs article published Tuesday, that he had received authorization to carry out operations against Russian “interference” in the 2018 U.S. midterm elections and had sent “an undisclosed number of defensive cyber-operators” to countries bordering American adversaries for the purposes of defending against foreign meddling.

Domestically, the potential targeting of American citizens as foreign actors or agents was moved forward by Bill Barr’s Justice Department in June, in response to the Minneapolis riots, Barr released a statement naming “Antifa and other similar groups” as possible targets of its 56 regional FBI Joint Terrorism Task Forces (JTTF) offices. In the same statement the top prosecutor invoked the National Guard, which would be “deployed on the streets to reestablish law and order” if necessary.

Now, the National Guard has been taken under the wing of U.S. Cyber Command, which will coordinate a new DHS program called the Election Security Group; a “partnership between federal, state and local government and private sector entities”, that among other things, directs state and local governments to “disburse funds for the procurement of updated voting equipment” and “administer statewide voter registration databases.”

 

Hunt forward, look backwards

Mission “hunt forward” was first described in the DoD Cyber Strategy for 2018, which called for countermeasures against the “persistent campaigns” of enemy nations like China, Russia, North Korea and Iran. The 2018 operation included “partner” nations Montenegro, Ukraine and (North) Macedonia where U.S. cybersec troops went to work to “find [hacking tools on networks]”.

The information is passed on to the newly established Election Security Group – a “partnership between federal, state and local government and private sector entities” – that assesses the data to determine if a threat exists and communicates it to DHS, FBI and, notably, to the National Guard, which allows the Pentagon “to potentially look at something that may be occurring in the United States”, according to Army Brig. Gen. William Hartman, Cybercom’s election security lead.

Cybercom is located at Fort Meade, Maryland and “directs, synchronizes, and coordinates cyberspace planning and operations in defense of the U.S. and its interests”. Created in 2010, the military agency was elevated by the Trump administration in 2017 on then-Defense Secretary James Mattis’ recommendation to promote Cybercom to a “Unified Combatant Command”, responsible for cyberspace operations, instead of a sub-unified command under USSTRATCOM.

 

From Russiagate with love

The Russiagate narrative was established early on in the 2016 presidential election and U.S. intelligence agencies have been sounding the alarm bells for a repeat of supposed Russian interference in the 2020 election since then. As November approaches, U.S. officials are ramping up the rhetoric pointing to potential cyberattacks and election interference from their enemies.

Nakasone asserts that the “Chinese government uses cyber capabilities to steal sensitive data, intellectual property, and personal data from the U.S. government”, while Russia uses “cyberspace for espionage and theft and to disrupt U.S. infrastructure while attempting to erode confidence in the nation’s democratic processes.” Iran, North Korea, and other non-aligned nations all have their particular bone to pick with the United States, according to the NSA chief, and it is the responsibility of Cyber Command to thwart all of these threats.

As part of the election security strategies, an information exchange program (IEP) called Cyber 9-Line was established to monitor domestic cases of potential election interference through the National Guard, which will coordinate with its National Guard Cyber Protection Team, Cybercom and the FBI “enabling the defense of elections” by tracking down cases of election meddling and interference by “foreign actors” in the United States. Cyber 9-Line works in partnership with the Joint Cyber Command and Control program (JCC2) office, “which aims to provide commanders with enhanced situational awareness and to assist in battle management as it relates to cyber.”

Feature photo | A guard stands at the entrance of the Montenegrin Defense Ministry in Montenegro’s capital Podgorica where a group of U.S. military cyber experts are purportedly in a fight against potential Russian cyberattacks ahead of the 2020 American and Montenegrin elections. Risto Bozovic | AP

Raul Diego is a MintPress News Staff Writer, independent photojournalist, researcher, writer and documentary filmmaker.

The post Cyber Command Gets New Surveillance Powers Under Guise of Battling Election Meddling appeared first on MintPress News.

The Disastrous Axios Interview and So Much More!

Published by Anonymous (not verified) on Thu, 06/08/2020 - 4:40am in

The Axios interview showed little that we didn’t already know, but to see the president dismiss the 156,000 deaths from coronavirus, for example, by saying “it is what it is,” was nonetheless shocking. Continue reading

The post The Disastrous Axios Interview and So Much More! appeared first on BillMoyers.com.