US President Donald Trump's recent executive order could lead to an important definition of which organizations are protected from legal liability under Section 230 of the Communications Decency Act. It could lead to billions of dollars in legal and operating costs.
Popular Mechanics - The Air Force's Goal: Turn Cargo Planes into Makeshift Bombers -
The unarmed aircraft typically shuttle troops and equipment, but in a pinch, would be equipped with “smart pallets” carrying long-range cruise missiles and other munitions.
The pallets would be capable of feeding position, navigation, and targeting data to their onboard missiles. Once dropped from the rear of the aircraft, the pallets would quickly release their missile cargoes, sending them downrange to their targets. The larger the aircraft, the more missiles it could carry.
Security Boulevard - Q&A: NIST’s new ‘Enterprise Risk Management’ guidelines push cyber risks to board level -
Enterprise risk management (ERM) is a comparatively new corporate discipline. The basic notion is that in today’s complex operating environment, it is important for businesses to proactively identify operational hazards and have a plan in place to account for them.A hazard is anything that can interfere with a company meeting its objectives; it could be something physical, such as a fire, a theft or a natural disaster; or it could be an abstract risk, such as a lawsuit or a regulatory fine.As part of its role promoting cybersecurity best practices, the National Institute of Standards and Technology (NIST) has stepped forward to make sure cyber exposures become part and parcel of evolving ERM frameworks
Security Boulevard - Outsourcing, Supply Chains and (National) Security -
The coronavirus pandemic has laid bare the downside with respect to outsourcing critical products and services internationally by U.S. companies and government agencies. These revelations were bound to come to light eventually—the pandemic has merely accelerated and intensified the security threats from such ill-advised activities. Some of us have been waving red flags for decades about the cybersecurity risks of global outsourcing (and of outsourcing in general).[i] But it took the pandemic catastrophe to raise concerns sufficiently for action. Now, we are seeing a slew of articles bemoaning our failure to consider and allow for personal and national security consequences due to farming out vital manufacturing and services to third parties both domestically (especially foreign-owned companies) and in other parts of the world.
...I recall an article by John Markoff in The New York Times of October 26, 2009, with the title “Old Trick Threatens the Newest Weapons,” in which the reporter notes that “… the Pentagon now manufactures in secure facilities run by American companies only about 2 percent of the more than $3.5 billion of integrated circuits bought annually for use in military gear.” Markoff goes on to write that “… current and former United States military and intelligence agency executives … argue that the menace of so-called Trojan horses hidden in equipment circuitry is among the most severe threat [to national security].” That was more than a decade ago. Surely, we are in much worse shape today.
Schneier on Security - Password Changing After a Breach -
Of the 249 participants, 63 had accounts on breached domains;only 33% of the 63 changed their passwords and only 13% (of 63)did so within three months of the announcement. New passwords were on average 1.3× stronger than old passwords (when comparing log10-transformed strength), though most were weaker or of equal strength.
The Startup - 7 Things I Want Any New Engineer On My Team To Know
Medium - OWASP for Data Engineers -
Data engineers wear a lot more hats. Our responsibilities and activities extend out in all sorts of directions — building platforms on premise, or in the cloud; setting up and managing databases; working on architecture; and coordinating the exchange of data across organisational or enterprise boundaries. And write code in the time that’s left over. That’s a lot of hats.
With that picture in our heads, we come back to the question: why OWASP?
It’s particularly important for data engineers to be concerned about security, as we are especially likely to be be working with sensitive and critical information. We can goof up rendering a picture of a cat, but we cannot allow the accidental disclosure of a few million credit cards.
No comments:
Post a Comment