The vehicle through which the commission hopes to enact several dozen of its legislative recommendations (out of 75 recommendations included in its inaugural report this past spring) is the National Defense Authorization Act (NDAA), an annual “must-pass” federal law that sets the budget and expenditures for the US military. The commission’s executive director Mark Montgomery estimated earlier this month that each chamber’s bills would feature eight to 20 of the commission’s recommendations.Related - C4ISRNET - The US is a ‘cheap date’ in cyberspace. A commission has ideas to change that. -
The U.S. needs to coordinate with the international community in identifying and punishing those behind cyberattacks to deter future hacks, according to a co-chair of the Cyber Solarium Commission.
In testimony before the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities, Sen. Angus King, I-Maine, called for a two-pronged approach to deter cyber-based espionage operations, attempts to disrupt U.S. banks, and widespread online influence campaigns. His recommendation included increased international cooperation to call out and punish such activities, and for the U.S. to create a stronger declaratory policy.BBC - Is the US about to split the internet? -
The first question that sprang to mind was: what are the Chinese apps that Mr Pompeo does trust? The assumption is very much that he's talking about ALL Chinese apps.
"It's shocking," says Alan Woodward, a security expert based at the University of Surrey. "This is the Balkanisation of the internet happening in front of our eyes.
"The US government has for a long time criticised other countries for controlling access to the internet… and now we see the Americans doing the same thing."
That might be a slight exaggeration. Mr Pompeo's reasons for "cleaning" the US network of Chinese companies is very different to authoritarian government's desire to control what is said online.
But it's true that if Mr Pompeo were to go down this road, it would be reversing decades of US cyber-policy.
If there is one country that has championed a free internet, based on the constitutional tenets of free speech, it is America.
President Donald Trump's administration has taken a different approach though, in part because of the legitimate security concerns that some Chinese companies operating in the US raise.SC Magazine - Misconfigured servers contributed to more than 200 cloud breaches -
Misconfigured storage services in 93 percent of cloud deployments have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records, according to a report from Accurics, which predicted that cloud breaches are likely to increase in both velocity and scale.
The researchers found that 91 percent of the cloud deployments analyzed had at least one major exposure that left a security group wide open while in 50 percent unprotected credentials were stored in container configuration files, significant because 84 percent of organizations use containers.SC Magazine - Regulators levy $80 million fine, hammer Capital One for massive breach -
Bank regulators dropped the hammer on Capital One, with the Office of the Comptroller of the Currency (OCC) levying an $80 million fine and the Federal Reserve filing a cease and desist order that specified what the steps the bank needed to take to redeem itself after a massive data breach in 2019 that compromised the personal data of more than 100 million of its customers.
The OCC fined Capital One, N.A. and Capital One Bank (USA), N.A. “based on the bank’s failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank’s failure to correct the deficiencies in a timely manner.”Errata Security - How CEOs think -
CEOs view cybersecurity the same way they view everything else about building the business, from investment in office buildings, to capital equipment, to HR policies, to marketing programs, to telephone infrastructure, to law firms, to .... everything.
They divide their business into two parts:
- The first is the part they do well, the thing they are experts at, the things that define who they are as a company, their competitive advantage.
For the second part, they just want to be average in their industry, or at best, slightly above average. They want their manufacturing costs to be about average. They want the salaries paid to employees to be about average. They want the same video conferencing system as everybody else. Everything outside of core competency is average.
- The second is everything else, the things they don't understand.
The Conversation - Clever chemistry turns ordinary bricks into electricity storage devices -
In my synthetic chemistry lab, we have worked out how to convert the red pigment in common bricks into a plastic that conducts electricity, and this process enabled us to turn bricks into electricity storage devices. These brick supercapacitors could be connected to solar panels to store rechargeable energy. Supercapacitors store electric charge, in contrast to batteries, which store chemical energy.
Brick’s porous structure is ideal for storing energy because pores give brick more surface area than solid materials have, and the greater the surface area the more electricity a supercapacitor material can hold. Bricks are red because the clay they’re made from contains iron oxide, better known as rust, which is also important in our process.
The Register - Texas jury: Apple on the hook for half a billion dollars after infringing 4G LTE patents -
A jury in Texas yesterday agreed that Apple should cough up $506.2m in FRAND royalties for including 4G LTE capability on the iPhone, iPad, and Apple Watch without buying a licence from a group of IP holders.
Apple told The Register it plans to appeal.
The Register - Irony, thy name is SANS: 28k records nicked from infosec training org after staffer's email account phished -
Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information (PII) after a staffer's email account was accessed by malicious people.
SANS published some details of the breach on its website. One person was phished, leading to the compromise of their email account.
Data taken included names, email addresses, phone numbers, job titles, company names, postal addresses and country of residence. Around 28,000 items of data were taken.
Nikkei Asian Review - China hires over 100 TSMC engineers in push for chip leadership -
Two Chinese government-backed chip projects have together hired more than 100 veteran engineers and managers from Taiwan Semiconductor Manufacturing Co., the world's leading chipmaker, since last year, multiple sources have told the Nikkei Asian Review.
The hirings are aimed at helping Beijing achieve its goal of fostering a domestic chip industry in order to cut China's reliance on foreign suppliers, the sources said.CNBC - Uber CEO says its service will probably shut down temporarily in California if it’s forced to classify drivers as employees -
Rather than classify drivers as employees, Khosrowshahi has advocated for what he calls a “third way” that would maintain drivers’ independence while allowing companies to provide some protections without risking being viewed as full-time employers. In a New York Times op-ed ahead of the court ruling, Khosrowshahi said gig companies like Uber could pay into a fund that workers could dip into for paid time off on healthcare benefits based on the number of hours they work.
Khosrowshahi said on Wednesday that his Plan B if Uber can’t win on appeal would be to temporarily pause service in California.
No comments:
Post a Comment