HM Elizabeth II, Queen of the United Kingdom of Great Britain and Northern Ireland, and the Commomwealth Realms, deals, most effectively, indeed, with Carrier Grade NATs... Fast forward to 5:45. via CircleID's Geoff Huston.
"In relation to the problem of matching Internet Protocol addresses, my government will bring forward proposals to enable the protection of the public and the investigation of crime in Cyberspace." - HM Elizabeth II, Queen of the United Kingdom of Great Britain and Northern Ireland, and the Commomwealth Realms
Well crafted and researched thought piece via CSO's J eff Bardin, detailing Maskirovka [Маскировка] [also known as deception utilized as a military stratagem]. The post focuses on scenarios with certain, not necessarily quantifiable, linkage to current events in Massachusetts. Read Mr. Bardin's post and you will be intrigued.
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) within the mandated scope of the Center's efforts to address industry's needs, has announced its intention to sponsor the first Federally Funded Research and Development Center (FFRDC) dedicated to the Center's work. Outstanding.
'Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the US Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others...' - via the Tor Project
Evidently, the Federal Consumer Financial Protection Bureau [The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 created the CFPB, additionally, President Obama appointed Richard Cordray as the first Director of the CFPB, during the month of January 2012] is requesting records from various (and in this case - sundry) financial organizations, banks, credit bureaus, et cetera) in a bid ot leverage data analytics for contemplated enforcement actions. Further, the financial organizations mentioned, are, how shall we say - pushing back...
The United States Federal Trade Commission [FTC] has announced the winners of the Commissions' Robocall Challenge Technology Achievement Award. Congratulations are in order for Serdar Danis and Aaron Foss!
ℂ @ % ℋ
'Serdar Danis and Aaron Foss will each receive $25,000 for their proposals, which both focus on intercepting and filtering out illegal prerecorded calls using technology to “blacklist” robocaller phone numbers and “whitelist” numbers associated with acceptable incoming calls. Both proposals also would filter out unapproved robocallers using a CAPTCHA-style test to prevent illegal calls from ringing through to a user...' via the FTC Office of Public Affairs
The National Security Agency has declassified the Agency's internal cryptography oriented magazine formatted publication monikered Cryptlog. Currently specifying for release issues Vol. I, No. 1 - August 1974 through and inclusive of Vol. XXIII, No. 2 - Summer 1997. Highly recommended, and this week's MustRead.
Evidently, formal education of information techonology workers [read information security engineers...], is not a necessity, and deprecated in the Department of Homeland Security; as evidenced by statements utterd to El Reg's Jack Clark, by the DHS Deputy Undersecretary for Cybersecurity Mark Weatherford. Astounding.
Fascinating take on the current accusations of information security malfeasance targeting the Department of Energy. Via Infoworld's Ted Samson, perhaps most telling of all, in this sorry tale, is the DOE's former Director of Security Ed McCallum's statement:
"It's a continuing story of negligence," Ed McCallum, former director of the department's office of safeguards and security, told the Free Beacon. "[The department] is on the cutting edge of some of the most sophisticated military and intelligence technology the country owns and it is being treated frivolously by the Department of Energy and its political masters." - Ed McCallum, former Director, DOE, Office of Safeguards and Security
via the United States Government Accountability Office's Information Security: Actions Needed by Census Bureau to Address Weaknesses. Evidently, 'confidential' Census data, is anything but...
"Many of the deficiencies relate to the security controls used to regulate who or what can access the bureau's systems (access controls). For example, the bureau did not adequately: control connectivity to key network devices and servers; identify and authenticate users; limit user access rights and permissions to only those necessary to perform official duties; encrypt data in transmission and at rest; monitor its systems and network; or ensure appropriate physical security controls were in place...". - United States Government Accountability Office, Actions Needed by Census Bureau to Address Weaknesses GAO-13-63
Yes, that's right, the Department of Homeland Security has affirmed the Department's right to initiate warrantless searches of electronic devices anywhere within the so-called Fourth Amendment Free Zone [100 miles or 160.93 kilometers of an international border adjascent to any United States Possession, Territory, Protectorate or State.] [in, and of, itself, impetus to set B. Franklin, J. Adams, and T. Jefferson et al., spinning in their graves...].
News, via the National Institute of Standards and Technology (NIST), in which, the Institute has commenced an effort to create a Cybersecurity Framework [in support of the latest Executive Order - Improving Critical Infrastructure Cybersecurity].
Apparently the Framework will constitute a set of standards and best practices utilized to provision industry guidance in the effort tto minimize risk related to electronic threats in critical infrastructure. The takeaway? It's all voluntary...
Latest declassified electrical grid anti-terrorism-study-position-paper entitled 'Terrorism and the Electric Power Delivery System'. Published by the National Research Council of the National Academies, and available on the National Academies Press site free of charge [as a PDF with logon]. Today's MustRead.
Startling news making the rounds yesterday afternoon, with the sorry tale of electronic attacks targeting the United Nations International Atomic Energy Agency's systems. The resultant yield (at least publicly) of stored email addresses on an allegedly old, decommissioned server are the least of the Agency's worries [eg., what else was surreptitiously purloined?]
via ProPublica's Theodoric Meyer: Brought to you by the Department of Homeland Security's own Inspector General's report, detailing this week's SNAFU, whence the Agency has apparently spent $430 Million Dollars on radios all tuned to the same secure channel... Unfortunately no one at the Agency can use the devices...
Reports indicate the President has affixed his signature to a secret policy directive [monikered Directive 20, related distantly, to the Bush era initiatives - National Security Presidential Directive/NSPD 51 and Homeland Security Presidential Directive/HSPD-20 of 2007]. The new Directive provisions legal facilities for our military and other heretofore un-specified civilian agencies to act decisively when the United States comes under electronic attack.
Self-flagellating Teutonic security; simply astonishing....