Category: national security policy

Auto Added by WPeMatico

New National Cybersecurity Strategy

Posted on By infossl
cybersecurity, national security policy, Security technology, software liability, Uncategorized

Last week, the Biden Administration released a new National Cybersecurity Strategy (summary here). There is lots of good commentary out there. It’s basically a smart strategy, but the hard parts are always the implementation details. It’s one thing to say that we need to secure our cloud infrastructure, and another to detail what the means … Read More “New National Cybersecurity Strategy” »

Banning TikTok

Posted on By infossl
censorship, essays, national security policy, Security technology, social media, Uncategorized

Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and side effects. In the end, all … Read More “Banning TikTok” »

Passwords Are Terrible (Surprising No One)

Posted on By infossl
cracking, national security policy, passwords, Security technology, Uncategorized

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging. In all, the auditors … Read More “Passwords Are Terrible (Surprising No One)” »

NIST Is Updating Its Cybersecurity Framework

Posted on By infossl
cybersecurity, national security policy, nist, Security technology, Uncategorized

NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area? Do … Read More “NIST Is Updating Its Cybersecurity Framework” »

US Cyber Command Operations During the 2022 Midterm Elections

Posted on By infossl
cyberattack, cybersecurity, hacking, national security policy, Security technology, Uncategorized, voting

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections. He didn’t name names, of course: We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” said Nakasone. … Read More “US Cyber Command Operations During the 2022 Midterm Elections” »

Bulk Surveillance of Money Transfers

Posted on By infossl
law enforcement, national security policy, privacy, Security technology, surveillance, Uncategorized

Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014. A database stored at a nonprofit, the Transaction Record Analysis Center (TRAC), provides full names and amounts for larger transfers (above $500) sent between … Read More “Bulk Surveillance of Money Transfers” »

The US Has a Shortage of Bomb-Sniffing Dogs

Posted on By infossl
bombs, COVID-19, national security policy, Security technology, Uncategorized

Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs: Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says that as of February the US federal government had approximately … Read More “The US Has a Shortage of Bomb-Sniffing Dogs” »

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Posted on By infossl
courts, cybercrime, cybersecurity, national security policy, reverse engineering, Security technology, Uncategorized, vulnerabilities

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw … Read More “The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking” »

Attacks on Managed Service Providers Expected to Increase

Posted on By infossl
advanced persistent threats, cybersecurity, infrastructure, national security policy, Security technology, Uncategorized

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint … Read More “Attacks on Managed Service Providers Expected to Increase” »

ICE Is a Domestic Surveillance Agency

Posted on By infossl
national security policy, privacy, reports, secrecy, Security technology, surveillance, Uncategorized

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But … Read More “ICE Is a Domestic Surveillance Agency” »